Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery
In fulfilling addressable COBIT information criteria, an IAP program should include processes and steps for assessing tangible as well as intangible property. The distinction between tangible and intangible is the physical nature of the property. Properties having a physical existence — such as buildings and fire extinguishers — are tangible; and properties having no physical existence — such as patent rights and computer programs — are intangible. Acquired or created information, with ownership rights, should be classified as an intangible asset. Intangible assets may have explicit or implicit legal protection and retention mandates imposed by governmental entities. Thus, as with other intangible assets, an entity’s management should provide adequate safeguards to preserve information value as well as comply with applicable information related laws, regulations and standards to fulfill their fiduciary responsibilities. Consequently, roles for information value delivery and support should be clearly documented for accountability determination.