IT Governance and COBIT
CobIT is a mature framework, first released in 1996 by the Information Systems Audit and Control Association (ISACA).
It has evolved since then, with a second edition appearing in 1998, a third in 2000, and most recently a fourth edition. The main published of CobIT also changed, and is now ITGI (the IT Governance Institute).
What is CobIT?
CobIT is a framework for information IT management risks, or more formally, a "framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks" (ref: ISACA).
It comprises six documents:
It has also been broadly mapped against a number of other methods and standards, including COSO, ITIL, ISO 17799, and ISO 15408.
- Management Guidelines
- Implementation ToolSet
- Executive Summary
- Control Objectives
- Audit Guidelines
Although it has existed for a long time, CobIT's global presense has not expanded as quickly as many might expect, especially as it is fundamentally a free publication. Possibly, this may be related to ISACA's approach to market forces and third parties.
It is undeniable, however, that the Sarbanes-Oxley Act has given the framework a substantial lift in popularity, as it is the favored approach by many auditors. Whether this growth is sustained remains to be seen.
Identified Source References for this Article:
CobIT User Group