COBIT

COBIT

Control Objectives for Information and related Technology
  • SoftExpert Solution has streamlined data sharing for our quality system and has contributed to reducing impacts on the environment through doing away with the need for storing piles of original and obsolete paper documents for auditing purposes.
    Solange Amaral – Human Resource Analyst    		      
    Carrier
  • SE Document has provided the means to streamline our document control, through excellent drilldown options for searching and registering documents, a systematic workflow
    tool for sending pending tasks to system users, as well as really cutting down on the need for printed copies.
    Ângela Fischer    		      
    CTA-Continental
  • Our productivity and reliability increased greatly. The software helped us to meet the ISO/TS 16949 standard requirements, providing security in the daily routine of the Engineering area and auditing, while easily proving full compliance with the standard and customer requirements.
    Jeferson R. F. dos Santos – MENFUND Unit Manager    		      
    Menegotti
  • SE Document manages ISO standardization documentation to facilitate compliance, as well as all other document types. The workflow system provides great distribution copy control, approval, revision, printed copies, and document retrieval search capabilities. Currently, there are over 1,100 users and 3,500 registered documents.
    Carla Regina Schmitt    		      
    Universal Leaf Tabacos
  • SE Document completely meets our document control requirements, facilitates retrieval, and manages the entire document revision process.
    Janaina Salatti – Quality Supervisor    		      
    Group Roullier
  • We have achieved improved dependability as well as standardization in our processes to assure measurement consistency and the required monitoring to verify conformity in our products. This adds enhanced safety and quality to our customers.
    Helton Calaça – SPC Technical Support    		      
    Mitsubishi Motors
  • The SE Project was implemented quickly and the time required for the adoption of the solution by the users was quite natural, considering that the pharmaceutical segment is legally required to work with reliable and secure records that guarantee the quality of products and do not represent risks to the population.
    Randel Moreira – IT Manager    		      
    Laboratório Globo
  • Online access to wherever we offer services ensures us speedy responses, through reliable and updated information, which, in turn, facilitates decision making and customer satisfaction.
    José Andrade – Opetrec Manager    		      
    Opetrec
  • The implementation of SE Action streamlined our continuous improvement process for managing actions, especially through the workflow functionality. This facilitates the verification of occurrence causes and drafting correction actions.
    Gustavo Martins – Quality Department Assistant    		      
    Coca-Cola
  • The SoftExpert facilitates and speeds up activities, and the system was considered highly suitable for the renewal of ISO/TS 16949 and ISO 14001.
    Cristina Pereira – Gerente adjunta de Informática    		      
    Coindu

    Control Objectives for Information and Related Technology (COBIT) provides good practices across a domain and process framework. It presents activities in a manageable and logical structure. COBIT’s best business practices represent the consensus of experts. They are strongly focused on control and less on execution. These practices will help optimize IT-enabled investments, ensure service delivery and provide a measure against which to judge when things do go wrong.

    For IT solutions to be successful in delivering business requirements, management should put an internal control system or framework in place. The COBIT control framework contributes to these needs by:

    • Making a link to the business requirements;
    • Organizing IT activities into a generally accepted process model;
    • Identifying the major IT resources to be leveraged;
    • Defining the management control objectives to be considered.

    Benefits

    The benefits of implementing COBIT as a governance framework over IT include:

    • Better alignment, based on a business focus;
    • A view, understandable to management, of what IT does;
    • Clear ownership and responsibilities, based on process orientation;
    • General acceptability with third parties and regulators;
    • Shared understanding amongst all stakeholders, based on a common language;
    • Fulfillment of the COSO requirements for the IT control environment.

    The Challenge

  • Internal IT organizations are under increasing pressure to meet the business goals of their companies. This challenge can be particularly daunting because it involves complying with regulations, such as the Sarbanes-Oxley (SOX) and Basel II. Compliance requires strong corporate governance capabilities that are demonstrable to outside auditors. Because IT plays such a major role in business processes, the IT organization not only creates complexity for the business, but at the same time, provides the means to demonstrate this compliance. Organizations rely on guidelines such as COBIT to help understand and address these challenges.

    Internal IT organizations are under increasing pressure to meet the business goals of their companies. This challenge can be particularly daunting because it involves complying with regulations, such as the Sarbanes-Oxley (SOX) and Basel II. Compliance requires strong corporate governance capabilities that are demonstrable to outside auditors. Because IT plays such a major role in business processes, the IT organization not only creates complexity for the business, but at the same time, provides the means to demonstrate this compliance. Organizations rely on guidelines such as COBIT to help understand and address these challenges.

    Implementing COBIT is by no means a trivial task. It requires an organization to address high complexity in three areas: IT infrastructure, IT processes, and COBIT control objectives. Processes are often in silos supporting specific organizational entities, requiring a complex organizational structure to ensure compliance is maintained. Further complicating the problem is that the IT environment is in a constant state of flux. Therefore, manual processes are not viable. They are not sustainable because they are difficult to enforce and monitor. They are not cost efficient. And they depend on dedicated staff willing to maintain a reliable paper trail that can stand up to a rigorous compliance audit.

    Technology plays an indispensable role in helping companies achieve the COBIT control objectives. As a result, it's important that the solution also support COBIT. Organizations need to deploy systems-based ITSM solutions to help them conquer the complexity and establish sustainability. Well planned systems-based solutions should cover the full spectrum of ITSM disciplines.

