COBIT (Control Objectives for Information and related Technology), the abbreviation COBIT is used.
COBIT is a framework of the best practices for IT management (IT governance) .It is a set of the best practices and procedures that help the organization to achieve strategic objectives through an effective use of available resources and minimization of the IT risks. COBIT interconnects Enterprise governance and IT governance. This connection is realized by linking business and IT goals, defining metrics and maturity models to measure achievement of objectives and defining the responsibilities of owners of business and IT processes.
The first COBIT version was released by ISACA organization in 1996.The first edition consisted of the framework, the second one was extended to include audit guidelines, an implementation toolset and control objectives. The third edition added management guidelines. The third edition of COBIT has been released by the ITG Institute (IT Governance Institute). Current edition is the fifth (COBIT 5), and the fifth version is available from April 2012. COBIT 5 consolidates and integrates the COBIT 4.1, Val IT 2.0 and Risk IT frameworks and also draws significantly from the Business Model for Information Security (BMIS) and ITAF.
COBIT defines IT processes, divided into four domains:
- Plan and Organize (PO)
- PO1 Define a strategic IT plan
- PO2 Define the information architecture
- PO3 Determine technological direction
- PO4 Define the IT processes, organization and relationships
- PO5 Manage the IT investment
- PO6 Communicate management aims and direction
- PO7 Manage IT human resources
- PO8 Manage quality
- PO9 Assess and manage IT risks
- PO10 Manage projects
- Acquire and Implement (AI)
- AI1 Identify automated solution.
- AI2 Acquire and maintain application software
- AI3 Acquire and maintain technology infrastructure
- AI4 Enable operation and use
- AI5 Procure IT resources
- AI6 Manage changes
- AI7 Install and accredit solutions and changes
- Deliver and Support (DS)
- DS1 Define and manage service levels
- DS2 Manage third-party service
- DS3 Manage performance and capacity
- DS4 Ensure continuous service
- DS5 Ensure systems security
- DS6 Identify and allocate costs
- DS7 Educate and train users
- DS8 Manage service desk and incidents
- DS9 Manage the configuration
- DS10 Manage problems
- DS11 Manage data
- DS12 Manage the physical environment
- DS13 Manage operations
- Monitor and Evaluate (ME)
- ME1 Monitor and evaluate IT performance.
- ME2 Monitor and evaluate internal control.
- ME3 Ensure compliance with external requirements.
- ME4 Provide IT governance
Use of the COBIT in practice: COBIT represents a de-facto standard for management practices and for the control and audit of ITC in the organization. It is therefore intended primarily for top managers to assess the functioning of ICT and for the auditor to carry out the audit of ICT management systems. Unlike ITIL, that is more designed for IT manager (CIO).