cobit®. cobit - control objectives for information and related technology c obi t was initially...
TRANSCRIPT
![Page 1: COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation](https://reader035.vdocument.in/reader035/viewer/2022072011/56649de65503460f94adf074/html5/thumbnails/1.jpg)
COBIT®
![Page 2: COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation](https://reader035.vdocument.in/reader035/viewer/2022072011/56649de65503460f94adf074/html5/thumbnails/2.jpg)
COBIT®
COBIT - Control Objectives for Information and related Technology
COBIT was initially created by the Information Systems Audit &
Control Foundation in 1996, and the Governance Institute
updated it in 2000 for the release of the 3rd Edition. Release 4
was published in 2005. Release 5 was published in 2011.
![Page 3: COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation](https://reader035.vdocument.in/reader035/viewer/2022072011/56649de65503460f94adf074/html5/thumbnails/3.jpg)
COBIT provides a control and management framework with a
set of good practices.
It provides the links between IT governance requirements, IT
Processes, and IT controls. It is strongly focused on control
and less on execution.
COBIT®
![Page 4: COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation](https://reader035.vdocument.in/reader035/viewer/2022072011/56649de65503460f94adf074/html5/thumbnails/4.jpg)
COBIT addresses a broad spectrum of duties in IT
management, including significant parts of IT service
management.
It is based on established frameworks and best practices
including the Software Engineering Institute’s Capability
Maturity Model, ISO 9000, ITIL®, and ISO/IEC 17799.
COBIT 5 is a culmination of COBIT, ValIT,
RiskIT and other ISACA frameworks.
COBIT®
![Page 5: COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation](https://reader035.vdocument.in/reader035/viewer/2022072011/56649de65503460f94adf074/html5/thumbnails/5.jpg)
For IT to be successful in delivering against business
requirements, COBIT recommends that management put an
internal control system or framework in place that enables IT to
be successful in delivering against business requirements. It is
relatively high level and broad-based, aiming to be generically
complete, but not specific.
COBIT®
![Page 6: COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation](https://reader035.vdocument.in/reader035/viewer/2022072011/56649de65503460f94adf074/html5/thumbnails/6.jpg)
Who’s Involved?
• IT Governance Institute (ITGI) – Established in 1998 to advance international thinking and standards in directing and controlling an enterprise’s information technology.
• Information Systems Audit and Control Association (ISACA) – founded in 1969 - ISACA is an international professional, technical and education organization dedicated to being a recognized global leader in IT governance, security, control and assurance.
![Page 7: COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation](https://reader035.vdocument.in/reader035/viewer/2022072011/56649de65503460f94adf074/html5/thumbnails/7.jpg)
What does COBIT provide?
COBIT provides a number of useful features—many related to
the audit practices—and ensures that internal controls are working correctly, including:
• Common approach for IT functions, the business, and auditors
• Strong support for IT audit, reducing the cost of audit risk assessment
• Assistance when implementing effective practices by avoiding the need to ‘reinvent the wheel’
![Page 8: COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation](https://reader035.vdocument.in/reader035/viewer/2022072011/56649de65503460f94adf074/html5/thumbnails/8.jpg)
COBIT Components
COBIT provides 37 generic processes that govern the IT resources to deliver information to the business according to the business and governance requirements. Primarily of interest to governance, assurance, control and security professionals, the following are the main elements of COBIT:
• Principles• Process Reference Model• Goals and Metrics• Practices and Activities• Inputs and Outputs• Roles and Responsibilities
![Page 9: COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation](https://reader035.vdocument.in/reader035/viewer/2022072011/56649de65503460f94adf074/html5/thumbnails/9.jpg)
Comparison with ISO/IEC 20000
ISO/IEC 20000 covers a subset of processes from the following COBIT process areas (relevant sections of ISO are in parenthesis):
• Deliver, Service and Support (Section 6: Service Delivery Processes)
• Build, Acquire and Implement (Section 5: Design and Transition of New or Changed Services)
• Align, Plan and Organize (Section 4: Service Management System General Requirements)
![Page 10: COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation](https://reader035.vdocument.in/reader035/viewer/2022072011/56649de65503460f94adf074/html5/thumbnails/10.jpg)
COBIT is based on a top-down approach based on a hierarchy of
domains, processes, and activities. This has parallels with the ISO/IEC
20000 top-down policy, process, procedure hierarchy.
In COBIT, each process is described by using the following information:
• High-level control objectives• Detailed control objectives• Information criteria affected by the process• IT resources used by the process• Typical characteristics depending on the maturity level• Inputs and outputs of the process• RACI chart of activities against function• Goals and metrics
Comparison with ISO/IEC 20000
![Page 11: COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation](https://reader035.vdocument.in/reader035/viewer/2022072011/56649de65503460f94adf074/html5/thumbnails/11.jpg)
The audit guidance and practices of COBIT can provide useful
input to an organization planning extensive changes and
improvements in order to achieve ISO/IEC 20000.
Comparison with ISO/IEC 20000