COBIT Version 4.1 Overview
The Committee of the Sponsoring Organizations (COSO) provides a high-level view of the components of an IT control framework necessary for meeting SOX compliance; however, it does not provide details on how to execute the framework. Additional details regarding IT control considerations can be found in COBIT, a control framework published by the IT Governance Institute. COBIT provides controls that address operational and compliance objectives related directly to financial reporting.
In addition to supporting the COSO framework, and hence Sarbanes-Oxley requirements, the COBIT framework addresses IT governance more broadly. IT governance is the responsibility of executives and the board of directors, and consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extend the organization’s strategies and objectives. Furthermore, IT governance integrates and institutionalizes good practices to ensure that an enterprise’s IT organization supports business objectives. IT governance therefore enables an enterprise to take full advantage of its information, thereby maximizing benefits, capitalizing on opportunities, and gaining a competitive advantage.
COBIT supports IT governance by providing a framework to ensure that: