The COBIT Model of IT Governance and Management

Question 1

What is the COBIT Model? What is the purpose the framework?

Answer 1

The purpose is to align IT with business goals/strategies

Link business risks, control needs, and IT

Common language for users, auditors, management, and business process owners in identifying risks and structuring controls

Purpose:
- How much should we invest?

Question 2

What is the basic COBIT framework?

Answer 2

• To provide information that the organization needs to achieve its objectives, IT resources need to be managed by a set of naturally grouped processes.

The framework is an ongoing process that repeats starting with:

1) Business requirements
2) IT Resources
3) IT Processes

Question 3

What do COSO and COBIT have in common?

Answer 3

Monitoring and evaluation

Question 4

What are the seven desired attributes of COBIT?

Answer 4

Information (seven desired attributes)

1) Effective
2) Efficient
3) Confidential
4) Integrity
5) Available
6) Complaint
7) Reliable

Question 5

According to COBIT there are five IT Resources…?

Answer 5

1) Data
2) Application systems
3) Technology
4) Facilities
5) People

Question 6

COSO is bigger focused than COBIT, what is the COSO focus?

Answer 6

organizational controls and processes.

COBIT (BIT SMALLER): IT controls and processes

Question 7

What is the monitor and evaluate processes ob COBIT? What are the topics?

Answer 7

includes:
- Regularly assess IT Processes for quality and compliance
- Includes management oversight of controls and independent assurance

Topcis:

• Assessment over time, delivering assurance
• Management oversight of the control system
• Performance measurement

Questions to think about?

• Can IT performance be measured and corrected?
• Need independent assurance in critical areas?

Question 8

What are the four processes of monitor and evaluation?

Answer 8

Monitor the processes

Access internal control adequacy

Obtain independent assurance

Provide for independent audit