COBIT is an Enterprise governance of I&T. It has evolved over time to provide a clear distinction between governance and management. The COBIT components aim to build and sustain a governance system. The design factors should be taken into consideration by the Enterprise in order to build a best fit governance system.
COBIT was first introduced in 1996 and COBIT 5 was released on 2012 while the latest version of COBIT, the COBIT 2019 was published in 2018.
1: Change in Governance Principles
Governance System Principles
COBIT 5 is formed of 5 main principle systems while COBIT 2019 launched an additional principle system to the latest release, so the COBIT 2019 contains 6 Principles to the governance framework.
COBIT 5 Principles
COBIT 2019 Principles
Meeting Stakeholder needs
Provide Stakeholder Value
Covering the Enterprise end-to-end
Applying a single Integrated Framework
Dynamic Governance System
Enabling a Holistic Approach
Governance Distinct from Management
Separating a Governance from Management
Tailored to Enterprise Needs
End-to End Governance System
Source: ISACA®, COBIT® 2019 Framework: Introduction and Methodology, figure 3.5, USA, 2018, and COBIT® 5 figure 2, USA, 2012.
Governance Framework Principles
Apart from that, the 3 three Governance Framework Principles are introduced in COBIT 2019:
Source: ISACA, COBIT® 2019 Implementation Guide, figure 2.2, USA, 2018.
Based of Conceptual Model
Identifies key components and relationship between the components to maximise consistency and allow automation.
Open and Flexible
Openness and flexibility allow the addition of new content and the ability to address new issues in a flexible way which also contributes to integrity and consistency.
Align to Major Standards
The model should be aligned to major standards, frameworks and regulations.
2: Change in Processes
More changes are made towards the processes of the framework to address the governance and management objectives.
COBIT 5 Processes
COBIT 2019 Processes
Terminology used: “Manage”
Terminology used: “Managed”
Terminology in APO10: Supplier
Terminology in APO10: Vendor
Align, Plan and Organize (APO)
added 1 process: APO14 Managed Data
Build, Acquire and Implement (BAI)
process added: BAI11 Managed Projects
BAI06 and BAI07 indicate the changes being managed, accepted and transitioned are IT changes
Evaluate and Assess (MEA)
Monitor, Evaluate and Assess
Evaluate and Assess (MEA)
process added: MEA04 Managed Assurance
emphasize the use of “managed”
Overview of Governance and Management Objectives may refer to as follows:
“Manage” Terminology used for management processes
“Managed” Terminology use for management processes
“Ensure” Terminology used for governance processes
“Ensured” Terminology use for governance processes
Governance framework principles are not available
Governance framework principles added
Measure performance using 0-5 scale based on ISO/IEC 33000
CMMI performance management scheme introduced to measure performance
Design Factors not included
Design Factors introduced
ISACA’s tool kit can be used to design an enterprise governance system by inserting appropriate values in the corresponding fields. COBIT 2019 also includes new technology and business trends in enterprise I&T. The framework is also capable of integrating with other international standards, guidelines, regulations and best practices that is inimitable for your organisation to provide an effective EGIT framework.
For more information about COBIT 2019 please contact us via our chat or firstname.lastname@example.org.