COBIT is an IT management framework developed by the ISACA to help businesses develop, organize and implement strategies around information management and governance.
First released in 1996, COBIT (Control Objectives for Information and Related Technologies) was initially designed as a set of IT control objectives to help the financial audit community better navigate the growth of IT environments. In 1998, the ISACA released version 2, which expanded the framework to apply outside the auditing community. Later, in the 2000s, the ISACA developed version 3, which brought in the IT management and information governance techniques found in the framework today.
COBIT 4 was released in 2005, followed by COBIT 4.1 in 2007. These updates included more information regarding governance surrounding information and communication technology. In 2012, COBIT 5 was released and in 2013, the ISACA released an add-on to COBIT 5, which included more information for businesses regarding risk management and information governance.
The ISACA announced an updated version of COBIT in 2018, ditching the version number and naming it COBIT 2019. This updated version of COBIT is designed to constantly evolve with “more frequent and fluid updates,” according to the ISACA. COBIT 2019 was introduced to build governance strategies that are more flexible, collaborative and address new and changing technology.
COBIT 2019 updates the framework for modern enterprises by addressing new trends, technologies and security needs. The framework still plays nicely with other IT management frameworks such as ITIL, CMMI and TOGAF, which makes it a great option as an umbrella framework to unify processes across an entire organization.
New concepts and terminology have been introduced in the COBIT Core Model, which includes 40 governance and management objectives for establishing a governance program. The performance management system now allows more flexibility when using maturity and capability measurements. Overall, the framework is designed to give businesses more flexibility when customizing an IT governance strategy.
Like other IT management frameworks, COBIT helps align business goals with IT goals by establishing links between the two and creating a process that can help bridge a gap between IT — or IT silos — and outside departments.
One major difference between COBIT and other frameworks is that it focuses specifically on security, risk management and information governance. This is emphasized in COBIT 2019, with better definitions of what COBIT is and what it isn’t. For example, ISACA says COBIT 2019 isn’t a framework for organizing business processes, managing technology, making IT-related decisions, or determining IT strategies or architecture. Rather, it’s designed strictly as a framework for governance and management of enterprise IT across the organization. That’s better clarified for businesses in the updated version, so there’s less confusion about how COBIT should be used and implemented.
According to the ISACA, COBIT 2019 was updated to include:
COBIT 2019 also introduces “focus area” concepts that describe specific governance topics and issues, which can be addressed by management or governance objectives. Some examples of these focus areas include small and medium enterprises, cybersecurity, digital transformation and cloud computing. Focus areas will be added and changed as needed based on trends, research and feedback – there’s no limit for the number of focus areas that can be included in COBIT 2019.
One major change to COBIT 2019 is that it now encourages feedback from the practitioner community. You will be able to purchase the COBIT 2019 Design Guide, but in early 2019 the ISACA will also release a crowdsourced version of COBIT where practitioners can leave comments, suggest improvements or propose new concepts and ideas.
COBIT 2019 is designed to be more prescriptive to guide companies in developing a governance strategy, while also allowing organizations to more comfortably tailor a unique best-fits governance strategy. It defines the “components to build and sustain a governance system: processes, policies and procedures, organizational structures, information flows, skills, infrastructure, and culture and behaviors,” according to the ISACA. Formerly referred to as “enablers” in COBIT 5, these components better define what businesses need for a strong governance system.
According to the ISACA, COBIT 2019 best suits clients that use multiple frameworks — such as ITIL, ISO/IEC 2000 and CMMI — with certain silos within IT using their own framework or standard. It’s also well suited to organizations that are required to follow specific regulatory guidelines from the government and local authorities.
The COBIT 2019 framework helps businesses align existing frameworks in the organization and understand how each framework will fit into the overall strategy. It can also help businesses monitor the performance of these other frameworks, especially in terms of security compliance, information security and risk management.
It’s also designed to give senior management more insight into how technology can align with organizational goals. You can directly map pain points in the business to certain aspects of the framework, emphasizing the need for “control-driven IT,” according to the ISACA. The framework gives CIOs and other IT executives a way to demonstrate the ROI on an IT project and how it will help reach key business objectives.
If you’re already certified in COBIT 5 through ISACA or in the middle of getting your certification, the ISACA will continue to support the accreditation and delivery of COBIT 5 training and certifications and it will “continue to live alongside COBIT 2019 training.”
Certifications for COBIT 2019 include:
As of this writing, this is the only available information on the COBIT 2019 certification scheme, but the ISACA notes that the “COBIT 2019 product family and training is open ended. ISACA will continue to evaluate the development of future training modules based on feedback and market need.”
For more IT management certifications, see “10 IT management certifications for IT leaders.”
This story, “What is COBIT? A framework for alignment and governance” was originally published by