"CobiT 5 provides the structure and tools needed to deliver trust and value, manage risk, avoid potential loss and maximize opportunities"
Control Objectives for Information and Related Technology (CobiT) is a set of best practices for Information Technology management developed by Information Systems Audit & Control Association (ISACA) and IT Governance Institute in 1996. ISACA develops and maintains the internationally recognized COBIT framework, helping IT professionals and enterprise leaders fulfill their IT Governance responsibilities while delivering value to the business. The latest ISACA’s globally accepted framework COBIT 5 is aimed to provide an end-to-end business view of the governance of enterprise IT that reflects the central role of IT in creating value for enterprises
The first edition of CobiT was published in 1996. The second edition in 1998 with added Management Guidelines. The third edition was released in 2000; and the fourth edition was released in December 2005, being revised and receiving the 4.1 edition in May 2007. CobiT 5.0 integrated with Val IT and Risk IT was released in April 2012. CobiT 5.0 will also draw significantly from the Business Model for Information Security (BMIS) and the IT Assurance Framework (ITAF).
CobiT 5 is the only business framework for the governance and management of enterprise Information Technology. COBIT 5 consolidates and integrates the CobiT 4.1, Val IT 2.0 and Risk IT frameworks, and draws from ISACA's IT Assurance Framework (ITAF) and the Business Model for Information Security (BMIS). It aligns with frameworks and standards such as Information Technology Infrastructure Library (ITIL), International Organization for Standardization (ISO), Project Management Body of Knowledge (PMBOK), PRINCE2 and The Open Group Architecture Framework (TOGAF).
Components in CobiT :
Framework - Organize IT governance objectives and good practices by IT domains and processes, and links them to business requirements
Process Descriptions - A reference process model and common language for everyone in an organization. The processes map to responsibility areas of plan, build, run and monitor.
Control Objectives - Provide a complete set of high-level requirements to be considered by management for effective control of each IT process.
Management Guidelines - Help assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes
Maturity Models - Assess maturity and capability per process and helps to address gaps.
CobiT 5 helps enterprises of all sizes create optimal value from Information & Related Technology by maintaining a balance between realizing benefits and optimizing risk levels and resource use. The framework is designed to address both business and IT functional areas across an organization and consider IT-related interests of internal and external stakeholders.
Based on 5 Principles :
CobiT 5 is based on five key principles for governance and management of enterprise IT :
Meeting Stakeholder Needs
Covering the Enterprise End-to-End
Applying a Single, Integrated Framework
Enabling a Holistic Approach
Separating Governance From Management
Addresses 7 Enablers :
The COBIT 5 framework describes seven categories of enablers :
Principles, policies and frameworks are the vehicle to translate the desired behavior into practical guidance for day-to-day management.
Processes describe an organized set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals.
Organizational structures are the key decision-making entities in an enterprise.
Culture, ethics and behaviour of individuals and of the enterprise are very often underestimated as a success factor in governance and management activities.
Information is required for keeping the organization running and well governed, but at the operational level, information is very often the key product of the enterprise itself.
Services, infrastructure and applications include the infrastructure, technology and applications that provide the enterprise with information technology processing and services.
People, skills and competencies are required for successful completion of all activities, and for making correct decisions and taking corrective actions.
COBIT 5 brings together the five principles that allow the enterprise to build an effective governance and management framework based on a holistic set of seven enablers that optimizes information and technology investment and use for the benefit of stakeholders.
Governance & Management
Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed-on direction and objectives (EDM).
Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM).
COBIT 5 Implementation
COBIT 5 Implementation has 3 life cycles
Continual Improvement Life Cycle
It is the latest standard
It is applicable to any organization having vital information assets.
Business Outsourcing Units
IT Service Sector
DRIVERS FOR CERTIFICATION
In an electronic data-driven world, information is the most crucial element of 21st century enterprise. Mass volumes of data – supported by technology drive success, but also rise of complex and challenging governance and management concerns for enterprises worldwide. New demands, stringent regulations and risk scenarios emerge on daily basis, making it critical to effectively govern and manage information and related technology.
In the current scenario, enterprise leaders are under pressure to :
Deliver value to enterprise stakeholders by achieving business objectives
Ensure IT investments and assets are used effectively to support enterprise goals & objectives
Maintain compliance with internally directed and externally imposed regulations