Small and Medium Enterprises Seeking to Start a Governance Program Get Tailored Road Map in New COBIT Resource

Cobit
Author: ISACA
Date Published: 18 November 2021

Schaumburg, IL, USAThe benefits of good governance systems are widely acknowledged, but often governance programs at smaller organizations are nonexistent or immature. Small and medium sized enterprises (SMEs) often deal with constraints such as limited IT resources and smaller budgets, and may have unique needs for their core business and priorities. A new guide from global technology association ISACA, COBIT® for Small and Medium Enterprises, provides guidance for SMEs on developing an enterprise governance system for information and technology (I&T) tailored especially to their unique needs.

COBIT for Small and Medium Enterprises explains the core model and components of the globally recognized COBIT framework, illuminates the key governance and management objectives that are most relevant to SMEs, and walks SMEs through the fundamentals of starting and implementing an I&T governance program. It also provides detailed COBIT guidance specific to SMEs by domain, objective, component, activities, capability levels and metrics. In addition, the guide features mechanisms to help a SME including a governance system design workflow, a suitability assessment, COBIT goals cascade mapping tables, a practical example with detailed steps, and descriptions of SME roles and organizational structures.

“There is no magic formula for all small and medium enterprises to follow when it comes to developing an I&T governance system,” says Lisa Villanueva, ISACA IT Governance Professional Practices Lead. “However, by using tailored resources and a governance system design workflow, SMEs can thoughtfully develop an actionable road map for developing a governance system that can help guide them through the process and ultimately help them design and implement a system tailored especially to their needs.”

Some of the activities outlined in the detailed guidance include:

  • Evaluate the governance system—Consider external regulations, laws and contractual obligations and determine how they should be applied within the governance of enterprise I&T.
  • Understand enterprise context and direction—Develop and maintain an understanding of the current way of working: the operational environment, the enterprise architecture (processes, data, applications and technology domains), organizational culture, and current challenges.
  • Initiate a program—Appoint a dedicated manager for the program, with the commensurate competencies and skills to manage the program effectively and efficiently.
  • Monitor, control, and report on the program outcomes—Manage program performance against key criteria (e.g., scope, schedule, quality, benefits realization, costs, risk, velocity), identify deviations from the plan and take timely remedial action when required.

COBIT for Small and Medium Enterprises is geared toward organizations with up to 250 full- time employees, in which 30 to 70 employees work with IT systems and services, including business managers, professional staff, IT managers, quality or security professionals, and internal auditors. The guidance reflects that enterprises of this size may have limited in-house IT skills and/or capacity, lack complex IT infrastructure, tend to be cost conscious, have a short span of control, and may need to outsource more complex tasks.

COBIT for Small and Medium Enterprises can be downloaded at http://store.v6pu.com/s/store#/store/browse/detail/a2S4w000004L2noEAC. Additional COBIT resources and publications can be found at h04.v6pu.com/resources/cobit.

About ISACA

For more than 50 years, ISACA® (h04.v6pu.com) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation that supports IT education and career pathways for under-resourced, under-represented populations.

Twitter: www.twitter.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAGlobal
Instagram: www.instagram.com/isacanews

Media Contacts

Emily Van Camp, +1.847.385.7223, communications@v6pu.com
Kristen Kessinger, +1.847.660.5554,  communications@v6pu.com