What is COBIT?
COBIT helps organizations meet business challenges in the areas of regulatory compliance, risk management, and aligning IT strategy with organisational goals. COBIT 5, the latest iteration of the framework, was released in 2012.
COBIT 5 summarized
COBIT 5 is based on five principles that are essential for the effective management and governance of enterprise IT:
- Principle 1: Meeting stakeholder needs
- Principle 2: Covering the enterprise end to end
- Principle 3: Applying a single integrated framework
- Principle 4: Enabling a holistic approach
- Principle 5: Separating governance from management
These five principles enable an organization to build a holistic framework for the governance and management of IT that is built on seven ‘enablers’:
- People, policies and frameworks
- Organizational structures
- Culture, ethics, and behaviour
- Services, infrastructure, and applications
- People, skills, and competencies
Together, the principles and enablers allow an organization to align its IT investments with its objectives to realise the value of those investments.
The benefits of adopting COBIT
Adopting the COBIT framework will enable organizations to:
- Improve and maintain high-quality information to support business decisions
- Use IT effectively to achieve business goals
- Use technology to promote operational excellence
- Ensure IT risk is managed effectively
- Ensure organizations realize the value of their investments in IT
- Achieve compliance with laws, regulations and contractual agreements
COBIT 5 and other frameworks
COBIT 5 has been designed with integration at its heart. It is aligned with numerous best-practice frameworks and standards, such as ITIL®, ISO 20000 and ISO 27001.
It may be best to take an integrated approach when implementing an IT governance framework, using parts of several different frameworks and standards to deliver the results you need.
COBIT and Sarbane–-Oxley compliance
The Sarbanes–Oxley Act (SOX) was introduced in 2002 to improve the accountability and reliability of corporate disclosures for all US public companies. It aims to ensure that every publicly traded company has an internal system of control in place to ensure the disclosure of accurate financial information and mandates that organizations must produce an internal control report, which must be included in their annual Exchange Act report.
COBIT is the most widely-recognized internal control framework used to achieve IT SOX compliance.
Learn more about Sarbanes–Oxley >>
COBIT, ISO 27002, and ITIL®
ISO/IEC 27002 is the international standard that provides best practice advice and guidance on Information Security. ITIL® is the source of best practice information and processes relating to the delivery of IT as a service (e.g service strategy, designs, and operation). COBIT, ISO27002, and ITIL can be used together to achieve process improvement.
COBIT does not supply an explanatory route map for the implementation of IT or Information Security best-practices, but it provides a framework of controls that allow you to use the processes contained in ISO27002 and ITIL.
Discover our range of bestselling COBIT products and services
IT Governance offers a complete range of books, toolkits, e-learning, training, software and consultancy relating to all areas of IT governance, risk and compliance.
IT Governance Control Framework Implementation Toolkit
- The IT Governance Control Framework Implementation Toolkit has been designed to simplify the complex process of COBIT implementation. It provides documentation templates that cover all 37 of the COBIT processes and ready-to-use policies and procedures that will save you time and money when implementing COBIT.
The COBIT 5 Publication Suite
COBIT 5 online training