Cobit Interview Questions & Answers

Cobit Interview Questions

Cobit Interview Questions And Answers

    1. Question 1. What Is Cobit And What Does It Stand For ?

      Answer :

      COBIT is an acronym for Control Objectives for Information and Related Technology. ISACA created this framework for the governance and management of IT. 

    2. Question 2. What Is Isaca And What Does It Stand For ?

      Answer :

      It was initially called the Information Systems Audit and Control Association. It is a global nonprofit association that develops, adopts practices and knowledge which are accepted universally for information systems. 

    3. Question 3. What Is The History Of Isaca ?

      Answer :

      It was formed in the year of 1969 and it was run by a small circle of individuals who realized that there was a need for a source of guidance and information in the then upcoming field of computer system’s control of auditing. But now it serves various professionals. As of now ISACA has 140,000 and more constituency which is present worldwide. And it is known for its diversity. These constituents are known to work and live in not less than one hundred and eight countries and take up most of the positions related to IT.

      These positions include the chief information officer, IS auditor, internal auditor, IS security professional, regulator etc. Some can be new in the field but most of them are at the ranks of the seniors. They are known to work in most of the categories in any of the industries which includes utilities, manufacturing, public and government sector, finance and banking etc.

    4. Question 4. What Is Cobit Used For ?

      Answer :

      It is used by the people who have certain responsibilities regarding the processes of the business and its technology. The information needs to be reliable and relevant and it must have some quality and control of the information being provided as well as that of technology.

    5. Question 5. What Is The Latest Version That Has Been In The Field ?

      Answer :

      COBIT 5 has been recently released in the year of 2012 in the month of April.

    6. Question 6. Why Was Cobit 5 Developed ?

      Answer :

      There were several reasons for the development of COBIT 5. There was a necessity for a business which covers the entire functions of IT and business. There was an utmost need for organization of the information and dissemination of the information which was concerned with the framework. There was a need to integrate COBIT with other recommendations, frameworks and researches of ISACA. 

    7. Question 7. The Cobit 5 Had An Add When Was Is Released ?

      Answer :

      The add-on which was assurance related was out in the month of June in the year of 2013 and the information security related was out in the month of December in the year of 2012.

    8. Question 8. What Are The Certain Components Which Are Included In Cobit ?

      Answer :

      The components included in COBIT are the framework, the process descriptions, the control objectives, the management guidelines and the maturity models. In the framework the basic idea is to organize the good practice and governance of IT by its domains and processes and link them to the requirements of the business. In control objectives there is list of requirements which are to be measured by the management for efficient control of various processes of IT. The maturity models assess the maturity and the capabilities and address redressal regarding any gaps. 

    9. Question 9. What Are The Different Versions Of Cobit ?

      Answer :

      The initial was COBIT which was followed by COBIT 2 then by COBIT 3, then there was COBIT 4 then COBIT 4.1 and the latest version in use is COBIT 5. 

    10. Question 10. What Is Itil ?

      Answer :

      It was initially known as the Information Technology Infrastructure Library and it is known as a set of the practices for the ITSM that is the IT service and management. This focuses on make even the services provided by the IT along with the business needs.

    11. Question 11. How Prescriptive Are The Cobit Maturity Models And Supporting Guidance, And How Does This Compare To The Cmm/cmmi Approach ?

      Answer :

      The MMs in COBIT , like all the COBIT guidance, are intended to be tailored and developed to suit the specific needs of the enterprise. The guidance is also at a high level with the intention that it provides generic guidance, not specific, detailed criteria. In particular, the maturity attributes are very generic and high-level, intended to be a simple guide for any process. When performing a COBIT maturity assessment, specific attribute details will need to be identified for the process under review, and compared to COBIT's control objectives, control practices, and goals and metrics to the desired level of detail. COBIT does not prescribe the assessment approach, which is a management decision, ranging from a high-level workshop discussion to an in-depth analysis, as appropriate, driven by business needs.

