IT Governance Audit (COBIT)
COBIT (Control Objectives for Information and Related Technologies) is a framework created by ISACA for information technology (IT) management and IT governance. The framework defines a set of generic processes for the management of IT, with each process defined together with process inputs and outputs, key process-activities, process objectives, performance measures and an elementary maturity model.
Business and IT goals are linked and measured to create responsibilities of business and IT teams.
Five processes are identified:
- Evaluate, Direct and Monitor (EDM)
- Align, Plan and Organize (APO)
- Build, Acquire and Implement (BAI)
- Deliver, Service and Support (DSS) and
- Monitor, Evaluate and Assess (MEA)
The COBIT framework ties in with COSO, ITIL, BiSL, ISO 27000, CMMI, TOGAF and PMBOK.
The framework helps companies follow law, be more agile and earn more. Below are COBIT components:
- Framework: Organizes IT governance objectives and good practices by IT domains and processes and links them to business requirements.
- Process descriptions: A reference process model and common language for everyone in an organization. The processes map to responsibility areas of plan, build, run, and monitor.
- Control objectives: Provides a complete set of high-level requirements to be considered by management for effective control of each IT process.
- Management guidelines: Helps assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes.
- Maturity models: Assesses maturity and capability per process and helps to address gaps.