Discuss how the COBIT framework can be
used to develop sound internal control
over an organization’s information
Explain the factors that influence
information systems reliability.
Describe how a combination of preventive,
detective, and corrective controls can be
employed to provide reasonable
assurance about information security.
One basic function of an AIS is to provide
information useful for decision making. In
order to be useful, the information must be
It provides an accurate, complete, and timely
picture of the organization’s activities.
It is available when needed.
The information and the system that produces
it is protected from loss, compromise, and
The five basic principles that
contribute to systems reliability:
1. Security: control access,
2. Confidentiality: no
3. Online privacy: personal
4. Processing integrity:
accurate, complete, timely
Sarbanes-Oxley requires management to
include an internal control assessment
using a suitable framework
company’s annual report.
2. COBIT and
3. Trust Services Framework
Information Criteria (COBIT objectives)
Information must be relevant and timely.
Information must be produced in a cost-effective manner.
Sensitive information must be protected from unauthorized
Information must be accurate, complete, and valid.
Information must be available whenever needed.
Controls must ensure compliance with internal policies and with
external legal and regulatory requirements.
Management must have access to appropriate information needed
to conduct daily activities and to exercise its fiduciary and
COBIT Process Framework
COBIT Process Cycle
plans to organize
resources to provide the information it needs.
Management authorizes and oversees efforts to
(or build internally) the desired functionality.
Management ensures that the resulting system
the desired information.
monitors and evaluates
performance against the established criteria.
Cycle constantly repeats, as management modifies
existing plans and procedures or develops new ones
to respond to changes in business objectives and
new developments in information technology.
Trust Services Framework
Trust Services are a set of professional
attestation and advisory services based on a
core set of principles and criteria that addresses
This is the end of the preview. Sign up
access the rest of the document.