Applying the CobiT Control Framework to Spreadsheet Developments

One of the problems reported by researchers and auditors in the field of spreadsheet risks is that of getting and keeping management’s attention to the problem. Since 1996, the Information Systems Audit & Control Foundation and the IT Governance Institute have published CobiT ® which brings mainstream IT control issues into the corporate governance arena. This paper illustrates how spreadsheet risk and control issues can be mapped onto the CobiT framework and thus brought to managers’ attention in a familiar format. 1. A BRIEF INTRODUCTION TO COBIT 1.1. What is CobiT ? CobiT ® , Control Objectives for Information & related Technology is a tool set which helps business managers to understand and manage the risks associated with implementing new technologies, and demonstrate to regulators, shareholders and other stakeholders how, and how well they have done this. It is based on international best practice in IT management and control. The tool set facilitates IT governance, defined as “a structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes” [ISACF 2000(1)] In an age where business is almost entirely dependent on technology, IT Governance is an essential element of wider corporate governance. 1.2. CobiT’s