Skip to content

Cobit: Planning and Organization (1 of 4)

August 10, 2008

Planning and Organization

1. Define a Strategic IT Plan

  • IT as part of the organization’s long- and short-range plan

  • IT long-range plan

  • IT long-range planning—approach and structure

  • IT long-range plan changes

  • Short-range planning for the IT function

  • Communication of IT plans

  • Monitoring and evaluating of IT plans

  • Assessment of existing systems

2. Define the Information Architecture

  • Information architecture model

  • Corporate data dictionary and data syntax rules

  • Data classification scheme

  • Security levels

3. Determine Technological Direction

  • Technological infrastructure planning

  • Monitor future trends and regulations

  • Technological infrastructure contingency

  • Hardware and software acquisition plans

  • Technology standards

4. Define the IT Organization and Relationships

  • IT planning or steering committee

  • Organizational placement of the IT function

  • Review of organizational achievements

  • Roles and responsibilities

  • Responsibility for quality assurance

  • Responsibility for logical and physical security

  • Ownership and custodianship

  • Data and system ownership

  • Supervision

  • Segregation of duties

  • IT staffing

  • Job or position descriptions for IT staff

  • Key IT personnel

  • Contracted staff policies and procedures

  • Relationships

5. Manage the IT Investment

  • Annual IT operating budget

  • Cost and benefit monitoring

  • Cost and benefit justification

6. Communicate Management Aims and Direction

  • Positive information control environment

  • Management’s responsibility for policies

  • Communication of organization policies

  • Policy implementation resources

  • Maintenance of policies

  • Compliance with policies, procedures, and standards

  • Quality commitment

  • Security and internal control framework policy

  • Intellectual property rights

  • Issue-specific policies

  • Communication of IT security awareness

7. Manage Human Resources

  • Personnel recruitment and promotion

  • Personnel qualifications

  • Roles and responsibilities

  • Personnel training

  • Cross-training or staff backup

  • Personnel clearance procedures

  • Employee job performance evaluation

  • Job change and termination

8. Ensure Compliance with External Requirements

  • External requirements review

  • Practices and procedures for complying with external requirements

  • Safety and ergonomic compliance

  • Privacy, intellectual property, and data flow

  • Electronic commerce

  • Compliance with insurance contracts

9. Assess Risks

  • Business risk assessment

  • Risk assessment approach

  • Risk identification

  • Risk measurement

  • Risk action plan

  • Risk acceptance

  • Safeguard selection

  • Risk assessment commitment

10. Manage Projects

  • Project management framework

  • User department participation in project initiation

  • Project team membership and responsibilities

  • Project definition

  • Project approval

  • Project phase approval

  • Project master plan

  • System quality assurance plan

  • Planning of assurance methods

  • Formal project risk management

  • Test plan

  • Training plan

  • Post-implementation review plan

11. Manage Quality

  • General quality plan

  • Quality assurance approach

  • Quality assurance planning

  • Quality assurance review of adherence to IT standards and procedures

  • System development life cycle methodology

  • System development life cycle methodology for major changes to existing technology

  • Updating of the system development life cycle methodology

  • Coordination and communication

  • Acquisition and maintenance framework for the technology infrastructure

  • Third-party implementer relationships

  • Program documentation standards

  • Program testing standards

  • System testing standards

  • Parallel/pilot testing

  • System testing documentation

  • Quality assurance evaluation of adherence to development standards

  • Quality assurance review of the achievement of IT objectives

  • Quality metrics

  • Reports of quality assurance reviews

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: