What is COBIT?
COBIT = Control Objectives for Information and Related Technology. A Governance, Risk and Compliance (GRC) framework by ISACA — the bridge between high-level corporate governance and IT-specific frameworks like ITIL and ISO 27001.
* COBIT as the bridge: it translates board-level governance into the IT-specific controls implemented by ITIL, ISO 27001, PCI DSS and others. *
As Wikipedia puts it:
"Der Anspruch von COBIT ist, das Bindeglied zwischen den unternehmensweiten Steuerungs-Frameworks und den IT-spezifischen Modellen (z. B. ITIL, ISO 27001) zu sein."
Where COBIT sits:
Board governance (COSO etc.)
│
COBIT ← bridges business goals ↔ IT controls
│
ITIL | ISO 27001 | PCI DSS | …
COBIT defines high-level control objectives (what should be true) and lets you pick the implementation framework. It's particularly popular for IT audit because audit work has historically been driven by ISACA-certified professionals (CISA, CISM).
Tip: If your client asks for a "COBIT assessment," they usually want a mapping showing how their existing controls satisfy COBIT objectives — not a wholesale rebuild.
Go deeper:
ISACA — COBIT framework (official) — the governance-and-management framework straight from its author, ISACA.
COBIT (Wikipedia) — how COBIT bridges enterprise governance (COSO) to IT-specific models like ITIL and ISO 27001.