Support Centre

International - COBIT 19

September 2019

1. OVERVIEW

Control Objectives for Information and Related Technologies 2019 ('COBIT 2019') is a best-practice framework from the Information Systems Audit and Control Association ('ISACA'), an international professional association focused on IT governance. COBIT 2019 is designed to assist in the process of understanding, designing and implementing enterprise governance of information and technology. In particular, COBIT 2019 aims to provide globally accepted principles, practices, analytical tools and models, and help enterprises to increase the trust in, and value from, their information systems. The framework was published on 14 November 2018.

2. COBIT 2019

2.1. Overview

COBIT 2019 is an umbrella framework which aligns and maps to other major standards, guidelines, frameworks and compliance rules. COBIT 2019 is an evolution of COBIT 5, which was published in 2012. COBIT 2019 builds and expands on COBIT 5 by adding new design factors and focus areas to make it more practicable and customisable. COBIT 2019 defines the components to build and sustain a governance system, which are as follows:

  • processes;
  • policies and procedures;
  • organisational structures;
  • information flows;
  • skills;
  • infrastructure; and
  • and culture and behaviours.

COBIT 2019 evaluates these components so that enterprises can use their information and technology to:

  • generate maximum value to stakeholders;
  • ensure that appropriate capabilities are in place with sufficient resources to reach goals for growth, innovation and ultimately timely business transformation; and
  • mitigate risk in ways that match the unique risk profile of the enterprise.

COBIT 2019 applies to enterprises of all sizes, whether commercial, not-for-profit or in public sector. Its users cover the sectors of audit and assurance, compliance, IT operations, governance, security and risk management.

2.2. Updates from COBIT 5

ISACA has highlighted that COBIT 2019 has updated COBIT 5 in various ways which include, but are not limited to:

  • the introduction of new concepts such as focus areas and design factors allow for additional guidance for tailoring a governance system to the enterprise’s needs;
  • providing new coverage of data, subjects and compliance;
  • an 'open-source' model that allows the global governance community to provide real-time feedback and proposed enhancement which will be incorporated into the existing framework; and
  • more flexibility that allows user to choose both targeted project-based uses for specific problem-solving situations or comprehensive enterprise-wide adoption to drive business transformation.

While ISACA updated the COBIT framework with COBIT 2019, COBIT 5 materials are still available. In addition, ISACA will continue to support the accreditation and delivery of the COBIT 5 training and certificate schemes.

2.3. COBIT 2019 four core pubications

THE COBIT 2019 framework and its supporting guidance is made up of four core publications.

COBIT 2019 Framework: Introduction and Methodology

In this publication, it is highlighted that the COBIT 2019 framework incorporates an expanded definition of governance and updates COBIT principles. In addition, the structure of the overall framework is outlined, new concepts are introduced, and terminology is explained, such as the COBIT Core Model and its 40 management objectives. Moreover, the performance management system, which allows the flexibility to use maturity measurements as well as capability measurements, is updated. Finally, the new design factors are and focus areas, which offer additional practical guidance on flexible adoption of COBIT 2019, are introduced.

COBIT 2019 Framework: Governance and Management Objectives

This publication contains a detailed description of the COBIT Core Model and its 40 governance/management objectives. Each governance/management objective and its purpose are defined and then matched up with the related process, Alignment Goals and Enterprise Goals.

COBIT 2019 Design Guide: Designing an Information and Technology Governance Solution 

This new publication offers prescriptive how-to information for the user, such as:

  • tailoring a governance system to the enterprise’s unique circumstances and context;
  • defining and listing various design factors and how they relate to the new COBIT 2019 concepts;
  • describing the potential impact these design factors have on implementation of a governance system; and
  • recommending workflows for creating the right-sized design for an organisation's governance system.
  •  

COBIT 2019 Implementation Guide: Implementing and Optimizing an Information and Technology Governance Solution

This guide is an updated version of the previous COBIT 5 Implementation Guide, taking a similar approach to implementation. However, the new terminology and concepts of COBIT 2019, including the design factors, are built into this guidance, making it more tailored to specific governance needs.

2.4. COBIT 2019 design factors

ISACA has highlighted that the 11 'design factors' introduced in COBIT 2019 are a key new feature. These factors can influence the design of an enterprise’s governance system and position it for success in the use of information and technology. The new design factors of COBIT 2019 are:

  • enterprise strategy;
  • enterprise goals;
  • risk profile;
  • IT-related issues;
  • threat landscape;
  • compliance requirements;
  • role of it;
  • sourcing model for IT;
  • IT implementation methods;
  • technology adoption strategy; and
  • enterprise size.