This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here

Jump to navigation

COBIT® – Control Objectives for Information and Related Technology

Control Objectives for Information and Related Technology (COBIT®) is an IT governance control framework developed by ISACA, which helps organisations meet business challenges in the areas of regulatory compliance, risk management and aligning IT strategy with organisational goals. COBIT®5, released in early 2012, is the latest iteration of the framework, and incorporates the governance activities of ISO38500 and other ISACA® frameworks.

Call us today on +44 (0) 845 070 1750 to discuss your COBIT® requirements.

On this page:

How is COBIT® 5 different from COBIT® 4.1?

COBIT® 5 builds and expands on the guidance in COBIT® 4.1 by integrating other major frameworks, standards and resources, including ISACA's Val IT and Risk IT, ITIL®, and other related standards from ISO, including ISO38500.

This latest version of COBIT® takes into account the latest thinking on the governance of information technology. COBIT® 5 provides principles, analytical tools and models to increase trust in, and the value derived from, information systems.

A few of the key changes to COBIT® 5 are listed below:

  • COBIT® 5 introduces five new governance processes that help an organisation refine and strengthen the gvernance of information technology practices at management level.
  • COBIT® 5 processes now cover the business and IT activities end-to-end, i.e., a full enterprise-level view.
  • COBIT® 5 is aligned to ISO/IEC 38500 and supports integration with existing organisational governance practices.
  • COBIT® 5 is fully aligned with the same goal and metrics concepts as COBIT® 4.1, Val IT and Risk IT, but have renamed as:
    • Enterprise goals
    • IT-related goals
    • Process goals.
  • COBIT® 5 offers an updated, reworked goals cascade based on enterprise goals driving IT-related goals.
  • COBIT® 5 provides a more comprehensive, clearer and in-depth range of generic business and IT role plays and charts for each management practice than in the previous version of COBIT®.
  • COBIT® 5 does away with the Capability Maturity Modelling approach, which enabled less rigorous self-assessments for internal gap analysis and process improvement initiatives.
  • COBIT® 5 uses a Process Assessment Model (or PAM) designed in accordance with ISO15504.

Benefits of COBIT®

The COBIT® framework can help organisations of all sizes to:

  • improve and maintain high quality information to support business decisions;
  • use IT effectively to achieve business goals;
  • use technology to promote operational excellence;
  • ensure IT risk is managed effectively;
  • ensure ROI on the expenditure of IT services and technology;
  • achieve compliance with laws, regulations and contractual agreements.

How is COBIT® Structured?

COBIT® 5 clearly differentiates between the governance and management of IT, working around five principles:

  • Principle 1: Meeting Stakeholder Needs
  • Principle 2: Covering the Enterprise End-to-End
  • Principle 3: Applying a Single Integrated Framework
  • Principle 4: Enabling a Holistic Approach
  • Principle 5: Separating Governance from Management

Additionally, there are seven 'enablers' and a process reference model that identifies five sets of processes:

  • Process 1: Evaluate, Direct and Monitor
  • Process 2: Align, Plan and Organise
  • Process 3: Build, Acquire and Implement
  • Process 4: Deliver, Service and Support
  • Process 5: Monitor, Evaluate and Assess

COBIT® 5 is a more sophisticated and complex framework than COBIT® 4.1. There are 37 processes in total, five for governance and 32 for management.

The COBIT® 5 Implementation Toolkit

The IT Governance Control Framework Implementation Toolkit has been designed to simplify the complex process of COBIT® implementation. The toolkit provides documentation templates which cover all 37 of the COBIT® processes and ready-to-use policies and procedures. This toolkit will save you time and money when implementing COBIT®.

Try a free trial version of the COBIT® 5 Documentation Toolkit.

The Complete COBIT Publication Suite online

The Complete COBIT® 5 Publication Set is the most complete and up-to-date version of this important IT governance framework available. It contains:

Each item in the Complete Publication Set can also be ordered separately.

COBIT® and Sarbanes-Oxley compliance

Following a wave of large corporate financial scandals in the late 1990s and early 2000s, the United States enacted the Sarbanes-Oxley Act (SOX). This act, among other corporate governance regulations and standards, deals with how publicly traded US companies report financial information. SOX stipulates that there must be internal systems of control to ensure the disclosure of accurate financial information. COBIT® is the most widely used framework to achieve IT SOX compliance.

The Sarbanes-Oxley Act also demands that organisations must produce an internal control report, which must be included in their annual Exchange Act report. IT Control Objectives for Sarbanes-Oxley, 2nd Edition, written by the IT Governance Institute, provides a reference source for executives when evaluating an organisation's IT controls as required by the US Sarbanes-Oxley Act as part of the internal control report process.

COBIT® and other frameworks

ISO/IEC 27002

is an international standard that provides best practice advice and guidance on information security, and ITIL is a source of best practice information and processes relating to the delivery of IT as a service. COBIT® can be used with both ISO27002 and ITIL, providing a framework of controls that can be used as a structure to achieve process improvement.

Our extensive bookstore offers a wide range of ITIL publications, COBIT® publications and the ISO27002 standard.

COBIT resources, training and further reading

IT Governance offers a complete range of books, toolkits, training, software and consultancy relating to all areas of IT governance, risk and compliance. These include:

COBIT® books
COBIT® Training
  • COBIT® 5 (2 Day) Foundation Course: An introduction to the benefits of a sound IT governance framework, and how it can be realised using COBIT 5.
  • COBIT 5 Implementation Course: How to implement COBIT® 5 to deliver effective IT governance initiatives and management practices in your organisation.
  • COBIT® 5 Assessor Course: Develop knowledge and skills to assess an enterprise’s process capabilities against the COBIT 5 Process Reference Model.

To discuss your COBIT® requirements call us today on +44 (0) 845 070 1750.



BUY the definitive guide to COBIT 5


Buy now

+44 (0) 845 070 1750
live chat support software