COBIT is business framework specifically designed for IT governance, used by organizations around the world to streamline IT management processes, align IT with business objectives, improve business outcomes, and more.
In today’s increasingly digital landscape, it is more important than ever to have the right systems in place to ensure that IT effectively supports the organization’s goals.
Below, we’ll look at what problems COBIT solves, the pros and cons of COBIT, and how COBIT compares against other IT frameworks.
Why Use an IT Governance Framework?
Governance, in an enterprise context, refers to the systems and processes that are used to sustain the organization, allocate resources, maintain accountability, distribute authority, create policies, and otherwise supervise the operations of the organization.
IT governance refers to the processes, systems, and actions that ensure IT supports and remains aligned with an organization’s goals.
Having an IT governance framework offers several benefits:
- IT leaders, such as CIOs and IT directors, can apply a proven system without having to invent their own
- Frameworks reduce workloads and simplify workflows
- A tested framework, such as COBIT, improves outcomes across the business, both inside and outside IT
Ultimately, and perhaps most importantly, IT governance frameworks minimize the problems that come with poor governance. These can range from inefficiency to cost overruns to poor communication, among many others.
An In-Depth Intro to COBIT
COBIT is short for Control Objectives for Information and Related Technologies.
This framework was developed by ISACA, an organization that specializes in developing IT frameworks. Today, they maintain COBIT, CMMI, ITAF, and other IT frameworks.
COBIT, as mentioned, is an IT governance framework designed to integrate business objectives with IT.
Below, we’ll examine the key components of the latest version of this framework, COBIT 2019.
COBIT 2019 had divided its governance into two parts – a governance system and a governance framework, each of which is built upon its own principles.
The principles of the governance system are:
- Provide stakeholder value
- Holistic approach
- Dynamic governance system
- Governance distinct from management
- Tailored to enterprise needs
- End-to-end governance system
The principles that the governance framework are built upon include:
- Based on open conceptual model
- Open and flexible
- Aligned to major standards
The principles covered above are expanded in some detail within COBIT’s documentation, allowing IT leaders to develop a governance strategy that is suitable for their own organization.
Governance and Management Objectives
Governance and management objectives are separate within COBIT.
The governance objectives should focus on EDM, or:
There are four domains within management objectives, which include:
- APO: Assign, Plan, and Organize
- BAI: Build, Acquire, and Implement
- DSS: Deliver, Service, and Support
- MEA: Monitor, Evaluate, and Assess
Each of these areas consists of a category of activities aimed to support those functions. These activities are further broken down into a model called the COBIT Core Model.
The “goals cascade” concept refers to the idea that all enterprise goals are products of the goals set by higher levels of the organization.
The hierarchy of goals described in COBIT is as follows:
- Stakeholder drivers and needs
- Enterprise goals
- Alignment goals
- Governance and management objectives
To achieve these objectives, the next area of focus is creating a governance system.
Components of a Governance System
COBIT’s governance system includes seven components:
- Organizational structures
- Principles, policies, and procedures
- Culture, ethics, and behavior
- People, skill, and competencies
- Services, infrastructure, and applications
These components are of different types – generic components that are derived straight from COBIT or variants of those generic types, customized for a specific business function or use case.
- Are governance topics, domains, or issues
- Consist of both generic and variant governance components
- Can be addressed by several governance management objectives and components
Examples of focus areas include specific business functions, such as risk management, digital adoption, or cybersecurity.
The design factors are the considerations that affect how an enterprise designs its governance system.
In COBIT 2019, these are:
- Enterprise strategy
- Enterprise goals
- Risk profile
- I&T-related issues
- Threat landscape
- Compliance requirements
- Role of IT
- Sourcing model for IT
- IT implementation methods
- Technology adoption strategy
- Enterprise size
Taken together, these design factors can help organizations design a governance system that meets their own goals and accomplishes the underlying aim of IT governance – namely, ensuring that IT supports business strategy.
Frameworks such as COBIT are becoming increasingly important as IT drives digital-first business strategies, digital transformation, and digital leadership.
Since COBIT is perhaps considered the “leading” IT governance framework, IT leaders looking to systematize their IT governance processes should certainly investigate it.
Though implementing COBIT within one’s own organization certainly takes time and effort – and it will be necessary to recruit COBIT-certified professionals – a solid commitment would almost certainly pay off.
There are other IT frameworks and business frameworks that can prove useful when it comes to IT and enterprise governance, however, so it is a good idea to investigate those options thoroughly.
For a closer look at such frameworks, check out our post that covers 6 CIO frameworks used for IT governance.