Presentation is loading. Please wait.

Presentation is loading. Please wait.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

Published byEvelyn Blake Modified over 8 years ago

Similar presentations

Presentation on theme: "COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management."— Presentation transcript:

1 COBIT

2 The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI) in 1996. Provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of information technology and developing appropriate IT governance and control in a company.

3 Harmonizing the Elements of IT Governance IT Governance Resource Management Strategic Alignment Value Delivery Performance Measurement Risk Management

4 COBIT supports IT governance by providing a framework to ensure that: 1.IT is aligned with the business 2.IT enables the business and maximizes benefits 3.IT resources are used responsibly 4.IT risks are managed appropriately Harmonizing the Elements of IT Governance

5 The benefits of implementing COBIT Better alignment, based on a business focus A view, understandable to management, of what IT does Clear ownership and responsibilities, based on process orientation General acceptability with third parties and regulators Shared understanding amongst all stakeholders, based on a common language

6 COBIT Mission To research, develop, publicize and promote an authoritative, up-to-date, internationally accepted IT governance control for adoption by enterprises and day-to-day use by business managers, IT professionals and assurance professionals

7 COBIT Principle

8 Information Criteria Effectiveness deals with information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent and usable manner Efficiency concerns the provision of information through the optimal (most productive and economical) use of resources. Confidentiality concerns the protection of sensitive information from unauthorized disclosure. Integrity relates to the accuracy and completeness of information as well as to its validity in accordance with business values and expectations.

9 Information Criteria Availability relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities. Compliance deals with complying with the laws, regulations and contractual arrangements to which the business process is subject. Reliability relates to the provision of appropriate information for management to operate the entity and exercise its fiduciary and governance responsibilities.

10 IT Resources Applications are the automated user systems and manual procedures that process the information. Information is the data, in all their forms, input, processed and output by the information systems in whatever form is used by the business. Infrastructure is the technology and facilities (i.e., hardware, operating systems, database management systems, networking, multimedia, and the environment that houses and supports them) that enable the processing of the applications. People are the personnel required to plan, organize, acquire, implement, deliver, support, monitor and evaluate the information systems and services. They may be internal, outsourced or contracted as required

11 COBIT Domain

12 PLAN AND ORGANISE (PO) Covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. Typical questions: – Are IT and the business strategy aligned? – Is the enterprise achieving optimum use of its resources? – Does everyone in the organization understand the IT objectives? – Are IT risks understood and being managed? – Is the quality of IT systems appropriate for business needs?

13 ACQUIRE AND IMPLEMENT (AI) To realize the IT strategy, IT solutions need to be identified, developed or acquired, as well as implemented and integrated into the business process. Typical questions: – Are new projects likely to deliver solutions that meet business needs? – Are new projects likely to be delivered on time and within budget? – Will the new systems work properly when implemented? – Will changes be made without upsetting current business operations?

14 DELIVER AND SUPPORT (DS) Concerned with the actual delivery of required services, which includes service delivery, management of security and continuity, service support for users, and management of data and operational facilities. Typical questions: – Are IT services being delivered in line with business priorities? – Are IT costs optimized? – Is the workforce able to use the IT systems productively and safely? – Are adequate confidentiality, integrity and availability in place for information security?

15 MONITOR AND EVALUATE (ME) Addresses performance management, monitoring of internal control, regulatory compliance and governance. Typical questions: – Is IT’s performance measured to detect problems before it is too late? – Does management ensure that internal controls are effective and efficient? – Can IT performance be linked back to business goals? – Are adequate confidentiality, integrity and availability controls in place for information security?

16 To be discussed IT Processes Process Control Application Control Maturity Model

17 Process Control PC1 Process Goals and Objectives PC2 Process Ownership PC3 Process Repeatability PC4 Roles and Responsibilities PC5 Policy, Plans and Procedures PC6 Process Performance Improvement

18 Activity Control AC1 Source Data Preparation and Authorisation AC2 Source Data Collection and Entry AC3 Accuracy, Completeness and Authenticity Checks AC4 Processing Integrity and Validity AC5 Output Review, Reconciliation and Error Handling AC6 Transaction Authentication and Integrity

19 Maturity Model

Download ppt "COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management."

Similar presentations

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
TI BISNIS ITG using COBIT &

TI BISNIS ITG using COBIT &
COBIT - II.

COBIT - II.
The Islamic University of Gaza

The Islamic University of Gaza
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Overview of IT Governance and

Overview of IT Governance and
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.

COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
MIS 310: Management Information Systems Minder Chen, Ph.D. Associate Professor Martin V. Smith School of Business and economics CSU Channel Islands Email:

MIS 310: Management Information Systems Minder Chen, Ph.D. Associate Professor Martin V. Smith School of Business and economics CSU Channel Islands
Session 3 – Information Security Policies

Session 3 – Information Security Policies
1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.

1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.
COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.

COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.
Information Technology Audit

Information Technology Audit
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Introduction to IT Auditing

Introduction to IT Auditing

Similar presentations

Ads by Google