Adrian's KB

COBIT 2019 (Governance)

3 min read

Info

COBIT 2019 (Control Objectives for Information and Related Technologies) is a governance and management framework for enterprise IT, developed by ISACA. It helps organizations align IT goals with business objectives while managing risk and ensuring compliance.

It is the successor to COBIT 5 and introduces greater flexibility, improved alignment with other standards, and updated components for modern enterprise needs.

Key Features

  • Designed for enterprise-level governance of information and technology
  • Supports strategic alignment, performance monitoring, and value delivery
  • Integrates well with frameworks like ITIL, TOGAF, ISO/IEC 27001, and NIST

Core Components

  1. Governance System and Components
    • Policies, processes, structures, information flows, culture, skills, and infrastructure
  2. Governance and Management Objectives
    • 40 objectives grouped under five domains:
      • Evaluate, Direct and Monitor (EDM)
      • Align, Plan and Organize (APO)
      • Build, Acquire and Implement (BAI)
      • Deliver, Service and Support (DSS)
      • Monitor, Evaluate and Assess (MEA)
  3. Performance Management
    • Capability levels and metrics to assess implementation maturity
  4. Design Factors
    • Customization based on enterprise goals, risk appetite, compliance requirements, etc.
  5. Focus Areas
    • Topic-specific guidance (e.g., security, DevOps, cloud governance)

Use Cases

Tip

COBIT 2019 is ideal for organizations seeking to integrate governance into daily operations and ensure that IT investments support strategic outcomes.

  • Improve IT governance and accountability
  • Align IT with enterprise goals and stakeholder needs
  • Support audit and compliance initiatives
  • Optimize risk management practices

Updates from COBIT 5

  • Modular guidance and more adaptability
  • Emphasis on tailoring governance systems
  • Enhanced performance assessment methods

Summary

Note

COBIT 2019 provides a structured, scalable way to govern and manage enterprise IT. It’s business-focused, holistic, and built for modern digital organizations.

Focus of COBIT 2019

Enterprise Governance of Information and Technology (EGIT)

COBIT 2019 is centered on ensuring that information and technology are governed effectively across the enterprise. Here’s what that involves:

  • Governance, not just management
    COBIT 2019 draws a clear line between:

    • Governance: Setting direction, evaluating performance, and monitoring outcomes
    • Management: Planning, building, running, and monitoring day-to-day operations

  • Aligning IT with business goals
    Ensures IT investments and initiatives support strategic objectives and deliver measurable value to stakeholders.

  • Integrating risk and compliance
    Embeds risk management, cybersecurity, and regulatory compliance into regular decision-making processes.

  • Customizability
    Designed to adapt to various enterprise needs through design factors and focus areas, allowing governance systems to align with organizational size, industry, and strategic direction.

Tip

Think of COBIT 2019 as the governance layer that ensures all your IT frameworks (like ITIL, NIST, ISO) are working in sync toward business success.

Graph View