Building on more than 15 years of practice in the business, IT, risk, security and assurance communities, COBIT 5 provides the next generation of ISACA’s guidance on a critical business issue-the enterprise governance and management of IT.
The COBIT 5 framework will provide the basis for governing and managing enterprise IT. It will include a number of products including:
- COBIT 5 (the framework)
- COBIT 5 Enabler Guides, where governance and management enablers are discussed in more detail. These include:
- COBIT 5: Enabling Processes
- COBIT 5: Enabling Information (in development)
- Other enabler guides (more details on the COBIT pages on the ISACA website)
- COBIT 5 Professional Guides, which include:
- COBIT 5: Implementation
- COBIT 5 for Information Security (mid-2012)
- COBIT 5 for Assurance (2013)
- COBIT 5 for Risk (2013)
- A collaborative online environment, which will also be made available to support the use of COBIT 5.
The initial series of publications released include COBIT 5, COBIT 5: Enabling Processes and COBIT 5: Implementation.
Background to the development
COBIT 4.1 had great acceptance across the IT community, but following an extensive review of the stakeholders, a number of drivers were identified leading to the development of the new framework. These included:
- Determine value from information and related technology (what benefits at what acceptable level of risk and costs) and the priorities in ensuring that expected value is actually being delivered-a big demand from stakeholders.
- Deliver transparency to stakeholders on how the delivery will occur and the actual results will be achieved.
- Address the increasing dependency of the enterprise’s success on external business and IT parties such as outsourcers, suppliers, consultants, clients, and cloud and other service providers.
- Manage the ever-increasing amount of information that is pervasive within the enterprise.
- Work more effectively with information technology, which has become an integral part of the business and business processes.
- Deliver guidance for innovation and emerging technologies.
- Cover the end-to-end business and IT functional responsibilities.
- Separate the governance and management domains.
COBIT 5 is a principles-driven framework based on five fundamental principles:
Principle 1: Meeting stakeholder needs
COBIT 5 provides all the required processes and other enablers to support business value creation through the use of IT.
Principle 2: Covering the enterprise end to end
COBIT 5 integrates the governance of enterprise IT into enterprise governance, covering all functions and processes within the enterprise, not just IT.
Principle 3: Applying a single, integrated framework
COBIT 5 aligns with other relevant standards and frameworks at a high level to serve as the overarching framework for governance and management of enterprise IT.
Principle 4: Enabling a holistic approach
Efficient and effective governance and management of enterprise IT require a holistic approach, taking into account several interacting components or ‘enablers’. COBIT 5 defines seven categories of enablers:
- Principles, policies and frameworks
- Organizational structures
- People, skills and competencies
- Culture, ethics and behaviour
- Services, infrastructure and applications
Principle 5: Separating governance from management
The COBIT 5 Process Reference Model
COBIT 5 is not delivered as a prescriptive model, rather it advocates the implementation of governance and management processes within enterprises. The COBIT 5 process reference model defines and describes in detail the governance and management processes normally found within an enterprise relating to IT activities, providing a common reference model understandable to operational IT and business managers.
The COBIT 5 model delivers an operational model with a common language for all parts of the business involved in IT activities and provdes a framework for measuring and monitoring IT performance, communicating with service providers and integrating best management practices.
COBIT 5 Governance and Management Processes
The COBIT 5 process reference model divides the governance and management processes of enterprise IT into two main process domains:
Governance-Contains five governance processes with ‘evaluate, direct and monitor practices’ defined within each process
Management-Four domains, in line with the responsibility areas of plan, build, run and monitor (PBRM), providing the end-to-end coverage of IT. These domains are an evolution of the COBIT 4.1 domain and process structure:
- Align, Plan and Organize (APO)
- Build, Acquire and Implement (BAI)
- Deliver, Service and Support (DSS)
- Monitor, Evaluate and Assess (MEA)
The COBIT 5 process reference model is the successor of the COBIT 4.1 process model, incorporating the both the Risk IT and Val IT frameworks.
The complete COBIT 5 enabler model includes a total of 37 governance and management processes with complete details incorporated within COBIT 5: Process Reference Guide.
COBIT 5 Illustrative Governance and Management Processes
It’s all about the implementation. You don’t simply take COBIT 5 and implement it out of the box. It is a fully customizable framework relevant to organizations of all sizes, in all industries and in any country. Value can only be realized when COBIT is adopted and adapted to fit a particular environment. The implementation must address the specific business challenges, including managing changes to culture and behavior. To assist the enterprise, ISACA delivers practical and extensive implementation guidance in its publication COBIT 5: Implementation, which is based on a continual improvement lifecycle. Although not intended to be a prescriptive approach, the guide leverages good practices and assists in the creation of successful outcomes. It’s supported with an implementation toolkit containing the following to assist users in their journey:
- Self-assessment, measurement and diagnostic tools
- Presentations aimed at various audiences
- Related articles and further explanations
More importantly, the implementation lifecycle delivers the processes for enterprises to address the complexity and challenges encountered in implementations using COBIT. The three interrelated components of the lifecycle are the:
- Core continual improvement lifecycle (this is not a one-off project)
- Enablement of change (addressing the behavioural and cultural aspects)
- Management of the program
As discussed previously, the right environment needs to be created to ensure the success of the implementation or improvement initiative, and a top-down approach is required to ensure success.
Where do I get COBIT 5?
COBIT 5 is available from ISACA website on the COBIT page and the Framework, Enabling Processes and Implementation guides are all free to members. ISACA also hosts a community of COBIT users in the ISACA Knowledge Center (www.isaca.org/knowledge-center), where they can discuss implementation, ask questions and learn more about the practical application of COBIT 5.
This blog also appears on the CA Service Management blog.