Vous êtes sur la page 1sur 3

COBITCaseStudy:COBITandtheCPAFirm

Comejointhediscussion!R.CurtisThompsonwillrespondtoquestionsinthe
discussionareaoftheCOBIT5UseItEffectivelytopicbeginning
21October2013.

WiththeintroductionofCOBIT5,theframeworkismovingtowardamoreglobalapplicationtotheenterprise.But,
canasmallerorganizationstilltakeadvantageofCOBIT5tohelpdirectitsITfunction?Thisisanaccountofone
organizationsbeginningstepstowardimplementingCOBIT5.
Yount,Hyde&Barbourisamidsizedregionalaccountingfirmwith21shareholdersand140employees.Thefirm
hassixlocations,withatleast20peopleworkingremotelyorataclientslocationatanygiventime.Thus,thereisa
complexitytotheITfunctionthatisgreaterthanthesizeoftheorganizationwouldsuggest.ThelossofthefirmsIT
managerandanITstaffmemberreducedtheITstafftoasingleperson.Whilethiswasamajorissueforan
accountingfirminthemiddleofitsbusiestseason,itwasanopportunitytoredefinetheITfunctionfortheentire
firm.Severalshorttermfixeswereinitiated(hiringanITgeneralistandrelyingonanoutsourcedvendortofillin
gapsinstaffing).
TheshareholdersofthefirmhadalwayshadanITsteeringcommitteetocommunicatethefirmsdirectionand
needstotheITmanager,butthecommitteehadnottakenatruegovernancerole.Theriskadvisoryservicesteam
wascomprisedofseveralCertifiedInformationSystemsAuditors(CISAs),includingtheprincipal,whowasthechair
oftheITsteeringcommittee.Therefore,itwasalogicaldirectionfortheITsteeringcommitteetolooktothenewly
releasedCOBIT5astheframeworkonwhichtodevelopabetterITfunction.
COBIT5hasadiagramthatperfectlyillustratestheseparationofgovernanceandmanagement(figure1).Defining
managementsroleasplanning,building,runningandmonitoringappropriatelyseparatesitfromtheroleof
governance.Defininggovernancesroleasmonitoring,evaluatingandgivingdirectionenablestheITsteering
committeetounderstanditsroleandeliminateatendencyformicromanagingtheITfunction.

TheCOBIT5processreferencemodelillustratesthevariousprocesses(figure2).Itlaysouttheoverallscopeof

theITfunctionnicely,butisthisexcessiveforanITdepartmentwithonlyonetothreestaffmembers?Inan
accountingfirmwith21partners,allwithdifferentpractices,thereisagreatvarietyofrequirementsandopinions.
Whileafullimplementationoftheframeworkwouldlikelybeoverlyburdensome,thereisagreatadvantageto
usingthemodeltodesigntheprocessesandroles.Someareaswillneedtobefullydocumentedandformallyput
inplaceothersmaybemoreadhocandinformal.

Viewlargegraphic.
Thefirmisasmallorganizationwithalotofdemandsonresources.TheefforttoorganizetheITfunctionusinga
frameworksothatitcanbeefficientandfilltheneedsandexpectationsofthestakeholdersisongoing.COBIT5isa
solutionfororganizingandintegratingtheITfunctionwithintheoverallorganization.Oneadvantagethatthefirm
hasisthattheshareholdersandstaffunderstandtheimportanceofITtofillingtheneedsofthefirmanditsclients
effectivelyandefficiently.
COBIT5ImplementationlaysoutsevenphasesforimplementingCOBIT5.Usingthisguide,thefirmbeganby
identifyingthedriversaswellasthechallengesoftheinitiative(phase1,Whatarethedrivers?).Therewere
severaldriversforthefirm.TherewasageneraldisconnectbetweenITandtheneedsoftheprofessionals.With
differentpracticesacrossthefirmtherearedifferentneedsthatwerenotalwaysunderstoodoraddressed.WhileIT
spendingwaswithinbudget,spendingdidnotalwaysfollowtheneedsofthefirm.AndfortheITdepartment,oneof
thebiggestissueswastherarelyconsistent,individualdemandsof21individualshareholders.
Thefirmiscurrentlybetweenphase2(Wherearewenow?)andphase3(Wheredowewanttobe?).These
phasesarelogicallybeingworkedonconcurrentlybutarechallenging.Thebusyschedulesoftheprofessional
staffandthedemandsonasmallITdepartmenttendtointerferewithplanningsessionsanddiscussions.
Milestonesanddeadlinesarenowbeingputinplacetohelpkeeptheprojectontrack.Somedepartmentshave
completedtheprocessofidentifyingwheretheyareandwheretheywanttobe.Thishasbeenaccomplished
throughplanningsessionsanddiscussions.WiththeinputoftheITsteeringcommittee,theremainingdepartments
willgetthesephasescompletedsothenextphasescanbegin.Plansareinplacetobeginphase4(Whatneedsto
bedone?)andphase5(Howdowegetthere?)inearlyNovember.
COBIT5hashelpedthefirmthinkaboutitsITprocessesandhowtheyinterrelatewiththeobjectivesofthefirm.

EveninasmallorganizationlikeYount,Hyde&Barbour,thereisroomforaframeworktohelpdirectthestructure
andfunction.
R.CurtisThompson,CISA,CPA.CITP
IsashareholderatYount,Hyde&Barbour,PC,aregionalCPAfirm.Hispracticeisfocusedontechnologyand
internalcontrolsservicesforvariousindustrieswithaconcentrationinfinancialinstitutions.

Vous aimerez peut-être aussi