The COBIT® IT governance framework aims to link business goals to IT objectives, and provides metrics and maturity models to measure this accomplishment, as well as identifying the associated responsibilities of business and IT process owners.
COBIT 5, released in 2012, is the latest iteration of COBIT and incorporates the governance activities of ISO 38500 and other ISACA® frameworks.
In 2005, the European Commission selected COBIT as one of three internationally accepted standards to be used to provide information security and control over its paying agencies, requiring them to select COBIT as the basis for their information systems security.
Click here for more information on how COBIT has been adopted in Europe >>
What is COBIT?
COBIT (Control Objectives for Information and Related Technology) is an IT governance control framework that helps organisations meet today’s business challenges in the areas of regulatory compliance, risk management and the alignment of IT strategy with organisational goals.
COBIT 5 expands on the guidance in COBIT 4.1 by integrating other major frameworks, standards and resources, including ISACA's Val IT and Risk IT, ITIL® and other related standards from ISO, including ISO 38500.
COBIT 5 takes into account the latest thinking on the governance of information technology, providing principles, analytical tools and models to increase trust in, and the value derived from, information systems.
Benefits of using COBIT
The COBIT framework can help organisations of all sizes to:
- Improve and maintain high quality information to support business decisions.
- Use IT effectively to achieve business goals.
- Use technology to promote operational excellence.
- Ensure IT risk is managed effectively.
- Ensure ROI on the expenditure of IT services and technology.
- Achieve compliance with laws, regulations and contractual agreements.
COBIT 5 is an important milestone in the governance of an organisation’s IT, enabling businesses to simplify their efforts by implementing a single organisation-wide governance, risk and compliance (GRC) framework. If a company is just starting, COBIT 5 will help by mapping a roadmap for a fast-track approach. COBIT also gives a better handle to the governance of enterprise IT (GEIT) if a company already has a GRC environment in place.
How is COBIT structured?
COBIT 5 clearly differentiates between the governance and management of IT, and works around five principles:
- COBIT Principle 1: Meeting Stakeholder Needs
- COBIT Principle 2: Covering the Enterprise End-to-End
- COBIT Principle 3: Applying a Single Integrated Framework
- COBIT Principle 4: Enabling a Holistic Approach
- COBIT Principle 5: Separating Governance from Management
There are seven 'enablers' and a Process Reference Model (PRM) which identifies five sets of processes:
- COBIT Process 1: Evaluate, Direct and Monitor
- COBIT Process 2: Align, Plan and Organise
- COBIT Process 3: Build, Acquire and Implement
- COBIT Process 4: Deliver, Service and Support
- COBIT Process 5: Monitor, Evaluate and Assess
There are 37 processes in total: five for governance and 32 for management. Unlike COBIT 4.1, which used a process maturity model, COBIT 5 uses a Process Assessment Model (PAM) designed in accordance with the set of technical standards ISO 15504.
IT Governance is the first place to come for COBIT 5 resources. We offer a complete range of COBIT books and toolkits.
COBIT and other frameworks
COBIT, ITIL and ISO 27002 can be used together to achieve process improvement. COBIT does not supply a ‘how-to’ route map to implement IT or information security best practices and this is where ISO 27002 and ITIL come in. They supply best-practice information and processes. COBIT provides you with a framework of controls which you can use to structure the processes contained in ITIL and which, through the addition of ISO 27002, can be used for process improvement.
Our extensive bookstore offers a wide range of ITIL publications, COBIT publications and the ISO 27002 standard.
You may be also interested in: