COBIT is an acronym for ‘Control objectives for information and related technology. It is a framework prepared by ISACA for IT Governance and Control. This is a supporting toolset that enables managers to bridge the gap between control requirements, technical issues or problems and business risks.
COBIT is an IT governance control framework that helps organisations meet business challenges in the areas of regulatory compliance, risk management and aligning IT strategy with organisational goals.
It was first released in 1996, the current version is COBIT 5, it was released in early 2012, is the latest iteration of COBIT, incorporating the governance activities of ISO38500 and other ISACA frameworks.
Its mission is “to research, develop, publish and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers, IT professionals and assurance professionals.”. COBIT, initially an acronym for ‘Control objectives for information and related technology’ defines 34 generic processes to manage IT. Each process is defined together with process inputs and outputs, key process activities, process objectives, performance measures and an elementary maturity model. The framework supports governance of IT by defining and aligning business goals with IT goals and IT processes.
COBIT has had the following major releases:
In 1996, the first edition of COBIT was released.
In 1998, the second edition added “Management Guidelines”.
In 2000, the third edition was released.
In 2003, an on-line version became available.
In December 2005, the fourth edition was initially released.
In May 2007, the current 4.1 revision was released.
COBIT 5 is scheduled to release in 2012, will consolidate and integrate the COBIT 4.1, Val IT 2.0 and Risk IT frameworks, and also draw significantly from the Business Model for Information Security (BMIS) and ITAF.
The COBIT components include::
- Framework: Organize IT governance objectives and good practices by IT domains and processes, and links them to business requirements
- Process descriptions: A reference process model and common language for everyone in an organization. The processes map to responsibility areas of plan, build, run and monitor.
- Control objectives: Provide a complete set of high-level requirements to be considered by management for effective control of each IT process.
- Management guidelines: Help assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes
- Maturity models: Assess maturity and capability per process and helps to address gaps.
Other ISACA Publications based on the COBIT framework include:
- Board Briefing for IT Governances, 2nd Edition
- COBIT and Application Controls
- COBIT Control Practices, 2nd Edition
- IT Assurance Guide: Using COBIT
- Implementing and Continually Improving IT Governance
- COBIT Quickstart, 2nd Edition
- COBIT Security Baseline, 2nd Edition
- IT Control Objectives for Sarbanes-Oxley, 2nd Edition
- IT Control Objectives for Basel II
- COBIT User Guide for Service Managers
- COBIT Mappings (to ISO/IEC 27002, CMMI, ITIL, TOGAF, PMBOK etc.)
- COBIT Online
Schedule to release in 2012, COBIT 5 will consolidate and integrate the COBIT 4.1, Val IT 2.0 and Risk IT frameworks and also draw significantly from the Business Model for Information Security (BMIS) and ITAF.
The Core Concept of IT Governance
How is IT Governance in The USA?
Corporate Governance and IT Governance
IT Governance in more detail
Multi-definitions of IT Governance
IT Governance Definitions
All About ISO 38500
IT Governance model can be misleading…(COBIT vs ISO 38500)
The Relationship Between IT Governance and Corporate Governance
The Difference Between Management and Governance
Why is COBIT not an appropriate IT Governance Framework?
COBIT, ITIL, ISO 27002 or ISO 38500?
Is ISO 38500 The Real IT Governance Framework?
Why IT people love to use the word “governance” these days?
The Origin of IT Governance Term
IT Governance Framework
How Is ISO 38500 Today?
IT Governance, IT Service Management, IT Management, are they all the same?