COBIT enables an entity to set clear control objectives for IT through the combining of previously discussed individual IT design and operational areas. Specifically, the eight IT managerial areas are grouped into four domains: Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate. Management can use these generally accepted domains with associated control objectives for deriving achievable IT goals.
When setting control objectives, Strengths, Weaknesses, Opportunities, and Threats (SWOT) analysis can be employed to organize IT control objectives and illuminate general agreement on the entity’s strategic situation. If the control environment dictates setting control objectives based on the COBIT framework, management can approve the presented control objectives as documented or, where it is appropriate, modify then approve the presented control objectives.
“View Part I of the Governing IT: Setting Control Objectives series here“