COBIT(Registered trademark) is a business framework for the governance and management of enterprise IT. Enterprise IT means all the technology and information processing the enterprise puts in place to achieve its goals, regardless of where this happens in the enterprise. Enterprise IT is not limited to the IT department of an organization but certainly includes it
COBIT 2019 is the latest version of COBIT. Some of the enhancements from the previous version of COBIT ( i.e., COBIT 5) are:
- introduction of design factors. Design factors provide guidelines to organisation to tailor the guidelines to suit their needs
- introduction of focus areas.
A focus area describes a certain governance topic, domain or issue that can be addressed by a collection of governance and management objectives and their components. Examples of focus areas include small and medium enterprises, cybersecurity, digital transformation, cloud computing, privacy, and DevOps
- Component: Components are factors that, individually and collectively, contribute to the good operations of the enterprise’s governance system over IT. Components interact with each other, resulting in a holistic governance system for IT. Processes, Organisational Structures, Policies, Competencies are some of the examples of Components.
- Component can be defined at Generic level and a Variant can exist. DevOps exemplifies both a component variant and a focus area. DevOps requires specific guidance, making it a focus area. DevOps includes a number of generic governance and management objectives of the core COBIT model, along with a number of variants of development-, operational- and monitoring-related processes and organizational structures
The governance and management objectives in COBIT are grouped into five domains.
Evaluate, Direct and Monitor (EDM) domain groups the governance objectives. In this domain, the governing body evaluates strategic options, directs senior management on the chosen strategic options and monitors the achievement of the strategy.
Management objectives are grouped in four domains.
Align, Plan and Organize (APO) addresses the overall organization, strategy and supporting activities for I&T.
Build, Acquire and Implement (BAI) treats the definition, acquisition and implementation of I&T solutions and their integration in business processes.
Deliver, Service and Support (DSS) addresses the operational delivery and support of I&T services, including security.
Monitor, Evaluate and Assess (MEA) addresses performance monitoring and conformance of I&T with internal performance targets, internal control objectives and external requirement
COBIT is a comprehensive framework that covers Governance , Plan, Build, Run stages of IT. COBIT is set of control objectives that can be audited. COBIT does not specify any implementation guidelines, practices or tools. The organisations often chose a lower level framework to implement COBIT’s control objectives.
COBIT is first released in 19961 and celebrated its 20th anniversary in 2016. COBIT has been periodically updated by the sponsoring organisation ISACA.2. It is one of the widely adopted framework for organisations pursuing IT Governance. The rating 4 given is because there is no legislative or regulatory requirements in Australia to enforce COBIT in Government or financial sector.
COBIT is tool agnostic.There are multiple tools required to govern and manage IT guided by COBIT framework.
ISACA provides extensive training support and assessment support for COBIT.
Please refer the Rating Criteria.
|Longevity||(5 / 5)|
|Industry Adoption||(4 / 5)|
|Tool Support||(1 / 5)|
|Training Support||(5 / 5)|
|Assessment Support||(5 / 5)|
Life Cycle Phases/Domains
- Evaluate, Direct and Monitor (EDM) – 5 processes
- Align, Plan and Organise (APO) – 14 processes
- Build, Acquire and Implement (BAI) – 11 processes
- Deliver, Service and Support (DSS) – 6 processes
- Monitor, Evaluate and Assess (MEA) – 4 processes
SFIA Enterprise IT Governance
Defining and operating a framework for making decisions, managing stakeholder relationships, and identifying legitimate authority.
LEVEL 6: Implements the governance framework to enable governance activity to be conducted.
LEVEL 7: Directs the definition, implementation, and monitoring of the governance framework to meet the organisation’s obligations under regulation, law, or contracts.
Please visit SFIA portal for more information.
Be the first to leave a review.