Among the IT governance frameworks, COBIT (Control Objectives for Information and Related Technology) is the go-to for many businesses and IT professionals worldwide. This IT management framework, widely supported by regulators, offers an effective way for companies to develop, organize and implement strategies around information and governance. COBIT, first released in 1996, has been developing ever since. The most recent developments seen in COBIT 2019, which is designed to continuously evolve to address new and ever-changing technologies and challenges that businesses encounter today and into the future.
What is IT governance
IT governance is vital to align IT services with business needs. It is necessary to achieve the desired joint IT and business goals. It relates to the value obtained from IT investments, and the outcomes of these investments determined by active management. Without effective governance, achievable value to the business is limited and associated IT risk is high. Governance frameworks help greatly to achieve this necessary IT/business alignment. They assist organizations in implementing an effective structure that helps to mitigate risk, increase business value and achieve business objectives linked to IT.
Popular IT governance frameworks include ITIL (Information Technology Infrastructure Library), COBIT, and ISO27002. All three are broadly recognized, each with its strengths. Often, more than one framework can be leveraged because of the varied strengths that they separately bring to the table. For example, COBIT and ITIL are commonly used together because of how well they complement each other, with COBIT giving direction and guidance on “why” and ITIL demonstrating “how.” COBIT 2019 encourages the use of multiple frameworks and strengthens different standards and best practices when used together.
This article looks at COBIT as a useful IT governance framework in 2019.
What is COBIT
COBIT, developed by ISACA and first released in 1996, is now a globally recognized IT governance framework. COBIT is based on five primary principles and is critical for the successful management of business IT.
It encompasses details for regulatory compliance, risk management and IT and business alignment to help organizations manage the challenges that these areas carry.
Thereby, businesses can achieve their desired objectives by effectively aligning IT strategies with business goals. Using COBIT, a company can establish the controls needed, identify its goals, and align IT goals with business objectives. It can also demonstrate the strength of procedures that support its company objectives.
Maturity models provided are also beneficial. With COBIT, an organization can determine the present performance levels of its IT processes and identify the target levels. Then, it can consider how to move from the current level to reach the target performance level and ultimately achieve its business goals. So, any weaknesses attributed to the business not meeting its target goals can systematically be identified and rectified. By utilizing further controls, the desired goals can be achieved.
COBIT evaluates the organization as a whole and looks at planning, delivery, support, acquisition, implementation, measurement and evaluation. By doing so, it aligns areas of improvement with processes that appropriately support the business strategy. It provides good governance by managing risk, managing performance, and managing resources while ensuring IT can conform to industry compliance and regulations. Ultimately, COBIT gives organizations better control and strategic direction.
1996: First released as a set of IT control objectives for the financial audit industry.
1998: Version 2 expanded the framework to apply outside of the audit industry.
2000: Version 3 broadened to encompass the IT management and information governance controls.
2005: Version 4 (from 2005 to 2007 advancements were made to include detail on management of information and communication technology).
2007 and 2012: Release of version 4.1 and then version 5.
2013: Version 5 add-on was released to include risk management and information management.
2018 to now: Approximately seven years on from the last major changes, we now have the current and updated version known as COBIT 2019, a flexible and living framework with constant updates expected so that this latest framework can adapt to the times and advancements in technologies.
What’s new in COBIT 2019
COBIT 2019 retains the same five governance and management objectives as COBIT 5, which are:
- Evaluate, direct and monitor
- Align, plan, and organize
- Build, acquire, and implement
- Deliver, service, and support
- Monitor, evaluate, and assess
However, although the content remains similar to COBIT 5 (some reorganization has occurred), the current framework now encompasses 40 core governance and management processes to establish a governance strategy. As well as a new method for managing data. These processes are known as the COBIT Core Model in COBIT 2019.
The revised framework offers the flexibility that organizations need today for modern functioning, advanced technologies as well as stricter security requirements. It ensures that IT governance is not an IT department’s responsibility but involves the organization as a whole.
It provides new processes (like processes for data, projects, and compliance), as well as associated guidance to other standards and frameworks. It gives updated associations to relevant standards, guidelines, regulations and best practices. As the use of multiple governance frameworks is encouraged to sustain an effective governance system and COBIT 2019 makes this possible and easier to implement.
COBIT 2019 not only shows how to build a governance system but also guides an organization on how to maintain it with processes, structures, policies and procedures, information flow, behavior, and infrastructure.
With COBIT 2019, greater and clearer emphasis is placed on risk management, information management, and security. It also provides updates to cybersecurity and privacy.
Components of COBIT 2019
COBIT 2019 includes several components. First, a guide (Introduction and Methodology) that describes the basic COBIT principles and the structure of the framework. A further guide (Governance and Management Objectives) explains the 40 strong governance and management objectives of the COBIT 2019 Core Model. It also describes how these can be used to help businesses achieve their desired business goals. A Design Guide and Implementation Guide completes the package. Together these help businesses to develop a strategy and system that is best fitted to their unique requirements. It suggests best practices to use and highlights any potential hazards a company may come across during the implementation journey.
Benefits of COBIT 2019 framework
- Improved alignment with global standards, frameworks, and best practices.
- Continual updates and advancements.
- Encourages feedback and continuous improvement.
- Flexible approach to IT governance, organizations can tailor a governance system or strategy that suits it best with improved guidance on how to do this.
- Clarity on what businesses need for a robust governance system.
- Works well with multiple frameworks (ITIL, ISO/IEC 2000, and CMMI) and helps improve the maturity of other standards and best practices.
- Supports regulatory compliance with governments and authorities.
- Helps to align existing frameworks with overall strategy and monitor performance.
- Aligns IT with organization goals to achieve objectives, increase value and, reduce business risk.
Well-suited to current times
Any business with IT as part of its foundation needs a comprehensive governance strategy and system in place to enable it to deliver expected outcomes. From the beginning, first, as an information governance tool for the audit industry, COBIT has been updated to keep up with the changes in the needs of businesses and IT. COBIT 2019 is the most updated version yet, replacing version 5 to address current business requirements. Business and IT dynamics have advanced and changed dramatically in recent times and will continue to do so. So, COBIT 2019 is updated to reflect this and is designed to evolve alongside these changes to support this type of advancement and changes in technology.
Flexibility, adaptably, and customization is at the center so that organizations can achieve an information and governance system across the whole business. A governance system that is tailored to its unique needs and can evolve with them even in the most complex environments.
The new concepts and terminology focus on what is most relevant in business today to better align IT and business and in doing so, COBIT 2019 can help to increase business value, reduce business risk, and help meet regulatory compliance.