What is COBIT?
In the last few years, many companies have started to pay special attention to the topic of governance, and used it as a perspective for professionalising their IT alignment.
COBIT is the globally most renown framework for IT governance and management (in the context of COBIT, the word "IT" isn't used in the meaning of an organisational unit, but rather in the meaning of everything related to information and the technologies connected to it). It arranges IT-related tasks into a domain and process framework and depicts connections between business objectives and IT and process objectives. COBIT also provides indicators and capability assessment models, identifies responsibilities on the level of the company and of the IT, and emphasises the importance of the human factor to the success of all governance and management activities.
The purpose of applying this framework is to support the achievement of the following objectives:
- Realising business benefits by using the IT of the company effectively and innovatively
- Achieving operational excellence by using technology reliably and efficiently
- Limiting IT-related risks to an acceptable level
- Optimising the costs of IT services and technologies
- Fulfilling ever-increasing legal and regulatory requirements
COBIT was developed by ISACA, the Information Systems audit and Control Association. COBIT is based on the best known international standards, frameworks and best practices, such as ITIL, PRINCE2, COSO, ISO 38500 and ISO 27000. These different guidelines are integrated into COBIT, and the most important contents are combined into a comprehensive framework. COBIT mainly concentrates on WHAT is needed in order to achieve appropriate IT governance and management and less on HOW it is achieved.
In its 5th version, COBIT has grown into an extensive product family. COBIT 5 provides a comprehensive, inclusive and holistic view into IT governance and management. This view is consistent, includes all IT-related subject matters and provides a holistic and systemic perspective. In addition, COBIT 5 is consistent with generally accepted corporate governance standards and other standards and frameworks that support compliance with regulatory requirements. All this is achieved through building on over 15 years of experience in the application and use of IT governance and management. The focus of COBIT 5 remains on the level of setting objectives, directing and measuring. This means that COBIT 5, just as its predecessors, doesn't try to compete with more implementation-oriented frameworks, such as PRINCE2 or ITIL.
On the basis of ISO 38500, COBIT 5 strongly highlights the difference between governance and management, as well as the responsibilities of the company's management that are related to IT governance. The included process model illustrates how tasks and responsibilities are divided between the business side and the IT and how these interact. In addition, COBIT takes into account the role of the "Human factor" in the application and development of IT governance.