COBIT 5 is a world-renowned governance and management framework for enterprise IT. Its success has primarily been down to its focus on achieving high-level results whilst also managing risks, allowing users to maintain a level of balance that has become increasingly fundamental to successful IT over the last few years.
Recently, ISACA (formerly known as the ‘Information Systems Audit and Control Association’), announced the release of ‘COBIT 2019’. This would be an updated version of the framework, not only building on what COBIT 5 had to offer, but also evolving it in order to suit the radically different elements and rapidly changing environment of modern IT.
But what exactly does this mean? What do certified COBIT 5 practitioners need to know about the latest iteration of the framework?
In this article, we look at everything you need to know about the differences between COBIT 5 and COBIT 2019.
Why did COBIT 5 need to be changed at all?
If there’s one thing worth knowing about the world of Information Technology, it’s that it is never standing still. After all, how many new technologies have exploded in popularity over the last ten years or so? For many businesses, additions like cloud data and the Internet of Things are not only valuable, but essential, and a successful organization must always be ready to move with the times.
With this in mind, it is important to remember that COBIT 5 was originally released back in 2012. As it currently stands, the old framework simply does not have the tools or capacity to cover what it needs to anymore.
This is not simply with regards to technology, of course; risk management, security, and governance have all become much bigger issues in the last few years. IT managers must be capable not only of optimizing the value of IT for a business, but also ensuring that IT operations and practices are fully compliant with all necessary legislation.
What makes COBIT 2019 different from COBIT 5?
In releasing COBIT 2019, ISACA has not only added new elements to the framework, but also updated previous aspects of COBIT 5 to bring them more in line with the needs of modern IT.
COBIT Core Model
COBIT 2019 has retained the ‘Governance Objectives’ and ‘Management Objectives’ of COBIT 5. However, several processes have been introduced or updated within these groups.
These include ‘Monitor, Evaluate and Assess the System of Internal Control’, which has been split into ‘Managed Assurance’ and ‘Managed System of Internal Control’, and Manage Programs and Project, which is now ‘Manage Programs’ and ‘Manage Projects’. This has brought the 37 objectives, which were previously known collectively as the ‘Process Reference Model (PRM)’, up to a total of 40, which are now referred to as the ‘COBIT Core Model’.
These 40 objectives are each designed to suit a certain domain:
- Governance Objectives – Evaluate, Direct and Monitor (EDM)
- Management Objectives – Align, Plan and Organize (APO), Build Acquire and Implement (BAI), Deliver, Service and Support (DSS), and Monitor, Evaluate and Assess (MEA)
Together, these objectives encompass all of the potential areas an organization may need to address in order to ensure that its IT governance model meets the needs of stakeholders and end-users.
COBIT Performance Management (CPM)
‘COBIT Performance Management (CPM)’ is a concept that builds on the scoring system used within COBIT 5. Based on Capability Maturity Model Integration (CMMI), it assesses the success of a governance and management system on a scale of 0 to 5, considering elements such as how competently any chosen components work together.
This scoring system helps COBIT practitioners to identify areas where the maturity level of governance capability within a system may need to be enhanced. For example, a basic level of capability would be scored as ‘Level 2’, with higher levels indicating greater levels of sophistication.
As for dealing with areas that need to be improved, ISACA has suggested several ‘enhancing activities’. This includes creating finely-tailored (as opposed to generic) governance systems, having stakeholders take part in CPM and COBIT 2019 training, extensively investigating capability levels based on the results of various activities, and so on. Ultimately, in order to optimize a company’s IT governance and management system, COBIT 2019 users would be expected to continually investigate, assess, and take lessons from the system as it was developed and implemented.
More prescriptive guidelines
COBIT 2019 puts a great deal of emphasis on building and sustaining IT governance and management systems that are specifically suited to individual organizations. Several elements of COBIT 5 have been updated in order to account for this:
- Components – The ‘Enablers’ of COBIT 5 have been renamed as ‘Components’. However, it is not simply a matter of renaming. In COBIT 5, ‘Processes’, ‘Organizational Structures’, ‘Policies and Procedures’, ‘Information Flows, Culture and Behaviours’, ‘Skills’, and ‘Infrastructure’ were largely generic, allowing users to apply them to any given situation. COBIT 2019 introduced ‘variants of generic’, via which a Component can be altered in order to suit a specific context or purpose within a ‘Focus Area’. One example could be a regulation like the GDPR, or perhaps an IT framework like DevOps or ITIL 4
- The Goals Cascade – This COBIT 5 concept has been updated to support the prioritization of management and business goals. Within the cascade itself, ‘IT Goals’ have also been replaced by ‘Alignment Goals’
- Reviewing the system – COBIT 2019 systems are designed to be regularly reviewed and updated, reflecting ISACA’s keen understanding of the dynamics of the modern business environment. Several performance management elements were introduced to support this, including new maturity models
Design Factors
The new ‘Design Factors’ of COBIT 2019 are another important aspect of making sure your COBIT governance framework suits the needs of your organization. Simply put, they enable practitioners to weigh governance and management objectives, allowing them to establish what kind of system they require.
The Design Factors are spread across several categories:
- Contextual – Factors which are beyond an organization’s control, such as the current threat landscape, company size, local geopolitical situation, and so on
- Strategic – Factors that reflect decisions made by the organization, such as which IT functions are most critical, elements and direction of enterprise strategy, and so on
- Tactical – Based on implementation choices concerning IT methods (such as DevOps, ITIL 4, or Agile), technology (e.g., leading edge), and outsourcing models (e.g., cloud)
The diversity of these elements is important, as they reflect the fact that IT governance must be viewed in the context of the wider enterprise. A common example is the relationship between business and IT, though a practitioner could also look at how IT helps other departments such as Support or Marketing.
The full design process is outlined in the COBIT 2019 Design Guide.
An open-source model
As we mentioned earlier, a key aspect of the modern world of IT is just how often it can be turned on its head. This is why ISACA is set to offer periodic updates to COBIT 2019 as part of a new practitioner-powered open-source model.
Future updates will be based on feedback delivered by the global IT governance community. All suggestions will be evaluated by an experienced Steering Committee before being integrated into the framework itself.
This will ensure that COBIT 2019 practitioners can continue to enable evolution within their organizations, even as new technology and best practices arrive on the scene.
How much does COBIT 2019 certification cost?
The Good e-Learning COBIT 2019 Foundation eLearning course is currently priced at $529 (£449). The course was designed with help from highly experienced COBIT practitioners, and includes a variety of assets such as instructor-led videos, interactive slides, and even a practice exam simulator to help students prepare for the COBIT 9 Foundation certification exam.
The course goes into detail on precisely how COBIT 2019 differs from COBIT 5. Good e-Learning also offers a FREE exam voucher for every learner, as well as a convenient app for accessing and downloading resources on the go.
Learners can also enjoy a world-class Learning Management System, the ‘Learning Ecosystem’. This LMS is designed for training managers, allowing them to register students, track learner progress, and carry out admin with ease. We can also offer bespoke elements, such as course monetization.
Want to find out more? Visit the Good e-Learning website, or contact a member of our team today!