COBIT 5 is HERE !
CobiT® is an evolutionary framework derived from 15 years of international IT, business, security, risk, assurance and consulting professionals providing their input into what a ICT governance and management framework must provide. It is built on five principles and seven governance enabler models.
COBIT 5 is a governance and management framework for information and related technology that starts from stakeholder needs with regard to information and technology.
The COBIT 5 framework is intended for all enterprises, including non-profit and public sector. Today, more than ever, enterprises need to achieve increased:
- Value creation through enterprise IT;
- Business user satisfaction with IT engagement and services;
- Compliance with relevant laws, regulations and policies.
COBIT 5 is based on 5 key principles for governance and management of enterprise Information Technology.
2.1. PRINCIPLE 1 - Meeting Stakeholder Needs
2.2. PRINCIPLE 2 - Covering the Enterprise End-to-End
Principle 1 - Meeting Stakeholder Needs
COBIT 5 is highly customisable, flexible and provides the structure and tools enterprise leaders need to deliver business value. Enterprises exist to create value for their stakeholders, so the governance objective for any enterprise is value creation. Value creation means realising benefits at an optimal resource cost whilst optimising risk.
2.3. PRINCIPLE 3 - Applying a Single Integrated Framework
Principle 2 - Covering the Enterprise End-to-End
COBIT 5 covers the enterprise end to end for all matters relating to information and technology. COBIT 5 is complete in enterprise coverage, providing a basis to integrate effectively other frameworks, standards and practices used.
2.4. PRINCIPLE 4 - Enabling a Holistic Approach
Principle 3 - Applying a Single Integrated Framework
COBIT 5, based on established and credible practices from international thought leaders, integrates other standards, helping enterprise executives identify and effectively address the most relevant issues for the enterprise. In addition to the governance objective, the other main elements of the governance approach include the following:
- Governance enablers are the organisational resources for governance, such as frameworks, principles, structure, processes and practices, toward which or through which action is directed and objectives can be attained
- Governance scope: Governance can be applied to the whole enterprise, an entity, a tangible or intangible asset, etc.
- Roles, Activities and Relationships: It defines who is involved in governance, how they are involved, what they do and how they interact, within the scope of any governance system.
2.5. PRINCIPLE 5 - Separating Governance from Managementoach
Principle 4 - Enabling a Holistic Approach
COBIT 5 provides the tools and models that help enterprise leaders effectively manage risk, ensure compliance, continuity, security, and privacy associated with information and technology. Having a business focus means focussing on enterprise goals and objectives. This relates to every enterprise’s objective for benefits realisation, risk optimisation and resource optimisation
Principle 5 - Separating Governance from Management
The COBIT 5 framework makes a clear distinction between governance and management. These two disciplines include different types of activities, require different organisational structures and serve different purposes.
- Governance ensures that enterprise objectives are
achieved by evaluating stakeholder needs, conditions and
options; setting direction through prioritisation and decision
making; and monitoring performance, compliance and progress
against agreed-on direction and objectives;
plans, builds, runs and monitors activities in alignment with the
direction set by the governance body to achieve the enterprise objectives
COBIT 5 Enablers
The COBIT 5 framework describes 7 categories of enablers, that help foster the achievement of the enterprise’s framework objectives and deliver value:
- Principles and policies are the vehicle to translate the desired behaviour into pravtical guidance for day-to-day management;
- Processes describe an organised set of practices and activities to achieve defined objectives and produce sets of outputs in support of achieving overall IT-related goals;
- Organisational structures are the key decision-making entities in the enterprise;
- Culture, ethics and behaviour of individuals and of the enterprise are success factors in governance and management activities;
- Information is required for keeping the organisation running and well governed, and at operational level information is often the key asset of the enterprise;
- Service capabilities, i.e. services, infrastructures and applications provide the enterprise with with information technology and services;
- People, skills and competencies are required for successful completion of all activities, and for making correct decisions and taking corrective actions.
4. COBIT 5 PROCESSES
COBIT 5 Processes
The focus of COBIT 5 is on processes, that are split into governance and management “areas”. These two areas contain a total of 5 domains with 3 letter names, and a total of 37 processes:
Governance of Enterprise IT
Management of Enterprise IT
- Evaluate, Direct and Monitor (EDM) – 5 processes
- Align, Plan and Organise (APO) – 13 processes
- Build, Acquire and Implement (BAI) – 10 processes
- Deliver, Service and Support (DSS) – 6 processes
- Monitor, Evaluate and Assess (MEA) - 3 processes
5. COBIT 5 PROCES CAPABILITY
COBIT 5 Process capability and maturity
CobiT 4.1 users are familiar with the COBIT capability maturity model (CMM) approach. These provide a scale and related descriptions by which to measure the maturity of an enterprise’s IT processes. COBIT users define their enterprise’s current capability maturity levels and determine what level would be desirable. The gap between the two identifies areas for improvement.
COBIT 5 is designed and built to support a new approach to the assessment of process capability, one that follows the ISO/IEC 15504 - Process maturity assessment for process capability assessments. The rigorous, robust and repeatable approach to process capability assessment provided by the International Organization for Standardization (ISO) approach is introduced in The Framework.
6. COBIT 5 PRODUCTS
COBIT 5 Products
The COBIT 5 guidance initially comprised 3 products:
- Volume 1 : The Framework • 60 pages • Principles and models for enterprise governance of IT
The Framework: covers governance and management of IT – with definitions and descriptions of several new models – and is designed for stakeholders so they can understand COBIT 5 and gain guidance on implementation and migration. It will translate stakeholders’ concerns into concepts and includes an evolution of the well-accepted Business Goals drive IT Goals drive IT Processes approach of CobiT 4.1
- Volume 2 : Process Reference Guide • 200 pages • Detailed process reference guide
The Process Reference Guide: retains the basic approach, structure and content of the process reference model of CobiT 4.1 with its template-driven set of pages for each process. However new layouts and heading terminology are used.
- Volume 3 : Implementing and Continually Improving Enterprise Governance of IT.
This volume will be an updated version of the CobiT 4.1 lifecycle approach (Implementing and Continually Improving IT Governance) with the addition of how to migrate to COBIT 5 from CobiT 4.1.
7. COBIT 5 TRAINING
COBIT 5 Training
The COBIT 5 Training offers 2 training paths:
- The COBIT 5 Implementation path is for those interested in learning how to apply the COBIT 5 framework and COBIT 5: Enabling Processes and how to analyse the results. Upon completion of the training and exam, attendees are able to apply COBIT 5’s good-practice, continual-improvement, life-cycle approach to GEIT, tailored to suit the needs of a specific enterprise, and implement, or advise an enterprise on implementing, a framework for the governance and management of enterprise IT using COBIT 5.
- The COBIT 5 Assessor path is for individuals interested in performing COBIT 5-based assessments using the ISO/IEC 15504 approach. This training provides the main guidance on performing a process capability assessment; the roles, responsibilities and competencies required; and the key steps, from assessment initiation to assessment results reporting.
Both training paths require first passing the COBIT 5 Foundation exam.
See : Control Objectives for Information and related Technology (CobiT)
See : COBIT 5 overview