COBIT管理指南(pdf123)(1)

lss20
8 ℃
2015-11-20

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

COBIT®3rdEditionManagementGuidelinesJuly2000ReleasedbytheCOBITSteeringCommitteeandtheITGovernanceInstituteTMTheCOBITMission:Toresearch,develop,publiciseandpromoteanauthoritative,up-to-date,internationalsetofgenerallyacceptedinformationtechnologycontrolobjectivesforday-to-dayusebybusinessmanagersandauditors.AMERICANSAMOAARGENTINAARMENIAAUSTRALIAAUSTRIABAHAMASBAHRAINBANGLADESHBARBADOSBELGIUMBERMUDABOLIVIABOTSWANABRAZILBRITISHVIRGINISLANDSCANADACAYMANISLANDSCHILECHINACOLOMBIACOSTARICACROATIACURACAOCYPRUSCZECHREPUBLICDENMARKDOMINICANREPUBLICECUADOREGYPTELSALVADORESTONIAFAEROEISLANDSFIJIFINLANDFRANCEGERMANYGHANAGREECEGUAMGUATEMALAHONDURASHONGKONGHUNGARYICELANDINDIAINDONESIAIRANIRELANDISRAELITALYIVORYCOASTJAMAICAJAPANJORDANKAZAKHSTANKENYAKOREAKUWAITLATVIALEBANONLIECHTENSTEINLITHUANIALUXEMBURGMALAYSIAMALTAMALAWIMAURITIUSMEXICONAMIBIANEPALNETHERLANDSNEWGUINEANEWZEALANDNICARAGUANIGERIANORWAYOMANPAKISTANPANAMAPARAGUAYPERUPHILIPPINESPOLANDPORTUGALQATARRUSSIASAUDIARABIASCOTLANDSEYCHELLESSINGAPORESLOVAKREPUBLICSLOVENIASOUTHAFRICASPAINSRILANKAST.KITTSST.LUCIASWEDENSWITZERLANDTAIWANTANZANIATASMANIATHAILANDTRINIDAD&TOBAGOTUNISIATURKEYUGANDAUNITEDARABEMIRATESUNITEDKINGDOMUNITEDSTATESURUGUAYVENEZUELAVIETNAMWALESYUGOSLAVIAZAMBIAZIMBABWETheInformationSystemsAuditandControlAssociationisaleadingglobalprofessionalorganisationrepresentingindividualsinmorethan100countriesandcomprisingalllevelsofIT—executive,management,middlemanagementandpractitioner.TheAssociationisuniquelypositionedtofulfilltheroleofacentral,harmonisingsourceofITcontrolpracticestandardsfortheworldover.Itsstrategicallianceswithothergroupsinthefinancial,accounting,auditingandITprofessionsareensuringanunparalleledlevelofintegrationandcommitmentbybusinessprocessowners.AssociationProgrammesandServicesTheAssociation’sservicesandprogrammeshaveearneddistinctionbyestablishingthehighestlevelsofexcellenceincertification,standards,professionaleducationandtechnicalpublishing.•Itscertificationprogramme(theCertifiedInformationSystemsAuditorTM)istheonlyglobaldesignationthroughouttheITauditandcontrolcommunity.•ItsstandardsactivitiesestablishthequalitybaselinebywhichotherITauditandcontrolactivitiesaremeasured.•Itsprofessionaleducationprogrammeofferstechnicalandmanagementconferencesonfivecontinents,aswellasseminarsworldwidetohelpprofessionalseverywherereceivehigh-qualitycontinuingeducation.•Itstechnicalpublishingareaprovidesreferencesandprofessionaldevelopmentmaterialstoaugmentitsdistinguishedselectionofprogrammesandservices.TheInformationSystemsAuditandControlAssociationwasformedin1969tomeettheunique,diverseandhightechnologyneedsoftheburgeoningITfield.Inanindustryinwhichprogressismeasuredinnano-seconds,ISACAhasmovedwithagilityandspeedtobridgetheneedsoftheinternationalbusinesscommunityandtheITcontrolsprofession.ForMoreInformationToreceiveadditionalinformation,youmaytelephone(+1.847.253.1545),sendane-mail(research@isaca.org)orvisitthesewebsites:www.ITgovernance.orgwww.isaca.orgINFORMATIONSYSTEMSAUDITANDCONTROLASSOCIATIONASingleInternationalSourceforInformationTechnologyControlsAcknowledgments4ExecutiveSummary5-9FrameworkMaturityModels...............................................10-13CriticalSuccessFactors...................................14-16KeyGoalIndicators.........................................17-19KeyPerformanceIndicators..............................20-21Conclusion..............................................................22MangementGuidelinesPlanningandOrganisation................................23-45AcquisitionandImplementation.......................47-59DeliveryandSupport........................................61-87Monitoring.........................................................89-97AppendixIHowtoUse......................................................99-101AppendixIITheCOBITFramework..................................103-112AppendixIIICOBITandtheBalancedBusinessScorecard....................................................113-114AppendixIVGenericProcessMangementGuideline........115-117AppendixVITGovernanceManagementGuideline........119-122TABLEOFCONTENTSDisclaimerTheInformationSystemsAuditandControlFoundation,ITGovernanceInstituteandthesponsorsofCOBIT:ControlObjectivesforInformationandrelatedTechnologyhavedesignedandcreatedthepublicationsentitledExecutiveSummary,Framework,ControlObjectives,ManagementGuidelines,AuditGuidelinesandImplementationToolSet(collectively,the“Works”)primarilyasaneducationalresourceforcontrolsprofessionals.TheInformationSystemsAuditandControlFoundation,ITGovernanceInstituteandthesponsorsmakenoclaimthatuseofanyoftheWorkswillassureasuccessfuloutcome.TheWorksshouldnotbeconsideredinclusiveofanyproperproceduresandtestsorexclusiveofotherproceduresandteststhatarereasonablydirectedtoobtainingthesameresults.Indeterminingtheproprietyofanyspecificprocedureortest,thecontrolsprofessionalshouldapplyhisorherownprofessionaljudgmenttothespecificcontrolcircumstancespresentedbytheparticularsystemsorITenvironment.DisclosureandCopyrightNoticeCopyright©1996,1998,