Scribd
Upload
45 views

Cob It Intro

COBIT (Control Objectives for Information and related Technology) is a framework created by ISACA for information technology (IT) management and IT governance. It provides managers with a set of generally accepted principles and practices to help ensure the appropriate investment in, and proper management and governance of, IT. The document discusses the timeline and components of COBIT, including its domains, processes, activities, and criteria for evaluating IT resources.

Uploaded by

kenangrok2009
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
45 views

Cob It Intro

COBIT (Control Objectives for Information and related Technology) is a framework created by ISACA for information technology (IT) management and IT governance. It provides managers with a set of generally accepted principles and practices to help ensure the appropriate investment in, and proper management and governance of, IT. The document discusses the timeline and components of COBIT, including its domains, processes, activities, and criteria for evaluating IT resources.

Uploaded by

kenangrok2009
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 27

Baker Newman & Noyes

COBIT
Control Objectives for Information and
related Technology
Information Systems Audit and Control
Association (ISACA)
Baker Newman & Noyes 1

Integrity Integrity   Service


Service   SolutionsSolutions
Agenda
• COBIT Timeline
• Overview of COBIT
• COBIT IT Processes
• COBIT Components

Baker Newman & Noyes 2

Integrity  Service  Solutions


COBIT Timeline
• COBIT Executive Summary and
Framework
– December 1995
• COBIT Control Objectives
– April 1996
• COBIT Audit Guidelines
– September 1996
• Third Edition
– July 2000
Baker Newman & Noyes 3

Integrity  Service  Solutions


Overview of COBIT
“COBIT is a tool that allows managers to
communicate and bridge the gap with
respect to control requirements, technical
issues, and business risks” (COBIT
Framework page 7)

Baker Newman & Noyes 4

Integrity  Service  Solutions


Overview of COBIT
• Designed for three distinct audiences
– Management
• To help them balance risk and control investment
in an often unpredictable IT environment
– Users
• To obtain assurance on the security and controls
of IT services
– Information Systems Auditors
• To substantiate their opinions and/or provide
advice to management on internal controls

Baker Newman & Noyes 5

Integrity  Service  Solutions


Overview of COBIT
• Two key tools to assist in analyzing an IT
control environment
– Management Awareness Diagnostic
– IT Control Diagnostic

Baker Newman & Noyes 6

Integrity  Service  Solutions


COBIT Components

Baker Newman & Noyes 7

Integrity  Service  Solutions


COBIT IT Processes
• Domains
– Natural grouping of processes, often matching an
organizational domain of responsibility.
• Processes
– A series of joined activities with natural (control)
breaks.
• Activities
– Actions needed to achieve a measurable result.
Activities have a life-cycle whereas tasks are discreet.

Baker Newman & Noyes 8

Integrity  Service  Solutions


COBIT IT Processes
• Four Domains
• 34 IT Processes
• 318 Detailed Control Objectives
– Provide Management Assurance
– Advice for Improvement

Baker Newman & Noyes 9

Integrity  Service  Solutions


COBIT IT Processes
• Domains
– Planning and Organization
– Acquisition and Implementation
– Delivery and Support
– Monitoring

Baker Newman & Noyes 10

Integrity  Service  Solutions


COBIT IT Processes
• Planning and Organization Domain
– PO 1 Define a Strategic IT Plan
– PO 2 Define the Information Architecture
– PO 3 Determine Technological Direction
– PO 4 Define the IT Organization and
Relationships

Baker Newman & Noyes 11

Integrity  Service  Solutions


COBIT IT Processes
• Planning and Organization Domain
(continued)
– PO 5 Manage the IT Investment
– PO 6 Communicate Management Aims and
Direction
– PO 7 Manage Human Resources
– PO 8 Ensure Compliance with External
Requirements

Baker Newman & Noyes 12

Integrity  Service  Solutions


COBIT IT Processes
• Planning and Organization Domain
(continued)
– PO 9 Assess Risks
– PO 10 Manage Projects
– PO 11 Manage Quality

Baker Newman & Noyes 13

Integrity  Service  Solutions


COBIT IT Processes
• Acquisition and Implementation Domain
– AI 1 Identify Automated Solutions
– AI 2 Acquire and Maintain Application
Software
– AI 3 Acquire and Maintain Technology
Infrastructure

Baker Newman & Noyes 14

Integrity  Service  Solutions


COBIT IT Processes
• Acquisition and Implementation Domain
(continued)
– AI 4 Develop and Maintain Procedures
– AI 5 Install and Accredit Systems
– AI 6 Manage Changes

Baker Newman & Noyes 15

Integrity  Service  Solutions


COBIT IT Processes
• Delivery and Support Domain
– DS 1 Define and Manage Service Levels
– DS 2 Manage Third-Party Services
– DS 3 Manage Performance and Capacity
– DS 4 Ensure Continuous Service

Baker Newman & Noyes 16

Integrity  Service  Solutions


COBIT IT Processes
• Delivery and Support Domain (continued)
– DS 5 Ensure Systems Security
– DS 6 Identify and Allocate Costs
– DS 7 Educate and Train Users
– DS 8 Assist and Advise Customers

Baker Newman & Noyes 17

Integrity  Service  Solutions


COBIT IT Processes
• Delivery and Support Domain (continued)
– DS 9 Manage the Configuration
– DS 10 Manage Problems and Incidents
– DS 11 Manage Data
– DS 12 Manage Facilities
– DS 13 Manage Operations

Baker Newman & Noyes 18

Integrity  Service  Solutions


COBIT IT Processes
• Monitoring Domain
–M1 Monitor the Processes
–M2 Assess Internal Control Adequacy
–M3 Obtain Independent Assurance
–M4 Provide for Independent Audit

Baker Newman & Noyes 19

Integrity  Service  Solutions


COBIT Components

Baker Newman & Noyes 20

Integrity  Service  Solutions


COBIT IT Resources
• Data
– Data objects in their widest sense, i.e., external and
internal, structured and non-structured, graphics,
sound, etc.
• Application Systems
– Application systems is understood to be the sum of
manual and programmed procedures.
• Technology
– Technology covers hardware, operating systems,
database management systems, networking,
multimedia, etc.

Baker Newman & Noyes 21

Integrity  Service  Solutions


COBIT IT Resources
• Facilities
– Resources to house and support information
systems.
• People
– Staff skills, awareness and productivity to
plan, organise, acquire, deliver, support and
monitor information systems and services.

Baker Newman & Noyes 22

Integrity  Service  Solutions


COBIT Components

Baker Newman & Noyes 23

Integrity  Service  Solutions


COBIT Information Criteria
• Quality Requirements
– Quality
– Cost
– Delivery
• Fiduciary Requirements (COSO Report)
– Effectiveness and Efficiency of Operations
– Reliability of Information
– Compliance with Laws and Regulations
• Security Requirements
– Confidentiality
– Integrity
– Availability

Baker Newman & Noyes 24

Integrity  Service  Solutions


COBIT Components

Baker Newman & Noyes 25

Integrity  Service  Solutions


Resources
• Information Systems Audit and Control
Association
www.isaca.org
• IT Governance Institute
www.itgi.org
• Committee of Sponsoring Organizations of
the Treadway Commission (COSO)
www.coso.org
Baker Newman & Noyes 26

Integrity  Service  Solutions


Questions?

Patrick A. Morin, CPA, CISM


Principal
Baker Newman & Noyes
Information Technology Consulting Division
(800) 244-7444
[email protected]

Baker Newman & Noyes 27

Integrity  Service  Solutions

You might also like