      In CMM/CMMI, although the guidance would always need to be tailored for a given appraisal situation, the standard guidance is much more specific and detailed, due to its much narrower focus on software product delivery and more formal appraisal/assessment procedure.

    12. Question 12. How Do You Perform A Cobit-based Maturity Assessment ?

      Answer :

      The reality is that probably no two COBIT maturity assessments are performed in exactly the same manner. COBIT provides some tools and techniques, and the COBIT user will follow an approach based on specific enterprise needs. The assessments can be high-level, often in a workshop discussion, or detailed with careful gap analysis.

      Generically, the following common principles usually apply:

      • The maturity requirements should be driven by business requirements ideally expressed as business and IT goals.
      • The requirements depend on the scope being considered and can be very specific for a particular scope or high-level if the scope is for the enterprise as a whole.
      • The maturity models help assess capability (defined in COBIT to mean how well the process is being managed in comparison to the COBIT maturity models and attributes).
      • The maturity attributes can be used to analyze current maturity levels in detail and are required to do a proper gap analysis.
      • COBIT's control objectives provide a way to measure how well the process addresses key controls needed to minimize risk and deliver value.
      • COBIT's control practices can be used to help design improved processes and to increase process maturity, together with other industry standards and best practices.
      • It is recommended that that the maturity attributes be used to assess at a detailed level and to carry out a gap analysis, so that the root causes of immaturity can be identified and business decisions can be taken on where to invest to improve maturity for least cost and maximum benefit. IT Governance Implementation Guide: Using COBIT and Val IT, 2nd Edition, provides a road map that includes guidance on the above steps.

    13. Question 13. Why Do You Think One Should Use Cobit 5 ?

      Answer :

      The framework provided by COBIT provides utmost benefits and breadth unlike any other framework. It helps in maintaining high level of information to provide the needed support for any decisions regarding business and it also helps in achieving the strategic set goals through innovative and effective usage of the IT. It also helps in attaining optimal cost of the technology and services provided by the IT. 

    14. Question 14. Has The Cobit Framework Been Accepted By Cios ?

      Answer :

      Yes, it has been accepted in many organizations globally, and new cases continue to be documented. However, it should not surprise anyone that in those entities where the CIO has embraced COBIT as a usable IT framework, this has come as a direct consequence of one or more COBIT champions within the audit and/or IT department(s). Even more important than acceptance by the CIO is acceptance by the board and executive management. Successful implementation of IT governance using COBIT depends greatly on the commitment of top management.

      The addition of the management guidelines should also increase the acceptance of COBIT by enterprise and IT management. The emphasis on alignment of IT with enterprise goals, self-assessment and performance measurement will ensure that COBIT is seen not only as a control framework, but also as providing a set of tools for improving the effectiveness of information and IT resources. The integration of the management guidelines with the COBIT framework and control objectives provide additional emphasis for management to use COBIT as the authoritative, up-to-date and established model for IT control and governance.

    15. Question 15. Is The Cobit Framework Superior To The Other Accepted Control Models ?

      Answer :

      Most senior managers are aware of the importance of the general control frameworks with respect to their fiduciary responsibility, such as COSO, Cadbury, CoCo or King II; however, they may not necessarily be aware of the details of each. In addition, management is increasingly aware of the more technical security guidance such as ISO 17799, and service delivery guidance such as ITIL.

      Although the aforementioned models emphasize business control and IT security and service issues, only COBIT attempts to deal with IT-specific control issues from a business perspective. It should be noted that COSO was used as source material for the business model and ISO 17799 and ITIL, amongst many others, were used to develop the control objectives. COBIT is not meant to replace any of these control models. It is intended to emphasize what control is required in the IT environment while working with and building on the strengths of these other control models.

    16. Question 16. Why Is Cobit 5 Better Than The Cobit 4 For The Information Security ?

      Answer :

      COBIT 5 is supposed to recognize that information security is a prevalent enabler which affects the entire enterprise and not just one service. 

