Content
COBIT
The COBIT (Control Objectives for Information and related Technology) mission is “to research, develop, publicize and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers and auditors.” Managers, auditors, and users benefit from the development of COBIT because it helps them understand their IT systems and decide the level of security and control that is necessary to protect their companies’ assets through the development of an IT governance model.
The COBIT is a set of best practices (framework) for information (IT) management created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI) in 1992.
COBIT provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of information technology and developing appropriate IT governance and control in a company.
The first edition was published in 1996; the second edition in 1998; the third edition in 2000 (the on-line edition became available in 2003); and the fourth edition in December 2005. It has more recently found favour due to external developments, especially the Enron scandal and the subsequent passage of the Sarbanes-Oxley Act.
In its 4th edition, COBIT has 34 high level objectives that cover 215 control objectives categorized in four domains: Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate.
COBIT is a general, somewhat theoretical framework. For the implementation, CMMi and ITIL give more practical instructions. They are therefore complementary.
