The specialized nature of information systems (IS) auditing and the skills necessary to perform such audits, require standards that apply specifically to IS auditing. From this recognition came the development of the COBIT Auditing Framework by the Information Systems Audit and Control Association (ISACA). ISACA is an education foundation dedicated to the large-scale research efforts necessary to expand the knowledge and value of the IT governance and control field.

COBIT has been developed as a generally applicable and accepted standard for Information Technology (IT) security and control best practices that provide a reference framework for management, users, and information assurance practitioners.

COBIT is increasingly internationally accepted as good practice for control over information, IT and their related risks. A COBIT-compliant audit enables an enterprise to implement effective governance over IT that is pervasive and intrinsic throughout the enterprise. In particular, a COBIT audit meets Management's need to exert appropriate control over IT and provide a formal measure of the enterprise's IT capability.

Three typical benefits of a COBIT Audit include:

• Performance measurement elements (outcome measures and performance drivers for all IT processes)

• A list of critical success factors that provide succinct, non-technical best practices for each IT process

• Maturity models to assist in benchmarking and decision-making for capability improvements