Why and how CobiT might be used

Implementation > Why and how CobiT might be used

Why and how CobiT might be used

Why consider CobiT as a reference source? CobiT provides generally accepted practices for the management and control of Informationa and Information Technology resources. CobiT is designed to be used from different perspectives. CobiT is adaptable to the specific needs of management. The audience that CobiT seeks to address includes:

Executive management	Use CobiT to complement existing internal control frameworks (e.g. COSO) for IT specific matters. Undertake a self-assessment of the entity's existing IT controls using CobiT as the generally accepted standard, and to take actions to address any undersirable gap. Establish a relationship between business and IT, and allocate clear responsibilities accordingly.
Business management	Muse CobiT as a code of good practice for dealind with IT within the business function. Use CobiT to determine the different aspects that need to be covered in a Service Level Agreement.
IT management	Use CobiT to establish Service Level Agreements Use CobiT as the basis for process-related performance measures. Use CobiT as the basis for prioritising and establishing IT related policies and standards. Use CobiT as the basis to establish control objectives for IT.
Project management	Use CobiT to ensure that the project plans include appliacble tasks in each of the phases relating to planning, acquisition and development and service delivery.
Developer	Use CobiT to ensure applicable control objectives have been addressed in the project.
Operations	Use CobiT to ensure that operational procedures are sufficiently comprehensive.
User	Use CobiT as a guide in agreeing to service levels
Information security officer	Use CobiT as a guide to structure the information security program, policies and procedures.
Auditor	Use CobiT for agreeing control objectives with the auditee and the basis for the detail when undertaking the audits.