The framework established in 1996 called COBIT has been a proven toolset for IT groups, and is used widely technology departments who focus on regulatory compliance and added value from IT initiatives.  The Control Objectives for Information and related Technology (COBIT) was established by two leaders in the world of information technology – the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI).

The goal of ISACA and ITGI when COBIT was created was to provide an efficient framework that presents best practices for clear policies and controls for IT development initiatives.

All too often, there is a gap between business expectations and IT technical or development issues.  Business must minimize risks so that any new IT project must be implemented on time, within budget, without negative business impact.  IT must meet often unrealistic timelines while producing and implementing a quality product.  COBIT can assist in bridging this gap through a stringent set of guidelines and tools that helps both business and IT groups to work together for mutual project success.

Some examples of COBIT use include:

  • Allstate Insurance determined that COBIT practices would provide the structure and compliance tools needed to insure the controls for IT were consistently applied throughout the organization.  With the implementation of a common control language, Allstate’s IT group was able to build a risk assessment process through collaboration with business and IT leaders.  This process then enabled Allstate to foster management accountability, improve communications between clients and auditors, and produce solid solutions that minimize risks and failures.  Through this implementation, accurate data and information was delivered more efficiently and evaluated more effectively for the business.
  • Canadian Tire Corporation’s Financial Services division needed to improve their ability to process and manage the Canadian Tire Options Mastercard systems.  In order to meet Canadian government certification requirements for Canadian Securities Administrators (CSA) and the Ontario Securities Commission (OSC), the CEO and CIO for Canadian Tire decided to use COBIT for several reasons.  Among those reasons include:
  • It is an internationally accepted standard for IT framework and best practices
  • Both management as well as end users can participate with IT
  • It easily maps to other standards such as ISO 17799, ITIL and NIST
  • It provides the alignment needed with both business and IT groups
  • Through the implementation of COBIT’s controls and audit processes, Canadian Tire Corporation Financial Services was able to conduct a strategic audit review of their practices, identify risks, rationalize requirements, agree on critical success factors, and develop the required testing methodologies.  Canadian Tire was then able to have the certifications needed while also establishing metrics, indicators, and processes that are agreed upon by both the business and IT groups to insure ongoing benefits and achieve corporate goals.

COBIT has been an established and proven methodology for over a decade.  When your IT development projects have an urgent need for standards and governance, consider using COBIT as your tool for success.

Handling the Remedy is available here and other leading retailers:


David Peterson

David G. Peterson is a business consultant and author of Handling the Remedy. He has extensive international experience managing projects and operations for large financial institutions. He has worked in North America, Europe, Middle East and Asia skillfully managing business and technical requirements, core systems enhancement and support, merger and acquisition integration's, business process reengineering, off-shoring and outsourcing.