Health insurance companies and hospitals are starting to join a host of other entities, including foreign governments, private companies and financial institutions in adopting a business framework known as COBIT, according to Ken Vander Wal, president of ISACA, a worldwide association for IT professionals.
Vander Wal says the healthcare industry, particularly with the pressure on it to streamline care and lower costs, could benefit greatly from COBIT.
“Healthcare has had its challenges over the years, in terms of governance,” he says. “Organizations that are expanding and picking up other practices and trying to bring them under a common governance structure are obviously facing a challenge. COBIT could really help them accomplish that.”
COBIT 5, which Vander Wal refers to as a framework, is geared toward maximizing value. It lays out the groundwork for enterprise goals, then maps out how the IT should be related. It addresses both the governance concerns of a board of directors and the management concerns of the C-suite, he says.
Blue Cross Blue Shield of North Carolina adopted COBIT in 2009, according to ISACA. Leaders of the health plan say they needed the COBIT control framework because it allowed them to “own” their IT controls. “COBIT is the only IT management and control framework that covers the end-to-end IT life cycle,” they said.
According to ISACA, one of the reasons COBIT has become the integrator for IT best practices is because it harmonizes with other standards and is continuously kept up to date. It is a framework that also provides tools to allow information managers to optimize resources while protecting against risk.
“It’s really focused on the enterprise, as opposed to the IT side,” Vander Wal says. “How do you get the most value out of IT such that the information is reliable and trustworthy and you have sound processes? COBIT 5 provides that framework to do that.”
Vander Wal says COBIT 5 can also help an organization address regulatory compliance. “There is an emphasis on the regulatory compliance side,” he says. “Any regulatory compliance is factored into the governance structure put in place.”
COBIT is now in it’s fifth version, released this month. The update is the result of a four-year initiative led by a global task force and has been reviewed by more than 95 experts worldwide, Vander Wal says.