What Is COBIT 2019
In the world of IT, there are two essential elements: Management and Governance. The first refers to managing and optimizing the various aspects of IT, such as internal processes, teams, technology, user experiences, and so on. The second refers to governing the direction of IT in terms of wider business goals and compliance regulations. This can include future-proofing, meeting security objectives, and so on.
When it comes to managing IT services and teams, leaders must be prepared to accommodate all relevant components and considerations. Adopting the appropriate tools, practices, and structures to drive optimization requires a comprehensive and often high-level perspective. This is where COBIT 2019 comes in.
Since 1996, COBIT has evolved to offer practitioners the latest knowledge, tools, and best practices for maximizing the value of IT for businesses all over the world. COBIT maturity models and control frameworks are crafted to guide and optimize IT operations, strategy, and evolution. The latest version of the framework, COBIT 2019, is an elite high-level tool ideal for transforming and fully optimizing IT across an organization.
How Does COBIT 2019 Work?
COBIT 5, the previous version of COBIT, was focused on providing objectives, tools, and best practices that were universally applicable to all IT operations. With the release of the newest framework, COBIT processes are now focused on creating bespoke IT frameworks specifically suited to an individual company’s own requirements and goals.
There are several aspects to this:
- Objectives – COBIT 2019 lays out ‘Governance Objectives’ and ‘Management Objectives’, with a total of 40 as part of its ‘Core Model’. Practitioners prioritize these objectives based on the needs of customers, stakeholders, users, and so on, allowing them to create comprehensive and bespoke IT strategies and frameworks. These guide the creation of enterprise controls going forwards.
- Domains – Every COBIT objective fits within a specific ‘Domain’. Management Objectives are contained within ‘Deliver, Service and Support (DSS)’, ‘Monitor, Evaluate and Assess (MEA)’, ‘Build Acquire and Implement (BAI)’, and ‘Align, Plan and Organize (APO)’. Governance Objectives are found under ‘Evaluate, Direct and Monitor (EDM)’.
- Goals Cascade – This tool is used to demonstrate how drivers create needs and subsequently create more clearly defined ‘goals’. In COBIT 2019, these are known as ‘Alignment Goals’, as opposed to the ‘IT Goals’ from COBIT 5.
- Components – Formerly known as ‘Enablers’, Components are generic elements that influence IT. They include ‘Information Flows’, ‘Skills’, ‘Infrastructure’, ‘Processes’, ‘Policies and Procedures’, and ‘Organizational Structures’. COBIT 2019 also introduced ‘variants of generic’, with which Components can be examined and amended based on a ‘Focus Area’, such as a specific piece of legislation like the GDPR.
- Design Factors – These factors help define the needs of an organization and how they must be addressed in a framework. Contextual factors, such as corporate and threat landscapes, are beyond the organization’s control. Strategic factors reflect decisions by the organization, such as the direction of enterprise strategy and the prioritization of different IT elements. Tactical factors focus on implementation choices regarding technology (such as cloud data management), methods (such as DevOps, ITIL 4, or Agile), and outsourcing models. While in the past, practitioners may have taken a ‘COBIT vs. ITIL’ style stance with separate frameworks, the latest version of COBIT offers a far more collaborative and complementary approach.
These aspects are all used to assess the requirements of IT. Based on the results, COBIT practitioners will then create bespoke frameworks that help managers optimize the use of resources, time, and other factors to meet crucial targets and achieve strategic goals. COBIT audit frameworks can also establish processes for driving future improvements.
The IT governance and management style of the framework is based on six principles:
- Provide Stakeholder Value
- Holistic Approach
- Dynamic Governance System
- Governance Distinct from Management
- Tailored to Enterprise Needs
- End-to-End Governance System
This is an expansion of the five principles found in COBIT 5:
- Meeting stakeholder needs
- Covering user enterprises from end to end
- Applying a single integrated framework
- Enabling a holistic approach
- Separating governance from management
Like COBIT 5, COBIT 2019 can also integrate with a number of compatible best-practice frameworks and standards, including ITIL, ISO 20,000, and ISO 27,001. It can be highly useful to take an integrated approach when implementing an enterprise governance framework. For example, you may choose to pick segments from different frameworks in order to create a system that best meets the unique needs of your organization.
Remember, organizations must always prioritize ensuring that IT assets support strategic business goals. Without sufficient perspective, fluidity, and control, an organization may not be fully optimized or compliant in its actions – and it may not even realize it!
How Does COBIT 2019 Enhance Other Frameworks?
COBIT 2019 also works by establishing the potential for progressive evolution. These days, IT is constantly in flux, with businesses having to consider new technology, legislation, practices, and so on on a regular basis.
