COBIT in South Africa

South African Government adopts COBIT Framework

South African Government Public Service departments are due to adopt COBIT 5 as part of the Corporate Governance of Information and Communication Technology Policy Framework, as instructed by the Department of Public Service and Administration.

The Auditor General of South Africa identified a lack of political and strategic leadership of ICT (Information and Communication Technology) in the Public Service, and identified priority focus areas for ICT, which are addressed in the Corporate Governance of Information and Communication Technology (CGICT) Policy Framework. This document identifies the minimal principles, practices and COBIT 5 processes to be adopted by the Government Chief Information Officers Council (GITOC).

Implementation of the Framework will require monitoring from:

  • the Department of Public Service and Administration (DPSA) in relation to conformance;
  • the Department of Planning, Monitoring and Evaluation (DPME) in the office of the President; and
  • the Auditor General for auditing.

The CGICT Policy Framework indicates that the Governance of ICT Framework will be informed by COBIT 5 processes. In 2012 the Government Chief Information Officers Council (GITOC) adopted 12 minimum processes that should inform implementation. These processes are informed by the priority focus areas for ICT audits, as defined by the Auditor General.

The minimum processes are:

  • EDM01: Governance framework setting and maintenance
  • APO01: Manage the ICT management framework
  • APO02: Manage strategy
  • APO03: Manage enterprise architecture
  • APO05: Manage portfolio
  • APO10: Manage Suppliers
  • APO12: Manage Risk
  • APO13: Manage security
  • BAI01: Manage security: Manage programmes and projects
  • DSS01: Manage operations
  • DSS04: Manage continuity
  • MEA01: Monitor, evaluate and assess performance and conformance

COBIT in the South African private sector

The private sector is freed from the requirement to use any particular methodology or framework for implementing IT governance. However, some private sector companies, such as SAB Miller and Old Mutual have adopted COBIT to improve and strengthen their IT governance framework.


How is COBIT used?


Sab Miller

SAB needed COBIT to develop an IT and enterprise architecture strategy, which served to further increase awareness of COBIT’s benefits among the IS audit and IT department. COBIT helped determining accountability for processes and improve IT governance.

With the enforcement of the Corporate Directives for IT Security in 1998, COBIT was declared to be the standard. It comes highly recommended and is internationally accepted.

Old Mutual

COBIT was implemented as a tool to determine the audit scope and the objectives on computer audit assignments and to develop audit programs. It was also used to develop information technology policies, standards and procedure manual.

COBIT is a valuable resource that addresses the new IT issues the business is facing today. COBIT also provides the senior level counsel and technical guidelines needed as technology improves and the business moves forward.

Source: ISACA

You might also be interested in: