IT&I Magazine No. 23 - Article Cobit

The IT Managed Services division of PROMOS has changed over the Cobit 4.1 inspection catalogue to the new version, Cobit 5.0. This continues to take account of the control objectives that had already been defined for a general IT check. On top of this, Cobit 5.0 also pays attention to aspects of IT governance and IT compliance in the respective company.

PROMOS has set itself the goal of addressing this auditing standard in the interests of customers right from the start. This requires practical application as early as possible. As a result, PROMOS will itself be subject to this new auditing standard as of spring 2017. The results, which relate to the projects completed in 2016, provide information regarding how the department concerned works and how economical it is.

Cobit inspection catalogue in easysquare

With a view to providing IT support for performing inspection tasks and making the inspection tasks as simple and efficient as possible, the catalogue has been transferred to the easysquare platform. It is mapped there in full, with the respective controls in quality assurance. Thanks to the integration into easysquare, the inspection tasks can be performed on a mobile terminal device. Specifically, those responsible in each case receive a form containing their respective calls to action. Each individual can manage their time as they see fit and perform the tasks at a pace of their choice.

The call to action in accordance with the Cobit catalogue forms the basic structure of the inspection procedure. It is supplemented by an interpretation of the control objective, accommodating the specific circumstances and requirements of PROMOS. In addition, the person responsible for the control objective has access to the entire Cobit catalogue in the form of a PDF file on the mobile terminal device.

Each control task cannot only be performed, but can also be assessed with an inspection result. This entails a status display for the person to acknowledge themselves and to provide a better insight for higher levels. There is a choice here between various categories such as “OK”, “on hold” or “further action required”.

A higher-level target / actual list ensures that the status of the control tasks is transparent at all times in the year both for the auditor and for the internal supervisory bodies. The individual columns provide an overview of the previously defined deadlines. Different colours are used to provide a clearer overview and aid with orientation in determining the current inspection status. “Completed” and “OK” are thus coloured in green. The “Work instruction” column contains not only the heading of the inspection order but also a precise description.

If you select an individual task from the target / actual list, the inspection measure performed is always listed clearly in a PDF document in the “Document” column. This contains references to further inspection documents. In many cases, the PROMOS interpretation connected with the inspection order constitutes an objective as part of our existing quality criteria and compliance regulations. Possible criteria for adapting and extending these interpretations include a changed market environment and dynamic company development.

Summary

Based on the solution that went live at the beginning of the year, those responsible in the IT Managed Services division have derived certain handling conclusions within the processing process. In addition, alongside the inspection tasks for Cobit 5.0, it will also be possible to map the enhanced data protection measures. This includes, for example, a sample inspection of data protection measures in the company and cyclical inspections of the technical/organisational measures for data protection. These will then constitute a further component of the inspection catalogue, which will be incorporated into the quality assurance solution of the easysquare platform.

Mobile solution for Cobit inspection tasks

Would you like to receive our magazine regularly?