Whizbiz
Pty Ltd (WB) deals extensively with online trading and customer detail
databases. The risks inherent in this kind of operation are large, with
internal and external fraud opportunities presumably widespread. And yet, the
director is taking a negative approach stating that COBIT is too much work for
too little benefit, and that it is a ‘one size fits all’ framework, which may
not be appropriate.
Focusing
on risks alone, WB’s biggest problem in my opinion, one of COBIT’s main
objectives is to reduce risk, and the framework would help identify and put in
place measures to counter the potential fraud or theft problems. We know that
if customer’s details were stolen, or if online theft occurred, the costs to WB
would be massive. The initial and
ongoing cost of implementing a framework such as COBIT would be negligible
compare to this.
Another
point to make is that the domains outlined in COBIT focus on control, rather
than the actual execution. The user is
encouraged to simply pick those parts relevant to them and put in place the
appropriate measures. The focus of the four domains, and their processes, and
COBIT in general, is to help the user implement an effective strategy for their
organisation, rather than inform them what they should or shouldn’t be doing.
216Words
No comments:
Post a Comment