As I write this second part of the What can we expect from CobiT 5? series of blog posts, CobiT 5 is about to be launched online by ISACA. But what on top of the points I have already detailed in Part 1 of this series can we expect to see in CobiT 5?
Well, CobiT 5 is fully aligned with the same goal and metrics concepts that are found in CobiT 4.1, Val IT and Risk IT. Though in CobiT 5 they have been renamed as:
- Enterprise goals
- IT-related goals
- Process goals
Additionally, CobiT 5 offers an updated, reworked goals cascade. This cascade is based on enterprise goals driving IT-related goals. These IT-related goals are then supported by critical processes.
CobiT 5 gives examples of goals and metrics at various levels.
These levels include:
This is different to CobiT 4.1, Val IT and Risk IT, these frameworks had an additional level.
CobiT 5 comes with inputs and outputs for each and every management practice. Previously, CobiT 4.1 only provided these at a process level, thus CobiT 5 is a lot more exhaustive than its predecessor.
This additional information has been provided with the aim of enabling processes to include work products. It has also been included to aid with inter-process integration.
RACI charts are provided in CobiT 5 that describe roles and responsibilities in a similar way to those in the previous version of CobiT, Val IT and Risk IT. However, where CobiT 5 is different is where generic business and IT role players and charts are concerned.
CobiT 5 provides a more comprehensive, clearer and in-depth range of generic business and IT role plays and charts for each management practice than in the previous version of CobiT. This enhancement in CobiT 5 allows for definition of responsibilities to the key players in better way when designing and implementing processes.
In CobiT 4.1, a new process for process capability assessment had already been established based on ISO/IEC 15504 (CobiT Assessment Programme), as an alternative to the capability maturity model (CMM) approach that had been par-of-the-course in previous versions of CobiT.
CobiT 5 does away, totally, with the CMM approach. It is supported by a new process assessment approach based on ISO/IEC 15504. This continues on from and enhances on the CobiT Assessment Programme, that as previously mentioned was offered as an alternative to the CobiT 4.1 CMM approach. The previous CMM approaches taken in CobiT 4.1, Val IT IT and Risk are not considered to be compatible with ISO/IEC 15504.
The main strengths of this new approach are considered to be that it is more robust, reliable and repeatable.
An extra strength of this new approach is that it enables less rigorous self-assessments for internal gap analysis and process improvement initiatives.
It is hoped this new assessment approach will lead to organizations being able to have a formal assessment carried out by an accredited assessor. Assessor training is currently (April 2012) being developed.
The CobiT Assessment Programme may, in future, allow an organization to obtain an independent certified assessment aligned with the ISO/IEC 15504 standard.
ISACA provide materials to support this new assessment approach.
Users of CobiT 4.1, Val IT and Risk IT wishing to move to the assessment approach taken in CobiT 5 will need to get to grips with CobiT 5 first of all. They will then need to update their ratings, initiate a new set of assessments in order to gain the benefits of the new assessment approach.
In all, CobiT 5 is a totally different framework to its predecessor …
To keep up to date with the latest training and resources available for COBIT 5, visit our COBIT page and check back at regular intervals.