This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here

Jump to navigation

COBIT® – Control Objectives for Information and Related Technology

Control Objectives for Information and Related Technology (COBIT) is an IT governance control framework developed by ISACA which helps organisations meet business challenges in the areas of regulatory compliance, risk management and aligning IT strategy with organisational goals. COBIT 5, released in early 2012, is the latest iteration of COBIT, and incorporates the governance activities of ISO38500 and other ISACA® frameworks.

On this page:

An introduction to COBIT

Control Objectives for Information and Related Technology (COBIT) is a globally-recognised IT governance control framework which helps organisations meet today’s business challenges in the areas of regulatory compliance, risk management and the alignment of IT strategy with organisational goals. COBIT was updated from version 4.1 to version 5 in 2012.

How is COBIT 5 different to COBIT 4.1?

COBIT 5 builds and expands on the guidance in COBIT 4.1 by integrating other major frameworks, standards and resources, including ISACA's Val IT and Risk IT, ITIL®, and other related standards from ISO, including ISO38500.

This latest evolutionary version of COBIT takes into account the latest thinking on the governance of information technology. COBIT 5 provides principles, analytical tools and models to increase trust in, and the value derived from, information systems.

For further information, read the following two-part blog by our Product Manager for COBIT, Jamie Titchener, in which the differences between COBIT 4.1 and COBIT 5 are outlined:

Benefits of COBIT

The COBIT framework can help organisations of all sizes to:

  • improve and maintain high quality information to support business decisions;
  • use IT effectively to achieve business goals;
  • use technology to promote operational excellence;
  • ensure IT risk is managed effectively;
  • ensure ROI on the expenditure of IT services and technology;
  • achieve compliance with laws, regulations and contractual agreements.

How is COBIT Structured?

COBIT 5 clearly differentiates between the governance and management of IT, working around five principles:

  • COBIT Principle 1: Meeting Stakeholder Needs
  • COBIT Principle 2: Covering the Enterprise End-to-End
  • COBIT Principle 3: Applying a Single Integrated Framework
  • COBIT Principle 4: Enabling a Holistic Approach
  • COBIT Principle 5: Separating Governance from Management

Additionally, there are seven 'enablers' and a process reference model which identifies five sets of processes:

  • COBIT Process 1: Evaluate, Direct and Monitor
  • COBIT Process 2: Align, Plan and Organise
  • COBIT Process 3: Build, Acquire and Implement
  • COBIT Process 4: Deliver, Service and Support
  • COBIT Process 5: Monitor, Evaluate and Assess

COBIT 5 is a more sophisticated and complex framework than COBIT 4.1. There are 37 processes in total, five for governance and 32 for management. Unlike COBIT 4.1, which used a process maturity model, COBIT 5 uses a Process Assessment Model (or PAM) designed in accordance with ISO15504.

The COBIT 5 Implementation Toolkit

The COBIT 5 Implementation Toolkit has been designed to simplify the complex process of COBIT implementation. The toolkit provides documentation templates which cover all 37 of the COBIT processes and ready-to-use policies and procedures. This Toolkit will save you time and money when implementing COBIT.

Try a free trial version of the COBIT 5 Documentation Toolkit.

The Complete COBIT Publication Suite online

The Complete COBIT 5 Publication Set is the most complete and up-to-date version of this important IT governance framework available. It contains:

Each item in the Complete Publication Set can also be ordered separately.

COBIT and Sarbanes-Oxley Compliance

Following a wave of large corporate financial scandals in the late 1990s and early 2000s, the United States enacted the Sarbanes-Oxley Act (SOX) which, among other corporate governance regulations and standards, deals with how publicly traded US companies report financial information. SOX stipulates that there must be internal systems of control to ensure the disclosure of accurate financial information. COBIT is the most widely used framework to achieve IT SOX compliance.

The Sarbanes-Oxley Act also demands that organisations must produce an internal control report, which must be included in their annual Exchange Act report. IT Control Objectives for Sarbanes-Oxley, 2nd Edition, written by the IT Governance Institute, provides a reference source for executives when evaluating an organisation's IT controls as required by the US Sarbanes-Oxley Act as part of the internal control report process.

COBIT and Other Frameworks

ISO/IEC 27002

is an International Standard which provides best practice advice and guidance on Information Security, and ITIL is a source of best practice information and processes relating to the delivery of IT as a service. COBIT can be used with both ISO27002 and ITIL, providing a framework of controls which can be used as a structure to achieve process improvement.

Our extensive bookstore offers a wide range of ITIL publications, COBIT publications and the ISO27002 Standard.

COBIT Resources, Training and Further Reading

IT Governance offers a complete range of books, toolkits, training, software and consultancy relating to all areas of IT governance, risk and compliance. These include:

COBIT books
COBIT Training
  • COBIT 5 (2 Day) Foundation Course: An introduction to the benefits of a sound IT governance framework, and how it can be realised using COBIT 5.
  • COBIT 5 Implementation Course: How to implement COBIT 5 to deliver effective IT governance initiatives and management practices in your organisation.
  • COBIT 5 Assessor Course: Develop knowledge and skills to assess an enterprise’s process capabilities against the COBIT 5 Process Reference Model.



BUY the definitive guide to COBIT 5


Buy now

+44 (0) 845 070 1750
live chat support software