Go home


COBIT (originally Control OBjectives in Information and related Technologies, sometimes printed with different font sizes as COBIT) is a mature method from ISACA (formerly the Information Systems Audit and Control Association).

COBIT was originally developed by a project team under the auspices of the Information Systems Audit and Control Foundation (ISACA’s research arm), drawing on 18 extant standards/methods (including ITIL, the UK Department of Trade and Industry’s Code of Practice for Information Security Management - the precursor to BS 7799 that ended up morphing into ISO/IEC 27002, the European Security Forum’s baseline controls, COSO, the OECD privacy guidelines and others).

It was published in 1996 to guide IT auditors deconstructing information security and related controls in an area under review. It is actively maintained to this day, remaining systematic and reductionist in nature with a strong business emphasis.

The current incarnation, COBIT 2019, is dubbed a ‘framework for enterprise governance of information and technology’, illustrating how the focus and scope of COBIT has broadened over the years, the method evolving and maturing.

COBIT identifies the value of corporate processes/systems to ‘monitor, evaluate and assess’ activities relating to information and IT, from the high level governance and strategic perspective down through management to the operational level. Furthermore, the COBIT model can be used systematically to assess and improve an organization’s maturity in this general area.

Copyright © 2021 Gary Hinson & Krag Brotby