Control Objectives for Information and Related Technology (CobiT) is a set of best practices for Information Technology management developed by Information Systems Audit & Control Association (ISACA) and IT Governance Institute in 1996. ISACA develops and maintains the internationally recognized COBIT framework, helping IT professionals and enterprise leaders fulfill their IT Governance responsibilities while delivering value to the business. The latest ISACA’s globally accepted framework COBIT 5 is aimed to provide an end-to-end business view of the governance of enterprise IT that reflects the central role of IT in creating value for enterprises.

What is CobiT?
Control Objectives for Information and Related Technology (CobiT) is a set of best practices for Information Technology management developed by Information Systems Audit & Control Association (ISACA) and IT Governance Institute in 1996.  ISACA develops and maintains the internationally recognized COBIT framework, helping IT professionals and enterprise leaders fulfill their IT Governance responsibilities while delivering value to the business. The latest ISACA’s globally accepted framework COBIT 5 is aimed to provide an end-to-end business view of the governance of enterprise IT that reflects the central role of IT in creating value for enterprises.

History of CobiT Framework
The first edition of CobiT was published in 1996. The second edition in 1998 with added Management Guidelines. The third edition was released in 2000; and the fourth edition was released in December 2005, being revised and receiving the 4.1 edition in May 2007.  CobiT 5.0 integrated with Val IT and Risk IT was released in April 2012. CobiT 5.0 will also draw significantly from the Business Model for Information Security (BMIS) and the IT Assurance Framework (ITAF).

Why CobiT?
In an electronic data-driven world, information is the most crucial element of 21st century enterprise. Mass volumes of data – supported by technology drive success, but also rise of complex and challenging governance and management concerns for enterprises worldwide. New demands, stringent regulations and risk scenarios emerge on daily basis, making it critical to effectively govern and manage information and related technology.

In the current scenario, enterprise leaders are under pressure to:

  • Deliver value to enterprise stakeholders by achieving business objectives
  • Ensure IT investments and assets are used effectively to support enterprise goals & objectives
  • Maintain compliance with internally directed and externally imposed regulations

.
Components in CobiT:

  • Framework - Organize IT governance objectives and good practices by IT domains and processes, and links them to business requirements
  • Process Descriptions - A reference process model and common language for everyone in an organization. The processes map to responsibility areas of plan, build, run and monitor. 
  • Control Objectives - Provide a complete set of high-level requirements to be considered by management for effective control of each IT process. 
  • Management Guidelines - Help assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes 
  • Maturity Models - Assess maturity and capability per process and helps to address gaps.

.
Cobit 5
CobiT 5 is the only business framework for the governance and management of enterprise Information Technology. COBIT 5 consolidates and integrates the CobiT 4.1, Val IT 2.0 and Risk IT frameworks, and draws from ISACA's IT Assurance Framework (ITAF) and the Business Model for Information Security (BMIS). It aligns with frameworks and standards such as Information Technology Infrastructure Library (ITIL), International Organization for Standardization (ISO), Project Management Body of Knowledge (PMBOK), PRINCE2 and The Open Group Architecture Framework (TOGAF).

 

 

 

 

 

 

 

 

Image Source: www.isaca.org

.
Benefits:
CobiT 5 framework can be implemented in all sizes of enterprises and helps to

  1. Maintain high-quality information to support business decisions
  2. Achieve strategic goals and realize business benefits through the effective and innovative use of IT
  3. Achieve operational excellence through reliable, efficient application of technology
  4. Maintain IT-related risk at an acceptable level
  5. Optimize the cost of IT services and technology
  6. Support compliance with relevant laws, regulations, contractual agreements and policies

In Simple
“CobiT 5 provides the structure and tools needed to deliver trust and value, manage risk, avoid potential loss and maximize opportunities”

 
 

 

 

 

 

 

Image Source: www.isaca.org

.
CobiT 5 in Detail
CobiT 5 helps enterprises of all sizes create optimal value from Information & Related Technology by maintaining a balance between realizing benefits and optimizing risk levels and resource use. The framework is designed to address both business and IT functional areas across an organization and consider IT-related interests of internal and external stakeholders.

