In a collaborative effort, ISACA and Industry Insights, a Columbus, Ohio, USA-based research and consulting firm, conducted an online survey to ascertain views held by COBIT 2nd Edition owners and to quantify information about them. Industry Insights received 260 completed surveys, for a response rate of 9.4 percent. This article summarizes some of the conclusions drawn and provides a few insights into this ISACA product.
Among the top reasons respondents or their organizations purchased COBIT 2nd Edition are:
- To improve the audit approach or programs
- To improve the IS/IT controls in their company/organization
- To standardize their audit approach/programs which could utilize COBIT 2nd Edition as the benchmark
- And, because COBIT 2nd Edition contains a detailed audit. This reason for purchasing the product was mentioned in particular by Australian respondents and from respondents working in education.
Another often-cited reason for purchasing and using COBIT 2nd Edition is to facilitate communication between IS/IT management and audit and between senior management and audit. Half of the respondents pointed to validation of current IT controls and facilitation of communications as reasons to use COBIT 2nd Edition. The most common use of COBIT 2nd Edition in an organization is for audit planning and audit program development.
Of course, some of the respondents were not using COBIT 2nd Edition at all. The most frequently-cited reason was that the current workload was taking priority over opportunities to consider purchasing COBIT 2nd Edition, or implement it if they already had done so. It is well to note that this survey was conducted in November and December of 1999 while many respondents were enmeshed in Y2K planning and testing.
Survey respondents were given the option to include open-ended responses if they wished and a few are listed below:
- It sets out world-wide best practices based on generally-accepted standards.
- We thought that it is the best and most comprehensive tool for IS audit.
- We wanted to standardize our IS audit on COBIT since it gives us a complete guide for performing the audit.
COBIT users can look forward to yet a newer version of COBIT, COBIT 3rd Edition which builds on the strengths of the first two versions. Regardless of the version, COBIT is an innovative tool which is recognized the world over. Among the goals for version 3 is to increase the usefulness of COBIT to IT and general management by providing the means to evaluate performance and progress against established goals.
Enjoying this article? To read the most current ISACA® Journal articles, become a member or subscribe to the Journal.
The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.
Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute® and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.
© 2000 ISACA. All rights reserved.
Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.