COBIT a Common Factor Among Top-performing Organizations

Guidance for Best Practices in Information Security and IT Audit (Member Only 1.7M)

In a report titled “Guidance for Best Practices in Information Security and IT Audit,” the IT Policy Compliance Group (IT PCG) found that 10 percent of practices for information security and audit are responsible for the best outcomes.

The report states that the best-performing organizations studied use guidance from COBIT (the globally recognized IT governance framework from ISACA) and the COSO Internal Control—Integrated Framework (from the Committee of Sponsoring Organizations of the Treadway Commission) to prioritize, implement and measure information security and audit activities. In top-performing organizations, COBIT and COSO are cited as 30 times more common than other frameworks for addressing information security and audit practices.

“COBIT is a comprehensive framework that is valuable to any type of organization,” said Everett C. Johnson, Jr., CPA, past international president of ISACA. “This report shows that an overwhelming majority of companies studied are taking advantage of COBIT to direct their IT for optimal performance, which includes increasing the value it delivers to the organization and improving compliance with industry and governmental regulations.”

Practices Driving Best Outcomes
The report also reveals the top-10 practices among organizations with the lowest rates of data loss or theft, the highest levels of IT service delivery, and the fewest problems related to IT audit. Reviewing the best performing organizations that consistently implement the primary baseline and top-10 practices, most organizations (seven of 10) are implementing between four and six of the practices. By comparison, organizations with the worst rates of data theft or loss, the highest levels of downtime due to IT failures, and the most problems with IT audit are implementing only three or fewer of the practices.

More information on COBIT, including free downloads of the latest version, can be found at www.isaca.org/cobit.

The IT Policy Compliance Group conducts benchmark research focused on delivering fact-based guidance on the steps that can be taken to improve results. Advised by 26 organizations from around the word, the group is supported by ISACA, the IT Governance Institute, the Computer Security Institute, The Institute of Internal Auditors, Protiviti and Symantec Corp.


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC


COBIT 5 Home
Product Family
Education and Training
News
Recognition
Join the Conversation
Looking for COBIT 4.1?