What is COBIT
COBIT is developed by ISACA (Information Systems Audit and Control Association) and ITGI (IT Governance Institute) in 1992. It is an IT Governance framework and has specific standards, guidelines, policies and procedures that are used to understand the Information Technology's (IT) benefits .It also gives knowledge to develop systematic organization.
By following the COBIT standards, we can mitigate risk of the organization and can control and secure its sensitive information in cost effective manner. It fills the communication gap between managers, auditors and IT users. First version of COBIT was released in 1996. COBIT 4.1 is the latest version of ISACA and has updated standards than earlier versions. COBIT specifies which technology an organization should use and shouldn't use. It gives high - level framework to organization to evaluate the controls. COBIT helps auditors to decide whether the IT organization is aligning with business objectives or not.
Mission of COBIT is it keeps business managers and auditors with up to date objectives of information technology controllers.
COBIT definition: "COBIT (Control Objectives for Information and Related Technology) is an international open standard that defines requirements for the control and security of sensitive data and provides a reference framework. COBIT, which provides a reference framework, was introduced in the 1990s by the IT Governance Institute."
IT Governance: "A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes."
Significant role played by COBIT to achieve the business objectives:
Business following COBIT standards can flourish in the market by aligning with the apex institution's standards. Business in any phase can compete with their well established competitors by applying COBIT standards in their regular practice. COBIT helps to bridge gap between IT controls and business controls. The COBIT framework is entitled with 34 high-level control objectives and 318 detailed control objectives which help the business to maintain effective control over IT. ISACA is the official site of COBIT where we can get all the possible information about COBIT such as COBIT framework, management and audit guidelines, control objectives, executive summary and an implementation guide.
The Benefits of Standards
COBIT is developed by experience persons, if the organizations follow the COBIT standards no need to spend the time for developing standards which are already existed. It has excellent framework that organizations can follow, which can understand and implement easily so that they can see what they are trying to achieve. This gives best practice because hundreds of organizations follow the same thing so that they can share the knowledge and mainly it will help according to third party auditors because they can understand what the organization's standards are. It is compliant with ISO17799, COSO I and COSO II and many other related standards. It will help to get ROI (Return On Investment) in initial stage.
COBIT framework consist of 34 high level control objectives in four domains such as Plan and Organize, Acquire and Implement, Deliver and Support and Monitor and Evaluate. It also contained 318 detailed control objectives which are classified based on information requirements and resources.
- Quality control components - quality of address, cost and delivery
- Fiduciary control components - effectiveness of address, efficiency, information reliability and compliance
- Security control components - CIA(Confidentiality of address, Integrity and Availability)
COBIT design is based on three levels of management for IT resources such as domains, processes and activities. The main aim of grouping of activities to processes and processes to domains has a logical organization which clarifies what the goals of organization are and what the measurable results are though out the life cycle for IT resources.
COBIT IT PROCESSES DEFINED WITHIN THE FOUR DOMAINS
COBIT domains for IT management:
For any organization information and resources are more valuable assets. Information should be effective, efficient, confidential, integral and main objective of business is to improve their resources and securing information. By following the life - cycle of COBIT an organization can achieve these goals. The life - cycle consist of
* Plan and Organize:
After identifying the objectives of an organization top - level management has to take some decisions for implementing new things. Plan and organize is the first stage of the cycle and it has 11 high level control objectives.
Planning has to taken by considering investment, whether they are meeting our goals and aligning with external requirements or not. Organization has to plan for better quality with minimum risk so that an organization will get better output.
• Acquire and Implement:
It has 6 high level control objectives. In this domain organization will identifies IT requirements, acquiring and implementing the application software and technologies for managing changes according to planning at the initial stage.
• Deliver and Support:
It has 13 high level control objectives. In this stage domain will help to execution of applications within the IT systems. This process enables the effectiveness and efficiency execution of IT systems. It includes the security and training of systems and also it manages SLA (Service Level Agreement) for third party services. This is the main important stage of COBIT framework.
• Monitor and Evaluate:
It has 4 high level control objectives. Once execution of application finished, this domain will help to monitor the processes by independence auditing whether they are achieving the business objectives or not.
If application is not aligning with business objectives then it goes to planning stage for exact outcomes then cycle starts again until organization achieves the objectives.
IT Governance and Corporate Governance need for control in Information Technology with example.
Describe IT Governance and Corporate Governance. Describe the need for control in Information Technology with example.
Discuss Key Goal Indicators (KGIs), Key Performance Indicators (KPIs), Critical Success Factors (CSFs) and Maturity Models in respect of COBIT for any organization.
Components of COBIT:
* Executive Summary:
It explains all key concepts and principles of COBIT
It explains how COBIT is IT processes delivered information for achieving business objectives. There are 3 key areas:
- 34 high level control objectives divided into 4 domains such as Plan and Organize, Acquire and Implement, Deliver and Support and Monitor and Evaluate.
- 7 criteria for information which are used for achieving business objectives such as effectiveness, efficiency, CIA (Confidentiality, Integrity, Availability), compliance and reliability.
- IT resources such as data, people, applications, facilities and technology.
• Control Objectives:
It provides tools which accommodate the 34 high level control objectives with 318 specific control objectives for the development of policies, good practices, procedures and responsibilities.
• Control Practices
It provides guideline to how the controls are used and what are the good practices for achieving business objectives. Control practices helps to get solutions for complete and successful implementations.
It provides tools to help IT managers improve IT performance align with business objectives
• Audit Guidelines
It provides tools outline for auditing which accommodate the 34 high level control objectives with 318 specific control objectives. Audit structure helps to analyzes, assess, interpret, react and implement COBIT standards to align information technology and business objectives