CobiT-OL.gif

Term:
Control Objectives for Information and related Technology (COBIT)

Description: The Control Objectives for Information and related Technology (COBIT) is a standardized framework program for IT management produced by Information Systems Audit and Control Association (ISACA) in 1992. COBIT provides managers, auditors, and IT users with a set of generally accepted processes approved by the Security Exchange Commission (SEC) in compliance with the Sarbanes-Oxley act to appropriately govern a company through the use of information technology. COBIT approaches IT control by looking at information — not just financial information — that is needed to support business requirements and the associated IT resources and processes. COBIT is specifically focused on IT because it is the source of which control is applied and enforced. This makes COBIT a fundamental resource for any environment.

COBIT has 34 high level processes that cover 210 control objectives categorized in four domains:
  • Planning and Organization
  • Acquisition and Implementation
  • Delivery and Support
  • Monitoring

COBIT provides benefits to managers, IT users, and auditors. Managers benefit from COBIT because it provides them with a foundation upon which IT related decisions and investments can be based. Decision making is more effective because COBIT aids management in defining a strategic IT plan, defining the information architecture, acquiring the necessary IT hardware and software to execute an IT strategy, ensuring continuous service, and monitoring the performance of the IT system. IT users benefit from COBIT because of the assurance provided to them by COBIT's defined controls, security, and process governance. COBIT benefits auditors because it helps them identify IT control issues within a company’s IT infrastructure. It also helps them corroborate their audit findings.

Applications: Public companies that are subject to the U.S. Sarbanes-Oxley Act are encouraged to adopt COBIT among other control framework processes.

Web Resources:
Cobit executive summary and framework, click here
Cobit user forum, click here

Related Terminology:
None

Citations/References:
http://www.isaca.org/template.cfm?section=home
http://en.wikipedia.org/wiki/Cobit
http://en.wikipedia.org/wiki/IT_Governance

Graphics:
Framework Diagram
cobit_frmwrk.gif