As COSO is a control framework for process and non-IT controls, COBIT issued by ISACA and IT Governance Institute is a controls framework for IT processes. COBIT is thus a standard defining good IT and control practices. One thing to note is that COBIT is based on the COSO Internal Controls Framework. Many companies are adopting COBIT as the framework for IT processes. Its popularity has increased in recent times. COBIT has defined four broad level IT control objectives. These IT control objectives are Plan and Organize, Acquire and Implement, Deliver and Support & Monitor and Evaluate. Under each of these broad control objective detailed controls have been specified. I am jotting the summary of the controls included under each broad IT control objective.

Plan and Organize: Define strategic IT plans and architecture, assess risks, manage projects, manage human resources, ensure compliance with external requirements.

Acquire and implement: Identify automated solutions, acquire and maintain technology infrastructure and application software, manage changes.

Deliver and support: Define and manage service levels, manage performance and capacity, ensure systems security, manage problems and incidents.

Monitor and evaluate: Monitor processes, assess internal control adequacy, provide for independent audit.

Related Posts >>

SAP Inherent Controls for SOX , SAP Configurable Controls for SOX , How to Reduce Sarbanes Oxley Costs? , COSO Component - Information & Communication