Control Objectives for Information and Related Technology (CobiT) is a set of best practices for Information Technology management developed by the Information Systems Audit & Control Association (ISACA) and IT Governance Institute in 1996. ISACA develops and maintains the internationally recognized COBIT framework, helping IT professionals and enterprise leaders fulfil their IT Governance responsibilities while delivering value to the business.
The latest ISACA’s globally accepted framework COBIT 5 is aimed to provide an end-to-end business view of the governance of enterprise IT that reflects the central role of IT in creating value for enterprises
The first edition of COBIT was published in 1996. The second edition in 1998 with added Management Guidelines. The third edition was released in 2000; and the fourth edition was released in December 2005, being revised and receiving the 4.1 edition in May 2007. COBIT 5.0 integrated with Val IT and Risk IT was released in April 2012. COBIT 5.0 will also draw significantly from the Business Model for Information Security (BMIS) and the IT Assurance Framework (ITAF).
Based on 5 Principles
CobiT 5 is based on five key principles for governance and management of enterprise IT:
- Meeting Stakeholder Needs
- Covering the Enterprise End-to-End
- Applying a Single, Integrated Framework
- Enabling a Holistic Approach
- Separating Governance from Management
Addresses 7 Enablers:
The COBIT 5 framework describes seven categories of enablers:
- Principles, policies and frameworks are the vehicles to translate the desired behaviour into practical guidance for day-to-day management.
- Processes describe an organized set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals.
- Organizational structures are the key decision-making entities in an enterprise.
- Culture, ethics and behaviour of individuals and the enterprise are very often underestimated as a success factor in governance and management activities.
- Information is required for keeping the organization running and well governed, but at the operational level, information is very often the key product of the enterprise itself.
- Services, infrastructure and applications include the infrastructure, technology and applications that provide the enterprise with information technology processing and services.
- People, skills and competencies are required for successful completion of all activities, and for making correct decisions and taking corrective actions.
- COBIT 5 brings together the five principles that allow the enterprise to build an effective governance and management framework based on a holistic set of seven enablers that optimizes information and technology investment and use for the benefit of stakeholders.
Governance & Management
- Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed-on direction and objectives (EDM).
- Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM).
COBIT 5 Implementation:
COBIT 5 Implementation has 3 life cycles
- Programme Management
- Change Enablement
- Continual Improvement Life Cycle
- Features and Benefits
- Applicability
COBIT 5 is the only business framework for the governance and management of enterprise Information Technology. COBIT 5 consolidates and integrates the COBIT 4.1, Val IT 2.0 and Risk IT frameworks, and draws from ISACA’s IT Assurance Framework (ITAF) and the Business Model for Information Security (BMIS). It aligns with frameworks and standards such as Information Technology Infrastructure Library (ITIL), International Organization for Standardization (ISO), Project Management Body of Knowledge (PMBOK), PRINCE2 and The Open Group Architecture Framework (TOGAF).
Components of CobiT:
- Framework – Organize IT governance objectives and good practices by IT domains and processes, and links them to business requirements
- Process Descriptions – A reference process model and common language for everyone in an organization. The processes map to responsibility areas of plan, build, run and monitor.
- Control Objectives – Provide a complete set of high-level requirements to be considered by management for effective control of each IT process.
- Management Guidelines – Help assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes
- Maturity Models – Assess maturity and capability per process and helps to address gaps.
- CobiT 5 helps enterprises of all sizes create optimal value from Information & Related Technology by maintaining a balance between realizing benefits and optimizing risk levels and resource use. The framework is designed to address both business and IT functional areas across an organization and consider IT-related interests of internal and external stakeholders.
This particular brings with it several benefits. It helps keep in place high-quality information to back up any business decisions. Ensuring an innovative use of IT that is as effective as it is efficient to increase business benefits. This standard helps put in place checks and balances that ensure operational excellence is achieved through efficient use of technology. Ensure cost-effectiveness of operations when it comes to IT services and technology. Moreover, this particular standard can help ensure you comply with relevant laws and regulations, while also engendering a level of trust in the business’ competency.
It applies to any organization having vital information assets.
- Business Outsourcing Units
- IT Service Sector