The grand theory used for this case study is the COBIT Framework 4.

1 presented by the IT Governance

Institute, in 2007. COBIT is defined as the objective for information control and related technologies and
is an open standard for controlling information technology.
Or COBIT is a set of best practices documentation and guidance that can be used to help auditors, users
and management to bridge the gap between business risk, control needs and IT technical issues.

As seen on the displayed image, to support business objectives, information that can control an
information system is required. Controlled information is information relating to the resources involved
in the information system processes. The information criteria needed to control an information system
include:

1. Effectiveness
The expected information can actually be created
2. Efficiency
Information is created using resources as little as possible
3. Confidentiality
Information may only be accessed by persons who have the right for the information.
4. Integrity
The resulting information must be accurate and valid, so the information is not misleading.
5. Availability
The information is generated timely and available when needed
6. Compliance
The resulting information must comply with applicable internal or external standards and regulations.
7. Reliability
The resulted information can be trusted because of its high level of accuracy.

Further the generated information related to the resources of information technology consists of 4 kinds
which are:
1) Application
Application includes applications used to manage information in asset management processes.
2) Information
Information is inputted, processed, and generated data from information systems and used for asset
management.
3) Infrastructure
Infrastructure is the technology that supports application process. For example: hardware, operating
system, database management system, network, multimedia, and other supporting devices.
4) People
Human beings are the personnel needed to plan, organize, acquire, implement, provide, support,
monitor and evaluate information systems.

In order for the resulting information to relate to technological resources, there must be a series of
processes undertaken by the organization. The process is managing information ranging from PO, AI, DS,
ME which is called 4 Domain series of processes.
PO directs the company in delivery of solution (AI) and service delivery (DS). AI provides the solution and
turns it into a service. While DS accepts the solution and then changes it in order to be used for end use.
While (ME) monitors the entire process to ensure that the given direction was suitably executed.
Therefore it is called 4 domain series of processes.
Each domain has a number of different technological information processes. Like the PO, the IT
processes are 10, and so on. If totaled, the process of information technology counts to 34.
However, not all IT processes (OBJECTIVE CONTROL) are used, the process is selected and adjusted to the
level of importance of an organization. in which each organization has a variety and reach of utilization of
their information technology. Aligned with what has been described (ITGI, 2007) This standard does not
require implementation of any component but may select only the sections that are relevant.