COBIT, the international set of standards for generally accepted IT practices, hasn't been wildly popular in the United States. It's strictly voluntary, no U.S. regulator requires it, and there are no immediate business benefits to be gained by adhering to its principles. Yet over the past four years, Unisys has trained 800 employees on COBIT and implemented most of its 34 processes and 300 controls in four key IT areas: planning and organizing, acquisition and implementation, design and support, and monitoring. Thus, Unisys has standardized its IT processes from security to acquisition to application development, and the company is gearing up for COBIT 4.0. The company has backed up these efforts with a software development framework called 3D Visible Enterprise (built on IBM's Rational toolset) that helps underlying applications enforce the new controls.
Why go to all the trouble? "It's a question of discipline or lack of discipline," says CIO John Carrow. "Think of it in terms of hygiene. Nobody makes you brush your teeth in the morning, but you know it's a good thing to do."
The COBIT efforts have turned out to be helpful in dealing with Sarbanes-Oxley rules — Unisys' internal and external SOX audits were "clean," largely because of the consistent COBIT processes in place, according to Carrow.
COBIT also has made Unisys more efficient. "We've seen our IT cost per end user move from $13,000 per user per year in 1998 to around $6,600 today," he says. "That only comes about by having a very efficient set of systems."
The focus in COBIT 4.0 will be addressing roles and responsibilities. The hardest part of the work? "Staying at it," Carrow says. "It's easy to walk away because no one is making you do it. You have to accept it as something you want to do to make yourselves better, and you have to have the right communications and change management programs in place to make it happen."
The federal IT outsourcing market is expected to increase at a healthy compound annual growth rate of nearly 8 percent, growing from $12.2 billion in fiscal year 2005 to $17.6 billion by fiscal year 2010, according to Input. Why is the government moving so many jobs to the private sector? The same reasons any other company outsources: to reduce costs and streamline operations.