COBIT 2019, developed by ISACA (an international professional association focused on IT governance), is the latest version of the globally recognised IT governance framework designed to help organisations align IT strategies with business goals. It offers a flexible and holistic approach to managing IT, ensuring value creation, risk management, and resource optimisation. This post tells you what you need to know about COBIT 2019 and how it can benefit your business.
What is COBIT 2019?
COBIT stands for “Control Objectives for Information and Related Technologies”. It’s a comprehensive framework that provides organisations with practices, tools, and guidelines to govern and manage IT effectively. COBIT 2019 enables organisations to align IT and business strategies, optimising IT investments while mitigating risks.
Key aspects of COBIT 2019
Holistic governance approach
COBIT 2019 is designed to create a governance system that spans the entire enterprise. Whether your business is large or small, it provides a customisable framework to meet your specific IT governance needs.
Governance components
COBIT 2019 is structured around six key governance components:
- Processes: activities and practices required to achieve specific IT goals.
- Organisational structures: decision-making bodies in governance.
- Principles, policies, and frameworks: guidelines to align IT with business.
- Information flows and items: essential data for governance.
- Culture, ethics, and behaviour: how individual and group behaviour impacts governance.
- People, skills, and competencies: human resources critical to achieving governance objectives.
Governance and management objectives
COBIT 2019 introduces 40 governance and management objectives split into five domains:
- EDM (evaluate, direct, monitor): overseeing IT strategy and ensuring it aligns with business objectives.
- APO (align, plan, organise): planning and organising IT initiatives and resources to align with business strategies.
- BAI (build, acquire, implement): managing the development, acquisition, and implementation of IT systems.
- DSS (deliver, service, support): handling the daily operations and service management of IT systems.
- MEA (monitor, evaluate, assess): monitoring and evaluating IT performance and ensuring compliance with external and internal requirements.
Tailoring to organisational needs with design factors
COBIT 2019 emphasises flexibility, allowing organisations to tailor the framework based on specific needs using 11 design factors:
- Enterprise strategy
- Risk profile
- Compliance requirements
- Threat landscape
- Technology adoption strategy
- Enterprise size
- Industry sector
- Role of IT
- Sourcing model for IT
- Implementation methods
- Future IT architecture
These factors ensure that organisations can prioritise their governance and management objectives in line with their unique requirements.
Focus areas
COBIT 2019 introduces the concept of focus areas—specialised themes within IT governance that address specific concerns or emerging technologies:
- Cybersecurity
- Digital transformation
- Cloud computing
- Data privacy
- DevOps
- Risk management
By focusing on these areas, organisations can better address specific IT challenges within their governance system.
Performance management with maturity levels
COBIT 2019 includes a built-in performance management system to measure how well governance and management objectives are being met. It incorporates CMMI-based maturity levels, which range from Level 0 (incomplete) to Level 5 (optimising). These maturity levels provide a clear way to assess and improve processes over time.
Alignment with international standards
COBIT 2019 aligns with various international standards, ensuring compatibility with global best practices, such as:
- ISO/IEC 27000 (information security)
- ISO/IEC 38500 (corporate governance of IT)
- ITIL (IT service management)
- NIST (cybersecurity)
- COSO (enterprise risk management)
- PMBOK (project management)
This alignment helps organisations streamline compliance efforts across different governance and management frameworks.
COBIT core model
At the heart of COBIT 2019 is the COBIT core model, which provides a structured, detailed approach to governance. The core model includes 40 governance and management objectives, each with associated practices and activities that help define the organisation’’ governance approach.
Value creation
The primary purpose of COBIT 2019 is to ensure that IT investments deliver value. This value is created through three key elements:
- Benefit realisation: maximising the benefits gained from IT investments.
- Risk optimisation: balancing risk and reward by minimising IT-related risks.
- Resource optimisation: ensuring efficient use of IT resources, such as people, processes, and technology.
Stakeholder management
COBIT 2019 emphasises the importance of managing stakeholder needs and expectations. This includes internal stakeholders like executives and employees, as well as external stakeholders like customers, business partners, and regulators. A well-rounded IT governance approach considers all stakeholder needs while achieving business goals.
Guiding principles
COBIT 2019 is based on five guiding principles that underpin effective IT governance:
- Principle 1: meeting stakeholder needs by providing actionable results and measurable benefits.
- Principle 2: covering the entire enterprise, not just focusing on IT.
- Principle 3: applying a single, integrated framework to manage governance across multiple domains.
- Principle 4: enabling a holistic approach by considering all governance components.
- Principle 5: clearly separating governance from management, where governance sets direction and evaluates outcomes, and management executes plans.
Benefits of COBIT 2019
- Improved business-IT alignment: COBIT helps ensure that IT strategies support broader business objectives.
- Enhanced risk management: COBIT enables organisations to identify, assess, and mitigate IT-related risks.
- Resource efficiency: COBIT helps optimise the use of resources, including infrastructure, personnel, and finances.
- Increased performance monitoring: The maturity models enable organisations to track performance and continuously improve.
- Regulatory compliance: COBIT’s alignment with global standards facilitates meeting legal and compliance requirements.
How ITLawCo can help
At ITLawCo, we specialise in helping businesses tailor and implement the COBIT 2019 framework to meet their unique IT governance needs. Our team of experts is equipped to guide you through the process, whether you’re optimising IT resource use, managing risks, or ensuring compliance with international standards.
With a focus on aligning IT with your business strategy, ITLawCo helps organisations maximise value from their IT investments. We can assist with:
- Developing tailored governance systems based on COBIT 2019’s design factors.
- Assessing and improving your current governance maturity levels.
- Implementing focus areas like cybersecurity, digital transformation, and data privacy within your governance framework.
- Ensuring compliance with global standards and regulatory requirements.
Contact us today to learn how ITLawCo can support your organisation in implementing effective, efficient IT governance through COBIT 2019. Let us help you thrive in an ever-evolving digital world.
One Comment