ISACA (Information Systems Audit and Control Association) has unveiled a framework to help establish confidence in IT processes and controls, while relieving the pain that audit and assurance processes can cause business partners.
The perception these partners have, ISACA believe, is that assurance processes consume resources, slow activities and can lead to additional work — all to achieve goals they may not understand.
ISACA’s new COBIT 5 for Assurance attempts to bridge the gap by translating assurance activities into a common language that is meaningful to business and technology partners and ties assessment goals directly to business goals.
Building on the globally recognised COBIT 5 framework, COBIT 5 for Assurance provides practical guidance for unifying business, IT and assurance professionals around a shared approach when planning and performing assurance reviews.
COBIT 5 for Assurance aims to help enterprises enable efficient and effective IT assurance activities so they can have a level of comfort in the processes they are following and how they are managing risk. It provides a defined road map based on internationally accepted assurance approaches.
Tony Noble, CISA, chair of the publication’s development team and VP of IT audit at Viacom, explained: "Enterprises can use COBIT 5 for Assurance to benefit from the consistency, structure, context and vocabulary of the COBIT 5 framework.
"When assurance professionals base their reviews on the same framework used by business and IT managers to maximise the value of information and technology, everyone involved will be using a common language and have a common goal."
COBIT 5 for Assurance is designed for internal and external auditors, audit committees and regulators, as well as boards and business management. It offers example audit/assurance programs related to change management, risk management and bring your own device (BYOD).
This latest guide is part of the comprehensive COBIT 5 family of publications, which also includes COBIT 5 for Information Security.
Greg Grocholski, CISA, international president of ISACA and global business finance director for the Ventures and Business Development unit within The Dow Chemical Company, said: "The governance and management of information and technology is a large and complex topic. COBIT helps counter that complexity through relevant, effective and simple-to-use business guidance on specific areas within information systems. COBIT 5 for Assurance provides the assurance-specific perspective of this important business framework, and was designed in response to heavy demand for audit and assurance guidance using the proven, structured approach of COBIT 5."
ISACA’s COBIT 5 framework is a business framework for the governance and management of enterprise information and technology. It provides globally accepted principles, practices, analytical tools and models designed to help business and IT leaders maximise trust in and value from their enterprise’s information and technology assets. The framework and related documents have been downloaded more than 100,000 times in the year since its release.