read more
read more

read more
read more

COBIT® is about IT Governance, and K-12 Technology Works is about bringing IT Governance to K-12. An acronym for Control Objectives for Information and related Technology, COBIT is a system of best practices that forms a domain and process framework. COBIT presents activities in a manageable and logical structure and is based on the consensus of experts. While other frameworks, such as ITIL (Information Technology Infrastructure Library) are focused on execution, on "how" to do things, COBIT concentrates more on control and "what" needs to be done.

COBIT is based on the premise that, In order for IT to be successful in delivering against organizational needs, management needs to put an internal control system or framework in place. The COBIT control framework is designed to be an integral part of this effort by:

  • Linking organizational and IT Goals
  • Organizing IT activities into a generally accepted process model
  • Identifying the major IT resources to be leveraged
  • Defining the control objectives to be used

Organizationally oriented, COBIT is focused on linking organizational goals to IT goals, providing metrics and maturity models to measure their achievement, and identifying the associated responsibilities of all process owners across the organization.

The process focus of COBIT is illustrated by a process model that subdivides IT into four domains and 34 processes. These processes are defined in such a manner that the objectives of each is clearly understood, metrics and communication mechanisms are identified, and the resources essential for process success ( i.e. applications, information, infrastructure and people) are determined.

The COBIT framework is process-oriented and controls-based. The four domains are designed to cover the full spectrum of governing the IT investment. In order to effectively achieve this goal, COBIT's 34 processes are structured within the four domains and are comprised of some 210 individual control objectives.

This structure can best be understood by first looking at the domains themselves:

PLAN AND ORGANIZE (PO)
This domain covers strategy and tactics, and focuses on the identification of how IT can best contribute to the achievement of organizational objectives. The strategic vision is the driving force of the organization, and it must be planned, communicated and managed in order to succeed.

ACQUIRE AND IMPLEMENT (AI)
In order to realize the IT strategy, IT solutions must be identified, developed or acquired, and subsequently implemented and integrated into the organizational process. Once in place, changes and maintenance of existing systems must also be controlled and optimized in order to ensure that the solutions continue to meet their assigned objectives.

DELIVER AND SUPPORT (DS)
This domain focuses on the actual delivery of required services, which includes service delivery, management of security and continuity, service support for users, and management of data and operational facilities.

MONITOR AND EVALUATE (ME)
All IT processes need to be regularly assessed over time for their quality and compliance with control requirements. This domain addresses performance management, monitoring of internal control, regulatory compliance and governance.

As stated above, these four domains are comprised of 34 individual processes, each containing a number of control objectives. These IT control objectives provide a complete set of high-level requirements to be considered by management for effective control of each IT process. While the 210 control objectives are beyond the scope of this page, the 34 processes are listed here in order to provide some understanding of the scope of the framework. Please click on a domain title to view the associated processes:

 
Plan and Organize
   
PO1 Define a Strategic IT Plan
PO2 Define the Information Architecture
PO3 Determine Technological Direction
PO4 Define the IT Processes, Organization and Relationships
PO5 Manage the IT Investment
PO6 Communicate Management Aims and Direction
PO7 Manage IT Human Resources
PO8 Manage Quality
PO9 Assess and Manage IT Risks
PO10 Manage Projects
   
 
Acquire and Implement
   
AI1 Identify Automated Solutions
AI2 Acquire and Maintain Application Software
AI3 Acquire and Maintain Technology Infrastructure
AI4 Enable Operation and Use
AI5 Procure IT Resources
AI6 Manage Changes
AI7 Install and Accredit Solutions and Changes
   
 
Deliver and Support
   
DS1 Define and Manage Service Levels
DS2 Manage Third-party Services
DS3 Manage Performance and Capacity
DS4 Ensure Continuous Service
DS5 Ensure Systems Security
DS6 Identify and Allocate Costs
DS7 Educate and Train Users
DS8 Manage Service Desk and Incidents
DS9 Manage the Configuration
DS10 Manage Problems
DS11 Manage Data
DS12 Manage the Physical Environment
DS13 Manage Operations
   
 
Monitor and Evaluate
   
ME1 Monitor and Evaluate IT Performance
ME2 Monitor and Evaluate Internal Control
ME3 Ensure Compliance With External Requirements
ME4 Provide IT Governance
For more information about COBIT, you can read the Executive Summary published by the IT Governance Institute (ITGI) or visit the ITGI website.
Home |About Us | Services | Articles | Resources | Contact Us
Copyright © K-12 Technology Works, 2009. All Rights Reserved