IT Governance

SME businesses are a success story in this part of the world and I always feel it so enthralling to read about the great people who have been behind these successes. As a Consultant, interacting with these achievers is enriching and lively. One of the common lamentations of most of the business leaders is, "I am not able to control or drive my businesses the way I used to do several years back?" Analyzing the reasons made me realize two key things which are typical to SMEs in the Middle East :

1. Micro management by business owners
2. Resistance to changing functioning of business triggered by
IT

The use of IT can be considered as one of the major drivers of economic wealth in the 21st century and is an inevitable part of any business today. Thus, the success of any business in today's world has a lot to depend on IT. IT by its very nature also has inherent risks and the importance of IT Governance cannot be understated as a key element for success of the business.

IT Governance

The purpose of any IT Governance Mechanism is to provide management and business process owners with a model that helps in delivering value from IT and understanding and managing the risks associated with IT. Organisations can approach IT governance on an adhoc basis and create their own frameworks based on the experience found within the organization, or they can adopt standards that have been developed and refned through the combined experience of hundreds of organizations and people.

By adopting a standard IT governance framework, enterprises realize a number of benefts. A number of standard IT governance frameworks exist today and one of the most widely used is the Control Objectives for Information and Related Technology (COBIT). COBIT is focused on what is required to achieve adequate management and control of IT, and is positioned at a high level. The COBIT framework was created with the main characteristics of being business-focused, process-oriented, controls-based and measurement-driven.

IT Governance in SMEs

Morison Menon conducted a survey among SMEs to determine the top COBIT controls that SMEs should have in place for securing information assets

COBIT QuickStart

COBIT QuickStart, is a baseline for small and medium-sized enterprises and other organisations where IT is not mission- critical or essential for survival. It can also serve as a starting point for organizations in their move towards an appropriate level of control and IT governance

While COBIT consists of 210 control 79 objectives and 34 processes in four domains, QuickStart consists of 59 control objectives and 32 processes in four domains. COBIT QuickStart consists of a framework and a baseline. The framework describes what QuickStart is, why it is needed and how to determine its suitability for a given organisation. The baseline consists of the processes and control objectives, as well as simplifed versions of Responsible, Accountable, Consulted and Informed (RACI) charts and key metrics COBIT QuickStart is a simplifed version of COBIT aimed at small and medium-sized enterprises, and can be used as a starting point for organizations in their move towards implementing COBIT.

In the next issue, I would discuss more in depth on how COBIT can be applied to SMEs through a case study.