此外,在他的书中Darril Gibson提到,企业管理需要解决的关于这些控制目标的决定:


For some enterprises, data and the technology that provides support highlights their most important, however often least comprehended assets. Triumphant organizations perceive the advantages of information technology and utilize it to direct their stakeholders’ value. These companies likewise comprehend and deal with the related risks, for example, expanding regulatory compliance and basic reliance of numerous business processes on IT(Information Technology).

As illustrated in Isaca, COBIT is a structure and supporting tool kit that permit managers to cross over any barrier concerning control prerequisites, specialized issues and business risks, and convey that intensity of control to stakeholders. COBIT empowers the development of comprehensible policies and best practice for information technology control throughout the enterprise. . They:

  1. Are explanations of managerial activities to improve value or decrease risks.
  2. Consist of strategies, techniques, practices and hierarchical structures.
  3. Are intended to give reasonable confirmation that business goals will be accomplished and undesired events will be averted or identified and amended.

Moreover, Darril Gibson in his publication mentions that, enterprise management needs to settle on decisions with respect to these control objectives by:

  1. Choosing those objectives that are feasible.
  2. Making a decision upon those that will be actualized
  3. Selecting how to actualize them (recurrence, span, mechanization, and so forth.)
  4. Admitting the risk of not executing those that could be applied.

The role played by COBIT in terms of risk assessment and internal control can be delineated as;

It is about the ideal investments in, and the correct administration of, critical IT assets that include applications, infrastructure and individuals also with the important issues related to the optimization of information and infrastructure.

It obliges risks awareness by corporate officers, an agreeable understanding of the company’s voracity for risk, comprehending of compliance prerequisites, transparency about the major risks to the company and implanting of risk management commitments into the association.

It follows and monitors system usage, project accomplishment, assets utilization, process execution and service conveyance, utilizing, for instance, adjusted scorecards that make an interpretation of method to accomplish objectives measurable past conventional accounting techniques.