COBIT is developed by ISACA (Information Systems Audit and Control Association) and ITGI (IT Governance Institute) in 1992. It is an IT Governance framework and has specific standards, guidelines, policies and procedures that are used to understand the Information Technology's (IT) benefits .It also gives knowledge to develop systematic organization.

By following the COBIT standards, we can mitigate risk of the organization and can control and secure its sensitive information in cost effective manner. It fills the communication gap between managers, auditors and IT users. First version of COBIT was released in 1996. COBIT 4.1 is the latest version of ISACA and has updated standards than earlier versions. COBIT specifies which technology an organization should use and shouldn't use. It gives high - level framework to organization to evaluate the controls. COBIT helps auditors to decide whether the IT organization is aligning with business objectives or not.

Mission of COBIT is it keeps business managers and auditors with up to date objectives of information technology controllers.

Significant role played by COBIT to achieve the business objectives:

Business following COBIT standards can flourish in the market by aligning with the apex institution's standards. Business in any phase can compete with their well established competitors by applying COBIT standards in their regular practice. COBIT helps to bridge gap between IT controls and business controls. The COBIT framework is entitled with 34 high-level control objectives and 318 detailed control objectives which help the business to maintain effective control over IT. ISACA is the official site of COBIT where we can get all the possible information about COBIT such as COBIT framework, management and audit guidelines, control objectives, executive summary and an implementation guide.

The Benefits of Standards

COBIT is developed by experience persons, if the organizations follow the COBIT standards no need to spend the time for developing standards which are already existed. It has excellent framework that organizations can follow, which can understand and implement easily so that they can see what they are trying to achieve. This gives best practice because hundreds of organizations follow the same thing so that they can share the knowledge and mainly it will help according to third party auditors because they can understand what the organization's standards are. It is compliant with ISO17799, COSO I and COSO II and many other related standards. It will help to get ROI (Return On Investment) in initial stage.

COBIT Framework:

COBIT framework consist of 34 high level control objectives in four domains such as Plan and Organize, Acquire and Implement, Deliver and Support and Monitor and Evaluate. It also contained 318 detailed control objectives which are classified based on information requirements and resources.

  • Quality control components - quality of address, cost and delivery
  • Fiduciary control components - effectiveness of address, efficiency, information reliability and compliance
  • Security control components - CIA(Confidentiality of address, Integrity and Availability)

COBIT design is based on three levels of management for IT resources such as domains, processes and activities. The main aim of grouping of activities to processes and processes to domains has a logical organization which clarifies what the goals of organization are and what the measurable results are though out the life cycle for IT resources.


COBIT domains for IT management:

For any organization information and resources are more valuable assets. Information should be effective, efficient, confidential, integral and main objective of business is to improve their resources and securing information. By following the life - cycle of COBIT an organization can achieve these goals. The life - cycle consist of

Plan and Organize:

After identifying the objectives of an organization top - level management has to take some decisions for implementing new things. Plan and organize is the first stage of the cycle and it has 11 high level control objectives.

Planning has to taken by considering investment, whether they are meeting our goals and aligning with external requirements or not. Organization has to plan for better quality with minimum risk so that an organization will get better output.

Acquire and Implement:

It has 6 high level control objectives. In this domain organization will identifies IT requirements, acquiring and implementing the application software and technologies for managing changes according to planning at the initial stage.

Deliver and Support:

It has 13 high level control objectives. In this stage domain will help to execution of applications within the IT systems. This process enables the effectiveness and efficiency execution of IT systems. It includes the security and training of systems and also it manages SLA (Service Level Agreement) for third party services. This is the main important stage of COBIT framework.

Monitor and Evaluate:

It has 4 high level control objectives. Once execution of application finished, this domain will help to monitor the processes by independence auditing whether they are achieving the business objectives or not.

If application is not aligning with business objectives then it goes to planning stage for exact outcomes then cycle starts again until organization achieves the objectives.

Source: Essay UK -

About this resource

This Information Technology essay was submitted to us by a student in order to help you with your studies.

Search our content:

  • Download this page
  • Print this page
  • Search again

  • Word count:

    This page has approximately words.



    If you use part of this page in your own work, you need to provide a citation, as follows:

    Essay UK, Information systems audit and control association. Available from: <> [06-06-20].

    More information:

    If you are the original author of this content and no longer wish to have it published on our website then please click on the link below to request removal: