COBIT Control Objectives for Information and related Technology is an international open standard that supports the information technology governance IT Governance and that ensures the IT is working effectively or aligning with business goals. All the successful organization now understands the benefits of the technology and the risks associated with while implementing the new technology. COBIT will provide the clear policy and best practices for the IT governance for the organization for achieving the business goals. COBIT also gives the overall business control models and the best practice guide lines, industry standards and the regulatory compliance. COBIT was developed by ISACA in 1994 and first version is published in 1996. Now COBIT in its 3rd edition, version 4.1. COBIT recognizes 34 IT processes that are grouped into four domains. The four domains are:
Plan and Organise
Acquire and Implement
Deliver and Support
Monitor and Evaluate
How COBIT helping business to achieve the business objectives
The purpose of COBIT is to provide management and business process owners with an information technology (IT) governance model that helps in delivering value from IT and understanding and managing the risks associated with IT. COBIT will helping bridging the gap between business requirements, control issues and other technical issues. COBIT frame work will give control model to meet the needs of IT governance and ensure the integrity of information and information systems.
COBIT will give the guidance for the top management for the IT governance within the enterprise.
For many organizations the information and the technology are the most valuable assets. COBIT helps meet the multiple needs of management by bridging the gap between business risks, control needs and technical issues.
The below diagram will give the basic concept abou the COBIT and it will also tell how COBIT help the organisations to achieving its business objectives;
http://iea.wikidot.com/local--files/cobit/COBIT.png
Figure (1) - COBIT with business objectives
COBIT has different types of process for achieving the business objectives. It's like a recycle process which includes planning & organizing, acquire & implement delivery & support and monitoring. This process is kept on going, and it will give better practice for the organization. It will give the management to review their strategy and preplanning again.
Corporate Governance
Corporate governance can be defined as the "system by which entities are directed and controlled, drives sets the organization" (From executive summary of COBIT). IT governance is the part of corporate governance.
Every organization needs information from their IT background in order to achieve their business goals. So every Successful organization ensures their strategic planning with their IT activities.
Enterprises will accept the good practices for ensuring that they will meet their goals which are guaranteed by certain controls like COBIT.
The below diagram will give the focus areas of corporate governance;
http://www.itweb.co.za/sections/pictures/corporategovernance.jpg
Figure (3) - Corporate Governance
IT Governance
IT Governance can be defined as "a structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes" (From Executive summary of COBIT).
The executive management team of the organization must ensure that their internal control system is in place which supports the business objectives and evaluate the individual controls and it is satisfies the IT requirements and impacts of the IT resources. This impact is mainly concerned about the COBIT frame work along with the effectiveness, efficiency and CIA (confidentiality, integrity and availability), compliance and reliability of the information need to be satisfied.
IT governance integrates the domains of COBIT like planning, acquiring and implementing, delivering and supporting, and monitoring the IT performance.
IT governance enables the organization to take full advantage of its information, by maximizing benefits, capitalizing on opportunities and gaining advantage.
The below diagram will give brief description and focusing areas of IT goverance;
Figure (2) - IT Governance
Controls and their importance in business
Controls are the safeguard measures taken for preventing the risk happening. It will monitor and predict the behavior of the system. If any controls are not in place, there is high chance of risks coming. It will directly affect the assets of the business. If anything really affects the assets, it will be the direct loss of money or business loss.
If any organization wants to ensure their business objectives, controls must be applied in their business processes. Now a day IT plays the prominent role in achieving the business goals. IT control objectives include the confidentiality, integrity and availability of the data. Controls can be physical and logical.
Classification of Controls
Preventive controls
Detective controls
Corrective controls.
Sometimes controls are external and internal also. Internal controls will give reasonable assurance to the management for achieving the goals.
Internal Controls
Policy
Procedures
Guidelines
Hierarchy of organization
External Controls
Laws and regulations by the government
Success factors for Corporate Governance
Key Goal Indicators
Key Goal Indicators (KGI) defines the "measures that tell management-after the fact-whether an IT process has achieved its business requirements" (From executive summary of COBIT). It is also meant that what the target have to achieve. KGI will measure the progress towards the business goals. For example IT is one of the important factors for business; KGI will give how it performs for achieving the goals.
Key Performance Indicators
Key Performance Indicators (KPI) defines the "indicators that measures of how well the IT process is performing in enabling the goal to be reached"(From executive summary of COBIT). KPI will give the strategic aligning of IT with the business goals. Key Performance Indicators will give how well the process is enabling the goals to achieve. Example for KPI are adequacy of IT for the organization, staff's business focus etc.
Critical Success Factors
Critical Success Factors (CSF) defines the "most important management-orientated implementation guidelines to achieve control over and within its IT process"(From executive summary of COBIT). These factors can be strategy, procedures and technical. These factors are very critical for ensuring the success of every business.
Maturity Models
Maturity models define the "control over processes, so that management can map where the organization is today, where it stands in relation to the best-in-class in its industry and to international standards and where the organization wants to be"(From executive summary of COBIT). Maturity model gives the current status, comparison, current status of the business guidelines and strategy planning of the organization for improvement.
Strength of the project
I have studied the project very deeply and did very hard work for doing this project.
I collected different type of resources for getting the information for this project like books, journals and websites etc.
The project has been completed with the support of my lecture by giving some useful tips.
Effective time scheduling really helps me for doing the project.
Weaknesses of the project
This project is relatively new topic, so there is less chance of getting the information from outside.
It was very hard to find out the important information for this project.
Lack of experience for doing the latest type of business topics as project.
What I learned from this project
Project planning is very much important for doing a successful project.
If we can spend relatively more time on our project, it will be much better for the project.
It was a big challenge for doing the latest topics for the project.
I have learnt how to work under pressure and how to complete the given project in a scheduled time.
Conclusion
COBIT is a business oriented framework which gives good practices for the organizations. It will also ensure the IT governance in the organization. COBIT act as a bridge between the business requirements and IT goals. Moreover, COBIT is a tool for the management. COBIT gives a better standard for IT security and control practice for the management for the organization. More importantly COBIT will give the benchmarking of the organization.
Resources
I have searched various websites for gathering information about the COBIT
