To implement the ISO 38500 standard a system to direct and control the current and future use of IT is required. The system comprises controls and processes to achieve the strategic objectives set by the organisation's governing body. A few choices are available

COBIT is a popular IT management framework that defines both processes and controls. In many respects its purpose is similar to ISO 38500 as it also aims to enable better governance of information technology so that the organisational objectives are achieved.

iso 38500 modelAt the centre of ISO 38500 is a framework of 6 principles. To implement these principles it is easiest if they are mapped to the COBIT process model and through the execution of these processes ISO 38500 becomes effective.

The advantage of using a process framework like COBIT is that it groups related IT activities in processes that have a life-cycle and are focused on achieving specific outcomes. Through cascading the organisation's business objectives down to the IT processes you are able to align day to day activities with the organisation's stakeholder expectations.

Roles, responsibilities and decision-rights at the process level can be aligned with the business goals. Governance mechanisms such as job descriptions and contracts can be crafted to support the achievement of specific outcomes. Performance measures can be fine tuned to drive the required behaviour. Over time, controls are implemented to manage risk and capability is developed so the organisation is better able to perform as expected.