IT audits, COBIT, and using business intelligence in SharePoint 2010

I’m in the midst of an MBA, and as part of my coursework, I’ve been reviewing IT audits that are available on the web. The following two audit reports caught my attention.

I’m particularly interested in how organizations, and their auditors, are using the Control Objectives for Information and related Technology (COBIT) framework. The framework is a set of best practices for information technology (IT) management, created by ISACA. COBIT includes four domains and 34 control objects which help guide IT organizations to several objectives related to governance, including aligning IT goals with business goals, communicating IT performance to management, and more. Many IT departments prepare for IT audits by using all or a part of the COBIT framework. Auditors typically perform a gap analysis and provide recommendations that refer to a framework, maturity model, and guidelines such as those in COBIT. (see COBIT excerpt 4.1)

One of the domains, Monitor and Evaluate include the following two control objects.

· ME 1 - Monitor and evaluate IT performance

· ME 2 - Monitor and evaluate internal controls

The audit report, Citizenship and Immigration Canada’s IT audit, includes a recommendation to "roll up project performance metrics into [a] meaningful dashboard". (Section 7.2)

Regional Municipality of Peel is an audit report that incorporates the COBIT guideline, to “develop and implement processes for gathering and reporting information to monitor and evaluate IT performance”.

I write about PerformancePoint Services, now a part of Microsoft SharePoint Server 2010. It’s interesting to see how organizations can use the performance management software to monitor and analyze their businesses. Performance measurement in COBIT helps IT management to track and monitor strategy implementation, project completion, resource usage, process performance and service delivery, using, for example, balanced scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting. This kind of work helps an organization’s ability to define and measure the value of IT in their organization.


The ISACA web site provides more than education for IT governance frameworks. I just found a new SharePoint Server 2010 book, SharePoint Deployment and Governance Using COBIT 4.1: A Practical Approach. It is a step-by-step guide on how to govern the deployment of SharePoint Server 2007 and 2010 using COBIT 4.1. I look forward to writing a blog post about it after I finish reading. Additionally, consider reviewing what SharePoint can do to help you plan for and establish governance, here.

See an example a more complex example of creating IT Operations scorecards, dashboards, and analytics with Microsoft SQL Server, Systems Center Operations Manager, and Microsoft Office PerformancePointServer 2007, here.