Standards Enhance Efficiency In Enterprises

Standards Compliance is an oft-neglected area, due to the popular myth that it is only required by enterprises for the sake of maintaining market repute. However, experts opine that standards compliance should instead be implemented as a requirement to canalize the business process and thus streamline IT governance.

The popular standards that most enterprises implement today in India are COBIT, ISO 17799, BS7799 and ITIL followed by a few others. Interestingly, there isn’t a great deal of overlap between these, which are the most recommended standards in the country. Looking at these closely, COBIT is strong in IT controls and metrics. ISO 17799 covers IT security quite well, BS7799 covers security and ITIL emphasises processes, notably those surrounding the IT helpdesk.

The need for IT Governance frameworks

The collapse of Barings Bank in 1997, due to unauthorised trading enabled by manipulating management information due to lack of effective controls, is known to all. In October 1998, Internet bank Egg launched an online-only credit card and found that its technical infrastructure could not handle the sudden demand. Each of these instances involved massive investment and risk- financial as well as reputational.

Likewise, there have been increasing number of security and IT related incidents, which have resulted in disruption of service as also loss of information assets. Most enterprises have made significant investment in their IT solutions and there is significant expenditure on maintenance of IT. Increasingly, top management is realising the importance of information for the success of an enterprise.

Hence, considering the criticality of IT, it is important to use an IT governance framework, which meets the security, quality and business requirements.
COBIT Recommended by most

The IT Governance Institute (ITGI) recently announced COBIT 4.1, an update to the COBIT (Control Objectives for Information and related Technology) IT governance framework, which provides an authoritative, international set of generally accepted practices that helps boards of directors, executives and managers increase the value of IT and reduce related risks.

COBIT is recommended by more users world over as a more wholesome framework as it is vast and covers all the areas of business, which all the other standards put together might carry. However, it is important to note here, that COBIT does not provide any certification to enterprises unlike the above mentioned standards, but provides guidelines of best practices.

COBIT’s high-level, platform-neutral nature makes it suitable for any type of enterprise, regardless of size or industry. It can also be customised. Enterprises can use only those portions that apply to their environment and customise their selections to fulfill their needs.

“The COBIT framework is internationally accepted as a good practice for control over information, IT and related risks. COBIT helps its users to understand their IT systems and decide the level of security and control that is necessary to protect their companies’ assets through the development of an IT governance model,” observes Atul Kumar, assistant GM, IT Department, Syndicate Bank and president of ISACA Bangalore Chapter.

Of course, there are a number of compelling reasons to adopt COBIT. The key is to research the standards, review your needs and then move forward with the standard that is the best fit.

COBIT - A De Facto model of IT Governance

The Federal Reserve and the Bank of International Settlements (BIS) representing the National Banks of the G10 countries have advised the financial industry to focus on operational risk, as the major risk situations are invariably caused by breakdowns in internal control, oversight and information technology.

Experts suggest a few basic expectations that are probably true for all enterprises - delivering quality IT solutions on time and on budget, harnessing and exploiting IT to return business value and leveraging IT to increase efficiency and productivity while managing IT risks etc, which are addressed by COBIT.

According to experts, COBIT is the only management framework that addresses the complete life cycle of IT investment.

Further, clause 49 requirements of SEBI applicable for listed companies in India is the Indian version of SOX, which makes it mandatory to implement corporate governance. This requires CEO/CFO certification on various aspects of corporate governance including implementing an internal control framework.

“IT governance is a sub-set of corporate governance. COBIT is the de facto model of IT Governance. Its guidance enables an enterprise to implement effective governance over IT that is pervasive and intrinsic throughout the enterprise,” says Erik Guldentops, advisor to the board, IT Governance Institute and author of COBIT framework.