In order to achieve the corporate objectives the information must reflect specific criteria which is described in COBIT as requirements for information specific to the individual company. Seven individual, partially overlapping information criteria for the broader security requirements from the quality and fiduciary aspects were defined as follows:
|Corporate objectives and IT objectives|
Whilst the information criteria represents a generic method for defining the information requirement, the generic corporate and IT objectives defined in COBIT provide a more specific basis for defining the corporate requirements and in order to develop metrics which enable the fulfillment of these objectives to be measured. Every company utilizes information technology to support business projects; these can be seen as corporate objectives for the IT.
If IT intends to deliver successful services in order to support the corporate strategy then clear responsibilities and standards should be set by the core business (the client) with regard to the requirements, as well as a clear understanding of the demand (WHAT and HOW) to be covered by the IT (the service provider).
These targets should in turn lead to clearly defined targets for the IT itself (IT objectives) which once again in turn define the IT resources and their services (corporate architecture for IT) which are required for successful performance of the tasks derived from the strategy. These objectives should all be expressed in a language which is understood by the client.
Once the aligned objectives have been defined they must be subject to monitoring in order to ensure that the actual service delivery meets the expectations. This is achieved through metrics derived from the objectives and recorded in the IT scorecard in a way that can be understood and followed by the customer and which in turn enables the service provider to focus on the internal targets.