COBIT – Control Objectives for Information and related Technology
In most companies of any size, data moves between multiple business groups and IT systems on its way from initial transactions to the reports that the CEO and CFO must attest to. Attesting to the accuracy of the data requires confidence in accounting procedures and controls. These are addressed within the COSO framework.
The SOX 404 attestation also requires confidence in the IT systems that house, move, and transform data. It requires confidence in the processes and controls for those IT systems and databases. The COBiT COBIT (Control Objectives for Information and related Technology) framework was designed to help implement governance and control over technology processes and systems. Published by the IT Governance Institute and the Information Systems Audit and Control Association (ISACA), COBIT is designed to allow managers to bridge the gap between control requirements, technical issues and business risks.
COBIT stands for Control Objectives for Information and related Technology. It is an IT governance framework and supporting toolset published as an open standard by the IT Governance Institute and the Information Systems Audit and Control Association (ISACA). The most recent version is COBIT 5. COBIT is designed to allow managers to bridge the gap between control requirements, technical issues and business risks. It includes materials that address the specific needs of
- Executive management and boards
- Business and IT management
- Governance, assurance, control and security professionals
The COBIT framework classifies IT activities and risks into four domains:
- Plan and Organize (PO)-Provides direction to solution delivery (AI) and service delivery (DS)
- Acquire and Implement (AI)-Provides the solutions and passes them to be turned into services
- Deliver and Support (DS)-Receives the solutions and makes them usable for end users
- Monitor and Evaluate (ME)- Monitors all processes to ensure that the direction provided is followed
COBIT identifies 34 processes within these four domains. It defines activities and control objectives for all 34 processes, as well as overarching process and application controls. Controls are designed to support seven information criteria:
COBIT also includes an IT Governance Maturity Model