Search
Topics
  Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Feedback
· Forums
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account

Current Membership

Latest: immilmeld
New Today: 10
New Yesterday: 140
Overall: 131700

People Online:
Visitors: 44
Members: 3
Total: 47 .

Languages
Select Interface Language:


Major ITIL Portals
For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone

Related Resources
Service related resources
Service Level Agreement
Outsourcing

Note: ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


The Itil Community Forum: Forums

ITIL :: View topic - ITIL, COBiT & Sarbanes-Oxley
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

ITIL, COBiT & Sarbanes-Oxley

 
Post new topic   Reply to topic    ITIL Forum Index -> Related Topics
View previous topic :: View next topic  
Author Message
coops125
Newbie
Newbie


Joined: Jun 20, 2004
Posts: 1
Location: United Kingdom

PostPosted: Sun Jun 20, 2004 11:35 pm    Post subject: ITIL, COBiT & Sarbanes-Oxley Reply with quote

Our US headoffice is about to embark on a project to become Sarbanes-Oxley compliant. I am the IT manager of the UK division and have recently completed the ITIL Foundation and as such want implement this framework throughout our European locations.

I have read up on the Sarbanes-Oxley act and notice that it uses COBiT as the framework. Has/is anyone in a similar position? How does ITIL fit in with the SOX act and what are the requirements of UK divisions of US companies. Would we be better using COBiT in the UK or can we use a mix of both? I would like to discuss/exchange ideas on this subject.

Thanks
Back to top
View user's profile Send e-mail
BobLamb
Newbie
Newbie


Joined: Jun 21, 2004
Posts: 5
Location: Malvern, UK

PostPosted: Tue Jun 22, 2004 12:54 am    Post subject: Reply with quote

There is a lot of ligislation 'heading our way' SOX being one of them, and a plethora of UK and EU directives.

It's all about strengthening controls about the ways companies work and report after a number of high-profile collapses for some major US companies. It can be summarised as: To potect investors by improving the accuracy and relibility of corporate disclosures made pursuant to the securities laws, and for other purposes

So, the CFO has his/her 'neck on the block' on this one.

Now, on the other hand, the vast majority of this information required is in the IT systems, and it is seldom that the CIO has 'free reign' over the domain he looks after (IT Department)

This leads to a disconnect between CFO and CIO in terms of their responsibilities: imagine, the CIO being 'hauled off to jail', because the CFO failed to provide the budget to enable the CIO to comply.

A lot of CIO's are extremely interested in IT/IS Governance - which people are writing whole volumes about.

But back to the immediate question: ITIL & COBIT.

IT Service delivery is concerned with the operational aspects of the IT function, providing an efficient and continuous service that meets the requirements of the organisation. This involves aspects such as systems availability, systems integrity, network security, identity and access management and Business Continuity.

This is a key area of compliance for SOX. And this covers both ITIL and COBIT.

If you focus on just one thing, say security (COBIT), how will that impact on availability, business continuity?

You actually have to do both. I actually think that once this is realised, it will be an enormous boost for ITIL.

What does seem to be happening in the marketplace today is that companies are buying tools to help them comply (Risk Management, Portfolio Management, Change Management and Balanced Scorecard Software), as they 'have to comply'. This will not get around the proces issues (well, in my humble opinion).

To do it right, well, you have to actually do it right, and that means investment for tools and COBIT and ITIL, and that is big, so you need a sound ROI and a business case to convince the C-level.

Back to the debate over IS/IT Governance!

Does that help?

Cheers,

Bob
Back to top
View user's profile Send e-mail Visit poster's website
thecqo
Newbie
Newbie


Joined: Aug 18, 2004
Posts: 2
Location: USA

PostPosted: Thu Aug 19, 2004 6:56 am    Post subject: ITIL & SOX & ISO Reply with quote

Greetings. SOX compliance is quite compatible within a QMS framework (e.g. going for ISO 9001:2000), and a real plus as it is very possible to scope the financial world out of ones ISO scope, but now they have to "play" along with the rest of us (given that IT was always in scope, at least for my company as it helped in the product/service delivery cycle). Once we have our SOX-compliant procedures in place and have gotten our 3rd party auditting firm to do its 4th quarter testing, I am going to transfer all of the SOX-based SOPs or Work Instructions into the QMS - this is something that my CEO wants and supports.

What I am wrestling now with is the compatibility with the ITIL approach and a pre-existing (but not yet cast in concrete) QMS structure. Has anyone been through that particular experience, or have any words of wisdom?

