Understanding and Using COBIT
THE COSO INTERNAL CONTROL FRAMEWORK is a key measure or guide for building and measuring enterprise internal controls, but there are other approaches or tools as well for helping senior executives and their IT managers build and implement effective internal controls in their systems and processes. In particular, and as was discussed in Chapter 2 on earlier internal controls and the SOx internal control requirements, there were concerns, first expressed many years ago, that the original COSO internal control framework did not give enough attention to building and establishing effective IT-related business systems controls. As somewhat of a substitute for COSO and other guidance materials, the Information Systems Audit Association—later renamed the IT Governance Institute—developed a more IT-oriented internal control assessment and guidance framework called COBIT (Control Objectives for Information and Related Technology) as a tool to build and assess its IT-oriented internal controls.
Starting with some even earlier guidance tools, COBIT—originally abbreviated as CobiT—was first released in 1996 and has been in place long before SOx. COBIT was initially developed for the internal and external auditors who reviewed computer systems and technology controls (often called IT auditors), but today COBIT has become a preferred tool, in many enterprises, for complying with SOx Section 404 internal control procedures and related IT governance support. ...