COBIT Focus, October 2008

Next, the companys annual plan of action is discussed, with a separate plan for each operational process, and a focus is brought to its continuous improvement. There is a priority analysis of the operational processes, detailed control objectives and their impact on the business activities. As resources are always scarce, the detailed control objectives that are improved in that year are carefully selected. The main priority criterion is the impact of the detailed control objective in an operational process that supports a mission-critical business process. The detailed COBIT control objectives that have not been addressed in the set of operational processes may be at a zero level of maturity or may be addressed elsewhere, outside the IT department. This approach of changing the focus from COBIT to the operational processes makes the implementation of COBIT more concrete and more objective, simplifying the definition of priority improvement actions.

In the following months, the company plans to apply a method for defining the cost of each operational process, so as to achieve value delivery and have a better view toward improving and reducing costs. Joao Souza Neto, Ph.D. is the vice president-elect of the new ISACA chapter being formed in Braslia, Brazil. He has more than six years of experience in IT governance, applying COBIT within Brazil Post. He is also responsible for the IT governance area in the Universidade Catolica de Brasilia. Ian Lawrence Webster is a senior consultant for performance technologies responsible for governance, with emphasis in value delivery and compliance assurance. He is the president-elect of the new ISACA chapter being formed in Brasilia, Brazil. He has more than five years of experience in IT governance, applying COBIT within government institutions.

ISACA COBIT Education

Looking for ways to build the internal competencies that support the adoption of COBIT and IT governance? ISACA provides COBIT training in several formats. All ISACA classroom-based courses are delivered by ISACA-accredited trainers. The following are some highlighted COBIT training opportunities available through ISACA. COBIT Education at Asia-Pacific CACS and EuroCACS 2009 Asia-Pacific Computer Audit, Control and Security (CACSSM) 2009 will feature a workshop titled COBIT for IT Governance and IT Assurance, and conference sessions on COBIT and IT Infrastructure Library (ITIL) and on COBIT and ISO/IEC 38500. Asia-Pacific CACS will be held 23-24 February 2009 in Kyoto, Japan, at the Westin Miyako Kyoto. For more information on this conference and to register, please visit www.isaca.org/asiacacs. EuroCACSSM 2009 will feature two COBITrelated workshops: Implementing IT Governance Using COBIT and Val IT Using COBIT for IT Assurance Continued on page 4

COBIT Education Update

Through July 2008, more than 5,000 COBIT Foundation certificates have been issued. In addition: There are 13 licenses in place with organizations who have licensed the classroom version of the COBIT Foundation Course and/or the Implementation Course. There are currently 55 ISACA-accredited trainers teaching on behalf of ITpreneurs. There are currently 36 ISACA-accredited trainers teaching the official ISACA classroom version of the COBIT Foundation Course and/or the Implementation Course. (Please note that some trainers overlap and teach for ITpreneurs as well.) ITpreneurs has 93 organizations that are listed as part of the ITpreneurs partner network. Some of these companies include IBM, Symantec, CA Inc. and HPall of which are ITGI sponsors.

page 3

COBIT Focus, October 2008

In addition, sessions at EuroCACS will be held on: COBIT-based IT Governance vs. ITIL V3 Service Management Using COSO ERM and COBIT to Enhance Information Governance Reconciling Corporate IT Security Policies With COBIT Delivering Governance Using COBIT and ISO/IEC 38500 Using COBIT and ITIL to Benchmark the Organizations IT Maturity EuroCACS 2009 will be held 15-18 March 2009 in Frankfurt, Germany, at the InterContinental Frankfurt. For more information on this conference and to register, please visit www.isaca.org/eurocacs. COBIT User Convention The COBIT User Convention is designed to facilitate discussion and debate among experienced COBIT users and to provide discussion for applications, solutions and approaches. Each two-day convention features case studies and facilitated discussion groups that address how COBIT is used from governance and

assurance perspectives. Conventions are offered through ISACA chapters to attract COBIT users geographically. Like all user conventions, these are designed for experienced COBIT users and are most successful when held in areas with large numbers of COBIT users, allowing for meaningful discussions and debate. To learn more about these events, please visit www.isaca.org/cobituserconvention. COBIT Campus Visit COBIT Campus, www.isaca.org/cobitcampus, to review and learn more about online COBIT and related courses and exams. COBIT Training Week ISACA is proud to offer a new and unique Training Week course. The COBIT Training Week integrates IT Governance Institute (ITGI) research and ISACAs current COBIT educational courses into a single, comprehensive COBIT training program. Please visit www.isaca.org/trainingweek for more information. The 2009 Training Week dates are noted on page 6 of this publication.

ISACA Releases Results of Top Business/Technology Issues Survey

By Robert G. Parker
ISACA recently released its 2008 Top Business/Technology Issues Survey Results, based on the 2008 survey of the same name. The survey was conducted to validate and prioritize the findings of ISACAs Business/Technology Issues Task Force. The ultimate purpose of the study was to obtain results that could be used readily by ISACA members and its constituents, and to create guidance, tools and techniques for addressing these issues from IT management, assurance and security perspectives. Over the next year, through its key constituency committees (Assurance Committee, IT Governance Committee and Security Management Committee), ISACA expects to provide research publicationse.g., white papers, reference material, articlesfor each constituency, based on the surveys findings. The Top Business/Technology Issues Task Force initially identified 21 current business issues facing IT managers and executives. The list consisted of global issues that the task force felt were already affecting ISACA members and constituents, or would be in the next 12 to 18 months. The survey participants were then asked to rank the 21 business issues. The survey identified enterprise-based IT management and IT governance as the second most important business issue impacted by IT. The study reported that the next 12 to 18 months (illustrated in figure 7 in the report) will see the implementation of tools for the reporting of the Continued on page 5 page 4