Olajumoke Oyegbola, a seasoned compliance and risk management specialist with over 19 years of banking experience and a background in information security awareness, has highlighted through a research paper the crucial role of ‘COBIT 5’ in enterprise risk management (ERM).
In a media statement, Oyegbola said that COBIT 5, which stands for Control Objectives for Information and Related Business Processes, Integrity and Security, Technology, is the fifth version of the framework.
“It is a globally recognised framework that bridges the gap between technical issues, business risks, and control requirements, ensuring quality, control, and reliability of information systems in business organisations.
“COBIT 5 provides tools, best practices, and objectives applicable to all enterprise IT operations, making it an essential component of ERM,” she assured.
Oyegbola said, “COBIT 5 for Risk has been available for quite some time now, but still, organisations consider it more of a management and operations framework and set of guidelines, while neglecting a major chunk of the framework, for the obvious reason that organisations fear the consequences (both in terms of cost and time) if risk management fails.”
The risk expert added that COBIT5’s approach to IT risk management is likened to planning a journey, identifying potential roadblocks, setting risk limits, and using strategies to navigate safely, enabling informed decisions, and achieving compliance with laws and regulations.
Oyegbola explained further that the application of ‘COBIT 5’ for risk in organisations involves encouraging executive management support, identifying key organisational structures and roles, embedding risk management into daily processes, establishing a risk-aware culture, and developing metrics for key risk indicators.
“COBIT 5, developed by the Information Systems Audit and Control Association (ISACA), provides a structured approach to IT governance, risk management, and compliance,” she noted.
She also disclosed that this framework provides best practices, guidelines, and tools for managing IT processes, including governance and management, risk management, control frameworks, compliance and policy management, and audit and assurance.
“The framework is flexible and adaptable to various industries, sizes, and types of organisations and is widely recognised as a standard for IT governance and management.”
She emphasises that ‘COBIT 5’ for risk is a powerful framework that covers risk related to IT and information security, making it an essential tool for business organisations seeking to improve their ERM practices.
