Home arrow Resources arrow Articles arrow Control Objectives for Information Technology (COBIT)
Control Objectives for Information Technology (COBIT)

Reduce regulatory and operational risk and use compliance as a lever for business improvement. Use IT focused control framework to streamline and automate continual compliance.

Control Objectives for Information Technology (COBIT)

Reasons for regulation include corporate risk minimisation, reliability and confidentiality of financial data, and protection of personal data.
Achieving and maintaining compliance requires the successful orchestration of people, processes, and technology. IT and Technology are playing a pivotal role in helping companies to comply. The IT focused control framework, called Control Objectives for Information Technology (COBIT), provides very specific IT governance guidelines. Interpreting these guidelines and then demonstrating adherence to these controls means compliance. It also means that, if a breach occurs of a regulation or policy, for whatever reason, an organisation will know about the breach and the following actions will take place:

  • The incident will be detected “immediately”
  • The appropriate business people will be notified of the breach
  • The breach will be monitored, tracked and investigated
  • The policy will be reviewed and updated if appropriate
  • The incident will be reported in advance of an audit
  • The appropriate preventative actions will be put in place

Models for common IT Controls 

There are several models for common IT Controls that help an organisation effectively achieve and maintain compliance on an ongoing, continual basis. IT Controls are critical to the integrity of processes, systems and applications. General IT controls span five critical IT process areas:

  • Security Administration
  • Application Change Management
  • Data Management and Disaster Recovery
  • Operations and Problem Management
  • Asset Management

IT strategy must address all five of these areas. When an organisation adheres to such a strategy it is able to rise above a reactive response to regulations. In fact, with a well executed IT Control Strategy, the company experiences an evolution where it simultaneously reduces risks and makes significant strides in securing the business, all while achieving continual compliance.

Contact us if your organisation needs assistance in interpreting COBIT guidelines, demonstrating adherence to these controls and achieving continual compliance.
 
< Prev   Next >
[ Back ]