CobiT 4.1 is an authoritative, up-to-date set of generally accepted IT control objectives and practices for business and IT managers. It provides a framework for IT governance and is aimed at ensuring information integrity, security, and availability. CobiT promotes the understanding that IT resources need to be managed through key processes in order to deliver the information required for organizations to achieve their objectives.

1. CobiT 4.1 Information Technology Control Objectives & Control Practices John W. Beveridge Office of the State Auditor Enterprise Security Board Security Awareness Day June 26, 2007

6. To Achieve Business Objectives To Avoid Risks, Threats and Exposures Control (as defined by COBIT) The policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected. Source: COBIT Control Objectives. P. 12.

7. CobiT promotes a healthy understanding about “reasonable assurance” and “residual risk” Knowing the acceptable levels for reasonable assurance and residual risk is a critical success factor for designing and managing an adequate framework of control

8. Assurance Level 100% Residual Risk 0% Reasonable Assurance

22. COBIT Cube The COBIT framework describes how IT processes deliver the information that the business needs to achieve its objectives. For controlling this delivery, COBIT provides three key components, each forming a dimension of the COBIT cube. Business Requirements for Information Criteria IT Resources IT Processes

25. COBIT Domains : Information Processes (3rd Component) Feedback Feedback Feedback Plan and Organize Acquire and Implement Deliver and Support Monitor and Evaluate