COBIT Process Maturity Assessment for the Public Service

Information and Communication Technology (ICT) is playing an ever-increasing role as a strategic enabler of public service delivery. In addition, the regulatory compliance landscape is changing rapidly (e.g. Protection of Personal Information Act).

It is thus necessary for all Public Service departments to adopt sound ICT governance practices to ensure that risks are contained, costs are managed and value is created.

The COBIT Framework

The COBIT Framework is an open-source Information & Technology governance framework published by the Information Systems Audit and Control Association (ISACA). It consists of an internationally-accepted collection of controls, or best-practices. The current version is COBIT 2019, which was a relatively minor revision from COBIT 5.

Public Service Corporate Governance of ICT

Public service entities (in South Africa) are guided by the Public Service Corporate Governance of Information and Communication Technology Policy Framework (CGICT Policy Framework) which prescribes the adoption and implementation of Information & Technology Governance practices.

The CGICTPF prioritises the following 12 COBIT processes:

  • EDM01 – Ensured Governance framework setting and maintenance
  • APO01 – Managed Information and Technology management framework
  • APO02 – Managed Strategy
  • APO03 – Managed Enterprise Architecture
  • APO05 – Managed Portfolio
  • APO10 – Managed Vendors
  • APO12 – Managed Risk
  • APO13 – Managed Security
  • BAI01 – Managed Program
  • DSS01 – Managed Operations
  • DSS04 – Managed Continuity
  • MEA01 – Managed Performance and Conformance Monitoring

Support for additional frameworks

The CGICTPF refers specifically to COBIT and also recommends the adoption of ITIL, PRINCE2, TOGAF and other frameworks.