From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
WikiProject Computing (Rated Start-class, Mid-importance)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Mid  This article has been rated as Mid-importance on the project's importance scale.
WikiProject Computer Security / Computing  (Rated Start-class, High-importance)
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 High  This article has been rated as High-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing (marked as Mid-importance).


<bHey all - I don't know how to use this editing feature, but I feel compelled to make a comment. Maybe someone can edit the article for me. I am of the view (as I believe many others are) that the Sarbanes-Oxley Act (and any associated reference to controls) was a direct reaction to the WorldCom accounting scandal, and not to Enron. Enron had nothing to do with an internal control failure. The worst Enron did was obfuscate what their business model was, and having off-balance sheet backed by poor assets (Enron's common stock, in this case.) If anything, the Enron + WorldCom + The other scandals helped create an environment that allowed SoX to be passed, but it was WolrdCom's wrongful accounting (and bypassing controls designed to stop improper accounting journal entries) that passed all this control broo-ha-ha.

Just an FYI.

Concerns regarding the comparison to ISO/IEC 17799:2000...

This release of the ISO Code of Practice has only 12 sections, of which Section 1 is the Scope of the Standard and Section 2 is the Terms and Definitions (so the first two sections have no Controls or Objectives). The table that is presented in this article shows 13 sections, and therefore cannot be correct (what is the source?). The latest release of the Code of Practice is ISO/IEC 17799:2005 which has 15 sections.

Refer to the ISO 17799 Directory

New version of Cobit: 4.0[edit]


This is a question on how to document new versions of a "standard". Should a new article be created and the old article be renamed to "Cobit v3.0"?

Tommy from Belgium 07:37, 27 December 2005 (UTC)

I think that if there was a History section with major changes from previous version it would be sufficient. ParaDox 14:15, 10 March 2006 (UTC)

--Alan.rezende (talk) 02:39, 13 May 2008 (UTC)User:alan.rezende : In my opinion, the versioning page must be used when someone's altering the contents of an article by refining it, correcting it or whatever. When the subject is a framework, and it makes sense considering each version a separate piece of information, then there should be different articles like: COBIT v3.0, COBIT v4.0, COBIT v4.1 and a major one called COBIT that would point to the others and gather general information concerning it. If we just keep on altering the article, then the information about what was COBIT v3.0 (dates, patterns, etc) will be lost or more difficult to find. Well, these are my thoughts about that.

Large chunks taken without attribution, difficult to understand[edit]

Large chunks of this article seem to come from an old version of the ISACA COBIT website. For example, Google searches for "while identifying COBIT's four domains" or "controlled through 34 high-level control objectives" restricted to the site "" yield much of their surrounding text from this article.

Substantially more importantly, this article is laden with impenetrable jargon. Just what is "IT governance"? How about a "control objective"? This article should synthesize the cloud of COBIT buzzwords into a succinct whole instead of enumerating all 34 control objectives.


I agree. Very large chunks seem to have been taken verbatim from [1] . Some more senior Wikipedian, please speak up - is this enough to warrant flagging it with a copyvio tag? Gzabers 20:59, 31 March 2006 (UTC)

Someone spent the effort and time to get the info up there so that I could find out what COBIT was (at a high level). Don't just complain, be a good Wiki community member and change it, refine it, define it; but please don't just recommend it's destroyed...--LordNemesis 08:17, 27 September 2006 (UTC)

Information Security Criticism of COBIT[edit]

The new update of COBIT did not address the control issues arising from distributed networking. The very language describing controls assumes by default that a centrally controllable computing system exists. The omission of controls or even suggestions on how to address controls to non-centralized networks, servers, authentication systems, distributed financial computing processes, semi-autonomous middleware applications, leaves unanticipated controls to be devised. Rather than selecting subsets of controls that apply and fit corporate governance objectives, control confounding appears. This control confounding effect does not appear where ever the network architecture is designed with technical top down control mechanisms. I thought it was the goal of COBIT to facilitate control rather than dictating business function and IT architecture. Can COBIT extend some controls to fit non-centralized network architectures in its next revision?

Don Turnblade MS, CISSP, CISM, CISA


Surely there should be some mention of the relationship/comparison/contrast with ITIL?

how many specific control objectives?[edit]

In this article it says COBIT defines 215 specific control objectives. However, in ITGovernance Institute's Cobit_regulations, it says there are 318 specific control objectives. It appears to me this article is the wrong one. Which one is right? If is the wiki, someone fix it. SSPecter talk 14:07, 13 January 2007 (UTC).

High-level IT Processes vs High-level Control Objetives[edit]

As stated in the 4.1 version of COBIT Executive Summary (and the overall documentation as well), the formerly named 34 high-level control objetives are now called just high-level IT processes. Each one has its own set of Control Objetives. This was probably done for a better underestanding of what is a Control Objetive and what is an IT Process (which has its Control Objetives). Since I am checking the sources for this text, adding citations and such, I am also correcting the references to Control Objetives. They must mow be called High-Level IT Processes as in the newest version of COBIT.

This is also why I mentioned in another section that there should be an article with the former version solely, for us to have an explict Wikipedia back reference. Alan.rezende (talk) 04:04, 13 May 2008 (UTC)


I am about to begin a translation of this article to Brazilian Portuguese. There's some text there already, built by someone else, but is some kind of a few cut, translate and paste. The whole contents are not there. That's why am I specially interested in the accuracy of this original article. Alan.rezende (talk) 04:04, 13 May 2008 (UTC)

Cobit and Sarbanes Oxley[edit]

The information in this article is incorrect; companies DO NOT have a choice between COBIT and COSO, because COBIT is not a valid control framework in the same manner as COSO is. COBIT is merely a supplement to other frameworks for the sake of IT governance. The current choice available to companies is COSO vs CoCo vs Turnbull. The legislation leaves room for other frameworks to be written in the future, but COBIT is too specific to qualify. The second paragraph hints at this fact, but the first is incorrect.Dukeofwulf (talk) 17:41, 18 July 2008 (UTC)


Originality of the content aside, my main beef with the article is that it sounds more like an advertising pitch than anything remotely resembling NPOV. The impression that was left in my mind was less "here's information about COBIT - benef11its, costs, alternatives, etc." than it was "hey, come by our Website and we'll tell you all about COBIT (and sell you some consulting services to go along with it.)" Jeff Dickey (talk) 10:36, 16 December 2008 (UTC)

I have to concur with Jeff Dickey. This is a cut and paste job from COBIT marketing literature. —Preceding unsigned comment added by (talk) 15:58, 29 March 2011 (UTC)


Seven Enabler s of COBIT 5: policies and frameworks Processes Organizational structures Culture, ethics and behaviour of individuals Information Services, infrastructure and applications People, skills and competencies MAHESH HALANI (talk) 08:00, 13 April 2017 (UTC)