Audit Information systems & IT Security
Audit Information systems & IT Security

Audit Information systems & and IT Security

Information System audit and IT Security


Control Objectives for Information and related Technology

COBIT Overview

Obtaining COBIT


COBIT Overview

COBIT (Control Objectives for Information and related Technology) is a framework of good practices for IT governance and control. It is a framework that produces a verifiable audit of IT processes across the organisation. The framework works well alongside other established standards such as ISO-17799 and COSO.

COBIT is published by the IT Governance Institute (ITGI) and heavily promoted by ISACA.

When developing COBIT efforts were made to make the model business focused, which it does by linking IT goals to business goals. The framework is also controls-based, facilitating a more straightforward audit of the processes.
COBIT defines 34 IT processes, or High Level Control Objectives, divided into four domains. The domains are:

  • Plan and Organise (11 Control Objectives)
  • Acquire and implement (6 Control Objectives)
  • Deliver and Support (13 Control Objectives)
  • Monitor and Evaluate (4 Control Objectives)

Every one of the 34 IT processes are described in four sections according to the following.

Section 1 - Process Overview
  • Process description
  • Which of the four high level domains, mentioned above, the process belongs to.
  • IT resources affected. The IT resources are considered according to the following groups:
    - Application
    - Information
    - Infrastructure
    - People
  • The mapping of this process to the information criteria defined by COBIT. The information criteria are:
    - Effectiveness
    - Efficiency
    - Confidentiality
    - Integrity
    - Availability
    - Compliance
    - Reliability
  • IT governance focus area, also indicating primary and secondary. The available areas are:
    - Risk management
    - Resource management
    - Performance management
    - Strategic alignment
    - Value delivery

Section 2
Detailed control objectives for the process. In total COBIT containes 318 recommended detailed control objectives.

Section 3

  • Process inputs and outputs
  • RACI cart, showing who is Responsible, Accountable, Consulted and/or Informed.
  • Goals and metrics. Described in terms of Activity goals, Process goals, and IT goals, each with key goal indicators.

Section 4
Maturity model for the process

Obtaining COBIT

COBIT is published by ISACA, the PDF version and can be obtained free of charge after rigistration or bought through ISACA's bookstore.




Auditing Security and IT Systems
Copyright 2006-2008. All Rights Reserved. Something missing on this page? Let us know