COBIT (Control Objectives for Information and Related Technology)
is the international recommended framework for IT-governance. It splits tasks in IT into process and control objectives.
COBIT does not define how tasks have to be executed but what tasks have to be implemented. COBIT has developed from a IT audit tool to an instrument for the entrepreneur to navigate IT. It is also used to guarantee compliance in the enterprise.
COBIT methodology is working top-down. Based on the business goals, IT objectives are established that are influencing IT architecture.
Adequate and well defined IT processes guarantee data processing, management of IT resources (personal, technology, data and applications) and the delivery of services. For all levels measurement parameters are defined to assess the results. Measuring the goals is done bottom-up completing the control and feedback system in COBIT.
In general COBIT framework defines 34 processes, that are assigned to control objectives. Control objectives are category groups that have to be considered in a process to reach the process goal. The sum of all control objectives guarantee reliable and reasonable information for all company needs.
The publications of COBIT consist of:
| 1. | Core Content – all 34 COBIT processes are defined here. |
| 2. | IT Assurance Guide – is a detailed instruction how IT processes are inspected. This guide described checking of processes, control objectives and control practices. |
| 3. | Implementation Guide – describes the implementation approach. |
| 4. | Control Practices - defines for every control objective in the core content measures, that support reaching the goals. Control practices are a guidebook for implementation. |
Benefits of using COBIT are
• Better alignment of business and IT, specially when adapting COBIT to the special needs of every department in the enterprise.
• A transparent and clear overview about all activities in the IT department for the company management.
• A clear distribution of responsibilities based on process orientation.
• A positive impression on audit-organizations and other control instances.
• A common understanding in the enterprise by using a common language.
• Building a acknowledged basis to be certified on international standards (e.g. ITIL, ISO17799, NIST, FIPS, ISO13335, TOGAF, etc., ...).