COBIT is owned and supported by ISACA. It was released in 1996; the current Version 5.0 (April 2012) brings together COBIT 4.1, Val IT 2.0 and Risk IT frameworks.
The COBIT 5 principles and enablers are generic and useful for enterprises of all sizes, whether commercial, not-for -profit or in the public sector (Figures 1 and 2).
The process reference model defines and describes in detail a number of governance, and management processes. It represents all the processes normally found in an organization relating to IT activities, thus providing a common reference model understandable to operational IT, and business managers, and their auditors/advisors. The process reference model divides the processes of organization IT into two domains: governance and management.
COBIT 5 provides a set of 36 governance and management processes within the framework.
The governance domain contains five governance processes; within each process, evaluate, direct, and monitor practices are defined.
• EDM1: set and maintain the governance framework
• EDM2: ensure value optimisation
• EDM3: ensure risk optimisation
• EDM4: ensure resource optimisation
• EDM5: ensure stakeholder transparency
The four management domains, in line with the responsibility areas of plan, build, run, and monitor (PBRM) provide end-to-end coverage of IT.
• Align, plan, and organize
• Build, acquire, and implement
• Deliver, service, and support
• Monitor, evaluate, and assess
A casual look at the four management domains of COBIT 5 rapidly illustrates its direct relationship with ITIL.
• The align, plan, and organize domain relates to the service strategy and design phases
• The build, acquire, and implement domain relates to the service transition phase
• The deliver, service, and support domain relates to the service operation phase
• And finally, the monitor, evaluate, and assess domain relates to the continual service improvement phase
All aspects of COBIT 5 are in line with the responsibility areas of plan, build, run and monitor. In other words, COBIT 5 follows the PDCA cycle of Plan, Do, Check, and Act. COBIT has been positioned at a high level, and has been aligned and harmonized with other, more detailed, IT standards and proven practices such as COSO, ITIL, ISO 27000, CMMI, TOGAF and PMBOK Guide. COBIT 5 acts as an integrator of these different guidance materials summarising key objectives under one umbrella framework that links the proven practice models with governance and business equirements.