ISACA is currently updating the audit/assurance programs for COBIT 5. The first group of programs to be released will be a series of programs for the COBIT 5 processes, based on the generic structure developed in the COBIT 5 for Assurance publication. The new audit/assurance programs will be fully aligned with COBIT 5, and will explicitly reference all seven enablers. The programs will be released by domain.
- Evaluate, Direct and Monitor (EDM) February 2014
- Align, Plan and Organise (APO) are scheduled to be available in April 2014
- Build, Acquire and Implement (BAI) are scheduled to be available in June 2014
- Deliver, Service and Support (DSS) are scheduled to be available in June 2014
- Monitor, Evaluate and Access (MEA) are not in development at this time
COBIT 5 Principles: Where Did They Come From?
Governance of Enterprise Information and related Technology (GEIT) is the board’s accountability and responsibility and the execution of the set direction is management’s accountability and responsibility. COBIT 5 is primarily a framework made by and for practitioners and includes insights from IT and general management literature, including concepts and models such as strategic alignment, balanced scorecard, IT savviness and organizational systems. By clearly indicating how the principles of COBIT 5 are built on these IT and general management insights, this white paper will help practitioners to understand them and therefore be more efficient and effective in their endeavors to apply COBIT 5 in their organizations. The issue date is still to be determined.
Comparing the COSO Internal Control and COBIT 5 Frameworks
The COSO and COBIT frameworks have long been used in tandem in many organizations, long before Sarbanes-Oxley regulations went in to effect in 2003. However, with the advent of this set of regulatory challenges, organizations who felt compelled to use COSO for their financial framework (the SEC had mentioned frameworks like COSO should be considered) were drawn to COBIT—in large part of the knowledge work ISACA produced, but also due to the strong recognition that IT is a critical enabler to the operation of strong financial controls. In May of 2013 COSO released its updated and refreshed Integrated Internal Control framework. ISACA participated in this update program, serving as a member of the COSO Advisory Council. Meanwhile, ISACA had released its own update of COBIT in April of 2012. Since many organizations rely and use both frameworks internally and many others are asking questions and considering how the two frameworks impact and align with each other, as well as how they can be used together, ISACA is creating this white paper to help address some of these questions and opportunities. It is scheduled to be issued in the second quarter 2014.
Controls and Assurance in the Cloud: Using COBIT 5
This book will provide practical guidance for enterprises using or considering using cloud computing. It will identify the related risk and controls, and provide a governance and controls framework based on COBIT 5, and an audit program using COBIT 5 for Assurance. This information can assist enterprises in assessing the risk and potential value of cloud investments and determine if the risk is within the acceptable level. In addition, it will provide a list of available publications and resources that can help determine if cloud computing is the appropriate solution for data and processes in scope. It is scheduled to be available in second quarter 2014.
DevOps refers to the movement within IT to improve relationships between development and operations. It relies on agile-like development methods, allowing smaller code changes to be released more frequently (e.g., every 5 to 6 days) when compared with traditional development and release management (e.g., with long cycle times). These methods may be especially promising for new web-based applications (e.g., more than legacy applications). The first publication in this series is an overview white paper scheduled to be issued in the second quarter of 2014.
Risk Scenarios for COBIT 5 for Risk
This professional guide will provide practical guidance on how to use COBIT 5 for Risk to solve for current business issues. Specific risk scenarios, along with other pragmatic application methods, will be demonstrated. It is scheduled to be available in second quarter 2014.
Sarbanes-Oxley: Using COBIT 5
This publication updates the 2006 edition of this practical guide for executive management and IT control professionals when evaluating an organization's IT controls required by the US Sarbanes-Oxley Act of 2002. It will provide practical guidance on using COBIT 5 when performing SOX engagements. It is scheduled to be available in third quarter 2014.
Security, Audit and Control Features SAP ERP, 4th Edition
This publication updates the 2009 edition of this practical, how-to guide in the technical and risk management series. It enables assurance, security and risk professionals (both IT and non-IT) to evaluate risks and controls in existing ERP implementations and facilitates the design and building of better practice controls into system upgrades and enhancements. It is scheduled to be available in third quarter 2014.