Standards: Control Objectives for Information and related Technology (COBIT)

The Control Objectives for Information and related Technology (COBIT) is a set of best practices (framework) for information technology (IT) management created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI) in 1996. COBIT provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of information technology and developing appropriate IT governance and control in a company.

For IT to be successful in delivering against business requirements, management should put an internal control system or framework in place. The COBIT control framework contributes to these needs by:

Making a link to the business requirements
Organizing IT activities into a generally accepted process model
Identifying the major IT resources to be leveraged
Defining the management control objectives to be considered

The business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement, and identifying the associated responsibilities of business and IT process owners.

The process focus of COBIT is illustrated by a process model that subdivides IT into four domains and 34 processes in line with the responsibility areas of plan, build, run and monitor, providing an end-to-end view of IT. Enterprise architecture concepts help identifies the resources essential for process success, i.e., applications, information, infrastructure and people.

In summary, to provide the information that the enterprise needs to achieve its objectives, IT resources need to be managed by a set of naturally grouped processes.

COBIT supports IT governance by providing a framework to ensure that:

IT is aligned with the business
IT enables the business and maximizes benefits
IT resources are used responsibly
IT risks are managed appropriately

The complete COBIT package consists of:

Executive Summary
Governance and Control Framework
Control Objectives
Management Guidelines
Implementation Guide
IT Assurance Guide

References:

http://en.wikipedia.org

http://www.isaca.org

Comments

Post new comment

News

Bojan joined the Capgemini team

27 December, 2010

After six years in Pexim/Asseco SEE, Bojan has accepted an offer from Capgemini to join their team. From December 2010 Bojan works as a Manager at Capgemini Financial Services Global Business Unit(Business Information Management Practice) in New York.

more »

Read all »

Business Transformation

2 votes

more »

The Five Elements of Information Excellence

In the time I write this article, probably the terabytes of data would be created all over the world. Terabytes will become petabytes, then zettabytes, exabytes, yottabytes, etc. The efficiency and effectiveness of getting information from your data will determine quality of your decision making process and eventually your business success.

4 votes