Control Objectives for Information and Related Technologies (COBIT)

What is the Control Objectives for Information and Related Technologies (COBIT)?

Control Objectives for Information and Related Technologies, more popularly known as COBIT, is a framework that aims to help organizations that are looking to develop, implement, monitor, and improve IT governance and information management.

COBIT (Control Objectives for Information and Related Technologies) is a framework created by ISACA for information technology (IT) management and IT governance.

The framework is business-focused and defines a set of generic processes for the management of IT, with each process defined together with process inputs and outputs, key process activities, process objectives, performance measures, and an elementary maturity model.

History of COBIT

ISACA first released COBIT in 1996, originally as a set of control objectives to help the financial audit community better maneuver in IT-related environments. Seeing value in expanding the framework beyond just the auditing realm, ISACA released a broader version 2 in 1998 and expanded it even further by adding management guidelines in 2000’s version 3. The development of both the AS 8015: Australian Standard for Corporate Governance of Information and Communication Technology in January 2005 and the more international draft standard ISO/IEC DIS 29382 (which soon after became ISO/IEC 38500) in January 2007 increased awareness of the need for more information and communication technology (ICT) governance components. ISACA inevitably added related components/frameworks with versions 4 and 4.1 in 2005 and 2007 respectively, “addressing the IT-related business processes and responsibilities in value creation (Val IT) and risk management (Risk IT).”

What are the COBIT components?

Below are the various COBIT components:

  • Framework: Organizes IT governance objectives and good practices by IT domains and processes and links them to business requirements.
  • Process descriptions: A reference process model and common language for everyone in an organization. The processes map to responsibility areas of plan, build, run, and monitor.
  • Control objectives: Provides a complete set of high-level requirements to be considered by management for effective control of each IT process.
  • Management guidelines: Helps assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes.
  • Maturity models: Assesses maturity and capability per process and helps to address gaps.

What is COBIT 5?

COBIT 5 (2012) is based on COBIT 4.1, Val IT 2.0, and Risk IT frameworks, and draws on ISACA’s IT Assurance Framework (ITAF) and the Business Model for Information Security (BMIS) and the latest iteration of the framework.

The guiding principles of COBIT 5.0 are:

  1. Meeting the needs of stakeholders
  2. Covering the whole enterprise from end to end
  3. Application of a single integrated framework
  4. Ensuring a holistic approach to business decision making
  5. Separating the governance from the management

What are the Benefits of COBIT 5?

The professionals best suited for COBIT methodologies are those who are already in a position to understand the nuances of IT governance in business management practices. The course will be especially beneficial for:

  • CIOs / IT Managers / IT Directors
  • Risk Committee
  • Process Owners
  • Audit Committee Members
  • COBIT 4.1 and earlier users
  • IT Professionals in audit, risk, security, governance, and assurance sectors

The COBIT 5 framework can help organizations of all sizes with:

  • Improve and maintain high-quality information to support business decisions.
  • Use IT effectively to achieve business goals.
  • Use technology to promote operational excellence.
  • Ensure IT risk is managed effectively.
  • Ensure organisations realise the value of their investments in IT; and
  • Achieve compliance with laws, regulations and contractual agreements.

Leave a Reply

Your email address will not be published. Required fields are marked *