·
04/10/2016
Solution

Mobile solution for Cobit inspection tasks

Year after year, data centre activities need to be certified in accordance with the auditing standard IDW PS 951 Type 2. As of next year, the individual inspection tasks can be performed flexibly from a mobile terminal device. This is thanks to the new version of the Cobit 5.0 inspection catalogue, which is now available on easysquare.

The IT Managed Services division of PROMOS has changed over the Cobit 4.1 inspection catalogue to the new version, Cobit 5.0. This continues to take account of the control objectives that had already been defined for a general IT check. On top of this, Cobit 5.0 also pays attention to aspects of IT governance and IT compliance in the respective company.


PROMOS has set itself the goal of addressing this auditing standard in the interests of customers right from the start. This requires practical application as early as possible. As a result, PROMOS will itself be subject to this new auditing standard as of spring 2017. The results, which relate to the projects completed in 2016, provide information regarding how the department concerned works and how economical it is.


Cobit inspection catalogue in easysquare


With a view to providing IT support for performing inspection tasks and making the inspection tasks as simple and efficient as possible, the catalogue has been transferred to the easysquare platform. It is mapped there in full, with the respective controls in quality assurance. Thanks to the integration into easysquare, the inspection tasks can be performed on a mobile terminal device. Specifically, those responsible in each case receive a form containing their respective calls to action. Each individual can manage their time as they see fit and perform the tasks at a pace of their choice.

Mobiles Formular für die Cobit-Prüfaufgaben in der easysquare mobile App
Figure 1: Mobile form for the inspection tasks.
Informationstechnologie und Immobilien (IT&I) Ausgabe Nr. 37 / Mai 2024

Stay Updated on IT and Real Estate – Subscribe Now!


Get regular updates with the latest IT trends and key insights from the real estate industry. We bring you valuable knowledge, practical tips, and the newest developments – straight to your inbox. Sign up for our newsletter today and stay on top of the latest news!

The call to action in accordance with the Cobit catalogue forms the basic structure of the inspection procedure. It is supplemented by an interpretation of the control objective, accommodating the specific circumstances and requirements of PROMOS. In addition, the person responsible for the control objective has access to the entire Cobit catalogue in the form of a PDF file on the mobile terminal device.


Each control task cannot only be performed, but can also be assessed with an inspection result. This entails a status display for the person to acknowledge themselves and to provide a better insight for higher levels. There is a choice here between various categories such as “OK”, “on hold” or “further action required”.


A higher-level target / actual list ensures that the status of the control tasks is transparent at all times in the year both for the auditor and for the internal supervisory bodies. The individual columns provide an overview of the previously defined deadlines. Different colours are used to provide a clearer overview and aid with orientation in determining the current inspection status. “Completed” and “OK” are thus coloured in green. The “Work instruction” column contains not only the heading of the inspection order but also a precise description.

Soll/Ist Liste im easysquare Webportal.
Figure 2: Target / actual list on the web portal.
If you select an individual task from the target / actual list, the inspection measure performed is always listed clearly in a PDF document in the “Document” column. This contains references to further inspection documents. In many cases, the PROMOS interpretation connected with the inspection order constitutes an objective as part of our existing quality criteria and compliance regulations. Possible criteria for adapting and extending these interpretations include a changed market environment and dynamic company development.
PDF-Dokument zum Nachweis durchgeführter Cobit-Prüfmaßnahmen mit der easysquare mobile App
Figure 3: PDF document to provide evidence of inspection measures performed.

Summary


Based on the solution that went live at the beginning of the year, those responsible in the IT Managed Services division have derived certain handling conclusions within the processing process. In addition, alongside the inspection tasks for Cobit 5.0, it will also be possible to map the enhanced data protection measures. This includes, for example, a sample inspection of data protection measures in the company and cyclical inspections of the technical/organisational measures for data protection. These will then constitute a further component of the inspection catalogue, which will be incorporated into the quality assurance solution of the easysquare platform.

Please wait