What is COBIT?

COBIT (Control Objectives for Information and Related Technologies) is an IT Governance Framework, used by businesses for implementing IT systems and strategies. It was developed by the ISACA (Information Systems Audit and Control Association), which is a professional association for IT governance.  Think of it as a methodology for connecting business goals to IT goals.

What is an IT Governance Framework?

A type of framework that helps to define the ways and methods a business implements, manages, and monitors IT governance.  It details measurements and guides for using IT processes and resources and helps by providing road maps and evaluates how an IT governance performs and how effective it is.  It helps an organization to become compliant with legal and regulatory requirements, regarding IT.

How long has COBIT been around?  

1996 – First released, initially designed to help the Financial Audit community in IT environments

1998 – COBIT 2 released, expanded to other communities outside of Financial Auditing

2000 – COBIT 3, brought in IT management and information governance techniques

2005 – COBIT 4 released

2007 – COBIT 4.1, more governance regarding information and communication technology

2012 – COBIT 5, 2013 an add-on to 5, included risk management and information governance

2018 – COBIT 2019 announced, streamlining updates allowing them to be implemented and grown more flexibly with changing technology

Tell Me More About COBIT

COBIT is best used as an overseeing framework in businesses, working well with other IT management frameworks such as ITIL, TOGAF, and CMMI.  It addresses most of the latest trends in information security & systems, business processes, and risk management. It has over 40 governance and management objectives and provides flexibility in the performance management system when using maturity and capability measurements.  It basically is designed to provide flexibility to businesses when designing an IT Governance System.

COBIT’s main purpose is to help align business goals or those of the shareholders and management with IT goals by bridging the gap between them as well as the other departments.   Security, risk management, and information governance are also priorities. It’s used as a framework for governance and management of IT enterprises.

Why is COBIT 2019 Critical?

The latest version of COBIT is an essential upgrade and there are several areas addressed that make it critical for implementation:

  • Rather than waiting for the next “release,” updates are released when needed and on a rolling basis.
  • A new collaborative and open source-like feature allows you to share and make comments on the development process, make suggestions and request enhancements, and get much faster updates.  This makes information security more up to date on a regular basis and provides a much more holistic approach than past releases.
  • Online tools that cover specific governance topics are now available. Some of the focus areas and business processes covered are small and medium enterprises, cloud computing, and cybersecurity.  More areas are being added all the time, depending on the needs of the enterprise IT needs.
  • Global standards, frameworks, and best practices have been better developed as well, giving relevance to the existing framework.
  • ISACA says that COBIT 2019 better suits businesses with multiple frameworks, such as ISO/IEC 2000, ITIL, and CMMI and for those businesses with specific requirements from government and local authorities.
  • It has been better configured for your CIOs and other executives to get the information they need, providing control-driven IT, allowing better ways to show the ROI on projects and reaching key business objectives.