Control practices provide control approaches consisting of practices that are necessary and sufficient for achieving COBIT control objectives. These practices support the prevention, detection and correction of undesired events through responsible use of resources, appropriate management of risk and the delivery of value to business. This extension of the COBIT family of products details the how and why of the 34 processes within this globally accepted IT governance, control and assurance framework.
These statements focus on the details of:
- The COBIT framework, extending it with more specific implementation focus
- How each process can assist in controlling and managing risk
- Managing risk by decreasing the probability of adverse consequences from threats and vulnerabilities, safeguarding the assets, and limiting the impact on the business
- Increasing business value by achieving efficiency and/or effectiveness gains
- At least two control practices from each detailed control objective
Each control practice expands the capabilities of COBIT by providing the practitioner with an additional level of detail. The COBIT IT processes, business requirements and control objectives define what needs to be done to implement an effective control structure. The control practices provide the more detailed how and why needed by management, service providers, end users and control professionals to implement highly specific controls based on an analysis of operational and IT risks.
This publication has been updated to align with COBIT 4.1.