COBIT 5 is a framework for the governance and management of enterprise IT. The framework helps organisations create optimal value from IT by balancing benefits, risks and resource use. It enables IT to be governed and managed in a holistic manner for the entire enterprise.
COBIT 5 is based on five key principles:
1. Meeting Stakeholder Needs
COBIT 5 provides all of the required processes and other enablers to support business value creation through the use of IT. Because every enterprise has different objectives, an enterprise can customise COBIT 5 to suit its own context through the goals cascade, translating high-level enterprise goals into manageable, specific, IT-related goals and mapping these to specific processes and practices.
2. Covering the Enterprise End-to-end
COBIT 5 integrates governance of enterprise IT into enterprise governance:
a. It covers all functions and processes within the enterprise; COBIT 5 does not focus only on the ‘IT function’, but treats information and related technologies as assets that need to be dealt with just like any other asset by everyone in the enterprise.
b. It considers all IT-related governance and management enablers to be enterprise-wide and end-to-end, i.e., inclusive of everything and everyone—internal and external—that is relevant to governance and management of enterprise information and related IT.
3. Applying a Single, Integrated Framework
There are many IT-related standards and good practices, each providing guidance on a subset of IT activities. COBIT 5 aligns with other relevant standards and frameworks at a high level and thus can serve as the overarching framework for governance and management of enterprise IT.
4. Enabling a Holistic Approach
Efficient and effective governance and management of enterprise IT require a holistic approach, taking into account several interacting components. COBIT 5 defines a set of enablers to support the implementation of a comprehensive governance and management system for enterprise IT. Enablers are broadly defined as anything that can help to achieve the objectives of the enterprise. The COBIT 5 framework defines seven categories of enablers:
- Principles, Policies and Frameworks
- Organisational Structures
- Culture, Ethics and Behaviour
- Services, Infrastructure and Applications
- People, Skills and Competencies
5. Separating Governance from Management
The COBIT 5 framework makes a clear distinction between governance and management. These two disciplines encompass different types of activities, require different organisational structures and serve different purposes. COBIT 5’s view on this key distinction between governance and management is:
a.Governance. In most enterprises, overall governance is the responsibility of the board of directors under the leadership of the chairperson. Specific governance responsibilities may be delegated to special organisational structures at an appropriate level, particularly in larger, complex enterprises
b.Management. In most enterprises, management is the responsibility of the executive management under the leadership of the chief executive officer (CEO).
Get in touch with our security experts
Our team is available for a quick call or video meeting. Let's connect and discuss your security challenges, dive into vendor comparison reports, or talk about your upcoming IT-projects. We are here to help.