What is COBIT? A framework for alignment and governance
What is COBIT and why is it important?
COBIT is an IT management framework developed by the ISACA to help businesses develop, organize, and implement strategies around information management and IT governance. The goal of the COBIT framework is to support “understanding, designing, and implementing the management and governance of enterprise IT (EGIT),” according to the ISACA.
First released in 1996, COBIT (Control Objectives for Information and Related Technologies) was initially designed as a set of IT control objectives to help the financial audit community better navigate the growth of IT environments. In 1998, the ISACA released version 2, which expanded the framework to apply outside the auditing community. Later, in the 2000s, the ISACA developed version 3, which brought in the IT management and information governance techniques found in the framework today.
COBIT 4 was released in 2005, followed by the refreshed COBIT 4.1 in 2007. These updates included more information regarding governance surrounding information and communication technology. In 2012, COBIT 5 was released and in 2013, the ISACA released an add-on to COBIT 5, which included more information for businesses regarding risk management and information governance.
The ISACA announced an updated version of COBIT in 2018, ditching the version number and naming it COBIT 2019. This updated, and most recent, version of COBIT is designed to constantly evolve with “more frequent and fluid updates,” according to the ISACA. COBIT 2019 was introduced to build governance strategies that are more flexible and collaborative and that address new and changing technology.
Difference between COBIT 5 and COBIT 2019
COBIT 5 was released in 2012, but by 2019 a lot of changes were introduced around compliance and regulation standards in the industry, most notably the adoption of the European GDPR framework for data protection laws. Regulations went into effect in the spring of 2018 and the ISACA updated the governance principles of COBIT to accommodate this new focus, adding a 6th principle to the framework. While COBIT has always had a focus on regulations and compliance, these new standards helped shape the revised COBIT 2019 framework with an updated lens on governance management. For organizations embarking on digital transformation, COBIT helps navigate the complexities of IT compliance, regulation, and governance.
COBIT 2019 introduced three new governance principles that revolve around the openness and flexibility of the framework. The framework states that not only should governance strategies remain open and flexible, but they should also be based on conceptual models and aligned to major standards and regulations. Additionally, the updated COBIT framework bases performance management around the CMMI performance Management Scheme, which focuses on measuring capability and maturity levels. Previously, COBIT 5 relied on International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to define capability and maturity levels.