    17. Question 17. What Is The Level Of Training Required ?

      Answer :

      The amount and level of training necessary is a function of how comfortable one feels with the product; however, practical experience has shown that successful implementation is directly related to the amount of COBIT knowledge acquired. Therefore, training is considered to be very important but the training also has to be properly and correctly provided, which is why ISACA developed a portfolio of courses. The IT Governance Implementation Guide: Using COBIT and Val IT, 2nd Edition, and the IT Assurance Guide provide valuable support following attendance at training courses.

    18. Question 18. What Are The Differences Between The Cobit 5 And Cobit 4.1 ?

      Answer :

      COBIT 5 clearly differentiates between management and governance. It also calls for different dimensions and inputs to the regime of the governance. COBIT 5 also incorporates the different frameworks that were developed by ISACA. 

    19. Question 19. Explain About The Version Cobit 4.1 ?

      Answer :

      It is a framework of governance and a tool of support that allows the participants to bridge the distance between any issues of technicality, risks involved in business and the requirements of control. 

    20. Question 20. Explain Something About Itil ?

      Answer :

      It is an acronym for Information Technology Infrastructure Library. It is an all-inclusive set of practices that are developed and executed in the IT. It has a series of 5 volumes and each of these volumes have a different stage of the IT. ITIL supports the previous BS 15000 there is still a difference between the framework of ITIL and the  BS 15000 which is now known as the ISO 20000.

      It describes the tasks, procedures, processes, checklists which aren’t specific to the organization but they can be applied by any organization which are trying to establish integration. It lets the organization to have a baseline which helps them to measure, implement and plan which can be helpful in the demonstration of compliance and to measure the improvement. AXELOS has ownership over ITIL and it provides licenses to the organization for the usage of ITIL. It provides accreditation to the institutes which are licensed for the examination and managing the updates of the framework.

    21. Question 21. Difference Between Cobit And Itil ?

      Answer :

      Mostly people choose both COBIT and ITIL they are mostly complementary together and not much competing  against each other. 

    22. Question 22. What Is The Entailment Of Implementing Of The Nist Cybersecurity Using The Cobit 5 ?

      Answer :

      It will be ruled by the management and it will be used as an investment which is supported by any of the cases of business. COBIT 5 helps in a dialogue amongst the security and the management which is easy for understanding the security practices. 

    23. Question 23. Does Cobit 5 Deals Between Management And Governance ?

      Answer :

      It helps in differentiating between the roles of the management and the board and to direct and monitor the objectives, priorities and decisions related to IT. 

    24. Question 24. What Does Transition To Cobit5 Involve ?

      Answer :

      There is a publication developed which acts as a guide with respect to what needs to be done in order to make the transition smoother and effective. 

    25. Question 25. What Is The Relationship Between Compliance And Governance ?

      Answer :

      Governance looks after the perspectives and laws which are required in the organization. Compliance is the measures taken up by the company to follow to governance in various manners. 

    26. Question 26. Is Application Of A Single Integrated Framework Essential ?

      Answer :

      Yes, because the organizations fail to look at the numerous vulnerabilities in a system and they usually fix that particular problem and not take into account those numerous vulnerabilities. One method of doing this is to create and manage the control matrix. This should incorporate areas of controls which are critical and the interest. These can be developed either during assessments of risks or by the usage of the standards which are essential for the better practice. Processes are used by the business organizations as well as the IT for getting outcomes and they need to be consistent. Security teams must have a security program and a framework.

      A organizational hierarchy is essential to monitor an d reach the strategic objectives. The decision makers at every level are the stakeholders in the processes and the outcomes. The cultural differences of the employees must be considered when securing the workplace. The information delivered by the IT is through applications, services and the infrastructure. The implementation of the control of security calls for attention to competencies, people and the skills which are both inside and outside of the IT. It is necessary to integrate the enablers and frameworks, principles and policies are the means for that. The expected outcomes are achieved by the help of enablers and also in the development of the frameworks, policies and the principles.

