Definitions: COBIT

Definition

Created by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI), the Control Objectives for Information and related Technology (COBIT) is a framework of best practices for IT management and governance. COBIT offers a set of approved processes, indicators, and measures to assist IT managers and  users in developing an efficient and beneficial IT organization within a company. The framework has had four major releases; the latest, version 4.1, was released in May 2007.

Business applications

COBIT is an important tool for business managers and auditors in the day-to-day IT dealings within a company because its control objectives help  everyone—from managers down to the users—better understand the IT systems that  are in use. COBIT 4.1 provides 34 processes with 210 control objectives that fit within four categories: Planning and Organization, Acquisition and Implementation, Delivery and Support, and Monitoring and Evaluation.

Within these categories, IT managers can gain insights into decision making and IT planning. COBIT also provides guidelines for IT architecture strategies, system performance monitoring, and hardware and software planning. Auditors also find that it helps substantiate their audit reports.

Concerns

Since its release, COBIT has become the globally accepted framework for IT governance and control. However, it does not compete with the Code of Practice for Information Security Management (ISO/IEC 17799:2005).  Companies subject to compliance with the Sarbanes-Oxley Act would benefit from adopting the COBIT framework to help meet compliance expectations.

Technical details

The COBIT product package is broken up into six areas: Executive Summary, Framework, Control Objectives, Management Guidelines, Implementation Guide, and IT Assurance Guide. Its structure covers four domains: Plan and Organize, Acquire  and Implement, Deliver and Support, and Monitor and Evaluate.