Académique Documents
Professionnel Documents
Culture Documents
Overview
History of COBIT Evolution of COBIT
Meeting Changes in the Business Environment Focus of the Update Changes to the Components Layout of COBIT 4.0
The COBIT 3rd Edition project (released in 2000) consisted of developing the management guidelines and updating the second edition based on new and revised international references. The COBIT framework was revised and enhanced to
Support increased management control Introduce performance management Further develop IT governance
Evolution of CobiT
It is the intention of ITGI and its COBIT Steering Committee, to continuously evolve the COBIT body of knowledge through:
Research into several detailed aspects of the control objectives and the management guidelines.
Based on the expertise and volunteer teams of ISACA members, COBIT users, expert advisors and academics. Some specific research projects were assigned to business schools such as the University of Antwerp Management School (UAMS, Belgium) and the University of Hawaii (USA).
Large workshops of 40 to 50 international experts focusing on the control objectives, management guidelines and maturity model components of the framework. Exposure draft to more than 90 specialists completed the production process.
GOAL: Not a global analysis of all material or a redevelopment of the control objectives, but to provide an incremental update process.
Integrated use by the three main target audiences: management, IT and auditors
Structure, presentation and language used provide for easier understanding and application by management-level stakeholders as well as practitioners and professionals
Business requirements
Extensive research provided a generic cross-reference of common business goals to IT goals. A table is provided showing the relationship among business goals, IT goals and COBITs IT processes to help users identify business to IT linkages in their own organizations. This was also used to improve the goal and performance metrics.
Harmonization
Refined terms and principles to integrate COBIT more easily with other guidance, such as ITIL, ISO 17799, PMBOK and PRINCE 2
Value creation
COBIT has placed a strong emphasis on controls to manage risk. COBIT4.0 provides a better balance between risk and value
Feedback
Comments and recommendations are received on a regular basis from users and these, together with feedback from three COBIT User Conventions, were used to help improve the content of COBIT 4.0.
A detailed mapping between COBIT and ITIL, CMM, COSO, PMBOK, ISF and ISO/IEC 17799 to enable harmonization with those standards in language, definitions and concepts The M domain has now become ME, standing for Monitor and Evaluate. M3 and M4 were audit processes and not IT processes. They have been replaced,, but hooks have been provided within the updated framework to highlight managements need for, and use of, assurance functions. ME3 covers the process of governance oversight over IT. ME4 is the process related to regulatory oversight, previously covered by PO8.
To keep the numbering for PO9 Assess risk and PO10 Manage projects consistent with COBIT 3rd Edition, PO11 Manage quality moves to PO8
AI7 added. Covers what was originally in AI5, along with release management. AI5 now covers procurement process.
The core content is divided according to the 34 IT process. Each process is covered in four sections, each approximately one page
The high level control objective for the process
A process description summarizing the process objectives A high-level control objective represented in a waterfall summarizing process goals, metrics and practices The mapping of the process to the process domains, information criteria and IT resources.
The detailed control objectives for the process Management guidelines: the process inputs and outputs, a RACI (responsible, accountable, consulted and/or informed) chart, goal and metrics The maturity model for the process
1 Initial.
There is evidence that the enterprise has recognized that the issues exist and need to be addressed. There are, however, no standardized processes; instead there are ad hoc approaches that tend to be applied on an individual or case-by-case basis. The overall approach to management is disorganized.
2 Repeatable.
Processes have developed to the stage where similar procedures are followed by different people undertaking the same task. There is no formal training or communication of standard procedures, and responsibility is left to the individual. There is a high degree of reliance on the knowledge of individuals and, therefore, errors are likely.
4 Managed.
It is possible to monitor and measure compliance with procedures and to take action where processes appear not to be working effectively. Processes are under constant improvement and provide good practice. Automation and tools are used in a limited or fragmented way.
5 Optimized.
Processes have been refined to a level of best practice, based on the results of continuous improvement and maturity modeling with other enterprises. IT is used in an integrated way to automate the workflow, providing tools to improve quality and effectiveness, making the enterprise quick to adapt.
Work is underway to update the control practices and Audit Guidelines to reflect the changes in the COBIT framework and content at 4.0. The Implementation Tool Set was superseded by IT Governance Implementation Guide, released in 2003, although the Implementation Tool Set is still available.
Sources
www.isaca.org - CobiT 4.0 FAQ CobiT 3rd Edition (PDF) CobiT 4.0 (PDF) CobiT 4.0 Pamphlet
ISACA Education
Reference/Research
Home Members & Leaders Professional Resources K-NET K-NET contains over 5,200 peer-reviewed web site resources pertaining to knowledge covering IT Governance, Assurance, Security and Control. Full access to K-NET is reserved for association members. In addition, a personalized tracking feature, that notifies users on a weekly basis of new references within their areas of focus, is also reserved for members (see 'track-updates' link throughout KNET). Reference items are organized into logical categories of interest and concern. Search-style data engine.