Predecessors/Before You Begin

COBIT does not compete with ITIL or other bodies of knowledge. Separate bodies can be combined; in fact, ISACA has a mapping document that maps ITIL v3 to COBIT 4.1.

COBIT and ISO 20000 do overlap somewhat. COBIT allows an overall audit of an IT organization. Although ITIL does not have any organizational certification, ISO 20000 is an international service management standard and can also be used to audit an IT organization.

In general, COBIT's scope is the most broad of any IT-specific body of knowledge.

COBIT

COBIT, the "Control Objectives for Information and related Technology," is composed of 34 processes. These processes are meant to define "what IT does." COBIT was originally created as an audit framework, as evident from its creator's name, ISACA--the Information Systems Audit and Control Association.

COBIT's processes are divided into four categories:

• Plan and Organize (PO)
• Acquire and Implement (AI)
• Deliver and Support (DS)
• Monitor and Evaluate (ME)

University-specific risks

COBIT helps IT shops be audited. In a University environment, there may be less pressure to audit IT. Additionally, COBIT is an objective, "yes or no" controls-based framework which may be at odds with some University cultures.

Contacts and Resources

• Download COBIT 4.1 from ISACA's web site