APPENDIX B: CONTROL OBJECTIVES FOR INFORMATION TECHNOLOGY (COBIT)

The COBIT framework is a comprehensive description of the risks and controls in IT environments. The framework establishes what COBIT terms four domains of “High Level Control Objectives”:

  1. Planning and organization
  2. Acquisition and implementation
  3. Delivery and support
  4. Monitoring

images

Exhibit 3-7 Examples of COBIT Domains and Processes

In each of these four domains, COBIT provides a description of the processes, the underlying information criteria that apply to those processes, and the related IT resources. COBIT includes 34 processes across the four domains. Rather than discuss all of these processes, four are provided in Exhibit 3-7 as examples.

For each domain, controls over processes can be categorized as to the information criteria that apply to the process and the IT resources managed by the process. COBIT defines information criteria as effectiveness, efficiency, confidentiality, integrity, availability, compliance, and reliability. These factors are represented across the top in the first part of the matrix in Exhibit 3-7. As an example, one process that occurs in an IT environment is acquiring and maintaining software. The matrix of information criteria indicates that in this process, effectiveness and efficiency are the primary criteria. This means that as an organization acquires and maintains software, it must ...

Get Accounting Information Systems: The Processes and Controls, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.