The document outlines 34 control objectives across 4 domains of IT governance: IT Strategy, IT Development, IT Operations, and IT Evaluation. Each control objective is mapped to relevant standards and frameworks including COBIT, ISO 9001, ISO 27002, ITIL, Six Sigma, CMMI, PMBOK, and Agile/Scrum. The majority of control objectives are relevant to more than one framework. The control objectives cover a wide range of activities from defining IT strategy and investment to managing operations, service levels, security, and regulatory compliance.

1. SOX Control Objectives
ISO 9001:2008 - QMS
Organization Level
ISO / IEC 27002
IT Governance
COBIT Process
# Domain # IT Governance Control Objectives
Activity Level
Agile - Scrum
Control Areas
Six Sigma
PMBOK
CMMI
ITIL
. . . . .
1 IT Strategy Plan and Organize PO1 Define a strategic IT plan. 1 1 1 1
2 IT Strategy Plan and Organize PO2 Define the information architecture. 1 1 1 1 1
3 IT Strategy Plan and Organize PO3 Determine technological direction. 1 1
4 IT Strategy Plan and Organize PO4 Define the IT processes, organization and relationships. 1 1 1 1 1
5 IT Strategy Plan and Organize PO5 Manage the IT investment. 1 1 1
6 IT Strategy Plan and Organize PO6 Communicate management aims and direction. 1 1 1 1 1
7 IT Strategy Plan and Organize PO7 Manage IT human resources. 1 1 1 1
8 IT Strategy Plan and Organize PO8 Manage quality. 1 1 1 1 1 1 1 1 1 1
9 IT Strategy Plan and Organize PO9 Assess and manage IT risks. 1 1 1 1 1 1 1
10 IT Strategy Plan and Organize PO10 Manage projects. 1 1 1 1 1
11 IT Development Acquire and Implement AI1 Identify automated solutions. 1 1 1
12 IT Development Acquire and Implement AI2 Acquire and maintain application software. 1 1 1 1 1 1
13 IT Development Acquire and Implement AI3 Acquire and maintain technology infrastructure. 1 1 1 1 1
14 IT Development Acquire and Implement AI4 Enable operation and use. 1 1 1 1 1
15 IT Development Acquire and Implement AI5 Procure IT resources. 1 1 1 1 1
16 IT Development Acquire and Implement AI6 Manage changes. 1 1 1 1 1 1 1 1 1
17 IT Development Acquire and Implement AI7 Install and accredit solutions and changes. 1 1 1 1 1 1
18 IT Operations Deliver and Support DS1 Define and manage service levels. 1 1 1 1 1 1
19 IT Operations Deliver and Support DS2 Manage third-party services. 1 1 1 1 1
20 IT Operations Deliver and Support DS3 Manage performance and capacity. 1 1 1 1 1 1
21 IT Operations Deliver and Support DS4 Ensure continuous service. 1 1 1 1
22 IT Operations Deliver and Support DS5 Ensure systems security. 1 1 1 1 1
23 IT Operations Deliver and Support DS6 Identify and allocate costs. 1 1
24 IT Operations Deliver and Support DS7 Educate and train users. 1 1 1 1 1 1 1
25 IT Operations Deliver and Support DS8 Manage service desk and incidents. 1 1
26 IT Operations Deliver and Support DS9 Manage the configuration. 1 1 1 1 1 1 1
27 IT Operations Deliver and Support DS10 Manage problems. 1 1 1 1 1 1 1 1
28 IT Operations Deliver and Support DS11 Manage data. 1 1 1 1 1 1 1
29 IT Operations Deliver and Support DS12 Manage the physical environment. 1 1 1 1 1
30 IT Operations Deliver and Support DS13 Manage operations. 1 1 1 1 1
31 IT Evaluation Monitor and Evaluate ME1 Monitor and evaluate IT performance. 1 1 1 1 1 1 1
32 IT Evaluation Monitor and Evaluate ME2 Monitor and evaluate internal control. 1 1 1 1 1 1
33 IT Evaluation Monitor and Evaluate ME3 Ensure regulatory compliance. 1 1 1 1 1
34 IT Evaluation Monitor and Evaluate ME4 Provide IT governance 1 1 1 1
Total 34 26 13 13 25 10 10 22 11 11 5