An Introduction to COBIT
COBIT, formerly known as Control Objectives for Information and Related Technology, is a business framework for the governance and management of enterprise IT. The latest version – COBIT 2019 – describes itself as “a framework for the governance and management of enterprise information and technology (I&T), aimed at the whole organization.” It was created by ISACA, an international professional association focused on IT governance formerly known as the Information Systems Audit and Control Association. ISACA is:
“… a non-profit, global membership association for IT and information systems professionals.”
Both ISACA and COBIT have evolved over the years
In fact, the move from both ISACA and COBIT as acronyms to names in their own right is testament to this. With the ISACA name change reflecting its broader membership constituency rather than its early computer system auditing origins.
The latest version, COBIT 2019 launched in late 2018, is described by ISACA as something that:
“…defines the components to build and sustain a governance system: processes, policies and procedures, organizational structures, information flows, skills, infrastructure, and culture and behaviors. These were referred to as “enablers” in COBIT 5.”
Allowing organizations to support a variety of needs, including:
- Keeping IT running
- Value optimization – increasing business value and reducing business risk
- Cost management
- Mastering complexity
- Better aligning IT with the business
- Meeting regulatory compliance
- Increasing the maturity of other standards and best practices
- The need for benchmarking.
“There’s a COBIT for that”
Or at least there was in COBIT 5. In that there were flavors of COBIT 5 for different corporate audiences and needs. So beyond governance it provides focused guidance on areas such as security, assurance, and risk. And practical books such as:
- Controls and Assurance in the Cloud: Using COBIT 5
- Securing Mobile Devices Using COBIT 5 for Information Security
- Transforming Cybersecurity: Using COBIT 5
- Configuration Management Using COBIT 5
- Vendor Management: Using COBIT 5
While COBIT 2019 has superseded 2012’s COBIT 5, these publications can still add value to organizations’ operations (and ISACA still supports COBIT 5). However, COBIT 2019 now offers a different way to apply COBIT to different situations and contexts as described in bullet #5 below.
What’s changed in COBIT 2019
The COBIT 2019 update improves COBIT 5 across a number of areas, including that:
- It better addresses the importance of I&T governance for the enterprise. COBIT’s governance-based guidance helps organizations to achieve benefits realization, risk optimization, resource optimization, and business and IT alignment for the enterprise.
- It addresses new trends in technology. DevOps and Agile development, cloud, service integration and management (SIAM), and the Internet of Things (IoT) are good examples.
- It’s more up to date, with latest standards and working methods. COBIT 2019 is designed to reference and align to concepts originating in other best practice sources. So, COBIT 2019 doesn’t contradict any guidance in related standards, doesn’t copy the content of these related standards, and provides equivalent statements or references to the related guidance.
- It provides greater flexibility. The COBIT Design Guide helps COBIT content to be tailored for each organization’s and each user’s needs and context.
- It introduces focus area concepts. These are certain governance topics, domains, or issues that can be addressed by a collection of governance and management objectives and their components. For example: small and medium enterprises, cybersecurity, digital transformation, and cloud computing. It’s a self-assembly version of the aforementioned COBIT 5 publications.
- It adds a new online collaboration feature. Via this “open source” approach, future updates can be recommended by users, vetted by a COBIT Steering Committee, to help ensure timelier updates to COBIT.
COBIT versus ITIL?
This is a common question, but one that results in an answer the questioner doesn’t necessarily expect.
Rather than choosing ITIL or COBIT, many “in the know” will recommend ITIL and COBIT – given that they’re complementary rather than competing. With COBIT a framework of policies, processes, procedures, and metrics that can help give governance-related direction to IT service management (ITSM) operations and the associated ITIL processes. Importantly, COBIT can help guide an IT organization in what should be covered in IT and IT service management processes and procedures (and controls), which is a step beyond ITIL.
Rather than choosing ITIL or COBIT, many will recommend ITIL and COBIT – given that they are complementary rather than competing. #COBIT #ITIL Share on XAccessing COBIT resources
The various COBIT 2019 publications, as of now, are available to download. The two framework books are free to download. The other two are free to download for ISACA members but chargeable for non-members:
- COBIT 2019 Framework: Introduction and Methodology
- COBIT 2019 Framework: Governance and Management Objectives
- COBIT 2019 Design Guide: Designing an Information and Technology Governance Solution
- COBIT 2019 Implementation Guide: Implementing and Optimizing an Information and Technology Governance Solution.
Each of these publications is available (and individually priced) in hard-copy format via the ISACA website and other retailers.
What COBIT 2019 isn’t
Interestingly, ISACA also states what COBIT 2019 isn’t to help aid understanding, to better manage expectations, and to clearing up some misconceptions about COBIT. Hence, ISACA states that COBIT 2019:
- “Is not a full description of the whole I&T environment of an organization
- Is not a framework to organize business processes
- Is not an (IT) technical framework to manage all technology
- Does not make or prescribe any IT-related decisions. For example, it does not answer questions such as: What is the best IT strategy? What is the best architecture? How much should IT cost? Instead, it defines all the components that describe which decisions should be taken, and how and by whom they should be taken.”
So, please check COBIT out. Many people will tell you that COBIT will provide you with the “whys” and the “whats,” whereas ITIL will provide you with the “hows.”