Mark Carrel - stock.adobe.com
The COBIT framework grew to four publications in 2019, with the addition of a design guide to complement the core information on methodology and implementation.
Every IT organization requires comprehensive governance and management practices to ensure that it delivers resources and services dependably and reproducibly. IT service management (ITSM) supports business demands for enterprise security, regulatory compliance and governance. The COBIT framework, formerly Control Objectives for Information and Related Technology, outlines the factors that enable and support IT within the enterprise. It's a broader standard than the IT Infrastructure Library, commonly called ITIL, though they overlap and are complementary for ITSM practitioners.
What is the COBIT framework?
COBIT is a standard framework that organizations use to govern and manage enterprise IT and is sometimes extended to embrace the entire enterprise. COBIT is not a software tool or discrete product, but is instead a series of concepts that provide comprehensive guidance, objectives, models and methodologies. Within the scope of ITSM standards, COBIT covers the governance and management of, ideally, all IT practices.
Since its introduction in 1996, COBIT has been updated every few years to reflect the dynamic needs of businesses and IT. The current release, COBIT 2019, replaces the previous well-established COBIT 5 version from 2012.
ISACA, originally the Information Systems Audit and Control Association, sets and develops guidance and controls for information governance, control, security and audit professionals. The global organization sponsors and drives the COBIT framework.
Compare COBIT and ITIL
COBIT and ITIL are both regarded as key ways to shape ITSM but are radically different frameworks, in terms of purpose and scope.
ITIL, also updated in 2019, describes a method to manage IT services across an entire service lifecycle and outlines the processes and activities that enable service management. By comparison, COBIT describes how to govern enterprise IT to maximize business value yet manage resources and risks. The COBIT framework outlines processes and activities related to assets and resources across enterprise IT. From this standpoint, ITIL is regarded as a more focused ITSM approach, whereas the COBIT framework is a broader and more general approach that's applicable to almost any area of the business -- including ITSM.
There is overlap between the two frameworks. ITIL generally covers about a quarter of the practices, mostly those related to service management, found in COBIT. But COBIT has other strengths, including auditability -- which simplifies organizational compliance obligations -- from ISACA Certified Information Systems Auditor-certified auditors. ITIL relies on benchmarks such as Tudor IT Process Assessment.
Ultimately, ITIL and COBIT are not mutually exclusive. Businesses can use them together to govern and manage IT services.
What changed in COBIT 2019?
ISACA updated every part of the COBIT framework for 2019. The changes and additions to COBIT 2019 are encapsulated within the COBIT document suite, which is available to ISACA members for free. The principal changes include a new publication within the core framework, several new objectives, security practices updates and updated references to other standards, guidelines and regulations.
Four core publications express the COBIT framework. The introduction and methodology publication provides definitions, explains management objectives and lays out the COBIT framework's structure. The governance and management objectives publication details the COBIT model and all constituent governance and management objectives, each associated with a specific process. A design publication, which is new in COBIT 2019, offers practical and prescriptive guidance that enables adopters to put COBIT into practice within the specific needs of their organizations. And, finally, an implementation and optimization guide helps adopters deploy and operate the COBIT framework most effectively.
COBIT 2019 Framework: Introduction and Methodology expands governance guidelines and updates COBIT framework principles and terminology. The COBIT Core Model, formerly the Process Reference Model, grew to 40 management objectives, up from 37 in COBIT 5. ISACA added an objective around managed data and split two existing objectives into four: managed programs, managed projects, managed system of internal control and managed assurance.
The first volume updates also include maturity measurements joining capability measurements, which enables organizations to apply key performance indicators that are most meaningful to the business. With ISACA's acquisition of the CMMI Institute, COBIT Performance Management now closely follows a scored approach seen in CMMI to evaluate how well the organization's governance and management system works. Finally, the first volume introduces concepts of design and basic guidance for COBIT framework adoption.
COBIT 2019 Framework: Governance and Management Objectives details the COBIT Core Model, along with each of its 40 objectives, including the three new ones detailed above. This volume defines every objective correlated to metrics and aligns them to a related process that applies to enterprise goals.
COBIT 2019 Design Guide: Designing an Information and Technology Governance Solution is the new publication addition to COBIT 2019. This volume provides practical and prescriptive guidance to implement and apply the COBIT framework. Adopters can tailor the governance system to meet the organization's needs and define design factors -- such as sourcing models and threat landscapes -- against COBIT 2019 concepts, as well as predict the impact of design factors and establish workflows most appropriate for the particular organization.
COBIT 2019 Implementation Guide: Implementing and Optimizing an Information and Technology Governance Solution is an implementation guide that provides the necessary details to craft a system around the COBIT framework in conjunction with the Design Guide. The Implementation Guide update also includes COBIT 2019 terms and concepts.