.
Based on 5 Principles:
CobiT 5 is based on five key principles for governance and management of enterprise IT:

  1. Meeting Stakeholder Needs
  2. Covering the Enterprise End-to-End
  3. Applying a Single, Integrated Framework
  4. Enabling a Holistic Approach
  5. Separating Governance From Management

Principle 1
Meeting Stakeholder Needs
As more focus is put on the importance of flexibility and agility in leadership circles, it is critical for enterprise leaders to foster innovation and create trust and value for stakeholders. Today more than ever, executives must maximize the return on investment of information and the technology that enables its use.

  • COBIT 5 is highly customizable, flexible and provides the structure and tools enterprise leaders need to deliver business value.
  • COBIT 5 helps executives “get more” from the information systems already in place, and provides a simplified approach and single point of reference for the governance and management of information and technology.

Principle 2
Covering the Enterprise
Effective governance practices help enterprise leaders translate big-picture objectives into specific IT-related goals that are measurable and relevant across the organization.

  • COBIT 5 covers the enterprise end to end for all matters relating to information and technology.
  • COBIT 5 provides guidance to help enterprise leaders ask the right questions and make the best decisions allowing them to focus on the most critical projects.

Principle 3
A Single Integrated Framework
Businesses can choose from many standards and frameworks, each of which provides a view into a subset of IT operations and concerns.
•    COBIT 5, based on established and credible practices from international thought leaders, integrates other standards, helping enterprise executives identify and effectively address the most relevant issues for the enterprise.

Principle 4
A Holistic Approach
There are several critical factors relevant to all enterprises in the governance and management of information. To effectively protect and maximize the value of intellectual property, manage risk and prepare for future compliance requirements, these factors must be taken into account.

  • COBIT 5 provides the tools and models that help enterprise leaders effectively manage risk, ensure compliance, continuity, security, and privacy associated with information technology.

Principle 5
Separate Governance from Management
The two disciplines encompass different activities, require different organizational structure and serve different purposes. Without a clear, practical and applicable distinction or structure enterprise leaders will not get to the root of the business issue.

  • COBIT 5 makes a clear distinction between governance and management. COBIT 5 provides enterprise leaders the tools and expertise to simplify complex issues and develop customized practices.

 

 

 

 

 

 

 

 

 

 

 

Image Source: www.isaca.org

.
Addresses 7 Enablers:
The COBIT 5 framework describes seven categories of enablers:

  1. Principles, policies and frameworks are the vehicle to translate the desired behavior into practical guidance for day-to-day management.
  2. Processes describe an organized set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals.
  3. Organizational structures are the key decision-making entities in an enterprise.
  4. Culture, ethics and behavior of individuals and of the enterprise are very often underestimated as a success factor in governance and management activities.
  5. Information is required for keeping the organization running and well governed, but at the operational level, information is very often the key product of the enterprise itself.
  6. Services, infrastructure and applications include the infrastructure, technology and applications that provide the enterprise with information technology processing and services.
  7. People, skills and competencies are required for successful completion of all activities, and for making correct decisions and taking corrective actions.

 

 

 

 

 

 

 

 

 

Image Source: www.isaca.org

.
COBIT 5 brings together the five principles that allow the enterprise to build an effective governance and management framework based on a holistic set of seven enablers that optimizes information and technology investment and use for the benefit of stakeholders.

Governance & Management

  • Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed-on direction and objectives (EDM).
  • Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM).

.
COBIT 5 Implementation
COBIT 5 Implementation has 3 life cycles

  1. Programme Management
  2. Change Enablement
  3. Continual Improvement Life Cycle

 
 

 

 

 

 

 

 

 

 

 

 

 

Image Source: www.isaca.org

Each Lifecycle Implementation has seven phases:

  1. What are the drivers?
  2. Where are we now?
  3. Where do we want to be?
  4. What needs to be done?
  5. How do we get there?
  6. Did we get there?
  7. How do we keep the momentum going?

 
 

 

Only registered users can download the attachments of this page.
Your rating: None Average: 4.3 (14 votes)