Talk:COBIT

Hey all - I don't know how to use this editing feature, but I feel compelled to make a comment. Maybe someone can edit the article for me. I am of the view (as I believe many others are) that the Sarbanes-Oxley Act (and any associated reference to controls) was a direct reaction to the WorldCom accounting scandal, and not to Enron. Enron had nothing to do with an internal control failure. The worst Enron did was obfuscate what their business model was, and having off-balance sheet backed by poor assets (Enron's common stock, in this case.) If anything, the Enron + WorldCom + The other scandals helped create an environment that allowed SoX to be passed, but it was WolrdCom's wrongful accounting (and bypassing controls designed to stop improper accounting journal entries) that passed all this control broo-ha-ha.

Just an FYI.

Concerns regarding the comparison to ISO/IEC 17799:2000...

This release of the ISO Code of Practice has only 12 sections, of which Section 1 is the Scope of the Standard and Section 2 is the Terms and Definitions (so the first two sections have no Controls or Objectives). The table that is presented in this article shows 13 sections, and therefore cannot be correct (what is the source?). The latest release of the Code of Practice is ISO/IEC 17799:2005 which has 15 sections.

Refer to the ISO 17799 Directory

Hi,

This is a question on how to document new versions of a "standard". Should a new article be created and the old article be renamed to "Cobit v3.0"?

Tommy from Belgium 07:37, 27 December 2005 (UTC)[reply]

I think that if there was a History section with major changes from previous version it would be sufficient. ParaDox 14:15, 10 March 2006 (UTC)[reply]

Large chunks of this article seem to come from an old version of the ISACA COBIT website. For example, Google searches for "while identifying COBIT's four domains" or "controlled through 34 high-level control objectives" restricted to the site "isaca.org" yield much of their surrounding text from this article.

Substantially more importantly, this article is laden with impenetrable jargon. Just what is "IT governance"? How about a "control objective"? This article should synthesize the cloud of COBIT buzzwords into a succinct whole instead of enumerating all 34 control objectives.

Daviddavid

I agree. Very large chunks seem to have been taken verbatim from [1] . Some more senior Wikipedian, please speak up - is this enough to warrant flagging it with a copyvio tag? Gzabers 20:59, 31 March 2006 (UTC)[reply]

Someone spent the effort and time to get the info up there so that I could find out what COBIT was (at a high level). Don't just complain, be a good Wiki community member and change it, refine it, define it; but please don't just recommend it's destroyed...--LordNemesis 08:17, 27 September 2006 (UTC)[reply]

The new update of COBIT did not address the control issues arising from distributed networking. The very language describing controls assumes by default that a centrally controllable computing system exists. The omission of controls or even suggestions on how to address controls to non-centralized networks, servers, authentication systems, distributed financial computing processes, semi-autonomous middleware applications, leaves unanticipated controls to be devised. Rather than selecting subsets of controls that apply and fit corporate governance objectives, control confounding appears. This control confounding effect does not appear where ever the network architecture is designed with technical top down control mechanisms. I thought it was the goal of COBIT to facilitate control rather than dictating business function and IT architecture. Can COBIT extend some controls to fit non-centralized network architectures in its next revision?

Don Turnblade MS, CISSP, CISM, CISA

Surely there should be some mention of the relationship/comparison/contrast with ITIL?

In this article it says COBIT defines 215 specific control objectives. However, in ITGovernance Institute's Cobit_regulations, it says there are 318 specific control objectives. It appears to me this article is the wrong one. Which one is right? If is the wiki, someone fix it. SSPecter ^talk ♠ _{14:07, 13 January 2007 (UTC)}.