Navigating the ever-evolving landscape of the banking industry requires robust IT governance and audit practices. Enter COBIT® 2019, a globally recognized framework designed to bridge the gap between business needs and IT control. This article delves into the integration of COBIT® 2019 within banking institutions, specifically focusing on IT audits and business continuity planning.

What is COBIT® 2019 Framework?

COBIT® 2019 is a business-oriented governance and management framework developed by ISACA (Information Systems Audit and Control Association). It provides a comprehensive set of resources, including processes, practices, and tools, to ensure that IT is aligned with business strategy, delivers value, and mitigates risks. The framework revolves around six domains:

1. Evaluate, Direct & Monitor (EDM) – aligns IT strategy with business objectives and monitors performance.

2. Align, Plan & Organize (APO) – defines the IT architecture and resources needed to achieve goals.

3. Build, Acquire & Implement (BAI) – ensures the secure development and acquisition of IT solutions.

4. Deliver, Service & Support (DSS) – manages the delivery and support of IT services.

5. Enable & Assess (EA) – provides the infrastructure and skills required for IT operations.

6. Protect (PR) – safeguards information assets and mitigates security risks.

Incorporating COBIT® 2019 Framework into IT Audits for Banks: Why and How

IT audits are crucial for assessing the effectiveness of internal controls and managing risks within the bank's IT environment. COBIT® 2019 offers several advantages for conducting IT audits:

Provides a consistent framework for audit planning, execution, and reporting, allowing for benchmarking and improvement over time.
Guides auditors to prioritize high-risk areas based on business objectives and IT processes.
Ensures that audit findings are directly relevant to business needs and concerns.

Here's how to incorporate COBIT® 2019 into your IT audit process!

1. Map COBIT® 2019 processes to bank's IT activities

Identify relevant COBIT® 2019 processes based on the bank's specific IT environment and regulatory requirements.

2. Define audit objectives

Align audit objectives with business goals and risks associated with mapped COBIT® 2019 processes.

3. Design and execute audit procedures

Develop audit procedures based on COBIT® 2019 control practices and objectives.

4. Evaluate control effectiveness

Assess the effectiveness of existing controls and identify areas for improvement.

5. Report findings and recommendations

Communicate audit findings, risks, and improvement recommendations to management.

Incorporating COBIT 2019® Deliver, Service and Support (DSS) Domain into Business Continuity Planning for Banks

Business continuity planning (BCP) ensures the bank's ability to recover from disruptive events and restore critical operations swiftly. COBIT® 2019 DSS domain provides valuable insights for developing and implementing a robust BCP.

1. DS01 - Define and Manage Service Levels

Helps in establishing and managing service levels, ensuring that BCP requirements are integrated into service level agreements (SLAs).

2. DS02 - Manage Third-Party Services

Helps in managing relationships with external service providers, including ensuring that their services align with the organization's business continuity requirements.

3. DS03 - Manage Performance and Capacity

Assists in managing the performance and capacity of IT services, contributing to the overall resilience of critical business processes.

4. DS04 - Ensure System Resilience

Helps in designing and implementing systems that can withstand and recover from disruptions, aligning with BCP goals.

5. DS05 - Ensure Data Integrity

Helps in establishing measures to ensure the integrity of data, which is crucial for maintaining the continuity of business processes during and after disruptions.

6. DS06 - Manage Changes

Assists in managing changes to IT services, ensuring that changes are assessed for their impact on business continuity and implemented in a controlled manner.

7. DS07 - Ensure Compliance with External Requirements

Helps in ensuring that IT services comply with external requirements related to business continuity.

8. DS08 - Manage Service Desk and Incidents

Assists in establishing and maintaining a service desk that can effectively handle incidents, supporting business continuity efforts.

9. DS09 - Manage the Configuration

Contributes to business continuity by managing configurations in a way that supports the recovery of critical services.

10. DS10 - Manage Problems

Focuses on managing problems, including the root causes of incidents. Addressing problems proactively supports business continuity by preventing the recurrence of disruptions.

To Sum Up…

COBIT® 2019 is not just a framework; it's a strategic roadmap for navigating the complexities of IT governance in the dynamic banking landscape. By embracing its principles and practices, banks can build a future-proof IT environment that supports business growth, fosters innovation, and safeguards critical information assets.

References

ISACA. (2020, October 2). Evaluating Business Service Continuity and Availability

using COBIT 2019. Retrieved from

https://www.isaca.org/resources/news-and-trends/industry-news/2020/evaluating-business-service-continuity-and-availability-using-cobit-2019

ISACA. (2019). COBIT® 2019 Framework: Governance and Management Objectives.

Retrieved from https://www.isaca.org/resources/cobit

Wiki Process Symphony. (n.d.). Continuity Management – DSS04 (Cobit

2019). Retrieved from https://wiki.process-symphony.com.au/uncategorized/continuity-management-dss04-cobit2019/

Insight

Incorporating COBIT® 2019 Framework in the Banking Industry