Database Reference
In-Depth Information
Control Objectives for IT (COBIT)
COBIT provided by ISACA provides control objectives for IT processes. While COSO
gives a general framework, COBIT provides control objectives for each IT process.
We will demonstrate where those processes are likely to be running in the Oracle
solution and show the settings and configurations that may best meet those
control objectives.
Managing IT processes in Oracle GRC
applications to support COBIT Framework
InFission IT Audit team has implemented IT controls by following the COBIT
standard that is supported by Oracle GRC applications. The COBIT framework
is supported as follows:
COBIT Objective
Control description
InFission IT Control management
system
Plan and Organize
(PO)
Provides direction to
solution delivery (AI) and
service delivery (DS)
IT plans, policies, and budgets
are maintained in Oracle GRC
Manager
Acquire and
Implement (AI)
Provides the solutions and
passes them to be turned
into services
IT project policies and procedures
documents are maintained in
Oracle GRC Manager
Deliver and
Support (DS)
Receives the solutions and
makes them usable for
end users
Oracle GRC Controls
Monitor and
Evaluate (ME)
Monitors all processes to
ensure that the direction
provided is followed
Oracle GRC Controls
InFission COBIT Framework setup in
Oracle GRC Manager
InFission IT audit team has implemented the COBIT Framework using the Oracle
GRC Manager Perspectives to support hierarchical structure to meet COBIT
objectives. This approach enables the audit team to reuse components that support
other GRC initiatives such as Sarbanes-Oxley (SOX). The common components
include risk, controls, and process documents. In addition, this approach also
enables the IT audit team to share information with other auditors and managers.
Search WWH ::
Custom Search