/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsNew Delhi: COBIT (Control objectives for information and related technologies), issued by the US based IT Governance Institute and now in its third edition, is internationally accepted as good practice for control over information, IT and related risks.
Its guidance enables an enterprise to implement effective governance over IT that is pervasive and intrinsic throughout the enterprise. Zia Askari of CyberMedia News Service spoke to Erik Guldentops, Advisor to the board, IT governance institute and author of COBIT framework about the concept and what kind of plans does he have for India.
What is the focus of your organization? How exactly do you think that COBIT can help organizations realign their corporate governance initiatives?
Our core focus is to research, develop, publicize and promote an authoritative, international set of generally accepted IT control objectives for day-to-day use by enterprise management, IT management and business process owners as well.
Information Systems Audit and Control Association (ISACA) is behind the initiative of COBIT and it is a IT governance framework that helps enterprises meet their objectives by facilitating the understanding and management of information and risks involved in their IT operations.
Business orientation is the primary theme of COBIT. It provides good practices for the management of IT processes in a manageable and logical structure. The framework enables the enterprise to take full advantage of its information, thereby maximizing benefits, capitalizing on opportunities and gaining competitive advantage.
What are the issues involved with proper corporate governance and how do you deal with them?
The key to maintaining profitability in a technologically changing environment is how well you maintain control. COBIT's control objective components provide critical insight needed to delineate a clear policy and good practice for IT controls.
COBIT has been developed as a generally applicable and accepted standard for good IT security and control practices that provides a reference framework for management, users, and IS audit, control and security practitioners.
How do you plan to focus on India? What are the sectors that you would be targeting initially?
In this post-Enron era, the rules for corporate governance, especially for audit committees of public company boards of directors, are rapidly and radically changing. The most sweeping legislation in corporate governance in several decades, the Sarbanes-Oxley Act of 2002 (the "Act") was signed into law on July 30, 2002.
It creates, among other things, a new framework of responsibilities for audit committees and other members of boards of directors of public companies. COBIT framework is fully Sarbanes-Oxley compliant and there are a lot of US listed companies in India. They need to comply themselves with this law and COBIT can help them in doing so easily.
There are many organizations like - HCL, Ranbaxy, PNB, GE and AV Birla Group, which are using COBIT framework for governance. Initially, we are looking at sectors like banking and finance as our focus areas. In addition to this, we are also working closely with PricewaterhouseCoopers, KPMG within India to penetrate more into other segments and niche areas as well.
In the light on the recent anti-outsourcing bill that has been passed in the US senate, what has been the mood of the private sector in general and outsourcing firms in particular?
This entire anti-outsourcing wave has more of a political dimension attached to it rather than the emotional one. Moreover, the bill that has been passed has more to do with the government work and not with the private firms, hence private companies will continue outsourcing. I sincerely believe that US based companies will continue to outsource to countries like India or China as far as it makes business sense to them.
So, the mood of the private sector is still quite upbeat and a lot of activity is going on with companies seriously thinking about outsourcing to Asian regions.
(CyberMedia News Service)