Madhav Chablani, director, ISACA, New Delhi Chapter discusses the importance of aligning IT governance with corporate governance, the emerging trends in information governance and the latest version of COBIT.

How successful has ISACA been in empowering the information systems audit and assurance community in India?

ISACA works closely with its local chapters to ensure IT and business leaders obtain the training, education, research and certification mostly applicable to them. ISACA established the IT Governance Institute (ITGI). Although the two are legally separate entities, they share common interests and activities, a constituency base and headquarters structure and staffing. ISACA in India is targeting the IS auditor, CIO and CEO community to empower them on the role of IT governance, IS audit and to create awareness about IT by organising various seminars and webcasts. We are also providing certification programmes for these executives to maintain an international standard in India which will help the Indian companies to expand their presence globally. Now in India, we have more than 2500 members and they are either CISA (Certified Information Systems Auditor) or CISM (Certified Information Security Manager) certified.

How is IT governance different from corporate governance?

Corporate governance couldn’t be achieved without IT governance. IT governance is an integral component of corporate governance. It consists of the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives. IT governance is not only the responsibility of CIO but also of the board of directors and executive management with the implementation of IT strategy in place. Effective IT governance helps ensure that IT supports business goals, optimises business investment in IT and appropriately manages IT-related risks and opportunities. ISACA is helping the IT executives’ community to align IT governance with corporate governance in India.

What are the emerging issues with regard to information governance?

With the growing concern about information security, a lot of pressure rests upon the CIOs with regard to information governance. There have been reports on the top two IT-related problems in operational incidents and staffing issues, according to a global survey commissioned by the ITGI. Also, according to a research report, this year’s emerging trends for CIOs are process improvement, diminished division between IT and the business, increased security threats and new architectures. The increasing focus on security from an enterprise perspective has led to a new way of examining risks that institutions face as a whole. This, in turn, is leading to innovative approaches that emphasise integration specifically, the integration of the risk side of business into the strategic planning side in a consistent and holistic manner.

How are enterprises addressing the converged issues surrounding their security?

As new technologies emerge and threats become increasingly complex and unpredictable, senior security executives are recognising the need to merge security functions throughout the entire enterprise. A significant shift in emphasis has been realised from security as a purely functional activity within an enterprise; to security as a value add to the overall mission of business. Imperatives that are forcing convergence to emerge are rapid expansion of the enterprise ecosystem, value migration from physical to information-based and intangible assets, new protective technologies blurring functional boundaries, new compliance and regulatory regimes and continuing pressure to reduce cost. Delivering on convergence is not just about organisational integration, rather it is about integrating the security disciplines with the business’ mission to deliver shareholder value.

How far will the latest version of COBIT address the issues related to IT risks and compliance?

COBIT (Control Objective for Information and related Technologies) 4.1 is an incremental update to the globally accepted framework that ensures that IT is aligned with business goals, its resources are used responsibly, and its risks are managed appropriately. It represents a fine-tuning of the COBIT 4.0 framework and can be used to enhance work already performed based on earlier versions of COBIT. COBIT 4.1 is an authoritative, international set of generally accepted practices that helps boards of directors, executives and IT managers increase the value of IT and reduce related risks. It is used widely as a tool for compliance with Sarbanes-Oxley and many other global standards. COBIT predates the control legislation being enacted around the world. The updates in COBIT 4.1 include enhanced performance measurement, improved control objectives and better alignment of business and IT goals. Many Indian organisations and MNCs having presence in India are using COBIT.