Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools

Appendix A: COBIT Control Objectives

Planning and Organization

1. Define a Strategic IT Plan

  • IT as part of the organization s long- and short-range plan

  • IT long-range plan

  • IT long-range planning approach and structure

  • IT long-range plan changes

  • Short-range planning for the IT function

  • Communication of IT plans

  • Monitoring and evaluating of IT plans

  • Assessment of existing systems

2. Define the Information Architecture

  • Information architecture model

  • Corporate data dictionary and data syntax rules

  • Data classification scheme

  • Security levels

3. Determine Technological Direction

  • Technological infrastructure planning

  • Monitor future trends and regulations

  • Technological infrastructure contingency

  • Hardware and software acquisition plans

  • Technology standards

4. Define the IT Organization and Relationships

  • IT planning or steering committee

  • Organizational placement of the IT function

  • Review of organizational achievements

  • Roles and responsibilities

  • Responsibility for quality assurance

  • Responsibility for logical and physical security

  • Ownership and custodianship

  • Data and system ownership

  • Supervision

  • Segregation of duties

  • IT staffing

  • Job or position descriptions for IT staff

  • Key IT personnel

  • Contracted staff policies and procedures

  • Relationships

5. Manage the IT Investment

  • Annual IT operating budget

  • Cost and benefit monitoring

  • Cost and benefit justification

6. Communicate Management Aims and Direction

  • Positive information control environment

  • Management s responsibility for policies

  • Communication of organization policies

  • Policy implementation resources

  • Maintenance of policies

  • Compliance with policies, procedures, and standards

  • Quality commitment

  • Security and internal control framework policy

  • Intellectual property rights

  • Issue-specific policies

  • Communication of IT security awareness

7. Manage Human Resources

  • Personnel recruitment and promotion

  • Personnel qualifications

  • Roles and responsibilities

  • Personnel training

  • Cross-training or staff backup

  • Personnel clearance procedures

  • Employee job performance evaluation

  • Job change...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Human Resources Services
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.