COBIT is a framework created by ISACA for information technology management and IT governance. The framework defines a set of generic processes for the management of IT, with each process defined together with process inputs and outputs, key process-activities, process objectives, performance measures and an elementary maturity model.
Framework and components
Business and IT goals are linked and measured to create responsibilities of business and IT teams. Five processes are identified: Evaluate, Direct and Monitor ; Align, Plan and Organize ; Build, Acquire and Implement ; Deliver, Service and Support ; and Monitor, Evaluate and Assess. The COBIT framework ties in with COSO, ITIL, BiSL, ISO 27000, CMMI, TOGAF and PMBOK. The framework helps companies follow law, be more agile and earn more. Below are COBIT components:
Framework: Organizes IT governance objectives and good practices by IT domains and processes and links them to business requirements.
Process descriptions: A reference process model and common language for everyone in an organization. The processes map to responsibility areas of plan, build, run, and monitor.
Control objectives: Provides a complete set of high-level requirements to be considered by management for effective control of each IT process.
Management guidelines: Helps assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes.
Maturity models: Assesses maturity and capability per process and helps to address gaps.
History
COBIT was initially "Control Objectives for Information and Related Technologies," though before the release of the framework people talked of "CobiT" as "Control Objectives for IT" or "Control Objectives for Information and Related Technology." ISACA first released COBIT in 1996, originally as a set of control objectives to help the financial audit community better maneuver in IT-related environments. Seeing value in expanding the framework beyond just the auditing realm, ISACA released a broader version 2 in 1998 and expanded it even further by adding management guidelines in 2000's version 3. The development of both the AS 8015: Australian Standard for Corporate Governance of Information and Communication Technology in January 2005 and the more international draft standard ISO/IEC DIS 29382 in January 2007 increased awareness of the need for more information and communication technology governance components. ISACA inevitably added related components/frameworks with versions 4 and 4.1 in 2005 and 2007 respectively, "addressing the IT-related business processes and responsibilities in value creation and risk management." COBIT 5, released in 2012 bases on COBIT 4.1, Val IT 2.0 and Risk IT frameworks and draws on ISACA's IT Assurance Framework and the Business Model for Information Security. The newer version COBIT 2019 was released in 2018.
