Integration of the COBIT 5 Framework into the SDLC for Development of a User Access Attestation System

Lawrence Bunnell, Virginia Commonwealth University
Heinz Roland Weistroffer, Virginia Commonwealth University


As organizations face increasing legal and regulatory oversight due to legislation such as SOX and HIPPA, controls for information technology (IT) have become a critical focus. Thus, it is essential that those charged with IT governance pay particular attention to which users may initiate, authorize, process, store, and report transactions. Periodic user access attestations, authorizing appropriate employee use of IT artifacts, are a means of ensuring that proper controls are maintained. Cost-efficient applications to support managing appropriate IT user access are needed to ensure regulatory compliance. This research maps the COBIT 5 framework to the systems development lifecycle (SDLC) to develop a user access attestation system using widely available in-house tools.