FR | NL | EN
   About us     Contact     Glossary index     Sitemap   

   Home > COBIT 5

COBIT 5     Print


COBIT 5 is UNIQUECobiT® is an evolutionary framework derived from 15 years of international IT, business, security, risk, assurance and consulting professionals providing their input into what a ICT governance and management framework must provide. It is built on five principles and seven governance enabler models.

ISACA develops and maintains the internationally recognised Control Objectives for Information and related Technology (CobiT) framework, helping IT professionals and enterprise leaders fulfil their IT Governance responsibilities while delivering value to the business.

Released in April 2012, COBIT 5 is ISACA's new framework.  COBIT 5 consolidates and integrates the CobiT 4.1, Val IT 2.0 and Risk IT frameworks, and draws from ISACA's IT Assurance Framework (ITAF) and the Business Model for Information Security (BMIS).  It aligns with frameworks and standards such as Information Technology Infrastructure Library (ITIL), International Organization for Standardization (ISO), Project Management Body of Knowledge (PMBOK), PRINCE2 and The Open Group Architecture Framework (TOGAF).



COBIT 5 is a governance and management framework for information and related technology that starts from stakeholder needs with regard to information and technology.

The COBIT 5 framework is intended for all enterprises, including non-profit and public sector. Today, more than ever, enterprises need to achieve increased:

  • Value creation through enterprise IT;
  • Business user satisfaction with IT engagement and services;
  • Compliance with relevant laws, regulations and policies.



COBIT 5 is based on 5 key principles for governance and management of enterprise Information Technology.

2.1. PRINCIPLE 1 - Meeting Stakeholder Needs 

Principle 1 - Meeting Stakeholder Needs

COBIT 5 is highly customisable, flexible and provides the structure and tools enterprise leaders need to deliver business value. Enterprises exist to create value for their stakeholders, so the governance objective for any enterprise is value creation. Value creation means realising benefits at an optimal resource cost whilst optimising risk.

COBIT 5 Principles - ISACA/QAP

2.2. PRINCIPLE 2 - Covering the Enterprise End-to-End 

Principle 2 - Covering the Enterprise End-to-End

COBIT 5 covers the enterprise end to end for all matters relating to information and technology. COBIT 5 is complete in enterprise coverage, providing a basis to integrate effectively other frameworks, standards and practices used.

2.3. PRINCIPLE 3 - Applying a Single Integrated Framework 

Principle 3 - Applying a Single Integrated Framework

COBIT 5, based on established and credible practices from international thought leaders, integrates other standards, helping enterprise executives identify and effectively address the most relevant issues for the enterprise. In addition to the governance objective, the other main elements of the governance approach include the following:

  • Governance enablers are the organisational resources for governance, such as frameworks, principles, structure, processes and practices, toward which or through which action is directed and objectives can be attained
  • Governance scope: Governance can be applied to the whole enterprise, an entity, a tangible or intangible asset, etc.
  • Roles, Activities and Relationships: It defines who is involved in governance, how they are involved, what they do and how they interact, within the scope of any governance system.

2.4. PRINCIPLE 4 - Enabling a Holistic Approach 

Principle 4 - Enabling a Holistic Approach

COBIT 5 provides the tools and models that help enterprise leaders effectively manage risk, ensure compliance, continuity, security, and privacy associated with information and technology. Having a business focus means focussing on enterprise goals and objectives. This relates to every enterprise’s objective for benefits realisation, risk optimisation and resource optimisation

2.5. PRINCIPLE 5 - Separating Governance from Managementoach 

Principle 5 - Separating Governance from Management

The COBIT 5 framework makes a clear distinction between governance and management. These two disciplines include different types of activities, require different organisational structures and serve different purposes.

  • Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed-on direction and objectives;
  • Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives

COBIT 5 Enablers - ISACA

COBIT 5 Enablers

The COBIT 5 framework describes 7 categories of enablers, that help foster the achievement of the enterprise’s framework objectives and deliver value:

  1. Principles and policies are the vehicle to translate the desired behaviour into pravtical guidance for day-to-day management;
  2. Processes describe an organised set of practices and activities to achieve defined objectives and produce sets of outputs in support of achieving overall IT-related goals;
  3. Organisational structures are the key decision-making entities in the enterprise;
  4. Culture, ethics and behaviour of individuals and of the enterprise are success factors in governance and management activities;
  5. Information is required for keeping the organisation running and well governed, and at operational level information is often the key asset of the enterprise;
  6. Service capabilities, i.e. services, infrastructures and applications provide the enterprise with with information technology and services;
  7. People, skills and competencies are required for successful completion of all activities, and for making correct decisions and taking corrective actions.


COBIT 5 Processes

COBIT5CobiT processesThe focus of COBIT 5 is on processes, that are split into governance and management “areas”. These two areas contain a total of 5 domains with 3 letter names, and a total of 37 processes:

Governance of Enterprise IT
    • Evaluate, Direct and Monitor (EDM) – 5 processes
Management of Enterprise IT
    • Align, Plan and Organise (APO) – 13 processes
    • Build, Acquire and Implement (BAI) – 10 processes
    • Deliver, Service and Support (DSS) – 6 processes
    • Monitor, Evaluate and Assess (MEA) - 3 processes
This is quite a condensation when you consider that COBIT 5 has incorporated the 34 processes of CobiT 4.1, the 22 processes of Val IT, the 9 processes of Risk IT. Discover the COBIT 5 domains and processes.


COBIT 5 Process capability and maturity

CobiT 4.1 users are familiar with the COBIT capability maturity model (CMM) approach. These provide a scale and related descriptions by which to measure the maturity of an enterprise’s IT processes. COBIT users define their enterprise’s current capability maturity levels and determine what level would be desirable. The gap between the two identifies areas for improvement.

COBIT 5 is designed and built to support a new approach to the assessment of process capability, one that follows the ISO/IEC 15504 - Process maturity assessment for process capability assessments. The rigorous, robust and repeatable approach to process capability assessment provided by the International Organization for Standardization (ISO) approach is introduced in The Framework.


COBIT 5 Products

The COBIT 5 guidance initially comprised 3 products:

  • Volume 1 : The Framework • 60 pages • Principles and models for enterprise governance of IT
    The Framework: covers governance and management of IT – with definitions and descriptions of several new models – and is designed for stakeholders so they can understand COBIT 5 and gain guidance on implementation and migration. It will translate stakeholders’ concerns into concepts and includes an evolution of the well-accepted Business Goals drive IT Goals drive IT Processes approach of CobiT 4.1

  • Volume 2 : Process Reference Guide • 200 pages • Detailed process reference guide
    The Process Reference Guide: retains the basic approach, structure and content of the process reference model of CobiT 4.1 with its template-driven set of pages for each process. However new layouts and heading terminology are used.

  • Volume 3 : Implementing and Continually Improving Enterprise Governance of IT.
    This volume will be an updated version of the CobiT 4.1 lifecycle approach (Implementing and Continually Improving IT Governance) with the addition of how to migrate to COBIT 5 from CobiT 4.1.


COBIT 5 Training

The COBIT 5 Training offers 2 training paths:

  • The COBIT 5 Implementation path is for those interested in learning how to apply the COBIT 5 framework and COBIT 5: Enabling Processes and how to analyse the results. Upon completion of the training and exam, attendees are able to apply COBIT 5’s good-practice, continual-improvement, life-cycle approach to GEIT, tailored to suit the needs of a specific enterprise, and implement, or advise an enterprise on implementing, a framework for the governance and management of enterprise IT using COBIT 5.
  • The COBIT 5 Assessor path is for individuals interested in performing COBIT 5-based assessments using the ISO/IEC 15504 approach. This training provides the main guidance on performing a process capability assessment; the roles, responsibilities and competencies required; and the key steps, from assessment initiation to assessment results reporting.

Both training paths require first passing the COBIT 5 Foundation exam.

See : Control Objectives for Information and related Technology (CobiT)

See : COBIT 5 overview

QAP © 2010 | advice[at] | audit[at]
   Audit     Advisory     Training     Change     Disclaimer     Copyright