COBIT® – Control Objectives for Information and Related Technology
Control Objectives for Information and Related Technology (COBIT) is an IT governance control framework developed by ISACA which helps organisations meet business challenges in the areas of regulatory compliance, risk management and aligning IT strategy with organisational goals. COBIT 5, released in early 2012, is the latest iteration of COBIT, and incorporates the governance activities of ISO38500 and other ISACA® frameworks.
On this page:
Control Objectives for Information and Related Technology (COBIT) is a globally-recognised IT governance control framework which helps organisations meet today’s business challenges in the areas of regulatory compliance, risk management and the alignment of IT strategy with organisational goals. COBIT was updated from version 4.1 to version 5 in 2012.
How is COBIT 5 different to COBIT 4.1?
COBIT 5 builds and expands on the guidance in COBIT 4.1 by integrating other major frameworks, standards and resources, including ISACA's Val IT and Risk IT, ITIL®, and other related standards from ISO, including ISO38500.
This latest evolutionary version of COBIT takes into account the latest thinking on the governance of information technology. COBIT 5 provides principles, analytical tools and models to increase trust in, and the value derived from, information systems.
For further information, read the following two-part blog by our Product Manager for COBIT, Jamie Titchener, in which the differences between COBIT 4.1 and COBIT 5 are outlined:
Benefits of COBIT
The COBIT framework can help organisations of all sizes to:
improve and maintain high quality information to support business decisions;
use IT effectively to achieve business goals;
use technology to promote operational excellence;
ensure IT risk is managed effectively;
ensure ROI on the expenditure of IT services and technology;
achieve compliance with laws, regulations and contractual agreements.
COBIT 5 clearly differentiates between the governance and management of IT, working around five principles:
COBIT Principle 1: Meeting Stakeholder Needs
COBIT Principle 2: Covering the Enterprise End-to-End
COBIT Principle 3: Applying a Single Integrated Framework
COBIT Principle 4: Enabling a Holistic Approach
COBIT Principle 5: Separating Governance from Management
Additionally, there are seven 'enablers' and a process reference model which identifies five sets of processes:
COBIT Process 1: Evaluate, Direct and Monitor
COBIT Process 2: Align, Plan and Organise
COBIT Process 3: Build, Acquire and Implement
COBIT Process 4: Deliver, Service and Support
COBIT Process 5: Monitor, Evaluate and Assess
COBIT 5 is a more sophisticated and complex framework than COBIT 4.1. There are 37 processes in total, five for governance and 32 for management. Unlike COBIT 4.1, which used a process maturity model, COBIT 5 uses a Process Assessment Model (or PAM) designed in accordance with ISO15504.
The COBIT 5 Implementation Toolkit has been designed to simplify the complex process of COBIT implementation. The toolkit provides documentation templates which cover all 37 of the COBIT processes and ready-to-use policies and procedures. This Toolkit will save you time and money when implementing COBIT.
Try a free trial version of the COBIT 5 Documentation Toolkit.
The Complete COBIT Publication Suite online
The Complete COBIT 5 Publication Set
is the most complete and up-to-date version of this important IT governance framework available. It contains:
Each item in the Complete Publication Set can also be ordered separately.
Following a wave of large corporate financial scandals in the late 1990s and early 2000s, the United States enacted the Sarbanes-Oxley Act (SOX) which, among other corporate governance regulations and standards, deals with how publicly traded US companies report financial information. SOX stipulates that there must be internal systems of control to ensure the disclosure of accurate financial information. COBIT is the most widely used framework to achieve IT SOX compliance.
The Sarbanes-Oxley Act also demands that organisations must produce an internal control report, which must be included in their annual Exchange Act report. IT Control Objectives for Sarbanes-Oxley, 2nd Edition, written by the IT Governance Institute, provides a reference source for executives when evaluating an organisation's IT controls as required by the US Sarbanes-Oxley Act as part of the internal control report process.
is an International Standard which provides best practice advice and guidance on Information Security, and ITIL
is a source of best practice information and processes relating to the delivery of IT as a service. COBIT can be used with both ISO27002 and ITIL, providing a framework of controls which can be used as a structure to achieve process improvement.
Our extensive bookstore offers a wide range of ITIL publications, COBIT publications and the ISO27002 Standard.
IT Governance offers a complete range of books, toolkits, training, software and consultancy relating to all areas of IT governance, risk and compliance. These include:
COBIT 5 (2 Day) Foundation Course: An introduction to the benefits of a sound IT governance framework, and how it can be realised using COBIT 5.
COBIT 5 Implementation Course: How to implement COBIT 5 to deliver effective IT governance initiatives and management practices in your organisation.
COBIT 5 Assessor Course: Develop knowledge and skills to assess an enterprise’s process capabilities against the COBIT 5 Process Reference Model.