Basic Overview
The COBIT 4.1 book consists of four sections. The executive overview (1), the framework (2), control objectives and management guidelines and maturity models (core content) (3) and appendices (4).
COBIT domains
COBIT is organized into four domains, as followed:
- Plan and Organize (PO)
- Acquire and Implement (AI)
- Deliver and Support (DS)
- Monitor and Evaluate (ME)
Since COBIT 4.1 contains 34 processes, organized in the four domains, core content is divided accordingly. Each process is covered in four sections, combining to give a complete picture of how to control, manage and measure the process. The four sections are:
- Process descriptions
- Control objectives
- Management guidelines
- Maturity model for the process
At the end, it has been stated:
- What the process owner needs to do (process description)
- How the process owner is going to do it (control objectives)
- What the process needs from others (input)
- What the process owner needs to deliver (output)
- What need to be delegated and to whom (RACI)
- How the process and its goals should be measured (goals & metrics) and finally
- How the process can be improved (maturity model)
High level processes (34)
In the “Plan and Organize” domain:
- PO1 Define a Strategic IT Plan and direction
- PO2 Define the Information Architecture
- PO3 Determine Technological Direction
- PO4 Define the IT Processes, Organization and Relationships
- PO5 Manage the IT Investment
- PO6 Communicate Management Aims and Direction
- PO7 Manage IT Human Resources
- PO8 Manage Quality
- PO9 Assess and Manage IT Risks
- PO10 Manage Projects
In the “Acquire and Implement” domain:
- AI1 Identify Automated Solutions
- AI2 Acquire and Maintain Application Software
- AI3 Acquire and Maintain Technology Infrastructure
- AI4 Enable Operation and Use
- AI5 Procure IT Resources
- AI6 Manage Changes
- AI7 Install and Accredit Solutions and Changes
In the “Delivery and Support” domain:
- DS1 Define and Manage Service Levels
- DS2 Manage Third-party Services
- DS3 Manage Performance and Capacity
- DS4 Ensure Continuous Service
- DS5 Ensure Systems Security
- DS6 Identify and Allocate Costs
- DS7 Educate and Train Users
- DS8 Manage Service Desk and Incidents
- DS9 Manage the Configuration
- DS10 Manage Problems
- DS11 Manage Data
- DS12 Manage the Physical Environment
- DS13 Manage Operations
In the “Monitor and Evaluate” domain:
- ME1 Monitor and Evaluate IT Processes
- ME2 Monitor and Evaluate Internal Control
- ME3 Ensure Regulatory Compliance
- ME4 Provide IT Governance
Conclusion
As a matter of fact, COBIT is supporting IT governance by acting in these areas: