Get your copy of COBIT 5 today!

Building on more than 15 years of practice in the business, IT, risk, security and assurance communities, COBIT 5 provides the next generation of ISACA’s guidance on a critical business issue—the governance and management of enterprise IT.

The COBIT 5 framework provides the basis for governing and managing enterprise IT, and includes a number of products:

• COBIT 5 (the framework—now available)
• COBIT 5 Enabler Guides, where governance and management enablers are discussed in more detail. These include:
  • COBIT 5: Enabling Processes (now available)
  • COBIT 5: Enabling Information (in development)
  • Other enabler guides (more details on the COBIT pages on the ISACA web site)
• COBIT 5 Professional Guides, which include:
  • COBIT 5 Implementation (now available)
  • COBIT 5 for Information Security (mid-2012)
  • COBIT 5 for Assurance (2013)
  • COBIT 5 for Risk (2013)
• COBIT Online, a collaborative environment to support the use of COBIT 5

The three publications released today are COBIT 5, COBIT 5:  Enabling Processes and COBIT 5 Implementation.

Background to the development

COBIT 4.1 had great acceptance across the IT community, but following an extensive review of the stakeholders, a number of drivers were identified that led to the development of the new framework. These included:

• Determine value from information and related technology (what benefits at what acceptable level of risk and costs) and the priorities in ensuring that expected value is actually being delivered—a big demand from stakeholders.
• Deliver transparency to stakeholders on how the delivery will occur and the actual results that will be achieved.
• Address the increasing dependency of the enterprise’s success on external business and IT parties such as outsourcers, suppliers, consultants, clients, and cloud and other service providers.
• Manage the ever-increasing amount of information that is pervasive within the enterprise.
• Work more effectively with information technology, which has become an integral part of the business and business processes.
• Deliver guidance for innovation and emerging technologies.
• Cover the end-to-end business and IT functional responsibilities.
• Separate the governance and management domains.

Principles-based framework

COBIT 5 is a principles-driven framework based on five fundamental principles:

Principle 1:  Meeting stakeholder needs
COBIT 5 provides all the required processes and other enablers to support business-value creation through the use of IT.

Principle 2:  Covering the enterprise end-to-end
COBIT 5 integrates the governance of enterprise IT into enterprise governance, covering all functions and processes within the enterprise, not just IT.

Principle 3:  Applying a single, integrated framework
COBIT 5 aligns with other relevant standards and frameworks at a high level to serve as the overarching framework for governance and management of enterprise IT.

Principle 4:  Enabling a holistic approach
Efficient and effective governance and management of enterprise IT require a holistic approach, taking into account several interacting components or “enablers.” COBIT 5 defines seven categories of enablers:

• Principles, policies and frameworks
• Processes
• Organisational structures
• Culture, ethics and behaviour
• Information
• Services, infrastructure and applications
• People, skills and competencies

Principle 5:  Separating governance from management
The COBIT 5 framework makes a clear distinction between governance and management, identified as governance and management domains.

The COBIT 5 process reference model

COBIT 5 is not delivered as a prescriptive model; rather, it advocates the implementation of governance and management processes within enterprises, as per the figure below.  The COBIT 5 process reference model defines and describes in detail the governance and management processes normally found within an enterprise relating to IT activities, providing a common reference model understandable to operational IT and business managers.

The COBIT 5 model delivers an operational model with a common language for all parts of the business involved in IT activities and provides a framework for measuring and monitoring IT performance, communicating with service providers and integrating best management practices.

COBIT 5 Governance and Management Processes

(Reprinted with permission of ISACA – all rights reserved)

The COBIT 5 process reference model divides the governance and management processes of enterprise IT into two main process domains:

• Governance—Contains five governance processes with “evaluate, direct and monitor practices” defined within each process
• Management—Four domains, in line with the responsibility areas of plan, build, run and monitor (PBRM), providing the end-to-end coverage of IT. These domains are an evolution of the COBIT 4.1 domain and process structure:
  • Align, Plan and Organise (APO)
  • Build, Acquire and Implement (BAI)
  • Deliver, Service and Support (DSS)
  • Monitor, Evaluate and Assess (MEA)

The COBIT 5 process reference model is the successor of the COBIT 4.1 process model, incorporating the both the Risk IT and Val IT frameworks.

The complete COBIT 5 enabler model includes a total of 37 governance and management processes with complete details incorporated within COBIT 5:  Enabling Processes, and a summary is provided in the figure below.

COBIT 5 Illustrative Governance and Management Processes

(Reprinted with permission of ISACA – all rights reserved)

It’s all about the implementation

You don’t simply take COBIT 5 and implement it out of the box. It is a fully customizable framework relevant to enterprises of all sizes, in all industries and in any country. Value can be realized only when COBIT is adopted and adapted to fit a particular environment. The implementation must address the specific business challenges, including managing changes to culture and behavior. To assist the enterprise, ISACA delivers practical and extensive implementation guidance in its publication COBIT 5 Implementation, which is based on a continual-improvement lifecycle. Although not intended to be a prescriptive approach, the guide leverages good practices and assists in the creation of successful outcomes. It’s supported with an implementation toolkit containing the following to assist users in their journey:

• Self-assessment, measurement and diagnostic tools (in planning)
• Presentations aimed at various audiences
• Related articles and further explanations

More importantly, the implementation lifecycle delivers the processes for enterprises to address the complexity and challenges encountered in implementations using COBIT.  The three interrelated components of the lifecycle are the:

• Core continual-improvement lifecycle (this is not a one-off project)
• Enablement of change (addressing the behavioural and cultural aspects)
• Management of the programme

As discussed previously, the right environment needs to be created to ensure the success of the implementation or improvement initiative, and a top-down approach is required to ensure success.

Where do I get COBIT 5?

COBIT 5 is available the COBIT page of the ISACA web site, and the COBIT 5, COBIT 5: Enabling Processes and COBIT 5 Implementation are  free to ISACA members. ISACA also hosts a community of COBIT users in the ISACA Knowledge Center where they can discuss implementation, ask questions and learn more about the practical application of COBIT 5.

 

Robert Stroud, CGEIT, CRISC
Chair, ISACA Strategic Advisory Council
Vice President, CA Tecnologies, USA

We welcome your comments! Please log in using the Sign In link at the top right of this page and then leave your comment in the box at the end of the post. To view all blog posts, please click on the ISACA Now link in the blue box on the left.