COBIT
Encyclopedia
COBIT is a framework created by ISACA for information technology (IT) management
and IT Governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.
COBIT, initially an acronym for 'Control objectives for information and related technology' defines 34 generic processes to manage IT. Each process is defined together with process inputs and outputs, key process activities, process objectives, performance measures and an elementary maturity model.
The framework supports governance of IT by defining and aligning business goals with IT goals and IT processes.
The business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement, and identifying the associated responsibilities of business and IT process owners.
The process focus of COBIT is illustrated by a process model that subdivides IT into four domains (Plan and Organize, Acquire and Implement, Deliver and Support and Monitor and Evaluate) and 34 processes in line with the responsibility areas of plan, build, run and monitor. It is positioned at a high level and has been aligned and harmonized with other, more detailed, IT standards and good practices such as COSO
, ITIL
, ISO 27000, CMMI
, TOGAF
and PMBOK. COBIT acts as an integrator of these different guidance materials, summarizing key objectives under one umbrella framework that link the good practice models with governance and business requirements.
Other ISACA Publications based on the COBIT framework include:
of 2002. COBIT is the framework used by most companies to comply with Sarbanes-Oxley.
Information technology management
IT management is the discipline whereby all of the technology resources of a firm are managed in accordance with its needs and priorities. These resources may include tangible investments like computer hardware, software, data, networks and data centre facilities, as well as the staffs who are...
and IT Governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.
Overview
COBIT was first released in 1996, the current version, COBIT 4.1 was published in 2007 and is currently being updated (COBIT 5). Its mission is “to research, develop, publicize and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers, IT professionals and assurance professionals.”.COBIT, initially an acronym for 'Control objectives for information and related technology' defines 34 generic processes to manage IT. Each process is defined together with process inputs and outputs, key process activities, process objectives, performance measures and an elementary maturity model.
The framework supports governance of IT by defining and aligning business goals with IT goals and IT processes.
COBIT Framework
The framework provides good practices across a domain and process framework.The business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement, and identifying the associated responsibilities of business and IT process owners.
The process focus of COBIT is illustrated by a process model that subdivides IT into four domains (Plan and Organize, Acquire and Implement, Deliver and Support and Monitor and Evaluate) and 34 processes in line with the responsibility areas of plan, build, run and monitor. It is positioned at a high level and has been aligned and harmonized with other, more detailed, IT standards and good practices such as COSO
Committee of Sponsoring Organizations of the Treadway Commission
The Committee of Sponsoring Organizations of the Treadway Commission is a voluntary private-sector organization, established in the United States, dedicated to providing guidance to executive management and governance entities on critical aspects of organizational governance, business ethics,...
, ITIL
Information Technology Infrastructure Library
The Information Technology Infrastructure Library , is a set of good practices for IT service management that focuses on aligning IT services with the needs of business. In its current form , ITIL is published in a series of five core publications, each of which covers an ITSM lifecycle stage...
, ISO 27000, CMMI
Capability Maturity Model Integration
Capability Maturity Model Integration is a process improvement approach whose goal is to help organizations improve their performance. CMMI can be used to guide process improvement across a project, a division, or an entire organization...
, TOGAF
TOGAF
The Open Group Architecture Framework is a framework for enterprise architecture which provides a comprehensive approach for designing, planning, implementation, and governance of an enterprise information architecture...
and PMBOK. COBIT acts as an integrator of these different guidance materials, summarizing key objectives under one umbrella framework that link the good practice models with governance and business requirements.
Releases
COBIT has had four major releases:- In 1996, the first edition of COBIT was released.
- In 1998, the second edition added "Management Guidelines".
- In 2000, the third edition was released.
- In 2003, an on-line version became available.
- In December 2005, the fourth edition was initially released.
- In May 2007, the current 4.1 revision was released.
- COBIT 5-Schedule to release in 2012, COBIT 5 will consolidate and integrate the COBIT 4.1, Val IT 2.0 and Risk IT frameworks and also draw significantly from the Business Model for Information Security (BMIS) and ITAF.
