Download presentation
Presentation is loading. Please wait.
Published byAsher Ramsey Modified over 9 years ago
1
COBIT®
2
COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation in 1996, and the Governance Institute updated it in 2000 for the release of the 3 rd Edition. Release 4 was published in 2005.
3
C OBI T provides a control and management framework with a set of good practices. It provides the links between IT governance requirements, IT processes and IT controls. It is strongly focused on control and less on execution. COBIT®
4
C OBI T addresses a broad spectrum of duties in IT management, including significant parts of IT service management. It is based on established frameworks and best practices including the Software Engineering Institute’s Capability Maturity Model, ISO 9000, ITIL® and ISO/IEC 17799. COBIT®
5
For IT to be successful in delivering against buisness requirements, C OBI T recommends that management put an internal control system or framework in place that enables IT to be successful in delivering against business requirements. It is relatively high level and broad –based, aiming to be generically complete, but not specific. COBIT®
6
Who’s Involved IT Governance Institute (ITGI) – established 1998 to advance international thinking and standards in directing and controlling an enterprise’s information technology. The Information Systems Audit and Control Association (ISACA) – founded 1969. ISACA is an international professional, technical and education organisation dedicated to being a recognised global leader in IT governance, security, control and assurance.
7
What does C OBI T provide? C OBI T provides a number of useful features, many related to the audit practices and ensuring internal controls are working correctly. Including: Common approach for IT functions, the business and auditors; Strong support for IT audit, reducing the cost of audit risk assessment; Assistance when implementing effective practices by avoiding the need to ‘re-invent the wheel’.
8
C OBI T Components COBIT provides 34 generic processes that manage the IT resources to deliver information to the business according to the business and governance requirements. Primarily of interest to governance, assurance, control and security professionals, the following are the main elements of COBIT: Executive summary Framework Control objectives Control practices Management guidelines Audit guidelines IT Governance implementation guide.
9
Comparison with ISO/IEC 20000 (1) In the context of IT governance C OBI T has a focus on the Plan-Do-Check-Act (PDCA) cycle. ISO/IEC 20000 includes the PDCA cycle but also gives emphasis to each service management process, the integration of processes and the relationship between PDCA cycle and service management processes.
10
C OBI T is based on a top-down approach based on a hierarchy of domains, processes and activities. This has parallels with the ISO/IEC 20000 top-down policy, process, procedure hierarch. In C OBI T each process is described by using the following information: High-level control objectives; Detailed control objectives; Information criteria affected by the process; IT resources used by the process; Typical characteristics depending on the maturity level; Inputs and outputs of the process; RACI chart of activities against function Goals and metrics. Comparison with ISO/IEC 20000 (2)
11
C OBI T processes in the delivery and support domain are covered in a comprehensive manner by ISO/IEC 20000 (clauses 6-10). There is also some overlap between C OBI T processes, tasks, duties of the domains PO, AI and ME in ISO/IEC 20000 (clauses 3-5 and 7.3, 9.2). The audit guidance and practices of C OBI T can provide useful input to an organisation planning extensive changes and improvements in order to achieve ISO/IEC 20000. Comparison with ISO/IEC 20000 (3)
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.