The ITGovernance Institute®is pleased to offer you this complimentary downloadThis research material has been made available by the IT Governance Institute (ITGI®). By downloading this document,you acknowledge that you have read and understood the copyright restrictions of this publication and that you agree toabide by them. ITGI retains all copyrights and other proprietary rights in or relating to the content.What:The IT Governance Institute (ITGI) was established in 1998 to advance international thinking andstandards in directing and controlling an enterprise’s information technology. Effective ITgovernance helps ensure that IT supports business goals, optimizes business investment in IT,and appropriately manages IT-related risks and opportunities. The IT Governance Institute offerssymposia, original research and case studies to assist enterprise leaders and boards of directors intheir IT governance responsibilities.Activities Sponsors high-level conferences and symposia around the world. Offers as an open standard (www.isaca.org/cobit) Control Objectives for Information and relatedTechnology (COBIT®), a breakthrough IT governance tool that uses nontechnical language to helporganizations focus their information technology in support of overall business objectives. Conducts original research and publishes guidance to help boards of directors, executives andmanagement understand their changing roles and implement effective IT governance. Offers case studies on how leading global organizations are implementing IT governanceprograms and activities. Offers the IT Governance Business Game, a day-long training session. Hosts the IT governance listserv for professionals to share experience.What:The Information Systems Audit and Control Association®(ISACA®) is the leading association ofprofessionals in information systems (IS) audit, control, security and governance. ISACA has aglobal membership of more than 35,000 in 100 countries in Asia, Central America, South America,Europe, Africa, North America and Oceania. Founded in 1969 as the EDP Auditors Association,ISACA is a global leader in IT governance, security, control and assurance. It is the single leadinginternational source for information technology controls. ISACA is dedicated to serving the needs ofits members, who are internal and external auditors, CEOs, CFOs, CIOs, educators, informationsecurity and control professionals, students and IT consultants.Activities Offers the Certified Information Systems AuditorTM(CISA®) designation—a globally respecteddesignation for experienced IS audit, control and security professionals earned by more than35,000 professionals worldwide since inception. Offers the Certified Information Security Manager®(CISM®) designation—a globally respecteddesignation designed for leaders who manage an organization’s information security. Fivethousand people earned the CISM designation within the first two years of its introduction. Sponsors technical and management conferences on five continents to ensure consistent globalprofessional education. Publishes the Information Systems Control Journal, research and technical professionaldevelopment material. Advances globally applicable information systems (IS) auditing standards in addition toassociated guidelines and procedures. Develops professional resources and networking opportunities through more than 170 localchapters in support of its memberswww.isaca.orgwww.itgi.org The Advantages of COBIT provides significant advantages to those who recognize the need for internal COBIT provides significant advantages to those who recognize the need for internal control over their information andthe systems that manage it, including: It is increasingly accepted internationally, based on the professional and practical experiences of experts worldwide. It is 100 percent compliant with ISO17799, COSO I and COSO II, and maps onto many other related standards. COBIT is a way to bridge the communication gap between IT functions, the business and auditors, by providing acommon approach, understandable by all. COBIT is management-oriented, actionable and easy to use. COBIT provides strong support for IT audit, reduces the cost of audit risk assessment, and enables a higher qualityof audit and related opinion. COBIT avoids reinventing wheels and shortens the time required to implement effective practices. COBIT is a flexible and adaptable approach to suit every organization’s unique cultures, size and specificrequirements. COBIT is complete, objective and continually evolving and is maintained by a reputable not-for-profit organization. COBIT Components (www.isaca.org/cobit) Executive SummaryCOBIT Executive Summary explains COBIT key concepts and principles. FrameworkCOBIT Framework is the basis of the COBIT approach and the foundation for all the other COBIT elements. Theprocess model is organized into four domains: Plan and Organize, Acquire and Implement, Deliver and Support,and Monitor and Evaluate. Control ObjectivesCOBIT’s Control Objectives component provides more than 300 generic control statements that define what needsto be managed in each IT process to address the business requirements of ensuring IT delivers value, risks aremanaged and requirements are met. Control PracticesControl Practices provides guidance on why controls are needed and what the best practices are for meetingspecific control objectives. Control Practices helps ensure that solutions put forward are likely to be morecompletely and successfully implemented. Management GuidelinesCOBIT Management Guidelines provides tools to help IT managers improve IT performance and link ITobjectives to business objectives.  Audit GuidelinesAudit Guidelines outlines and suggests which assessment activities should be performed for each of the 34 high-level IT control objectives, providing helpful guidance on who to interview, what questions to ask, and how toevaluate control, assess compliance and finally, substantiate the risk of the controls not being met. COBIT QuickstartTM(www.isaca.org/quickstart)COBIT Quickstart is specifically designed to assist in rapid and easy adoption of the most essential elements ofCOBIT. Quickstart was designed as a baseline for many SMEs but is also suitable for large organizations as auseful tool to accelerate adoption of governance best practices. COBIT