COBIT: Frame of reference for the management of information technology
For Auditors, Managers and Users
Introduction • Frame of reference, therefore, is not an obligation (to date) is implemented. • Created by ISACA (Information System Audit and Control Association) and ITGI ( IT Governance Institute). • Designed in risk management, as a pillar has to COSO ERM. Nowadays • Cobit is in its fourth version, released in 2007. • The natural evolution is o n par with COSO ERM, therefore, internalize various concepts of the framework. Objectives • • • • Define COBIT. Analyze its components. Check your levels. Study certain c ontrol objectives. Definition • COBIT - Control Objectives of Information and related Technology. - Control Objectives for Information and related Technology. Hearings Cobit 3 • AUDIT - Leadership - Duty - Need>> Pioneers and managers. >> Manage information. >> To issue an opinion. >> Investment reasonable. >> Reliable. >> There. >> Quick and reliable. >> Common Language. • MANAGERS - Security - Decisions • USERS - Security - Information - Clarity Cobit 4 Hearings • Executive Leadership>> To get value of investment and IT risk and control inve stment in an IT environment is often unpredictable business management>> To obta in certainty on the administration and control of IT services provided internall y or third party IT Management>> To provide IT services business required to sup port the business strategy in a controlled and managed Auditors>> To support the ir views and / or to provide advice to management on internal controls • • • Government Enterprise • Separation between corporate governance and IT governance. • Both have as a go al to achieve business goals, but each focused on different areas. DIRECTION AND PREPARE IT Governance Company Activities REQUIRED INFORMATION IT Activities • Because it is possible to assess the Cobit: - Benchmarking: the ability of IT processes through maturity models. - Goals and Measures: Based on Balanced Scorecard. - Goals of activities detailed control o bjectives. "The assessment of process capability based on the COBIT maturity models is a ke y part of the implementation of IT governance. After identifying the critical pr ocesses and controls, the IT Maturity Model to identify and show the address the gaps in capacity. You can then create action plans for carrying out these proce sses to the desired target level of capacity. " Gob focal areas. IT Both governments start to finish, all the time Four domains "Acceptable level? Scarce "To achieve effective governance, executives expect controls to be implemented b y operational managers are within a defined control framework for all IT process es. The IT control objectives of COBIT are organized by IT process, therefore, t he framework provides a clear link among IT governance requirements, IT processe s and IT controls. " OBJECTIVE OBJECTIVE OF GOVERNMENT BUSINESS Information Monitoring and evaluation Resources Plan and organize Delivery and Support Acquire and implement • DOMAIN: - A set of naturally grouped processes. • OBJECTIVES OF CONTROL, HIGH LEVEL - Result or purpose to be achieved by implementing a specific control procedure within an activity. • DETAILED CONTROL OBJECTIVES: - Are the activities to be undertaken to achieve the expected results. CONTROL OBJECTIVES DOMAIN • PLANNING AND ORGANIZATION PURPOSE OF CONTROL, HIGH LEVEL - 5.0 Investment Management in Information Technology • Annual Operating Budget for the role of the Information Service. • Monitoring of cost-effectiveness. OBJECTIVES • Rationale for cost-effective. CONTROL DETAILED The four domains are 34 control objectives and IT processes, which in turn also have detailed control objectives. The latter are 318 in total. Interest • www.isaca.org • Cobit 4 in Spanish