This website uses cookies. View our cookie policy
Select regional store:

COBIT® (Control Objectives for Information and Related Technology)

COBIT 5 is the latest iteration of ISACA's globally accepted framework for the governance and management of enterprise IT. It provides globally accepted principles, analytical tools and models to increase trust in—and the value derived from—information systems.

This page introduces COBIT 5, explains the benefits it can bring your organization, and contains links to a wealth of resources.

An introduction to COBIT 5

Control Objectives for Information and Related Technology (COBIT) is a governance control framework that helps organizations meet today’s business challenges in the areas of regulatory compliance and risk management, and in aligning IT strategy with organizational goals.

With a focus on managing processes, COBIT has helped organizations bridge the gap between control requirements, regulatory compliance and business risk, and significantly to increase the value of their IT investment.

This latest iteration of COBIT, COBIT 5, was published in 2012 and takes into account the latest thinking on the governance of information technology. COBIT 5 expands on COBIT 4.1 by incorporating the governance activities of ISO38500 and the complementary ISACA frameworks Val IT, Risk IT, BMIS, and ITAF, as well as other areas of IT governance.

COBIT 5 summarized

COBIT 5 is based on five principles that are essential for the effective management and governance of enterprise IT:

  • Principle 1: Meeting stakeholder needs
  • Principle 2: Covering the enterprise end to end
  • Principle 3: Applying a single integrated framework
  • Principle 4: Enabling a holistic approach
  • Principle 5: Separating governance from management

These five principles enable an organization to build a holistic framework for the governance and management of IT that is built on seven ‘enablers’:

  1. People, policies and frameworks
  2. Processes
  3. Organizational structures
  4. Culture, ethics and behaviour
  5. Information
  6. Services, infrastructure and applications
  7. People, skills and competencies

Together, the principles and enablers allow an organization to align its IT investments with its objectives to realise the value of those investments.

The benefits of adopting COBIT 5

Adopting the COBIT framework will enable organizations to:

  • Improve and maintain high-quality information to support business decisions;
  • Use IT effectively to achieve business goals;
  • Use technology to promote operational excellence;
  • Ensure IT risk is managed effectively;
  • Ensure organisations realise the value of their investments in IT; and
  • Achieve compliance with laws, regulations and contractual agreements.

COBIT 5 and other frameworks


COBIT is closely related to the COSO control framework, which was developed by The Committee of Sponsoring Organizations of the Treadaway Commission. COSO deals with the control of financial processes, whereas COBIT deals with IT processes.

COBIT and Sarbane–-Oxley compliance

The Sarbanes–Oxley Act (SOX) was introduced in 2002 to improve the accountability and reliability of corporate disclosures for all US public companies. It aims to ensure that every publicly traded company has an internal system of control in place to ensure the disclosure of accurate financial information and mandates that organizations must produce an internal control report, which must be included in their annual Exchange Act report.

COBIT is the most widely-recognized internal control framework used to achieve IT SOX compliance. Please see our dedicated Sarbanes–Oxley webpage for further information on this subject.

COBIT, ISO27002, and ITIL®

ISO/IEC 27002 is the international standard that provides best practice advice and guidance on Information Security. ITIL® is the source of best practice information and processes relating to the delivery of IT as a service. COBIT, ISO27002, and ITIL can be used together to achieve process improvement.

COBIT does not supply an explanatory route map for the implementation of IT or Information Security best-practices, but it provides a framework of controls that allow you to use the processes contained in ISO27002 and ITIL.

Speak to an expert

For more information on our CISM products and services, speak to one of our experts today.