Facilitating GRC Best Practice
Supported Standards:
ISO 31000
BS 10500
ISO 19600
ISO/IEC 38500
ISO/IEC 27001
ISO/IEC 22301
ISO/IEC 20000
Balanced Scorecard
Consultancy Topics:
IT Governance
IT Risk
IT Compliance
Information Security
Business Continuity

COBIT IT Governance Implementation

IT Governance & Transformation

Analytix IT Governance consulting services are designed to assist organisations to establish or improve their IT Governance programmes. The requirements and effort associated with an IT Governance implementation programme could be daunting, and could involve months and even years of effort to execute.

Facilitating IT Governance Best Practice

Our approach to IT Governance consulting leverages COBIT® 5 and ISO 38500 IT Governance best practices to accelerate your IT Governance, Risk and Compliance (IT GRC) related programme with experienced and certified consultants.

Realising IT GRC Benefits

Our certified and experienced IT Governance consultants provide the technical expertise and project management capabilities needed to build an efficient IT Governance function, programme and capability that will enable you to establish an IT Governance framework and programme that will asist the CIO and IT management team to:

  • Realise IT benefits
  • Optimise IT risks
  • Optimise IT resources (Information, IT services, applications, Infrastructure and IT people) are managed


Depending on the Terms of Reference and Scope of Work, typical deliverables of an COBIT® 5 aligned IT Governance implementation project may include:

  • Assessing the IT Governance and IT process capability
  • IT Governance training and awareness
  • Developing IT Governance and IT Management frameworks
  • Integrating IT Governance with Corporate Governance
  • Ensuring accountability for IT Governance throughout
  • Defining appropriate IT Governance and management structures
  • Developing, documenting and clearly communicating IT policies, standards and processes for IT governance and control
  • Effecting cultural change
  • Driving a process and culture of continuous improvement
  • Creating optimum monitoring and reporting structures

Our approach to IT Governance implementation is fully aligned the international best practice for IT Governance, including COBIT® 5 and ISO 38500.

Our consultants will align the assessments, designs and implementation of the IT Governance and IT Management practices with the COBIT® best practices.

Integrating IT Governance Frameworks and Standards

We assist CIO's and IT management to integrate their various IT GRC related programmes that are already adopted / implemented, or planned for adoption by the IT function, to establish and integrated IT GRC programme , by utilising our experience and knowledge of the various relevant IT GRC related standards, frameworks and methodologies. Our approach to IT Governance framework design makes provision to assist clients, in choosing, and aligning the suitable frameworks into an integrated design.

IT Governance Implementation Lifecycle

Our COBIT® 5 based IT Governance implementation life cycle implementation methodology provides a way for organizations to utilize the COBIT® 5 framework to address the complexity and challenges typically encountered during IT Governance implementations. In addition to the core IT Governance activities, the IT Governance implementation approach also addresses the aspects of change management and program management.

The three interrelated components of the life cycle are the:

  1. Core IT Governance implementation
  2. Organisational change management
  3. Management of the IT Governance programme​


COBIT® 5 is the internationally accepted best practice framework for IT governance and control. With a focus on managing processes, COBIT® 5 has helped organisations bridge the gaps between control requirements, regulatory compliance and business risks to significantly increase the value of their investment in IT. COBIT® 5 provides a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of enterprise IT. COBIT® helps enterprises create optimal value from IT by maintaining a balance between realising IT benefits and optimising IT risk levels and IT resource usage.

COBIT® 5 enables IT to be governed and managed in a holistic manner for the entire organisation, taking in the full end-to-end business and IT functional areas of responsibility, considering the IT-related interests of internal and external stakeholders.

COBIT® is generic and useful for enterprises of all sizes, whether commercial, not-for-profit or in the public sector.

COBIT® 5 Publications

  • COBIT® 5 - A Business Framework for the Governance and Management of Enterprise IT - COBIT® 5 is the latest edition of ISACA’s globally accepted framework, providing an end-to-end business view of the governance of enterprise IT that reflects the central role of information and technology in creating value for enterprises. The principles, practices, analytical tools and models found in COBIT® 5 embody thought leadership and guidance from business, IT and governance experts around the world.
  • COBIT® 5 Implementation - Provides a good practice approach for implementing GEIT based on a continual improvement life cycle that should be tailored to suit the enterprise’s specific needs.COBIT
  • COBIT® 5: Enabling Processes - A detailed reference guide to the processes defined in the COBIT 5 process reference model. Includes the COBIT® 5 goals cascade, a process model explanation and the process reference model
  • COBIT 5: Enabling Information - A detailed reference guide for the Information enabler for the governance and management of enterprise IT (GEIT). This guide further explains the Information Model (based on the COBIT® 5 generic enabler model) and provides examples of fully elaborated information entities.


ISO/IEC 38500:2015 - Information technology -- Governance of IT for the organization

ISO/IEC 38500:2015 provides guiding principles for members of governing bodies of organizations (which can comprise owners, directors, partners, executive managers, or similar) on the effective, efficient, and acceptable use of information technology (IT) within their organizations.

It also provides guidance to those advising, informing, or assisting governing bodies. They include the following:

  • Executive managers
  • Members of groups monitoring the resources within the organization
  • External business or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies
  • Internal and external service providers (including consultants)
  • Auditors


Using COBIT® 5 Framework to Align to ISO 38500 Principles

ISO/IEC 38500:2008 is essentially an IT Governance standard that provides guiding principles for directors of organizations on the effective, efficient, and acceptable use of Information Technology (IT) within their organizations. The principles of the ISO 38500 standard are implemented by implementing the COBIT® 5 IT Governance and Management framework.

In the design phase, the IT Governance consultant applies the defined needs and requirements to designing the IT Governance framework, based on solutions that have been collected. Our IT Governance framework design approach makes provision for considering the following IT Governance aspects:

  • IT Governance Stakeholders, IT Governance Roles & Responsibilities
  • Key IT Decisions
  • IT Engagement Model
  • IT Governance Structures
  • IT Governance Processes
  • IT Policies & Standards
  • IT Frameworks and Methodologies
  • IT Process and Control Model
  • IT Organization Structures
  • IT Roles & Responsibilities
  • IT Skills & Competencies

Our COBIT® 5 aligned IT Governance and IT Management Management consultancy delivers real business benefits:

  • Enables effective IT Governance with streamlined policy documentation, communication, and implementation
  • Lowers IT risk exposure
  • Improves control over and visibility into IT compliance
  • Enables better IT resource utilization, and consistent and collaborative management of tasks, processes, and information