Components
The COBIT components include::- Framework: Organise IT governance objectives and good practices by IT domains and processes, and links them to business requirements
- Process descriptions: A reference process model and common language for everyone in an organisation. The processes map to responsibility areas of plan, build, run and monitor.
- Control objectives: Provide a complete set of high-level requirements to be considered by management for effective control of each IT process.
- Management guidelines: Help assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes
- Maturity models: Assess maturity and capability per process and helps to address gaps.
Other ISACA Publications based on the COBIT framework include:
- Board Briefing for IT Governances, 2nd Edition
- COBIT and Application Controls
- COBIT Control Practices, 2nd Edition
- IT Assurance Guide: Using COBIT
- Implementing and Continually Improving IT Governance
- COBIT Quickstart, 2nd Edition
- COBIT Security Baseline, 2nd Edition
- IT Control Objectives for Sarbanes-Oxley, 2nd Edition
- IT Control Objectives for Basel II
- COBIT User Guide for Service Managers
- COBIT Mappings (to ISO/IEC 27002ISO/IEC 27002ISO/IEC 27002 is an information security standard published by the International Organization for Standardization and by the International Electrotechnical Commission , entitled Information technology - Security techniques - Code of practice for information security management.ISO/IEC 27002:2005...
, CMMICapability Maturity Model IntegrationCapability Maturity Model Integration is a process improvement approach whose goal is to help organizations improve their performance. CMMI can be used to guide process improvement across a project, a division, or an entire organization...
, ITILInformation Technology Infrastructure LibraryThe Information Technology Infrastructure Library , is a set of good practices for IT service management that focuses on aligning IT services with the needs of business. In its current form , ITIL is published in a series of five core publications, each of which covers an ITSM lifecycle stage...
, TOGAFTOGAFThe Open Group Architecture Framework is a framework for enterprise architecture which provides a comprehensive approach for designing, planning, implementation, and governance of an enterprise information architecture...
, PMBOK etc.) - COBIT Online
COBIT and Sarbanes Oxley
Companies that are publicly traded in the US are subject to the Sarbanes-Oxley ActSarbanes-Oxley Act
The Sarbanes–Oxley Act of 2002 , also known as the 'Public Company Accounting Reform and Investor Protection Act' and 'Corporate and Auditing Accountability and Responsibility Act' and commonly called Sarbanes–Oxley, Sarbox or SOX, is a United States federal law enacted on July 30, 2002, which...
of 2002. COBIT is the framework used by most companies to comply with Sarbanes-Oxley.
See also
- IT Governance
- Risk ITRisk ITRisk IT provides an end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues.Risk IT was published in 2009 by ISACA...
- Val ITVal ITVal IT is a governance framework that can be used to create business value from IT investments. It consists of a set of guiding principles and a number of processes and best practices that are further defined as a set of key management practices to support and help executive management and boards...
- Data governanceData governanceData governance is an emerging discipline with an evolving definition. The discipline embodies a convergence of data quality, data management, data policies, business process management, and risk management surrounding the handling of data in an organization...
- Health Insurance Portability and Accountability ActHealth Insurance Portability and Accountability ActThe Health Insurance Portability and Accountability Act of 1996 was enacted by the U.S. Congress and signed by President Bill Clinton in 1996. It was originally sponsored by Sen. Edward Kennedy and Sen. Nancy Kassebaum . Title I of HIPAA protects health insurance coverage for workers and their...
- Information Quality ManagementInformation Quality ManagementInformation Quality Management is an information technology management discipline, which encompasses the COBIT Information Criteria of efficiency, effectiveness, confidentiality, integrity, availability, compliance, and reliability...
- Information Technology Infrastructure LibraryInformation Technology Infrastructure LibraryThe Information Technology Infrastructure Library , is a set of good practices for IT service management that focuses on aligning IT services with the needs of business. In its current form , ITIL is published in a series of five core publications, each of which covers an ITSM lifecycle stage...
- Information Security Management SystemInformation security management systemAn information security management system is a set of policies concerned with information security management or IT related risks. The idioms arose primarily out of ISO 27001....
- IEEE