COBIT 2019 establishes the potential for progressive evolution in IT frameworks. With elements of digital and IT management changing regularly, businesses must be prepared to reexamine their chosen best practices, software, technology, and compliance initiatives on a regular basis. This is for the sake of not only meeting the standards set by clients but also surpassing them.
To help users cope with this, COBIT 2019 offers several methods for continuous improvement. Firstly, it lays out the ‘COBIT Performance Management (CPM)’ system. Based on the CMMI Performance Management Scheme (and scored between 0 and 5), this is used to gauge the overall capability of a process:
- 0 – Lack of any basic capability. Incomplete approach to address governance and management purpose. May or may not be meeting the intent of any process practices.
- 1 – The process more or less achieves its purpose through the application of an incomplete set of activities that can be characterized as initial or intuitive – not very organized.
- 2 – The process achieves its purpose through the application of a basic yet complete set of activities that can be characterized as performed.
- 3 – The process achieves its purpose in a much more organized way using organizational assets. Processes typically are well defined.
- 4 – The process achieves its purpose, is well defined, and its performance is (quantitatively) measured.
- 5 – The process achieves its purpose, is well defined, its performance is measured to improve performance, and continuous improvement is pursued.
Level 2 refers to the basic level of capability, with any numbers below this indicating an area for immediate improvement.
COBIT 2019 also utilizes an open-source model. This allows ISACA to collect feedback from the worldwide community of IT governance and management professionals. By regularly assessing this feedback, ISACA can identify areas where the methodology can be improved, such as incorporating new best practices or integrating new technology. As a result, COBIT 2019 users will have an edge in adapting to new opportunities in the future.
Finally, COBIT 2019 also lists several ‘enhancing activities’. These are suggested by ISACA to help practitioners enhance their implementation of COBIT. For example, when first adopting COBIT, managers and stakeholders may want to consider investing in COBIT online training. They may also want to create documentation on more specific areas, such as new website governance best practices.
To help users cope with this, COBIT 2019 offers several methods for continuous improvement:
- COBIT Performance Management (CPM) – This system scores the performance and suitability of different aspects of a framework on a scale of 0 to 5. Level 2 refers to the basic level of capability, with any numbers below this indicating an area that needs immediate improvement.
- Open-Source Model – In the future, ISACA is set to examine feedback on COBIT from the worldwide community of IT governance and management professionals. By assessing this feedback, ISACA will be able to identify potential improvements for the methodology, such as incorporating new technology and practices. As a result, COBIT 2019 users will have an edge in adapting to new opportunities in the future.
- Enhancing activities – These are activities suggested by ISACA to help practitioners enhance their implementation of COBIT. One example would be investing in COBIT online training for managers and stakeholders.
How Can COBIT 2019 Certification Help My Business?
As we mentioned earlier, Governance and Management are two very distinct elements of IT. They form the backbone of almost every successful organization on the planet, and COBIT 2019 is built specifically to optimize them.
Better still, its focus on bespoke factors means that COBIT 2019 can be adopted by a diverse variety of businesses. Regardless of size, industry, location, or anything else, almost every organization on the planet can reap the benefits of IT optimization.
Still, you may well be worried about how these benefits stack up against COBIT 2019 certification costs. So, what exactly can the framework offer?
- IT Alignment – COBIT 2019 goes beyond the immediate needs of users and customers and ensures IT is aligned with larger business strategies. Achieving this alongside the complexities of managing day-to-day operations requires a comprehensive and well-defined top-level perspective. COBIT provides both this and a common vocabulary to ensure IT professionals, teams, departments, and stakeholders are all on the same page.
- Compliance – Modern IT must remain aligned with data and business legislation, such as the GDPR. COBIT treats such regulations as crucial details when formulating and updating frameworks, ensuring that they are addressed at all levels of IT. Following the success of the previous framework, COBIT risk management has continued to evolve.
- Transformation – COBIT change management prioritizes visibility across all essential IT elements. It is often used as an enterprise information management framework to guide the creation of architectures and ensure strategic objectives are reached on time and within budget.
- Optimization – COBIT 2019 is also perfect for day-to-day IT, helping practitioners identify priorities and providing the tools and best practices to make improvements wherever necessary. As a result, practitioners can enjoy more efficient, targeted, and cost-effective IT operations, with roles and responsibilities clearly defined across teams and departments.
- Trust – With COBIT’s popularity, utilizing it can help boost the confidence of stakeholders, users, and clients. The reliability COBIT enables in IT can also raise a company’s profile with customers.
- Future-proofing – COBIT 2019 is cutting-edge, offering insight on the latest IT tools, best practices, and so on. However, it also prepares practitioners for future developments, thanks to its focus on framework reassessments and its open-source model. This leaves organizations perfectly prepared to evolve however necessary.