INFORMATION SYSTEM AND COMPUTERS

CONTROL OBJECTIVES FOR INFORMATION AND RELATED TECHNOLOGY (COBIT)

INTRODUCTION:COBIT was first released in 1996; the

current vision, COBIT 5 was published in 2012.Its mission is “to research, develop, publish and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers, IT professionals and assurance professionals.

The framework provides good practices across a domain and process framework :

“The business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement and identifying the associated responsibilities of business and IT process owners.”COBIT is a framework of generally applicable information systems security and control. The framework allows:1) Benchmarking of the security and control arrangement.2) Auditor to review internal controls and advise on IT security

matters.3) Users of IT services to be assured that adequate security and

control exist

THE COBIT FRAME WORK

The framework addresses the issue of control from 3 vantage points

IT Processes

IT Resources

Business Objectives

IT PROCESSESC o n t r o l s a r e r e q u i r e d t o b e i m p l e m e n t e d i n a l l t h e p r o c e s s e s , w h i c h a r e b r o k e n i n t o 4 d o m a i n s :

P l a n n i n g a n d o r g a n i z a t i o n A c q u i s i t i o n a n d i m p l e m e n t a t i o n . D e l i v e r y a n d s u p p o r t a n d M o n i t o r i n g .

BUSINESS OBJECTIVES

To satisfy business objectives, information must satisfy some criteria that COBIT refers to as business requirement for information. The criteria are divided into seven categories: Effectiveness Efficiency Confidentiality Integrity Availability Compliance with legal requirement and Reliability

IT RESOURCESTo protect the IT resources must be developed which includes: People Application system Hardware devices Facilities and data Security controls.

Advantages of COBIT

I. COBIT is aligned with other standards and best practices and should be used together with them.

II. It’s framework and supporting best practices provide a well-managed and flexible IT environment in an organization.

III. COBIT provides a control environment that is responsive to business needs and serves management and audit functions in terms of their control responsibilities.

IV. It provides tools to help manage IT activities.

1) Strategic alignment focuses on ensuring the linkage of business and IT plans; defining maintaining and validating the IT value proposition; and aligning IT operations with enterprise operations.

2) Value delivery is about executing the value proposition throughout delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimizing cost and providing the intrinsic value of IT.

COBIT HAS FIVE IT GOVERNANCE AREAS OF

CONCENTRATION

3) Resource management is about the optimum investment and proper management of critical IT resources: applications. Information, infrastructure and people.4) Risk management is a clear understanding of the enterprises, appetite for risk, understanding of compliance requirements, and transparency into the organization5) Performance measurements track and monitors strategy implementation, project completion, resource usage, process performance and service delivery, for example, balanced scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting.

COBIT HAS FIVE IT GOVERNANCE AREAS OF

CONCENTRATION

THANK YOUBy DEEPA