Section 7.1.  Overview

7.1. Overview For this chapter we have decided on a quote by the author Michael Ferguson, who once said, "The first mark of good business is the ability to deliver. To deliver its product or service on time and in the condition which the client was led to expect. This dedication to provision and quality gives rise to corporate reliability. It makes friends and, in the end, is the reason why solvent companies remain solvent." To illustrate the COBIT Delivery and Support Domain's impact, we will assume that as the chief financial officer (CFO), chief information officer (CIO), or information technology (IT) director, you have been asked the following questions: What do IT people do? What value does the IT department provide? Why not outsource the IT department? Some companies do not understand the importance of the IT department. How can an IT department add value? "To best describe the COBIT Delivery and Support Domain, we must amend Ferguson's quote slightly so that it refers to delivering IT "product or service on time and in the condition which the client was led to expect." This part of the quote indicates how IT departments bring value to their companies. The inference of "on time" is self-explanatory. From a COBIT perspective, we would add criteria such as "within budget," "according to requirements," and so forth to "…in the condition which the client was led to expect." Including these additional elements encompasses the intent of the COBIT Delivery and Support Domain, whether your main objective is simply to comply with the Sarbanes-Oxley Act of 2002 (SOX) or you have elected to use SOX compliance as an opportunity to reposition your IT department. This chapter looks at the numerous control objectives in the COBIT Delivery and Support Domain. It offers suggestions on how a small to medium-sized company might be able to reduce them to a manageable process, and suggests possible open source tools. The Transparency Test… The CFO Perspective Let's repeat Michael Ferguson's quote from the introduction: "The first mark of good business is the ability to deliver." Information technology departments will always be under pressure to deliver with limited resources. The only way to manage through the constant pressure is through the utilization of good processes and controls. The world of data integrity and security has taken on new levels of complexity. There often is a misconception in smaller businesses that strong control processes cost incrementally. Nowhere is this less true than in IT and financial controls. As an IT director or CIO, you have a fiduciary responsibility first and foremost to protect the corporation's information. This may be difficult at times, but at the end of the day, the buck stops with you. Similarly, the CFO is ultimately responsible for protection of the company's assets. With that said, in order for the IT department to add value to the corporation, it must be efficient and support its customers. Steve Lanza