I am totally new to CoBit but had an idea about the 4 Domain and 34 Processes as well as the Control Objectives.
I am currently preparing a checklist (say DS4) to distribute to the appropriate group, so that they can follow and then provide me with the needed input.
In my checklist, I know that I need to put the "Control Objectives" but, do I need to insert the "Control Practices" as well, so that the group know what to give me ?
Dear all, can anyone explain what the initials CP1, CP2, CP3 and CP4 referring to? I am referring to "Value Management Guidance for Assurance Professionals using ValIT 2.0", page 18, Test the control design.
The statements are:
Ensure that a formal process exists for communicating goals and objectives and that, when updated, such communication is repeated. (PC1, CP1 and 2)
• Enquire whether and confirm that process goals and objectives have been defined. Verify that process stakeholders understand these goals. (PC1, CP3)
• Enquire whether and confirm that outputs and associated quality targets are defined for each process (PC1, CP4)
Hi, Let me try to answer both your questions as best as I can.
@Tassy
Control Practices are control details and act as guidelines to achieve control objectives.
In my past experience with COBIT with control owners, I find these are good guidelines to achieve common understandings.
Of course, that depends on how you would execute it; either put it in writing (ie. checklist, questionnaire) or depend on compliance/assurance team to guide/explain to control owners.
@amarzuki
PCn are COBIT Process Controls; generic control requirements.
These process controls together with process control objectives form a complete view of control requirements.
PC1: Process Goals and Objectives
PC2: Process Ownership
PC3: Process Repeatability
PC4: Roles and Responsibilities
PC5: Policy, Plans and Procedures
PC6: Process Performance Improvement
I myself not very familiar with PCn (I think this is new concept in COBIT 4.1 / Val IT) but probably you can take at look at the document from ITGI ("IT Assurance Guide Using COBIT").
