Control Objectives Management Guidelines Maturity Models
The IT Governance Institute® The IT Governance Institute (ITGI) (www.itgi.org) was established in 1998 to advance international thinking and standards in directing and controlling an enterprise’s information technology. Effective IT governance helps ensure that IT supports business goals, optimises business investmentin IT, and appropriately manages IT-related risks and opportunities. The IT Governance Institute offers original research, electronic resources and case studies to assist enterprise leaders and boards of directors in their IT governance responsibilities. Disclaimer IT Governance Institute (the “Owner”) has designed and created this publication, titled COBIT® 4.0 (the “Work”), primarily as aneducational resource for chief information officers, senior management, IT management and control professionals. The Owner makes no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of any proper information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the sameresults. In determining the propriety of any specific information, procedure or test, chief information officers, senior management, IT management and control professionals should apply their own professional judgement to the specific circumstances presented by the particular systems or information technology environment. Disclosure Copyright © 2005 by the IT Governance Institute. All rights reserved.No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system, or transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise), without the prior written authorisation of the IT Governance Institute. Reproduction of selections of this publication, for internal and noncommercial or academic use only,is permitted and must include full attribution of the material’s source. No other right or permission is granted with respect to this work. IT Governance Institute 3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA Phone: +1.847.590.7491 Fax: +1.847.253.1443 E-mail: firstname.lastname@example.org Web site: www.itgi.org ISBN 1-933284-37-4 COBIT 4.0 Printed in the United States of America
The IT Governance Institute wishes to recognise:
The Board of Trustees Everett C. Johnson, CPA, Deloitte & Touche LLP (retired), USA, International President Abdul Hamid Bin Abdullah, CISA, CPA, Auditor General’s Office, Singapore, Vice President William C. Boni, CISM, Motorola, USA, Vice President Jean-Louis Leignel, MAGE Conseil, France, VicePresident Lucio Augusto Molina Focazzio, CISA, Colombia, Vice President Howard Nicholson, CISA, City of Salisbury, Australia, Vice President Bent Poulsen, CISA, CISM, VP Securities Services, Denmark, Vice President Frank Yam, CISA, CIA, CCP, CFE, CFSA, FFA, FHKCS, Focus Strategic Group, Hong Kong, Vice President Marios Damianides, CISA, CISM, CA, CPA, Ernst & Young LLP, USA, Past InternationalPresident Robert S. Roussey, CPA, University of Southern California, USA, Past International President Emil D’Angelo, CISA, CISM, Bank of Tokyo-Mitsubishi, USA, Trustee Ronald Saull, CSP, Great-West Life and IMG Financial, Canada, Trustee Erik Guldentops, CISA, CISM, Belgium, Advisor, IT Governance Institute The ITGI Committee William C. Boni, CISM, Motorola, USA, Chair Jean-Louis Leignel, MAGEConseil, France, Vice Chair Erik Guldentops, CISA, CISM, University of Antwerp Management School, Belgium Tony Hayes, Queensland Health, Australia Anil Jogani, CISA, FCA, Tally Solutions Limited, UK John W. Lainhart IV CISA, CISM, IBM, USA , Michael Schirmbrand, CISA, CISM, CPA, KPMG, Austria Eddy Schuermans, CISA, PricewaterhouseCoopers, Belgium Ronald Saull, CSP, Great-West Life and IMG Financial,...