Released by the COBIT Steering Committee and the IT Governance InstituteTM
The COBIT Mission:
To research, develop, publicise and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers and auditors.
AMERICAN SAMOA ARGENTINA ARMENIA AUSTRALIA AUSTRIA BAHAMAS BAHRAIN BANGLADESH BARBADOS BELGIUM BERMUDA BOLIVIA BOTSWANA BRAZIL BRITISH VIRGIN ISLANDS CANADA CAYMAN ISLANDS CHILE CHINA COLOMBIA COSTA RICA CROATIA CURACAO CYPRUS CZECH REPUBLIC DENMARK DOMINICAN REPUBLIC ECUADOR EGYPT EL SALVADOR ESTONIA FAEROE ISLANDS FIJI FINLAND FRANCE GERMANY GHANA GREECE GUAM GUATEMALA HONDURAS HONG KONG HUNGARY ICELAND INDIA INDONESIA IRAN IRELAND ISRAEL ITALY IVORY COAST JAMAICA JAPAN JORDAN KAZAKHSTAN KENYA KOREA KUWAIT
INFORMATION SYSTEMS AUDIT AND CONTROL ASSOCIATION
A Single International Source for Information Technology Controls The Information Systems Audit and Control Association is a leading global professional organisation representing individuals in more than 100 countries and comprising all levels of IT — executive, management, middle management and practitioner. The Association is uniquely positioned to fulfil the role of a central, harmonising source of IT control practice standards for the world over. Its strategic alliances with other groups in the financial, accounting, auditing and IT professions are ensuring an unparalleled level of integration and commitment by business process owners. The Information Systems Audit and Control Association was formed in 1969 to meet the unique, diverse and high technology needs of the burgeoning IT • Its professional education programme offers technical and management conferences on five continents, as well as seminars worldwide to help professionals everywhere receive highquality continuing education. • Its technical publishing area provides references and professional development materials to augment its distinguished selection of programmes and services.
LATVIA LEBANON LIECHTENSTEIN LITHUANIA LUXEMBURG MALAYSIA MALTA MALAWI MAURITIUS MEXICO NAMIBIA NEPAL NETHERLANDS NEW GUINEA NEW ZEALAND NICARAGUA NIGERIA NORWAY OMAN PAKISTAN PANAMA PARAGUAY PERU PHILIPPINES POLAND PORTUGAL QATAR RUSSIA SAUDI ARABIA SCOTLAND SEYCHELLES SINGAPORE SLOVAK REPUBLIC SLOVENIA SOUTH AFRICA SPAIN SRI LANKA ST. KITTS ST. LUCIA SWEDEN SWITZERLAND TAIWAN TANZANIA TASMANIA THAILAND TRINIDAD & TOBAGO TUNISIA TURKEY UGANDA UNITED ARAB EMIRATES UNITED KINGDOM UNITED STATES URUGUAY VENEZUELA VIETNAM WALES YUGOSLAVIA ZAMBIA ZIMBABWE
Association Programmes and Services
The Association’s services and programmes have earned distinction by establishing the highest levels of excellence in certification, standards, professional education and technical publishing. • Its certification programme (the Certified Information Systems Auditor ) is the TM
field. In an industry in which progress is measured in nano-seconds, ISACA has moved with agility and speed to bridge the needs of the international business community and the IT controls profession.
For More Information
To receive additional information, you may telephone (+1.847.253.1545), send an e-mail (email@example.com) or visit these web sites: www.ITgovernance.org www.isaca.org
only global designation throughout the IT audit and control community. • Its standards activities establish the quality baseline by which other IT audit and control activities are measured.
TABLE OF CONTENTS
Acknowledgments Executive Overview The COBIT Framework The Framework’s Principles COBIT History and Background High-Level Control Objectives—Summary Table Framework Navigation Overview High-Level Control Objectives Appendix I IT Governance Management Guideline ............61-64 Appendix II COBIT Project Description......................................65 Appendix III COBIT Primary Reference...