In 1996, the Information Systems Audit and Control Foundation (ISACF) published Control Objectives for Information and Related Technology (COBIT)i. COBIT provides a framework of generally applicable and accepted IT security and control practicesii that can be used to evaluate an organization’s current and planned IT environment. The COBIT framework is intended to be useful to management and users (business process owners), in addition to auditors. For management, users, and auditors COBIT provides a framework to evaluate IT investments and risks and to provide assurance that IT- related business objectives are achieved. COBIT strengthens the understanding, design, exercise and evaluation of internal controls. It also helps to focus management’s responsibilities to ensure that systems have integrity and that appropriate controls are in effect. COBIT outlines internal or external audit’s responsibility to provide assurance with respect to those objectives.