The COBIT® IT governance framework aims to link business goals to IT objectives, and provides metrics and maturity models to measure this accomplishment, as well as identifying the associated responsibilities of business and IT process owners.

COBIT 5, released in 2012, is the latest iteration of COBIT and incorporates the governance activities of ISO 38500 and other ISACA® frameworks.

In 2005, the European Commission selected COBIT as one of three internationally accepted standards to be used to provide information security and control over its paying agencies, requiring them to select COBIT as the basis for their information systems security.

Click here for more information on how COBIT has been adopted in Europe >>

Quick Links:

What is COBIT?

COBIT (Control Objectives for Information and Related Technology) is an IT governance control framework that helps organisations meet today’s business challenges in the areas of regulatory compliance, risk management and the alignment of IT strategy with organisational goals.

COBIT 5 expands on the guidance in COBIT 4.1 by integrating other major frameworks, standards and resources, including ISACA's Val IT and Risk IT, ITIL® and other related standards from ISO, including ISO 38500.

COBIT 5 takes into account the latest thinking on the governance of information technology, providing principles, analytical tools and models to increase trust in, and the value derived from, information systems.

Download our free green paper on COBIT >>

Benefits of using COBIT

The COBIT framework can help organisations of all sizes to:

  • Improve and maintain high quality information to support business decisions.
  • Use IT effectively to achieve business goals.
  • Use technology to promote operational excellence.
  • Ensure IT risk is managed effectively.
  • Ensure ROI on the expenditure of IT services and technology.
  • Achieve compliance with laws, regulations and contractual agreements.

COBIT 5 is an important milestone in the governance of an organisation’s IT, enabling businesses to simplify their efforts by implementing a single organisation-wide governance, risk and compliance (GRC) framework. If a company is just starting, COBIT 5 will help by mapping a roadmap for a fast-track approach. COBIT also gives a better handle to the governance of enterprise IT (GEIT) if a company already has a GRC environment in place.

How is COBIT structured?

COBIT 5 clearly differentiates between the governance and management of IT, and works around five principles:

  • COBIT Principle 1: Meeting Stakeholder Needs
  • COBIT Principle 2: Covering the Enterprise End-to-End
  • COBIT Principle 3: Applying a Single Integrated Framework
  • COBIT Principle 4: Enabling a Holistic Approach
  • COBIT Principle 5: Separating Governance from Management

There are seven 'enablers' and a Process Reference Model (PRM) which identifies five sets of processes:

  • COBIT Process 1: Evaluate, Direct and Monitor
  • COBIT Process 2: Align, Plan and Organise
  • COBIT Process 3: Build, Acquire and Implement
  • COBIT Process 4: Deliver, Service and Support
  • COBIT Process 5: Monitor, Evaluate and Assess

There are 37 processes in total: five for governance and 32 for management. Unlike COBIT 4.1, which used a process maturity model, COBIT 5 uses a Process Assessment Model (PAM) designed in accordance with the set of technical standards ISO15504.

COBIT resources

IT Governance is the first place to come for COBIT 5 resources. We offer a complete range of COBIT books and toolkits.

These include a COBIT Bookshop, which features:

We deliver publications everywhere in Europe with shipping costs lower than ever. Find out more about our delivery rates >>

COBIT 5 training courses

We currently offer the APMG-accredited COBIT 5 Foundation, COBIT 5 Implementation, and COBIT 5 Assessor training courses, which help build your knowledge and understanding of the framework and how effective COBIT implementation can help your organisation achieve its strategic IT goals.

Although these courses are held in the UK, we welcome European professionals and are happy to support delegates by helping them with their travel arrangements. We can also deliver in-house training if you need to train a whole team.

For more information on our in-house and classroom COBIT and IT governance courses, please call 00 800 48 484 484 or email

Please note that our training courses are delivered in English only.

COBIT and other frameworks

COBIT, ITIL and ISO 27002 can be used together to achieve process improvement. COBIT does not supply a ‘how-to’ route map to implement IT or information security best practices and this is where ISO 27002 and ITIL come in. They supply best-practice information and processes. COBIT provides you with a framework of controls which you can use to structure the processes contained in ITIL and which, through the addition of ISO 27002, can be used for process improvement.

Our extensive bookstore offers a wide range of ITIL publications, COBIT publications and the ISO 27002 standard.

You may be also interested in: