Who should use COBiT

Introduction > Who should use COBiT

Who should use COBiT®?

COBiT is designed to be useful to:

Management - to balance risk and to control investments in IT.

Users - to obtain assurance about the IT services received.

Process Owners - to discharge their responsibility for controlling the information aspects of the processes.

Auditors - to plan, audit and report on the systems of internal control established over IT processes.

COBiT's Management Guidelines are generic, action orientated statements for the purpose of addressing management concerns about performance measurement, better control, minimising risk and comparisons against benchmarks.

These can be used in a variety of ways, for example:

1 Assess actual outcomes of a particular process (based on key goal indicators and maturity levels).

2 Identify problem areas (those IT processes with low maturity scores).

3 Define best practices (acceptable IT process maturity).

4 Improving management processes and action planning.

5 Benchmarking.

COBiT's Framework and 318 detailed control objectives enable the end user to identify the controls that should support the IT services that they receive. End users are better able to communicate their concerns and understand the issues that may need attention. As a result, the end user will derive greater assurance about the IT services delivered.

COBiT's business process orientation enables process owners to evaluate the performance of IT within their specific process and enable them to understand their accountability for IT. COBiT provides the process owner with a framework that should enable them to control the IT activities within their processes.

COBiT's Audit Guidelines provide auditors with assistance in preparing their audit plans for reviewing the entity's IT processes using the 34 high-level control objectives and 318 detailed control objectives. Each guideline consists of a statement pertaining to the general understanding of the Process, points to be considered in evaluating controls and assessing compliance, and guidance on substantiating the risks associated with the specific IT process.

	Management - to balance risk and to control investments in IT.
	Users - to obtain assurance about the IT services received.
	Process Owners - to discharge their responsibility for controlling the information aspects of the processes.
	Auditors - to plan, audit and report on the systems of internal control established over IT processes.

1	Assess actual outcomes of a particular process (based on key goal indicators and maturity levels).
2	Identify problem areas (those IT processes with low maturity scores).
3	Define best practices (acceptable IT process maturity).
4	Improving management processes and action planning.
5	Benchmarking.