FR | NL | EN
   Qui sommes nous?     Contact     Glossary index     Carte du site   

   Home > Control Objectives for Information and related Technology (CobiT)

Control Objectives for Information and related Technology (CobiT)     Print

Governance, Control and Audit for Information and Related Technology The Control Objectives for Information and related Technology (CobiT) is a set of best practices for information technology (IT) management created by ISACA and the IT Governance Institute (ITGI) in 1996.

ISACA develops and maintains the internationally recognised COBIT framework, helping IT professionnals and enterprise leaders fulfill their IT Governance responsibilities while delivering value to the business.

Released in April 2012, COBIT 5 is ISACA's new framework.  COBIT 5 consolidates and integrates the CobiT 4.1, Val IT 2.0 and Risk IT frameworks, and draws from ISACA's IT Assurance Framework (ITAF) and the Business Model for Information Security (BMIS).  It aligns with frameworks and standards such as Information Technology Infrastructure Library (ITIL), International Organization for Standardization (ISO), Project Management Body of Knowledge (PMBOK), PRINCE2 and The Open Group Architecture Framework (TOGAF).

Discover COBIT 5

CobiT is a governance framework that an organisation can use to ensure that IT is working as effectively as possible to minimise risk and maximise the benefits of technology investments. CobiT provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of information technology and developing appropriate IT governance and control in a company.


CobiT is a globally accepted set of tools that executives and professionals at all organisations can use to ensure that their IT is helping them achieve their goals and objectives. Many executives and managers need to make decisions based on diverse opinions from others, and CobiT provides a common language to better communicate goals, objectives and expected results.

CobiT provides insight on how ICT processes can be launched or implemented. CobiT 4.1 has 34 high level processes that cover 210 control objectives categorized in four domains: 

  • Plan and Organise (PO)
  • Acquire and Implement (AI)
  • Deliver and Support (DS)
  • Monitor and Evaluate (ME)

COBIT 5 has 37 high level processes in five domains:

  • Evaluate, Deliver and Monitor (EDM)
  • Align, Plan and Organise (APO)
  • Build, Acquire and Implement (BAI)
  • Deliver, Service and Support (DSS)
  • Monitor, Evaluate and Assess (MEA)
Discover the list of CobiT IT processes per domain.

CobiT history

The first edition of CobiT was published in 1996. The second edition, in 1998, added Management Guidelines. The third edition was released in 2000 ; and the fourth edition was released in December 2005, being revised and receiving the 4.1 edition in May 2007.  CobiT 5.0 will integrate Val IT and Risk IT  and is planned for 2011. CobiT 5.0 will also draw significantly from the Business Model for Information Security (BMIS) and the IT Assurance Framework (ITAF).

CobiT target groups

COBIT is used by many enterprises, government agencies, academic institutions and other entities around the world. Its framework helps to develop and document the appropriate organisational structures, processes and tools for effective management of IT in a comprehensive, integrated manner.

Integration with other standards

CobiT easily integrates with and builds on other business and IT frameworks and standards (such as COSO, ITIL and ISO 2700x, while improving their impact. The framework also integrates with Val IT and Risk IT.

CobiT product family (version 4.1)

The complete COBIT package consists of:
  • Executive Summary
  • Governance and Control Framework
  • Control Objectives
  • Management Guidelines
  • Implementation Guide
  • IT Assurance Guide

Executive Summary

Sound business decisions are based on timely, relevant and concise information. Specifically designed for time-pressed senior executives and managers, the CobiT Executive Summary consists of an Executive Overview which provides a thorough awareness and understanding of CobiT's key concepts and principles. Also included is a synopsis of the Framework, which provides a more detailed understanding of these concepts and principles, while identifying CobiT's four domains and the 34 IT processes.


A successful organisation is built on a solid framework of data and information. The CobiT control framework explains how IT processes deliver the information that the business needs to achieve its objectives.

Control Objectives

The key to maintaining profitability in a technologically changing environment is how well information systems are controll. CobiT's control objective provides the critical insight needed to delineate a clear policy and good practice for IT controls. Included are the statements of desired results or purposes to be achieved by implementing the control objectives throughout the 34 high-level IT processes.

Information criteria

Information delivered to the core business processes has to fulfill certain criteria, categorized as follows:

  • Quality requirements
    • Effectiveness: The relevance and pertinence of information to the business process as well as the timely, correct, consistent, and usable delivery.
    • Efficiency: The provision of information through the optimum (most productive and economical) use of resources.
  • Security requirements
    • Confidentiality: The protection of sensitive information from unauthorized disclosure.
    • Integrity: The accuracy and completeness of information, as well as its validity, in accordance with business values and expectations.
    • Availability: Information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities.
  • Fiduciary requirements
    • Compliance: Deals with following those laws, regulations, and contractual arrangements to which the business process is subject (i.e., externally imposed business criteria).
    • Reliability: Relates to the provision of appropriate information for management to operate the entity and for management to exercise its financial and compliance-reporting responsibilities.

IT Assurance Guide

To achieve the desired goals and objectives the procedures must be audited. The IT Assurance Guide are an invaluable tool for information systems auditors in providing management assurance and/or advice for improvement.

Management Guidelines

A successful enterprise must effectively business processes and information systems. The Management Guidelines contain Maturity Models, to help determine the stages and expectation levels of control and compare them against industry norms; Critical Success Factors, to identify the most important actions for achieving control over the IT processes; Outcome measurements to define target levels of performance; and Performance Indicators to measure whether an IT control process is meeting its objective.

Source: ISACA

See also: CobiT 5

Information from the international ISACA web site:

QAP © 2010 | advice[at] | audit[at]
   Audit     Conseil     Formations     Changement     Disclaimer     Copyright