    SoftExpert GRC Suite is an easy-to-use, comprehensive compliance solution for automating the four COBIT domains: plan and organize; acquire and implement; deliver and support; and monitor and evaluate. The solution provides the foundation for aligning with COBIT; improving IT processes and controls; and easing compliance with regulations, industry mandates, and internal policies.

    With SoftExpert GRC Suite, best practices and processes are easily implemented and enforced to support the IT governance requirements of executives and boards, while also addressing the more detailed requirements of those responsible for solution and service delivery. As a result, companies can optimize IT investments, ensure value delivery and mitigate IT risk in a transparent manner.

    Back to top      Close

Copyright © 2009 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. PinkVERIFY and the PinkVERIFY logos are trademarks of Pink Elephant Inc. ITIL® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

Back to top

Each SoftExpert component addresses key compliance issues as shown below:

Module COBIT Compliance and Requirements
SE Performance
SE Performance
  • Link Business goals to IT goals.
  • Provides identification of critical dependencies and current performance.
  • Automates the establishment, management and communication of the corporate and IT strategic plan.
  • Enables the company to actively monitor current performance against goals previously defined, and report this performance to auditors and internal stakeholders in real-time.
  • Provides establishment and measurement of key performance indicators related to either business processes or to IT infrastructure elements.
  • Totally compliant with the BSC (Balanced Score Card) methodology.
SE Risk
SE Risk
  • Manages enterprise and IT risks.
  • Risks, controls, and tests are linked for traceability.
  • Risk framework can easily be configured to a variety of organizational structures or methodologies, enabling organizations to adapt the solution to their unique systems and processes.
  • Supports a top-down risk assessment approach and a process level risk assessment approach.
  • Automate the tracking of inherent, target and residual risks.
  • Identifies and scores risks based upon significance and likelihood, and track controls related to each risk.
  • Provides a framework for establishing risk management goals and priorities, identifying action plans and ownership, and monitoring progress against goals.
  • Robust reporting features such as dashboards, heat maps and key risk indicators enabling executive monitoring of critical risks.
SE Project
SE Project
  • Provides program and portfolio management frameworks for IT investments.
  • Ready to use, proven project management process aligned to de facto standard PMBOK approach.
  • Supports establishment and maintenance of project monitoring, measurement and management system.
  • Automates creation and management of project charters, schedules, quality plans, budgets, and communication and risk plans.
  • Native workflow engine “Team Workflow”, assures participation and commitment of all project stakeholders.
  • Automated task assignments, routing, escalation, review, and approval, increasing efficiency for the team.
  • Audit history always accessible.
  • Provides tailoring of additional and organization unique processes and reporting capabilities.
  • Provides project classification schemes. Projects associated with or impacted by COBIT processes can be tracked and managed.
  • Templates and checklists for tracking and managing changes.
  • Provides project and product development processes.
  • Provides stage-gates approach for projects, including scorecard criteria and criteria for a “go-no-go” decisions.
SE_WORKFLOW
SE Workflow
  • Generic, personal and customizable workflow engine to structure the service flows and activities.
  • Enforces task priorities and deadlines required to meet Service.
  • Level Agreements.
  • Monitor and report end-to-end service level performance.
  • Automates the process of recording, assessing and prioritization of change requests.
  • Assures that any emergency and critical change follows the approved process.
  • Provides a workflow to authorize changes.
  • Manage and disseminate relevant information regarding changes.
  • Audit history always accessible.
  • Provides stage-gates approach for projects, including scorecard criteria and criteria for a “go-no-go” decisions.
SE Document
SE Document
  • Maintains any related COBIT, process and project documentation in a secure, centralized system that can be accessed by users and auditors from virtually anywhere.
  • Automated task assignments, routing, escalation, review, and approval, increasing efficiency for the entire team.
  • Changes are automatically tracked and approvals are streamlined.
  • Enables users and auditors to search and retrieve documents faster and easily, resulting in savings in hours used.
  • Compliance history always accessible.
  • Retains documents according to company policy, anywhere from 24 hours to several years or longer. Retention can be configured by document category.
  • Document the Quality Management System.
  • Ensure only the latest document versions are used.
SE Process
SE Process
  • Ensure processes are defined, planned and documented.
  • Ensure processes are monitored and controlled.
  • Creation of approval cycles to enable full visibility and accountability for executive management.
  • Advanced tracking and reporting capability.
  • Real-time view of a company's COBIT environment, allowing continuous monitoring and processes improvement, increasing confidence among executives, process owners, and auditors.
  • Processes can be carried out under controlled conditions: documented instructions, in-process controls, and approval of processes and controls.
SE Audit
SE Audit
  • Audits are planned and performed.
  • Results of audits are communicated to management.
  • All findings are corrected and registered.
  • Manage any required corrective action.
  • Ensure corrective actions are carried out on time.
SE Competence
SE Competence
  • Defines job descriptions, positions within all IT department, and identifying specified required responsibilities, authorities, and capabilities.
  • Provides a database of educational institutes and identifies specific competency courses.
  • Schedules training sessions on user-defined calendars - weekly, monthly, or annually - with automatic display of training needs that are pending in a certain period of time.
  • Displays all scheduled training sessions through timesheets, spreadsheets, and Gantt charts, then groups results based on specific IT department, or the entire company.
  • Provides tools for all kinds of competence evaluation.
  • Evaluate employee competencies and skills based on personalized evaluation forms.
  • Calculates the employees' qualification levels based on their job performance, then displays summarized results in charts based on employee, job position, or department.

Back to top

 ?>
Download Center
Select materials of interest and click Download