What is COBIT 2019 Framework?

COBIT helps enterprises to create optimal value from IT by maintaining a balance among realizing benefits, optimizing risk levels, and resource usage. The framework addresses both businesses and IT functional areas across an enterprise. It considers the IT-related interests of internal and external stakeholders. Enterprises of all sizes, whether commercial, not-for-profit, or in the public sector, can benefit from COBIT.

What is COBIT

COBIT is a best-practice framework created by international professional association ISACA for information technology (IT) management and IT governance. Here is the explanatory video of COBIT 2019 from ISACA.

COBIT provides an implementable “set of controls” over information technology and organizes them around a logical framework of IT-related processes and enablers.

It is positioned at a high level and has been aligned with other, more detailed IT standards and good practices such as ITIL, ISO 27000, TOGAF, and PMBOK. However, COBIT is known to provide a mile-wide and inch-deep approach towards creating interfaces between all these individual frameworks. It creates a blanket organizational framework to manage these domains through a holistic approach.

How does COBIT work?

COBIT is the only business framework for the governance and management of enterprise IT. This evolutionary version incorporates the latest thinking in enterprise governance and management techniques. It provides globally accepted principles, practices, analytical tools and models to help increase the trust in, and value from, information systems. COBIT builds and expands on COBIT 4.1 by integrating other major frameworks, standards, and resources, including ISACA’s Val IT and Risk IT, Information Technology Infrastructure Library (ITIL®), and related standards from the International Organization for Standardization (ISO).

For a successful implementation of COBIT 2019 within an Enterprise, a combination of the listed objectives must be used. A specified set of 40 objectives becomes the heart of COBIT 2019. These objectives are to be fulfilled if the enterprise goals are to be achieved.

These objectives are further bifurcated into governance and management objectives, ensuring that the Boards & executive management undertake the governance processes while management implements management processes, respectively.

Governance and Management Objectives in COBIT 2019

COBIT separates the process design activity by segregating it as follows:

    Why COBIT 5 Evolved into COBIT 2019

    The release of COBIT 2019 was necessary as COBIT 5 was introduced more than seven years ago in 2012. Since then, the trends, technologies, and security needs for organisations have dramatically changed. Organisations which fail to adapt with time become obsolete easily. This is especially true when it comes to the evolution of IT as it plays a vital role in almost all the processes across a business.

    To indicate the new change, COBIT 2019 was released with a new logo. In addition to a modern font to reflect the new framework, the new logo features a different ‘O’. The red arrow shown below denotes the continuous changes in the world of technology.

    "Difference between COBIT 5 and COBIT 2019" width="600" height="141" />

    ISACA actually explained this change in their logo –

    “To remain relevant, it is imperative that COBIT continues to evolve requiring more frequent and fluid updates. The red arrow symbolizes this notion of continuous evolution.”

    Upgrading COBIT was also necessary to ensure better alignment with global standards, frameworks, and best practices such as ITIL®, CMMI®, and TOGAF®. In this context, alignment means not contradicting any guidance or copying the contents of related standards. That way, COBIT can maintain its positioning as an umbrella framework.

  • Governance objectives are grouped in the Evaluate, Direct, and Monitor (EDM) In this domain, the governing body evaluates strategic options, directs senior management on the chosen strategic options and monitors the achievement of the strategy.
  • Management Objectives are grouped into four domains:
  • Align, Plan and Organize (APO) addresses the overall organization, strategy and supporting activities
  • Build, Acquire and Implement (BAI) treats the definition, acquisition, and implementation of solutions and their integration in business processes
  • Deliver, Service and Support (DSS) addresses the operational delivery and support of services, including security
  • Monitor, Evaluate and Assess (MEA) addresses performance monitoring and conformance with internal performance targets, internal control objectives and external requirements

However, to satisfy governance and management objectives, each enterprise needs to establish, tailor, and sustain a governance system built from several components. These components are factors that, individually and collectively, contribute to the proper operations of the enterprise’s governance system.

To Learn More About COBIT 2019 Implementation Please Visit:


Author's Bio: 

Ahmed Sohail has a rich audit and consulting experience of over 3 years. He started off his career as a software developer, however his passion towards information and cyber security propelled him to join the consulting industry. Mr. Ahmed is currently associated with Business Beam as a Sr. Advisor and has provided consultancy to country’s central bank on IT Governance. Mr. Ahmed is an avid reader and loves to contribute in bug bounty and red teaming tournaments.