3.6. COBIT: MANAGING THE RISK AND CONTROL OF IT
Developed by the Information Systems Audit and Control Association (ISACA) in 1996, the control objectives for information and related technology (CobiT) were originally intended for IT auditing. However, the subsequent versions have expanded the applicability and scope of the CobiT. The CobiT manages the risk and control of IT, bridging the gap between business risks, IT technical issues, and control needs consisting of 34 IT processes and 318 detailed control objectives grouped across four critical domains: planning and organization, acquisition and implementation, delivery and support, and monitoring. Many companies are using the checklists contained in CobiT as a framework for Sarbanes-Oxley compliance. The CobiT model views risks and controls from three distinct vantage points:
Line of business issues: business managers focus on quality, fiduciary, and security issues. Questions that can be addressed using CobiT include:
Does the system do what it is intended or designed to do, and does it meet or exceed the line of business expectations?
Does it optimize the most economical and productive use of resources?
Is the system compliant with laws and regulations?
Does the system prevent the unauthorized disclosure, modification, or destruction of data? Are the data reliable and up-to-date?
IT resources: IT managers might focus IT resources in areas such as data repositories (internal/external, graphics, video, sound), application systems ...
Get IT Portfolio Management Step-by-Step: Unlocking the Business Value of Technology now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
