CONTROL OBJECTIVE FOR INFORMATION AND RELATED TECHNOLOGY (COBIT)

  • Information System Audit and Control Association(ISACA) is the leading organization for COBIT
  • COBIT 4.1 has 4 domains,34 processes and 318 controls objectives
  • The four domains
    • Plan and Organization (10 processes) o Acquire and implement (7 processes) o Deliver and Support (13 processes)
    • Monitor and Evaluate (4 processes)
    • The COBIT 5 processes are split into governance and management “areas”. These 2 areas contain a total of 5 domains and 37 processes:
  • Governance of Enterprise IT
    • Evaluate, Direct and Monitor (EDM) – 5 processes
  • Management of Enterprise IT
    • Align, Plan and Organize (APO) – 13 processes
    • Build, Acquire and Implement (BAI) – 10 processes
    • Deliver, Service and Support (DSS) – 6 processes
    • Monitor, Evaluate and Assess (MEA) – 3 processes
    • COBIT framework is focused on IT Process/General IT process
    • Business/Application controls are not in the scope of COBIT. A Business has to establish its own Application controls
    • Application Controls:
      •  AC1 Source document preparation and authorization
      •  AC2 Source document collection and data entry
      •  AC3 Accuracy, completeness and authenticity checks
      •  AC4 Data processing integrity and validity
      •  AC5 Output review, reconciliation and error handling
      •  AC6 Transaction authentication and integrity
error: Content is protected !!