Compliance Services

COBIT Services

COBIT IT Risk Assessments

COBIT (Control Objectives for Information and Related Technologies) is a framework and supporting tool set created by the Information Systems Audit and Control Association (ISACA). COBIT allows managers to bridge the gap with respect to control requirements, technical issues, and business risks, and communicate that level of control to stakeholders. COBIT enables the development of clear policies and good practice for information technology control throughout the organization.

The process model for COBIT is divided into 4 high-level domains: 

  • Plan and Organize
  • Acquire and Implement
  • Deliver and Support
  • Monitoring and Evaluate

Within these 4 high-level domains are 34 different processes that are in line with the responsibility areas of plan, build, and run and monitor, providing an end-to-end view of IT and the associated risks. With that in mind, the goal of COBIT is to assist an organization in implementing policies, procedures, plans, and organizational structures that are aligned with the achievement of business objectives and that security threats are detected and corrected.


  • COBIT IT Risk Assessment Report - This report will outline the controls contained within the COBIT Framework and what the organization is doing compared to these controls. Each control, if applicable, will provide a risk ranking as well as a remediation strategy to reduce the overall risk related to that control
  • Executive Summary Report - This report will provide a high-level overview of the assessment process, methodology used, and overall risk to the organization based on the results of the assessment

Let Compass IT Compliance assist your organization in assessing any risks present through our COBIT Risk Assessment so you can secure your information technology environment, comply with regulatory compliance requirements, and save time, money, and resources in the process. Contact Us today to discuss your unique situation. Secure. Comply. Save.

Risk Management Blog Posts

Contact Us