COBIT 4.1 Automated by Proteus EnterpriseTM

Share Article

"COBIT 4.1 is now fully licensed and available in automated form within the Proteus EnterpriseTM governance, risk and compliance utility," said Stephen Hall, CEO of UK firm Information Governance Limited.

The BSI's top standards for automation are Infogov's priority

COBIT 4.1 is the IT Governance Institute® (ITGI) IT governance framework and toolset for bridging the gap between control requirements, technical challenges and enterprise risks. CobiT Information Security Governance is designed to deliver (IT and Business) strategic alignment, risk management, resource management, performance measurement and value delivery. A very serious but essential undertaking, certainly for the largest of organizations, COBIT enables clearer policy development and better practice for IT control throughout the enterprise. Emphasising regulatory compliance, it assists in increasing the value gained from IT assets. The ITGI is recommending that when major initiatives are being planned for IT governance activities, or when an objective review of the enterprise control framework is on the horizon, companies should start with the most recent version of COBIT.

However, 210 specific and detailed control objectives throughout the 34 high-level IT processes is a tough challenge to implement without enabling technology such as that contained within Proteus EnterpriseTM.

Proteus Enterprise allows large enterprises to manage Financial-GRC, IT-GRC and Operational-GRC with the same tool, and is designed to assist in delivering the key benefits of good information security governance:

·    Improved trust in customer relationships
·    Protecting the organization's reputation
·    Decreasing likelihood of violations of privacy and potential liabilities
·    Providing greater confidence when interacting with trading partners
·    Enabling new and better ways to process electronic transactions
·    Reducing operational costs by providing predictable outcomes
                            - mitigating risk factors that may interrupt the process

Stephen Hall said, "The Control Objectives are substantial in COBIT 4.1 and automation of the initial and ongoing management of this standard is highly recommended. Maintaining and evidencing control in a technologically changing environment is vital to ensuring continued profitability from your IT assets. Enterprise-wide visibility of the success of those controls are also vital because stakeholders and Boards want assurance that controls and risks are being managed. This visibility is provided through the Proteus RiskView™ module. This bridges the gap between the technical, regulatory compliance, risk communities and senior management within your organization. RiskViewTM distils, displays and reports on an enormous amount of information gathered from within your organization and displays it within a real time dashboard view. The web-server design makes deployment and access as simple and efficient as possible whilst retaining central coordination. Proteus supports the processes defined by the International BS ISO/IEC 27001 (ISMS) Standard but it can be used as a generic risk and information governance tool."

Proteus enables compliance-based management of risks, enterprise-wide - internationally because of its web-based design features. Large enterprises are experiencing an ever increasing burden of regulation and legislation against which they have to demonstrate compliance. To make matters worse, this myriad of legislation occurs in different areas, for example financial regulation (Sarbanes Oxley), corporate governance, environmental issues, health & safety and industry sector specific.

This problem is not going away and is further compounded by having to map the standards against the company's businesses processes. Proteus EnterpriseTM enables this mapping, therefore exposing the areas of non-compliance, the potential financial consequences, and the need to combine this with other existing risk management practices.

Stephen said, "Proteus EnterpriseTM enables any standard to be automated, not just COBIT 4.1. We have a growing library of questionnaires and the following are increasingly being added to: ISO 27000 (English, Spanish, Italian, and French), Call Centre Security, BS 25999, Physical Risk Audit, Online Gaming, Data Protection Act, EU Data Privacy, Civil Contingencies Act, Freedom of Information Act, SOX, PCI DSS, and PAS8000 (Fraud Prevention and Detection) .

Information Governance Limited has extended its Licence Agreement with the British Standards Institute for its 14th year, enabling the embedding and automation of BSI Standards within the Proteus range of GRC software solutions. "The BSI's top standards for automation are Infogov's priority," Stephen said. These include such standards as BS 25999 - business continuity management, and BS ISO/IEC 27001 - information security management.

Proteus Enterprise was developed so that companies and institutions can comprehensively tackle varied and complex governance, risk, compliance and fraud challenges together. Proteus Enterprise is the world's most mature single, combined GRC web-based utility. We started the GRC automated convergence revolution and a member of our management team conceived and authored the world's first fraud management standard, to be published as BSI PAS 8000 during 2008.

Governance, Risk, and Compliance or 'GRC' is about organizations focusing on attaining compliance with laws, regulations and standards and sustaining that compliance thereafter whilst identifying, quantifying, preventing or avoiding the identified risks in the market place, business and supply chain. Holistically, enterprise and operational compliance requirements and risks will increasingly be managed together. Corporate governance, IT governance, financial risk, strategic risk, operational risk, IT risk, corporate compliance, business continuity, employment/labour compliance, privacy compliance are all aspects of GRC.

Proteus Enterprise, InfoGov's software solution, provides such essential capability as compliance, supplier audit, remediation, action planning, incident management, business impact analysis, business continuity, asset management, risk assessment, policy management, management information and reporting in the form of a graphical 'dashboard'.

COBIT 4.1 automation can be achieved with Proteus EnterpriseTM from Infogov at and more information is available at


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Mike Popham
Visit website