Sustainability has become a key focus in the 21st century. Both society and organizations recognize the importance of sustainability in their day-to-day functions and demand guidelines that help them implement, control and improve practices in this regard. Many IT organizations have begun to implement green IT practices. Based on our experience applying an extension of COBIT in different organizations to audit green IT, we believe that the following steps should be considered:
- Understand the scope—Due to the novelty of green IT, many organizations do not fully understand the scope of green IT practices. Thus, it is important to differentiate between green-by-IT practices (in which IT is used to reduce the negative impact that other areas have on the environment) and green-in-IT practices (in which sustainable practices are applied in IT itself to reduce its negative environmental impact).
- Conduct a systematic and progressive green IT assessment—Assessing all the processes established by COBIT (adapting them to green IT) is unfeasible. So, it is advisable to group COBIT processes using a maturity model. This allows auditors to conduct a more organized and progressive audit, assessing first and ensuring compliance with the most basic and necessary processes of the first maturity levels before assessing more complex processes of higher levels.
- Implement improvement actions—We have also guided organizations toward the improvement of the practices they carry out. Organizations should develop improvement plans and progressively implement the processes level by level of maturity.
We believe that these 3 steps can help you not only when properly assessing green IT, but also when establishing a strategy to implement and improve the processes and practices that are carried out. This will benefit your work as auditors, making the entire audit process simpler and more complete, and it will help organizations achieve better results in green IT.
Read J. David Patón-Romero, Maria Teresa Baldassarre, Moisés Rodríguez and Mario Piattini's recent Journal article:
"Auditing Green IT Governance and Management With COBIT 5," ISACA Journal, volume 4, 2019.