    27. Question 27. Why Is Cobit 5 Important ?

      Answer :

      COBIT 5 is closely related to most frameworks, controls and standards which includes ISO27001, Prince 2, ITIL, ISO20000, TOGAF, SOX and many such frameworks. It looks after all the internal as well as external services of IT which are relevant. And it also looks after the processes of business which are external as well as internal. It also gives an overall systematic view of the management and governance of the IT enterprises which is based on the enablers and their total numbers. 

    28. Question 28. What Is The Purpose Of Cobit ?

      Answer :

      The purpose of COBIT is to provide management and business process owners with an information technology (IT) governance model that helps in delivering value from IT and understanding and managing the risks associated with IT. COBIT helps bridge the gaps amongst business requirements, control needs and technical issues. It is a control model to meet the needs of IT governance and ensure the integrity of information and information systems.

    29. Question 29. Who Is Using Cobit ?

      Answer :

      COBIT is used globally by those who have the primary responsibilities for business processes and technology, those who depend on technology for relevant and reliable information, and those providing quality, reliability and control of information technology.

    30. Question 30. What Is The Overall Quality Of Cobit, And Were Any Process Owners/executives Part Of The Expert Review ?

      Answer :

      To assure the high level of quality of COBIT, several measures have been taken. The most important are:

      • The whole research process has been overseen by the IT Governance Committee (ITGC), which is responsible for all ITGI research, and directed by the COBIT Steering Committee (CSC). Besides preconceiving the deliverables, the CSC has also been responsible for the final quality of these deliverables.
      • A CIO panel provides insights and suggestions for further developments.
      • The detailed research results have been quality-controlled throughout.
      • The preliminary research involved several COBIT development groups based around the world.
      • Before being issued, the final texts were distributed to more than 100 specialists, including process owners, business managers and analysts, such as Gartner, to obtain their comments.
      • Overall, experience shows that the COBIT model appeals to members of business management as a whole; they appreciate the added value of it in view of improving their control over IT. In this regard, ITGI is confident that the required quality level, beyond customer satisfaction, has been achieved, although feedback is always welcomed and considered. Because COBIT development is a continuous improvement process based on real experience by users, there will always be potential improvements to quality and usefulness.

    31. Question 31. How Did Isaca/itgi Decide On The List Of Primary References ?

      Answer :

      The list of primary references was developed as a collective consensus based on the experience of the professionals who participated in the CSC's research, expert review and quality assurance efforts.

    32. Question 32. What About The Absence Of Platform-specific Controls ?

      Answer :

      The COBIT control objectives are generic in nature and address activities or tasks within IT processes. This way they are platform-independent. However, they are the overall structure wherein more specific platform-related controls are to be defined. In fact, the general control objectives should remain valid regardless of whether one is controlling, for example, a mainframe platform or an office automation platform. It is obvious that certain aspects will require more emphasis in a given environment.

    33. Question 33. Where Are The Application Controls ?

      Answer :

      The application controls were originally fully integrated in the COBIT model. This option had been taken considering that COBIT is business-process-oriented and that at this level application controls are merely part of the overall controls to be exercised over information systems and related technology. In most cases, however, this part cannot be outsourced. Hence, the question is of prime importance.

      Before the publication of COBIT 4.0, there was one process, Manage data, where the traditional transactions and file controls could be found. In COBIT 4.0 the application controls were taken out of DS10 and made part of the COBIT framework using the ACn prefix, because it was decided that they had become accepted as being owned by business process owners and not part of an IT process. With COBIT 4.1, they have been simplified to six key application control objectives, AC1 to 6.

    34. Question 34. Why Is There Overlap Within The Control Objectives ?

      Answer :

      Overlap in the control objectives, although not occurring often, was intentional. Some control objectives transcend domains and processes and, therefore, must be repeated to ensure that they exist in each domain or process. Some control objectives are meant to be cross-checks of one another and, therefore, must be repeated to ensure consistent application in more than one domain or process. Thus, although potentially perceived as overlapping, COBIT intentionally repeats some control objectives to ensure appropriate coverage of these IT controls.

Popular Interview Questions

All Interview Questions

All Practice Tests

All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd Protection Status