Share on:

Lessons Learned From the COBIT Conference

By Mark Thomas, CGEIT, CRISC

COBIT Focus | 1 June 2015

I thought I knew COBIT, but then I went to the inaugural COBIT Conference hosted by ISACA (16-18 March 2015 in Orlando, Florida, USA) and learned that there is much more to COBIT than I ever imagined—not just from a content perspective, but from a real adoption perspective. Attendance at this conference was impressive, and there were professionals from all corners of business there to learn more about COBIT and how to use it effectively in their organizations. The quality of conference speaker talent was professional and world-class.

During my reflection on the conference over the last several weeks, I created mental notes of some of the most important themes to remember. These themes are not only timely for much of the work I do, but very appropriate for many of my clients today. Herein, I have assembled my top learnings from the first ever ISACA-hosted COBIT Conference.

Every speaker emphasized that COBIT helps the enterprise meet its governance objective of creating business value.

1. It Is All About Business Value

This is important. Every speaker emphasized that COBIT helps the enterprise meet its governance objective of creating business value. I learned that the COBIT goals cascade is a very useful tool to literally map stakeholder needs to enterprise goals, to IT goals, to enablers. Why is this important? COBIT is, first and foremost, a business framework, and meeting business needs is paramount to the success of any COBIT adoption.

2. COBIT Can Be Used as a Framework to Help Manage Frameworks

This sounds a bit redundant, but with the confusion and “framework exhaustion” in our industry, there is a huge need for an overarching model. One of the COBIT principles is to provide a single integrated framework. This not only encompasses previous ISACA documents, but it includes many relevant industry frameworks and standards as well.

3. COBIT Has Much More Utility Than Originally Thought

COBIT is not an academic reference, but a model that truly has use and value. Not only does the core family of products provide many perspectives, there are also a number of publications that take COBIT a step further. After listening to Robert E Stroud’s presentation on the ISACA publication Vendor Management: Using COBIT 5, I took a look through the other documents available. COBIT Online offers practical guidance and it is impressive.

4. There Is Something In It for Everyone

Executives see COBIT as a way to link stakeholder needs to IT-related goals, auditors see it as a tool to help with assurance, IT service providers see it as a good way to determine good practices and activities for processes, and security practitioners use it as a tool for helping create risk-based controls. COBIT has finally escaped the “for auditors only” label, and it is being leveraged across multiple industries in several ways.

Editor’s Note

Mark Thomas will be presenting two sessions, “COBIT Primer” and “How COBIT 5 Relates to Other Standards and Frameworks,” at the 2015 COBIT Conference Europe, 7-8 November in Copenhagen, Denmark.

Mark Thomas, CGEIT, CRISC

Is an internationally known IT governance expert and the president of Escoute Consulting. His background spans more than 20 years of professional experience including leadership roles from chief information officer (CIO) to management and IT consulting. Thomas has led large teams in outsourced IT arrangements, managed enterprise applications implementations, and implemented governance and risk processes across multiple industries. Additionally, he has forged a reputable competency as a consultative trainer and speaker in several disciplines including COBIT, ITIL and IT governance.