Asian Channels was honored to catch up with Dr. Eric Guldentops, known as the ‘father of COBIT’(during his ‘day’ job, he is the executive professor at the University on Antwerp) to find out his thoughts on IT Governance and the latest version of COBIT – COBIT 4.1.

“IT is a value proposition and should always be thought of this way, sadly, this is often not the case. It is also important to note that IT value is in the eye of the beholder. Successful organizations understand the benefits of information technology (IT) and use this knowledge to drive their shareholders’ value. They recognize the critical dependence of many business processes on IT, the need to comply with increasing regulatory compliance demands and the benefits of managing risk effectively. IT Governance aids organizations in successfully meeting today’s business challenges,” he elaborates.

To put it in a nutshell, he says that IT Governance is about enabling projects and business objectives and secondly revolves a lot around communication. The key question is whether a firm’s investment is in harmony with its strategic objectives (intent, current strategy and enterprise goals) and thus building the capabilities necessary to deliver business value. This state of harmony is referred to as “alignment”. It is complex, multi-faceted and never completely achieved. It is about continuing to move in the right direction and being better aligned than competitors.

The alignment of IT has very often been synonymous with IT strategy. “In the case of IT Governance, alignment encompasses more than strategic integration between the future IT organization and the future enterprise organization. Both IT alignment and IT value delivery are a journey, not a destination, so don’t forget the brakes,” Dr. Guldentops quips.

He admits that IT Governance suffers from a lack of awareness and that the Asia Pacific is well behind the learning curve. He adds that three quarters of people are doing something about IT governance but a worrisome one quarter are still not even thinking about implementing it. On the positive side though, he sees some countries picking up on the IT Governance scene, for example, Australia (the most advanced) with Singapore Hong Kong and India coming up. Larger organizations especially are seeing the synergies between for example audit, policy-making and IT. As to why the take-up rate is still behind other regions, he says it is mainly due to lack of awareness, and also because compliance has been a negative driver. “This makes people only do the minimum and have the attitude that they only comply because they have to.”

“Organizations and the people running them, have to think beyond controls, this is why we have expanded COBIT further. Explaining COBIT simply Dr. Guldentops says, “COBIT is an IT governance/control framework based on generally accepted IT management principles including the mission, vision and objectives of stakeholders of a company. It helps to identify responsibilities and key management practices.”

“COBIT is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT enables clear policy development and good practice for IT control throughout organizations. Above all, it is an evolving reference base,” he adds.

“The IT Governance Institute’s (ITGI) latest version— COBIT 4.1—helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework. It does not invalidate work done based on earlier versions of COBIT but instead can be used to enhance work already done based upon those earlier versions. COBIT 4.1 presents activities in a more streamlined and practical manner so continuous improvement in IT governance is easier than ever to achieve,” Dr. Guldentops elaborates.

The biggest difference in COBIT 4.1, he says is its new, very comprehensive implementation guide. The ITGI listened very carefully to feedback on the last version COBIT 4.0 and as a result the latest improvements on the latest version include -fewer and smaller control objectives, a better explanation of performance measurement, improved process controls, fewer and enhanced Application Controls.

Professor Guldentops adds that COBIT Version 1 was about Audit, Version 2 was about Control, Version 3 about Management and Version 4 on Governance. “COBIT 4.1 is a roadmap for IT assurance. We spent a lot of time building in application and process controls and we believe this will pay off well for IT Governance.”

He also admits that COBIT Version 4.1 will still evolve but adds that it is so far ahead in the learning curve for example, through the implementation guide and the supporting tools, that he suspects that ITGI and ISACA have to now move more into the areas of educating and spearheading the framework and technology. “We now have to push forward the adoption of COBIT 4.1 and focus on building an ecosystem.”