Many thanks,

b
Back to top
View user's profile
Denx
Guest





PostPosted: Thu Aug 19, 2004 8:29 am    Post subject: Reply with quote

Wow - I really think this is an actual cutting edge debate. I too would love to hear ANY first hand experiences. There can't be too many going down this line, so we may have a bit of a wait. But any input on this is valued.
Back to top
Conexio
Newbie
Newbie


Joined: Jun 24, 2004
Posts: 10

PostPosted: Fri Sep 03, 2004 2:05 am    Post subject: Reply with quote

In my previous life as a CIO, I have been through the documentation of processes to track the flow and security of financial information deemed critical by our organization. This is the gist of SOX compliance. I used a really cool workflow management tool called Autobahn by NewRoad Software to track and notify if certain criteria were out of compliance.
I heard they have a booth at the ITSMF conference in Long Beach later this month.

Let me know if you need further information and I will try and help.
tim.seiter@conexio.com
Back to top
View user's profile Visit poster's website
Jacob
Guest





PostPosted: Wed May 18, 2005 10:58 pm    Post subject: ITIL and COBIT Reply with quote

Here is how it was explained to me...

- 1st and foremost, ITIL is not a standard as everyone knows. As a result, auditors are asking you to be 'ITIL compliant'. They're asking you to comply with something else.
- COBIT is an IT Governance initiative
- COBIT doesn't actually specify HOW to implement processes, just what they should accomplish
- COBIT auditors utilize ITIL as a framework during the auditing process
- ITIL does the HOW with respect to the goals of COBIT
- As a result, companies are moving towards ITIL to comply with both COBIT and other IT initiatives.

Did I get this right?
Back to top
Conexio
Newbie
Newbie


Joined: Jun 24, 2004
Posts: 10

PostPosted: Thu May 19, 2005 5:13 am    Post subject: Reply with quote

close. ITIL is the What, the framework as you indicated in your first phrase. It just lays out the basic framework, as a house.

How you build the house, the number of windows, the shape of the house, the number of rooms, size of rooms, etc is the HOW and that is CoBit.

ITIL will say you need a louvre, or bathroom, or toilet, or whatever you call it, and it needs a handle, the ability to flush, etc. COBIT will tell you the handle needs to be brass, the toilet needs to be 18 inches away from the wall and the capacity based on the people using it. 20 construction workers will need a different type of toilet than a 7 year old girl, but they both need to flush the deposits.

If you need more help, you can email me at tim.seiter@conexio.com
Back to top
View user's profile Visit poster's website
Guest






PostPosted: Sat Aug 13, 2005 2:50 am    Post subject: Reply with quote

Conexio wrote:
close. ITIL is the What, the framework as you indicated in your first phrase. It just lays out the basic framework, as a house.

How you build the house, the number of windows, the shape of the house, the number of rooms, size of rooms, etc is the HOW and that is CoBit.

ITIL will say you need a louvre, or bathroom, or toilet, or whatever you call it, and it needs a handle, the ability to flush, etc. COBIT will tell you the handle needs to be brass, the toilet needs to be 18 inches away from the wall and the capacity based on the people using it. 20 construction workers will need a different type of toilet than a 7 year old girl, but they both need to flush the deposits.

If you need more help, you can email me at tim.seiter@conexio.com


Close. However ITIL would be about what you said above(Bathroom Scenario). COBiT would say, you need controls in place to ensure only appropriate and authorized people can flush that toilet. And that you have controls in place to detect who flushed that toilet, ... but enough of the sarcasm.. sorry Wink

ITIL is a bit more specific as it relates to roles and responsibilities and activities within a Process. COBiT states the tasks that are vital activities within a process, such that there needs to be a way to show evidence that this activity is occurring.

e.g. Change Management (ITIL) or Manage Changes (COBiT - AI6)
Cobit Says (snippets): to have controls to ensure all Changes are recorded, calssified, prioritized, Risks and impacts are asssessed, ...
ITIL Says, when recording changes, you should record the CI to be changed, cost and benefit of change. In addition, prioritization should be something like low, med, high(with examples of what these mean), Categories of impact are like minor, substantial, major (with descriptions also)..


So basically Cobit would say a Change request needs to have a priority, ITIL would help you decide what priority levels you should have, COBiT, would say all changes need to be authorized, ITIL would say here is a good process for Authorizing changes...

ITIL is giving a lot more from a content perspective and the HOW. COBiT is very high level and does not touch on the HOW, just the WHAT.
Back to top
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> Related Topics All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

Logos/trademarks property of respective owner. Comments property of poster. Rest 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.