Cobit maturity level for SOX compliance 1534



  • Hello, Colleagues.
    Need your advice on Subject.
    What maturity level of Cobit should we comply with to be compliant with SOX? References to source materials are welcome.
    Thanks in advance.



  • Hi and welcome … The following post has some key links in it for the COSO/COBIT standards:
    http://www.sarbanes-oxley-forum.com/modules.php?name=Forums-and-file=viewtopic-and-p=5035#5035
    Based on the quote below, it appears that the latest version 4.0 framework is recommended. If you’re starting with a brand new adaptation of COBIT standards, it would be beneficial to use the latest and greatest 🙂 However, if you’re already using an existing earlier version of COBIT, I couldn’t find references defining the minimum baseline for SOX compliancy.
    COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT enables clear policy development and good practice for IT control throughout organizations. ITGI’s latest version COBIT® 4.0emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework.
    It does not invalidate work done based on earlier versions of COBIT but instead can be used to enhance work already done based upon those earlier versions. When major activities are planned for IT governance initiatives, or when an overhaul of the enterprise control framework is anticipated, it is recommended to start fresh with COBIT 4.0. COBIT 4.0 presents activities in a more streamlined and practical manner so continuous improvement in IT governance is easier than ever to achieve.



  • The absolute minimum is Maturity Level 3. Almost all external auditors are ok with it (no deficiency identified etc.)



  • Thanks George for the clarification, as I couldn’t find this documented


Log in to reply