What is COBIT?
The COBIT framework is published by the IT Governance Institute and the Information Systems Audit and Control Association (ISACA). The goal of the framework is to provide a common language for business executives to communicate with each other about goals, objectives and results. The latest version, emphasizes the value that information governance can provide to a business' success. It also provides quite a bit of advice about enterprise risk management.
The name COBIT originally stood for "Control Objectives for Information and Related Technology," but the spelled-out version of the name was dropped in favor of the acronym in the fifth iteration of the framework.
COBIT 5 is based on five key principles for governance and management of enterprise IT:
- Principle 1: Meeting Stakeholder Needs
- Principle 2: Covering the Enterprise End-to-End
- Principle 3: Applying a Single, Integrated Framework
- Principle 4: Enabling a Holistic Approach
- Principle 5: Separating Governance From Management
Various components of COBIT include:
- IT helps organizing the objectives of IT governance and bringing in the best practices in IT processes and domains, while linking business requirements.
- Process Descriptions
- It is a reference model and also acts as a common language for every individual of the organization. The process descriptions include planning, building, running and monitoring of all IT processes.
- Control Objectives
- his provides a complete list of requirements that has been considered by the management for effective IT business control.
- Maturity Models
- Accesses the maturity and the capability of every process while addressing the gaps.
- Management Guidelines
- Helps in better assigning responsibilities, measuring performances, agreeing on common objectives and illustrate better interrelationships with every other process.
COBIT is being used by organisations whose primary responsibilities happen to be business processes and related technologies. This is for organisations and business hat depend on technology for reliable and relevant information. COBIT is used by both the government departments, and other private commercial organizations. It helps in increasing the sensibility of IT processes to a great extent.
Why do companies choose to invest in COBIT?
The organisation exists to create value for its stakeholders. COBIT was created from the top down, meaning that the entire model focuses on the primary facets of providing value: realizing benefits, while optimizing risks and resources. The goals cascade to the enablers, COBIT helps you focus on value. You should try to understand the complete framework to realize its full benefits. Although implementing portions of the framework certainly helps, it may not identify where your gaps truly exist.
If an enterprise doesn’t manage its information, it will no longer exist. COBIT focuses on the information first. Without information, there’s no need for the technology.
COBIT has escaped the “for big companies only” misconception. Whether you have a small IT organization, or several hundred resources, COBIT fits any size; you just need to identify your business goals, objectives and mission to operate as a going concern. Organisations with minimal IT staff members can leverage COBIT.
COBIT’s seven enablers are designed to help you get beyond just looking at processes. These enablers include 1) Principles, Polices and Frameworks, 2) Processes, 3) Organizational Structures, 4) Culture, Ethics and Behavior, 5) Information, 6) Services, Infrastructure and Applications, and 7) People, Skills and Competencies. These provide a holistic approach to governance where changes in one enabler must be adequately assessed across all enablers.
All processes should have owners. All processes should have assigned roles. Within COBIT5 there is a wealth of information regarding processes. There are 37 processes organized into five domains (one governance domain and 4 management domains). Within the process reference model, the biggest include: process description and purpose, practices and activities, inputs and outputs, RACI charts, goals, and related industry standards and frameworks.
This is not just an academic reference, but a really helpful tool. The goals cascade is a series of mappings that allow you to link stakeholder needs to enterprise goals, to IT related goals, and to enabler goals.
One of the key principles of COBIT is to provide an integrated framework that is complete in enterprise coverage. This provides a basis to integrate and align with the latest relevant standards and frameworks, as well as all knowledge previously dispersed over different ISACA frameworks. So what does this mean? The COBIT product family is a starting point, allowing you to look for additional information.
Some of the most prominent frameworks include ISO27000, PRINCE2. Yes, you can use more than one framework in an enterprise, and COBIT helps you figure out how to do it.