COBIT (Control Objectives for Information and Related Technologies) is a business framework for the governance and management of Enterprise IT, created by ISACA.
The framework contains the COBIT 5 framework for governing and managing enterprise IT. It defines a set of generic processes for the management of IT, with each process defined together with process inputs and outputs, key process-activities, process objectives, performance measures and an elementary maturity model.
The COBIT 5 framework is built on five basic principles, which are covered in detail, and includes extensive guidance on enablers for governance and management of enterprise IT.
The COBIT 5 product family includes the following products:
- COBIT 5 (the framework)
- COBIT 5 enabler guides, in which governance and management enablers are discussed in detail. These include:
- COBIT 5: Enabling Processes
- COBIT 5: Enabling Information (in development)
- Other enabler guides (check www.isaca.org/cobit)
- COBIT 5 professional guides, which include:
- COBIT 5 Implementation
- COBIT 5 for Information Security (in development)
- COBIT 5 for Assurance (in development)
- COBIT 5 for Risk (in development)
- Other professional guides (check www.isaca.org/cobit)
- A collaborative online environment, which will be available to support the use of COBIT 5
COBIT 5 provides a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of enterprise IT. Simply stated, it helps enterprises create optimal value from IT by maintaining a balance between realising benefits and optimising risk levels and resource use. COBIT 5 enables IT to be governed and managed in a holistic manner for the entire enterprise, taking in the full end-to-end business and IT functional areas of responsibility, considering the IT-related interests of internal and external stakeholders. COBIT 5 is generic and useful for enterprises of all sizes, whether commercial, not-for-profit or in the public sector.
Principle 1: Meeting Stakeholder Needs
Enterprises exist to create value for their stakeholders by maintaining a balance between the realisation of benefits and the optimisation of risk and use of resources. COBIT 5 provides all of the required processes and other enablers to support business value creation through the use of IT. Because every enterprise has different objectives, an enterprise can customise COBIT 5 to suit its own context through the goals cascade, translating high-level enterprise goals into manageable, specific, IT-related goals and mapping these to specific processes and practices.
Principle 2: Covering the Enterprise End-to-end
COBIT 5 integrates governance of enterprise IT into enterprise governance:
- It covers all functions and processes within the enterprise; COBIT 5 does not focus only on the ‘IT function’, but treats information and related technologies as assets that need to be dealt with just like any other asset by everyone in the enterprise.
- It considers all IT-related governance and management enablers to be enterprisewide and end-to-end, i.e., inclusive of everything and everyone—internal and external—that is relevant to governance and management of enterprise information and related IT.
Principle 3: Applying a Single, Integrated Framework
There are many IT-related standards and good practices, each providing guidance on a subset of IT activities. COBIT 5 aligns with other relevant standards and frameworks at a high level, and thus can serve as the overarching framework for governance and management of enterprise IT.
Principle 4: Enabling a Holistic Approach
Efficient and effective governance and management of enterprise IT require a holistic approach, taking into account several interacting components. COBIT 5 defines a set of enablers to support the implementation of a comprehensive governance and management system for enterprise IT. Enablers are broadly defined as anything that can help to achieve the objectives of the enterprise. The COBIT 5 framework defines seven categories of enablers:
- Principles, Policies and Frameworks
- Organisational Structures
- Culture, Ethics and Behaviour
- Services, Infrastructure and Applications
- People, Skills and Competencies
Principle 5: Separating Governance From Management
The COBIT 5 framework makes a clear distinction between governance and management. These two disciplines encompass different types of activities, require different organisational structures and serve different purposes. COBIT 5’s view on this key distinction between governance and management is:
Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritisation and decision making; and monitoring performance and compliance against agreed-on direction and objectives.
In most enterprises, overall governance is the responsibility of the board of directors under the leadership of the chairperson. Specific governance responsibilities may be delegated to special organisational structures at an appropriate level, particularly in larger, complex enterprises.
Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives.
In most enterprises, management is the responsibility of the executive management under the leadership of the chief executive officer (CEO).