This week we will speak about COBIT. But do not worry about being infected. Not to be confused with COVID-19, we´re talking about one of the best compliance frameworks developed to date. COBIT stands for Control OBjectives for Information-related Technologies.
It is a framework developed by ISACA for information technology management and IT governance. It was released in 1996, and many versions have been released. The current version is COBIT 2019, was released by the end of 2018.
COBIT provides up to 40 core governance and management objectives, grouped into 5 Domains: One for governance objectives and four for management.
The governance objectives are organized around the Evaluate, Direct, and Monitor (EDM) domain. This domain encompasses the governing body for evaluating strategic options, directing the highest management level at the organisation about the best strategic options choosing at the time that measures the achievement of that strategy.
COBIT 2019 framework defines four management objective domains:
- Align, Plan, and Organize (APO): This domain addresses the overall organization, strategy, and supporting activities for Information Technology.
- Build, Acquire, and Implement (BAI): This domain takes charge of the definition, acquisition, and implementation of IT solutions and their integration in business processes.
- Deliver, Service, and Support (DSS): This domain supports IT services delivery by giving an operational foundation to the process.
- Monitor, Evaluate, and Assess (MEA): This domain implements performance monitoring and conformance with IT with internal performance targets, internal control objectives, and external requirements.
When IT needs to meet governance and management objectives, a governance system must be implemented.
COBIT 2019 defines components for the governance system:
- Processes: Processes describes the practices and activities required to achieve objectives and produce outputs that can support the IT organizational goals.
Organizational structures: Organizational structures are those entitled to make critical decisions in a company.
- Principles, Policies, and Frameworks: Principles, policies, and frameworks have the function of translating high-level strategic guidance into day-to-day activities and management.
- Information: Information permeates all the organisation and includes all data produced and consumed by the company.
- Culture, Ethics, and Behaviour: Culture, Ethics, and Behaviour are about taking into consideration these factors for successful governance and management activities.
- People: People is about the skills, knowledge, experience, and competencies required for activities like:
Making correct decisions.
Implementing corrective action plans.
Aligning the above activities with the expectations.
- Services, Infrastructure, and Applications: All companies need to be provided with services, infrastructure, and applications for fulfilling enterprise requirements for governance and IT processing.
All these components are inherited from previous versions of COBIT® but are now integrated into the management and governance objectives.
Finally, the COBIT® product family is currently included in 4 publications:
|COBIT®2019 Framework: Introduction and Methodology||Which introduces the key concepts of COBIT®2019|
|COBIT®2019 Framework: Governance and Management Objectives||Description of the 40-core governance and management objectives, the related processes, and other components. Also, provide cross-mapping to different standards and frameworks|
|COBIT®2019 Design Guide: Designing an Information and Technology Governance Solution||This publication analyses the design factors that can influence governance and provides a workflow to customize the governance system to unique enterprise requirements|
|COBIT®2019 Implementation Guide: Implementing and Optimizing an Information and Technology||This publication is an evolution of the COBIT®5 Implementation guide and provides a roadmap for continuous governance improvement.|
In our next delivery, we will take a journey on other governance standards that can help organizations to align business objectives with IT objectives. As always, please let us know what you think about this article in our comments section. Have a great week.