Control Objectives for Information and Related Technology
A Business Framework for the Governance and Management of Enterprise IT
COBIT® is the internationally recognized manual for IT governance, i.e., for guaranteeing security, quality, and compliance in information technology. Rather than concentrating on how these requirements should be met, COBIT® helps organizations reach their goals by focusing mainly on what has to be implemented in order to do so. In this sense, COBIT® can be very constructive and helpful.
Over the years, COBIT® has developed from simply being a tool for IT auditors into being a tool for the control of IT from the corporate viewpoint. Among other things, it is also now used as a model for ensuring compliance with statutory requirements. Specifically, COBIT® is an IT governance framework and supporting toolset that allows managers to bridge the gap among control requirements, technical issues, and business risks. Rather than focusing on the methodology of the actual process as ITIL® does, COBIT® simply enables clear policy development and good practice for IT control throughout organizations. This particular methodology emphasizes regulatory compliance.
The side benefits, of course, are that COBIT® helps organizations to increase the value attained from IT, enables alignment, and simplifies implementation of IT practices. Being more control than implementation-based, COBIT® is less about developing an optimal way of doing things from the top to bottom in your organization, and is more about just helping you tighten up your processes to meet your goals. In short, COBIT® may be a good fit for your organization if you’re not in a position to deeply overhaul your company processes or commit to a revision of corporate culture.
Certainly, COBIT® can be a useful part of many different methodologies, since it speaks directly to the need to have specific IT goals and benchmarks and to set them consistently and using smart tools. This widely accepted methodology is less about restructuring how you work and more about fine-tuning IT within your organization and keeping it on track.