Control Objectives for Information Technology (COBIT) Compliance
COBIT is a framework created by ISACA that allows IT managers to bridge the gap between control requirements, technical issues, and business risks. Section 404 of Sarbanes-Oxley Act (SOX) requires public company’s annual reports to include the company's own assessment of internal control over financial reporting, and an auditor's attestation. Companies often use COBIT as the framework to meet SOX Section 404 compliance requirements. By aligning business practices with the COBIT framework, organizations are able to clarify their security posture and reduce potential risk.