- Publish Year
1 Title/current version of COBIT® books
2 The basics of COBIT® books
Originally designed for auditors to audit the IT organization,
COBIT 5 (Control Objectives for Information and Related
Technology) is about linking business goals to IT objectives (note
the linkage here from vision to mission to goals to objectives).
COBIT 5 (launched April 2012) provides metrics and maturity
models to measure whether or not the IT organization has
achieved its objectives. Additionally, COBIT identifies the
associated responsibilities of the business process owners as well
as those of the IT process owners.
3 Summary of COBIT® books
COBIT is owned and supported by ISACA. It was released in
1996; the current Version 5.0 (April 2012) brings together COBIT
4.1, Val IT 2.0 and Risk IT frameworks.
The COBIT 5 principles and enablers are generic and useful for
enterprises of all sizes, whether commercial, not-for -profit or in
the public sector (Figures 1 and 2).
The process reference model defines and describes in detail a number of
governance, and management processes. It represents all the processes
normally found in an organization relating to IT activities, thus providing a
common reference model understandable to operational IT, and business
managers, and their auditors/advisors. The process reference model
divides the processes of organization IT into two domains: governance and
COBIT 5 provides a set of 36 governance and management processes within
The governance domain contains five governance processes; within each
process, evaluate, direct, and monitor practices are defined.
• EDM1: set and maintain the governance framework
• EDM2: ensure value optimisation
• EDM3: ensure risk optimisation
• EDM4: ensure resource optimisation
• EDM5: ensure stakeholder transparency
The four management domains, in line with the responsibility areas of plan,
build, run, and monitor (PBRM) provide end-to-end coverage of IT.
• Align, plan, and organize
• Build, acquire, and implement
• Deliver, service, and support
• Monitor, evaluate, and assess
A casual look at the four management domains of COBIT 5 rapidly illustrates
its direct relationship with ITIL.
• The align, plan, and organize domain relates to the service strategy and
• The build, acquire, and implement domain relates to the service transition
• The deliver, service, and support domain relates to the service operation
• And finally, the monitor, evaluate, and assess domain relates to the
continual service improvement phase
All aspects of COBIT 5 are in line with the responsibility areas of plan, build,
run and monitor. In other words, COBIT 5 follows the PDCA cycle of Plan, Do,
Check, and Act. COBIT has been positioned at a high level, and has
been aligned and harmonized with other, more detailed, IT standards and
proven practices such as COSO, ITIL, ISO 27000, CMMI, TOGAF and PMBOK
Guide. COBIT 5 acts as an integrator of these different guidance materials
summarising key objectives under one umbrella framework that links the
proven practice models with governance and business requirements.
4 Target audience of COBIT® Books
Senior business management, senior IT management and auditors.
5 Scope and constraints of COBIT® books
COBIT provides an ‘umbrella’ framework for IT governance
across the whole of an organization. It is mapped to other
frameworks and standards to ensure its completeness of coverage
of the IT management lifecycle and support its use in enterprises
using multiple IT-related frameworks and standards.
Some strong points are:
• Value creation through effective governance, management
enterprise information and technology (IT) assets
• Business user satisfaction with IT engagement and services by
enabling business objectives
• Compliance with relevant laws, regulations and policies
• Treating COBIT as a prescriptive standard when it should be
interpreted as a generic framework to manage IT processes
and internal controls. Key themes from COBIT must be
tailored to the specifi c governance needs of the organization
• Lack of commitment from top management – without their
leadership and support, the IT control framework will suffer
and business alignment of IT risks will not happen
• Underestimating the cultural change – COBIT is not just
about the technical aspects of IT. The organization needs to
have a good understanding of the governance controls for the
6 Relevant website of COBIT® Books