Skip to main content

COBIT Framework

COBIT stands for Control Objectives for Information and Related Technology. It is a framework created by the ISACA (Information Systems Audit and Control Association) for IT governance and management.

The top of the cube represents different business requirements by the university internal clients.  These include Quality – Effective and Efficient use of resources, Security – ensure the Confidentiality, Integrity, and Availability of enterprise data, Fiduciary – adherence with regulatory requirements.

The side of the cube represents the different types of IT Resources (Application, Information, Infrastructure, and People). 

The front of the cube represents the IT processes (Domains, Processes, and Activities).  See below for additional information about each component of Business Requirements.

       Effectiveness - deals with information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent and usable manner

Efficiency - concerns the provision of information through the optimal (most productive and economical) usage of resources.

Confidentiality - concerns protection of sensitive information from unauthorized disclosure. 

Integrity - relates to the accuracy and completeness of information as well as to its validity in accordance with the business' set of values and expectations.

Availability - relates to information being available when required by the business process, and hence also concerns the safeguarding of resources.

Compliance - deals with complying with those laws, regulations and contractual arrangements to which the business process is subject; i.e., externally imposed business criteria.

Reliability - relates to systems providing management with appropriate information for it to use in operating the entity, in providing financial reporting to users of the financial information, and in providing information to report to regulatory bodies with regard to compliance with laws and regulations.

Information presented on this webpage was compiled from the following authoritative source: Information System Audit and Control Association (ISACA)