COBIT Foundation Exam Exam Requirements v4.1 The purpose of this document is to provide information to those interested in participating in the COBIT Foundation Exam. The document provides information about the scope of this exam and the terms and objectives of the exam. The document also provides information about the organization of the COBIT Foundation Exam. Version 1.5 June 2007 2007 ISACA/ITGI Nothing from this publication may be duplicated and/or published by using print, photocopy, microfilm, or electronic means or in any other way. In addition, it may not be stored in any way without preceding, written permission from ISACA/ITGI.
General Information The COBIT Foundation Exam The COBIT Foundation Course and COBIT Foundation Exam are equally applicable to IT auditors, IT managers, IT quality professionals, IT leadership, IT developers, and process practitioners and managers in IT service service-providing firms. Anyone interested in learning more about COBIT will find value in the COBIT Foundation Course and COBIT Foundation Exam. Passing the COBIT Foundation exam recognizes and guarantees that the candidate understands the principles, elements, and recommended applications of COBIT. The COBIT Foundation Certificate is a prerequisite for participating in the COBIT Implementation Workshop and is recommended before participating in the COBIT for Sarbanes Oxley Course. Prerequisite knowledge, skills, and practical experience Continuous professional education Examination details Examination rules There are no prerequisites for participating in the COBIT Foundation exam. The knowledge tested in the exam is equivalent to the curriculum of the COBIT Foundation Course, as specified in this document. After completing the COBIT Foundation Course and successfully passing the COBIT Foundation Exam, ISACA will provide candidates with 8 Continuous Professional Education (CPE) credits for the e-learning version of the course and 14 CPE credits for the classroom version of the course The exam consists of 40 multiple-choice questions. To pass the exam, an individual must correctly answer 28 or more questions or attain a score of 70% or higher. The delivery of the exam is online. The exam must be supervised by a proctor who commits to supervising the exam and maintaining controlled conditions. The proctor should be someone who will have no business advantage from the results of the candidates exam. The proctor can be someone within the candidates organization but should not be the candidates personnel manager or direct colleague. Someone within the candidates local education group or HR organization would be ideal. Details about registering a proctor will be provided by ITpreneurs when candidates register for the exam. Page 2/8
Self-employed consultants are allowed to locate a proctor from within the organizations they are assigned to or work for when scheduling their exam. Referral to material or notes is not permitted. Scope of the examination The examination covers the candidates understanding of the following topics covered in the COBIT Foundation course: How IT management issues affect organizations The principles of IT governance, how IT governance helps address IT-management issues, and who should be responsible for IT governance The need for a control framework driven by the need for IT governance How COBIT meets the requirement for an IT governance framework How COBIT is used with other standards and best practices The COBIT Framework and all the components of COBIT How to apply COBIT in a practical situation The benefits of using COBIT The products and support that ITGI provides Examination Curriculum Identify key IT-management issues affecting organizations and understand the need for an IT governance framework Understand the components of COBIT and the role COBIT fulfils with respect to other IT-management frameworks Describe the COBIT Framework and components Identify the IT-management issues or challenges that affect organizations. Identify who is responsible for IT governance. Identify the principles of IT governance. Identify how IT governance resolves management issues. Identify the need for a control framework driven by IT governance. Identify COBIT components. Understand how COBIT satisfies the requirements for a control framework. Describe how COBIT aligns with other standards. Understand how COBIT meets regulatory requirements. Describe how COBIT helps managers and auditors in an organization. Identify the functions of the COBIT framework. Identify the characteristics of the four domains of IT. Describe the role of COBIT IT processes. Page 3/8
Understand how the COBIT framework can be applied for two sample COBIT processes, P010 and DS02 Describe COBIT resources and understand how CobiT benefits business Describe the seven information criteria. Describe how COBIT defines resources in an IT environment. Describe COBIT Control Objectives and indicators. Describe Metrics and Maturity Models in the Management Guidelines. Describe the generic audit approach in the Assurance Guide. Control Objectives and Control Practices for P010 and DS02 COBIT Outcome measures relevant to IT problems for P010 and DS02 COBIT Performance Indicators relevant to the suggested Outcome Measures for P010 and DS02 Application of Maturity Models for P010 and DS02 Understanding of RACI charts for PO10 and DS2 Describe the four COBIT resources, COBIT Online, COBIT QuickStart, COBIT Security Baseline, Implementation Guide for IT governance and Val IT. Identify how COBIT benefits business by linking back to IT governance objectives. Page 4/8
Literature Recommended reference reading material for taking the COBIT Foundation Exam: Official ISACA COBIT Foundation Course (elearning) ; or Official ISACA COBIT Foundation Course (classroom) It is further recommended that candidates obtain the following support products as a way to improve their knowledge and usage of COBIT, although this is not essential for the exam. Available through www.isaca.org: COBIT 4.1: ITGI Board Briefing on IT Governance 2 nd Edition Terms and Definitions Accountability Acquisition and Implementation Activity and Task Application Systems Availability Balanced Scorecard Benchmarking BS7799/ISO17799 Business Requirements Business Strategy COBIT COBIT Framework Principles COBIT Mission COBIT Online COBIT Online Benchmarking COBIT Online Community COBIT Online Summary Table COBIT Quickstart COBIT Security Baseline COBIT Security Requirements COBIT Triangle Common Language Compliance Testing Confidentiality Control Framework Control Measures Control Objective Control Practice Statements Corrective Actions COSO Data Defined Delivery and Support Developing Programs Page 5/8
Direct and Control Direction Setting DS2 Manage Third-Party Services Evaluation External Stakeholder Facilities General Acceptability Identification and Documentation Information Criteria Initial Integrity IT Governance IT Processes IT Resources IT Stakeholder ITG Implementation Guide ITIL Outcome measures Performance Indicators ME1 Monitoring Managed Management Guidelines Management Reassurance Managing Risk Maturity Model Metrics Metrics Monitoring Obtain, Evaluate, Assess, Substantiate Optimized People Performance Management Performance Scorecards Planning and Organization PO10 Project Management Principles of IT Governance Process Orientation Regulatory Compliance Repeatable Resource Management Resource Optimization Responsibility Risk Acceptance Risk Appetite Risk Avoidance Risk Management Risk Management Action Plan Risk Mitigation Risk Transfer Strategic Alignment Page 6/8
Substantive Testing Technology Four Domains COBIT Value Delivery Val IT Examination Procedure After purchasing the exam, the following steps provide an overview of the registration procedure: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 The candidate should plan the date and time of the exam at least ten working days prior to taking the exam. The candidate should locate a proctor who will play the role of supervisor during the examination session. The proctor will be provided with the Proctor Package by ITpreneurs, including all relevant information required to register the proctor. The candidate should complete Annex 4.0: Examination registration form, and return it by e-mail to exams@itpreneurs.com. In case this document has not been received, please request it through the same e-mail address. Please ensure that the proctor completes Annex 1.0: Proctor registration sheet and returns it to exams@itpreneurs.com. The registration will be processed by ITpreneurs, and in case all documentation is accepted, the candidate and the proctor will receive the logon details two days prior to the exam date. The candidate can only log on to the exam application at the time and date of registration. After the examination session, the candidate will know the result immediately and will be able to print a transcript of the session. If the candidate passed the exam, the transcript will result in ISACA/ITGI issuing a certificate to the candidate. The proctor has to complete Annex 3.0: the Proctor Examination Report, and return it to ITpreneurs. Page 7/8
Page 8/8