COBIT 5 – available today!

Building on more than 15 years of practice in the business, IT, risk, security and assurance communities, COBIT 5 provides the next generation of ISACA’s guidance on a critical business issue-the enterprise governance and management of IT.


The COBIT 5 framework will provide the basis for governing and managing enterprise IT. It will include a number of products including:



  • COBIT 5 (the framework)

  • COBIT 5 Enabler Guides, where governance and management enablers are discussed in more detail. These include:

  • COBIT 5: Enabling Processes

  • COBIT 5: Enabling Information (in development)

  • Other enabler guides (more details on the COBIT pages on the ISACA website)

  • COBIT 5 Professional Guides, which include:


    • COBIT 5: Implementation

    • COBIT 5 for Information Security (mid-2012)

    • COBIT 5 for Assurance (2013)

    • COBIT 5 for Risk (2013)

  • A collaborative online environment, which will also be made available to support the use of COBIT 5.

The initial series of publications released include COBIT 5, COBIT 5: Enabling Processes and COBIT 5: Implementation.


Background to the development


COBIT 4.1 had great acceptance across the IT community, but following an extensive review of the stakeholders, a number of drivers were identified leading to the development of the new framework. These included:



  • Determine value from information and related technology (what benefits at what acceptable level of risk and costs) and the priorities in ensuring that expected value is actually being delivered-a big demand from stakeholders.

  • Deliver transparency to stakeholders on how the delivery will occur and the actual results will be achieved.

  • Address the increasing dependency of the enterprise’s success on external business and IT parties such as outsourcers, suppliers, consultants, clients, and cloud and other service providers.

  • Manage the ever-increasing amount of information that is pervasive within the enterprise.

  • Work more effectively with information technology, which has become an integral part of the business and business processes.

  • Deliver guidance for innovation and emerging technologies.

  • Cover the end-to-end business and IT functional responsibilities.

  • Separate the governance and management domains.

Principles-based framework


COBIT 5 is a principles-driven framework based on five fundamental principles:


Principle 1:  Meeting stakeholder needs


COBIT 5 provides all the required processes and other enablers to support business value creation through the use of IT.


Principle 2:  Covering the enterprise end to end


COBIT 5 integrates the governance of enterprise IT into enterprise governance, covering all functions and processes within the enterprise, not just IT.


Principle 3:  Applying a single, integrated framework


COBIT 5 aligns with other relevant standards and frameworks at a high level to serve as the overarching framework for governance and management of enterprise IT.


Principle 4:  Enabling a holistic approach


Efficient and effective governance and management of enterprise IT require a holistic approach, taking into account several interacting components or ‘enablers’. COBIT 5 defines seven categories of enablers:



  • Processes

  • Principles, policies and frameworks

  • Organizational structures

  • People, skills and competencies

  • Culture, ethics and behaviour

  • Services, infrastructure and applications

  • Information

Principle 5:  Separating governance from management


The COBIT 5 framework makes a clear distinction between governance and management, identified as governance and management domains.


The COBIT 5 Process Reference Model


COBIT 5 is not delivered as a prescriptive model, rather it advocates the implementation of governance and management processes within enterprises.  The COBIT 5 process reference model defines and describes in detail the governance and management processes normally found within an enterprise relating to IT activities, providing a common reference model understandable to operational IT and business managers.


The COBIT 5 model delivers an operational model with a common language for all parts of the business involved in IT activities and provdes a framework for measuring and monitoring IT performance, communicating with service providers and integrating best management practices.


COBIT 5 Governance and Management Processes


The COBIT 5 process reference model divides the governance and management processes of enterprise IT into two main process domains:


Governance-Contains five governance processes with ‘evaluate, direct and monitor practices’ defined within each process


Management-Four domains, in line with the responsibility areas of plan, build, run and monitor (PBRM), providing the end-to-end coverage of IT. These domains are an evolution of the COBIT 4.1 domain and process structure:



  • Align, Plan and Organize (APO)

  • Build, Acquire and Implement (BAI)

  • Deliver, Service and Support (DSS)

  • Monitor, Evaluate and Assess (MEA)

The COBIT 5 process reference model is the successor of the COBIT 4.1 process model, incorporating the both the Risk IT and Val IT frameworks.


The complete COBIT 5 enabler model includes a total of 37 governance and management processes with complete details incorporated within COBIT 5:  Process Reference Guide.


COBIT 5 Illustrative Governance and Management Processes


It’s all about the implementation. You don’t simply take COBIT 5 and implement it out of the box. It is a fully customizable framework relevant to organizations of all sizes, in all industries and in any country. Value can only be realized when COBIT is adopted and adapted to fit a particular environment. The implementation must address the specific business challenges, including managing changes to culture and behavior. To assist the enterprise, ISACA delivers practical and extensive implementation guidance in its publication COBIT 5:  Implementation, which is based on a continual improvement lifecycle. Although not intended to be a prescriptive approach, the guide leverages good practices and assists in the creation of successful outcomes. It’s supported with an implementation toolkit containing the following to assist users in their journey:



  • Self-assessment, measurement and diagnostic tools

  • Presentations aimed at various audiences

  • Related articles and further explanations

More importantly, the implementation lifecycle delivers the processes for enterprises to address the complexity and challenges encountered in implementations using COBIT.  The three interrelated components of the lifecycle are the:



  • Core continual improvement lifecycle (this is not a one-off project)

  • Enablement of change (addressing the behavioural and cultural aspects)

  • Management of the program

As discussed previously, the right environment needs to be created to ensure the success of the implementation or improvement initiative, and a top-down approach is required to ensure success.


Where do I get COBIT 5?


COBIT 5 is available from ISACA website on the COBIT page and the Framework, Enabling Processes and Implementation guides are all free to members. ISACA also hosts a community of COBIT users in the ISACA Knowledge Center (www.isaca.org/knowledge-center), where they can discuss implementation, ask questions and learn more about the practical application of COBIT 5.


 This blog also appears on the CA Service Management blog.

The following two tabs change content below.

Robert Stroud

Vice President Strategy & Innovation IT Business Management at CA Technologies
Robert Stroud is vice president of innovation and strategy for IT Business Management at CA Technologies. Rob is dedicated to the development of industry trends, strategy and communication of industry best practices. Rob is a strong advocate for the governance, security, risk and assurance communities working closely with the community to author, develop and communicate standards and best practices. Rob also advises organizations on their implementations to ensure they drive maximum business value from their investments in IT-enabled business governance. Following a four-year term as an ISACA International vice president, Rob served on the ISACA Strategic Advisory Council, and is currently serving as ISACA ISO Liaison sub-committee. Earlier, Rob served on the itSMF International Board as Treasurer and Director Audit, Standards and Compliance, the itSMF ISO liaisons to multiple working groups and spent multiple years on the board of the itSMF USA. An accomplished author and blogger, Rob is widely recognized for perspectives on industry trends. He also has contributed to multiple standards publications including COBIT 4.0, 4.1 and COBIT 5, Guidance for Basel II and several ISO standards. Rob served as an active member of the ITIL Update Project Board for ITIL 2011 and in various roles in the development of ITIL v3 including the Advisory Group, mentor and reviewer. Prior to joining CA Technologies, Rob spent more than 15 years in the finance industry successfully managing multiple initiatives in both IT and retail banking sectors related to security, service management and process governance. Follow Rob on Twitter: @RobertEStroud

Leave a Reply