Thursday, 18 January 2018 15:23

What is COBIT?

Rate this item
(0 votes)

A framework for alignment and governance

COBIT is an IT management framework developed by the ISACA to help businesses develop, organize and implement strategies around information management and governance.

First released in 1996, COBIT (Control Objectives for Information and Related Technologies) was initially designed as a set of IT control objectives to help the financial audit community better navigate the growth of IT environments. In 1998, the ISACA released version 2, which expanded the framework to apply outside the auditing community. Later, in the 2000s, the ISACA developed version 3, which brought in the IT management and information governance techniques found in the framework today.

COBIT 4 was released in 2005, followed by COBIT 4.1 in 2007. These updates included more information regarding governance surrounding information and communication technology. In 2012, COBIT 5 was released and in 2013, the ISACA released an add-on to COBIT 5, which included more information for businesses regarding risk management and information governance.

What’s in COBIT 5?

COBIT 5 brings clarity to certain topics and concerns found in COBIT 4 and 4.1, as technology grows in the enterprise. The ISACA touts COBIT 5 as the “only business framework for the governance and management of enterprise IT.” It also plays nice with other IT management frameworks — such as ITIL, CMMI and TOGAF — making it a great option as an umbrella framework to unify processes across an entire company.

COBIT 5 was developed to address the growth of enterprise IT — looking at how existing best practices and standards work and what needs improvement or reframing. Like other IT management frameworks, COBIT helps align business goals with IT goals by establishing links between the two and creating a process that can help bridge a gap between IT — or IT silos — and outside departments. One major difference between COBIT and other frameworks is that it focuses specifically on security, risk management and information governance.

COBIT 5 goals and components

According to the ISACA, COBIT 5 was updated to:

  • Streamline information sharing across an organization
  • Reach corporate goals by incorporating IT into the strategy
  • Minimize and control information security and risk management
  • Optimize the cost surrounding IT and technology
  • Better integrate ISACA research and the COBIT framework

The five main components of COBIT 5 include:

  • Framework: The main framework of COBIT guides organizations through best practices and standardization surrounding IT processes and infrastructure. The goal is to align IT with the overall business goals by getting IT on the same page as the rest of the company and to help other executives and senior managers better understand IT objectives.
  • Process descriptions: COBIT includes language that anyone in the organization will understand — so that CEOs, CFOs, CIOs and other key players will easily understand terminology, processes and descriptions. It can help establish a solid ground for communication between IT and outside departments.
  • Control objectives: This section offers an overview of high-level requirements that can help develop and improve every IT process, allowing businesses to adapt these to their own needs and goals.
  • Management guidelines: The COBIT guide offers best practices for establishing objectives, process and assigning task items or responsibilities across the organization. It also gives guidance on measuring performance and how the framework can integrate with other IT management frameworks.
  • Maturity models: COBIT maturity models help businesses assess the maturity of their organization, understand how the process will grow with the organization and identify any potential problems that might arise down the line.

COBIT principles and benefits

The 5 key principles of COBIT 5, according to the ISACA:

  • Meet key stakeholder needs
  • Cover the enterprise end-to-end
  • Integrate multiple frameworks into one umbrella framework
  • Encourage a holistic approach to business
  • Move governance away from management

According to the ISACA, the COBIT 5 best suits clients that use multiple frameworks — such as ITIL, ISO/IEC 2000 and CMI — with certain silos within IT using their own framework or standard. It’s also well suited to organizations that are required to follow specific regulatory guidelines from the government and local authorities.

The COBIT 5 framework helps businesses align existing frameworks in the organization and understand how each framework will fit into the overall strategy. It can also help businesses monitor the performance of these other frameworks, especially in terms of security compliance, information security and risk management.

It’s also designed to give senior management more insight into how technology can align with organizational goals. You can directly map pain points in the business to certain aspects of the framework, emphasizing the need for “control-driven IT,” according to the ISACA. The framework gives CIOs and other IT executives a way to demonstrate the ROI on an IT project and how it will help reach key business objectives.

COBIT certification

You can get certified in COBIT 5 through the ISACA, which offers training and exams with two different paths: the Assessor Path or the Implementation Path. Both paths require you to complete a foundational course and exam before you choose which path you want to take.

The Implementation Path teaches you how to apply the COBIT 5 framework to specific business problems, potential risks and other process issues within the organization. To obtain this level of certification, you need to complete the foundation course, exam and implementation course.  

The Assessor Path teaches you to look at your organization’s established processes and identify what can be changed, what works and how to communicate your findings to the C-suite. To become a COBIT Certified Assessor, you will need to complete the foundational course and exam, followed by the assessor course and exam. You’ll also need a minimum of five years of relevant work experience.


Read 205 times Last modified on Thursday, 18 January 2018 15:28
More in this category: « How to Differentiate Machine ..


Why Join ISACA

Events Booking - Upcoming events

There are no up-coming events

About Us


Chapter Members and Visitors,

Welcome to our ISACA, Great Houston Chapter website!

We recently held our Annual General Meeting and one day gratis Security and Audit Conference July 21. We have not offered a gratis one day conference in a while, although all of our conferences are quite reasonable, and it was appreciated. As someone noted, “Free is always good!”

We had a good turnout, around 125, with approximately 85 staying to the final bell; it did help that we gave away several $100 certificates at the close of the day.

We had several folks who gave significantly of their time to both plan and serve our members and guests during the conference, and we will acknowledge them shortly on our website. However, one person I want to thank now is Mel McQueary, with HCC, who was able to help us rent the auditorium at their West Loop South Campus. We received many compliments on the space itself, and the location.


More About Us

What We Do

Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the area. 

 We conduct chapter meetings the third Thursday of the month that typically includes a morning or afternoon training along with a luncheon meeting/training.  We also sponsor SIG group meetings on the same day.

Local seminars are held in the spring and fall that include topics of high relevance to our membership community. Certification training is scheduled before each ISACA exam date based on interest level. 

We partner with other organizations to provide additional educational opportunities for our greater Houston area membership. Please visit our chapter EVENTS page frequently for the latest educational and networking opportunities.