COBIT: Frame of reference for the management of information technology

For Auditors, Managers and Users

Introduction
• Frame of reference, therefore, is not an obligation (to date) is implemented.
• Created by ISACA (Information System Audit and Control Association) and ITGI (
IT Governance Institute). • Designed in risk management, as a pillar has to COSO
ERM.
Nowadays
• Cobit is in its fourth version, released in 2007. • The natural evolution is o
n par with COSO ERM, therefore, internalize various concepts of the framework.
Objectives
• • • • Define COBIT. Analyze its components. Check your levels. Study certain c
ontrol objectives.
Definition
• COBIT
- Control Objectives of Information and related Technology. - Control Objectives
for Information and related Technology.
Hearings Cobit 3
• AUDIT
- Leadership - Duty - Need>> Pioneers and managers. >> Manage information. >> To
issue an opinion. >> Investment reasonable. >> Reliable. >> There. >> Quick and
reliable. >> Common Language.
• MANAGERS
- Security - Decisions
• USERS
- Security - Information - Clarity
Cobit 4 Hearings
• Executive Leadership>> To get value of investment and IT risk and control inve
stment in an IT environment is often unpredictable business management>> To obta
in certainty on the administration and control of IT services provided internall
y or third party IT Management>> To provide IT services business required to sup
port the business strategy in a controlled and managed Auditors>> To support the
ir views and / or to provide advice to management on internal controls
•
•
•
Government Enterprise
• Separation between corporate governance and IT governance. • Both have as a go
al to achieve business goals, but each focused on different areas.
DIRECTION AND PREPARE
IT Governance
Company Activities
REQUIRED INFORMATION
IT Activities
• Because it is possible to assess the Cobit:
- Benchmarking: the ability of IT processes through maturity models. - Goals and
Measures: Based on Balanced Scorecard. - Goals of activities detailed control o
bjectives.
"The assessment of process capability based on the COBIT maturity models is a ke
y part of the implementation of IT governance. After identifying the critical pr
ocesses and controls, the IT Maturity Model to identify and show the address the
gaps in capacity. You can then create action plans for carrying out these proce
sses to the desired target level of capacity. "
Gob focal areas. IT
Both governments start to finish, all the time
Four domains
"Acceptable level?
Scarce
"To achieve effective governance, executives expect controls to be implemented b
y operational managers are within a defined control framework for all IT process
es. The IT control objectives of COBIT are organized by IT process, therefore, t
he framework provides a clear link among IT governance requirements, IT processe
s and IT controls. "
OBJECTIVE OBJECTIVE OF GOVERNMENT BUSINESS
Information
Monitoring and evaluation
Resources
Plan and organize
Delivery and Support
Acquire and implement
• DOMAIN:
- A set of naturally grouped processes.
• OBJECTIVES OF CONTROL, HIGH LEVEL
- Result or purpose to be achieved by implementing a specific control procedure
within an activity.
• DETAILED CONTROL OBJECTIVES:
- Are the activities to be undertaken to achieve the expected results.
CONTROL OBJECTIVES
DOMAIN
• PLANNING AND ORGANIZATION
PURPOSE OF CONTROL, HIGH LEVEL
- 5.0 Investment Management in Information Technology
• Annual Operating Budget for the role of the Information Service. • Monitoring
of cost-effectiveness. OBJECTIVES • Rationale for cost-effective. CONTROL
DETAILED
The four domains are 34 control objectives and IT processes, which in turn also
have detailed control objectives. The latter are 318 in total.
Interest
• www.isaca.org • Cobit 4 in Spanish