Saturday, May 19, 2007


What is the purpose of COBIT?
Who is using COBIT?
Who are the process owners?
Why was the orientation of COBIT focused on the process rather than functions or applications?
How robust are the business requirements?
What is the overall quality of COBIT, and were any process owners/executives part of the expert review?
What is the future direction of COBIT?
How did ISACA/ITGI decide on the list of primary references?
Can I use COBIT as a statement of criteria for specific audit conclusions?
Are the control objectives meant to be a minimum level of control or best practice?
What about the absence of platform-specific controls?
Where are the application controls?
Why is there overlap within the control objectives?
Are the control objectives linked to the IT Assurance Guide and to what degree?
Why are there no risk statements with the control objectives?
What training is available for the use of COBIT?
Who in my organization should go to the training?
What is the level of training required?
In what way can I suggest to IT management that it use COBIT?
Is the COBIT framework superior to the other accepted control models?
What is the quickest and best way to sell COBIT to IT managers?
Since COBIT currently does not address associated business risks, but rather the more proactive control statements to be achieved, is there any consideration being given to address the perceived need of risk identification?
Has the COBIT framework been accepted by CIOs?
How are the management guidelines integrated into the COBIT framework?
The COBIT framework states that the COBIT maturity models are derived from the SEI Capability Maturity Model (CMM). What is the actual relationship between COBIT and CMM?
Do I need to meet an exact level when assessing a process using COBIT's maturity models, and does this differ from the original CMM approach?
COBIT has three dimensions of maturity. What do they mean?
How do you perform a COBIT-based maturity assessment?
How prescriptive are the COBIT maturity models and supporting guidance, and how does this compare to the CMM/CMMI approach?
The CMMI maturity levels appear to be different to the COBIT maturity levels. Is this true?
Is it really possible to benchmark my maturity levels with other organizations if the maturity assessments are not very precisely measured?
Are COBIT's maturity models useful to organizations that have already adopted CMMI?

COBIT Overview
Successful organizations understand the benefits of information technology (IT) and use this knowledge to drive their shareholders’ value. They recognize the critical dependence of many business processes on IT, the need to comply with increasing regulatory compliance demands and the benefits of managing risk effectively. To aid organizations in successfully meeting today’s business challenges, the IT Governance Institute® (ITGI) has published version COBIT® 4.1.
COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT enables clear policy development and good practice for IT control throughout organizations. COBIT emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework.
COBIT 4.1 can be used to enhance work already done based upon earlier versions; it does not invalidate that previous work. When major activities are planned for IT governance initiatives, or when an overhaul of the enterprise control framework is anticipated, it is recommended to start fresh with the most recent version of COBIT.