© 2018 ISACA. All rights reserved.
INTRODUCING
Executive Summary
November 2018
© 2018 ISACA. All rights reserved.
COBIT® 2019
The globally recognized COBIT Framework, which helps ensure effective
enterprise governance of information and technology, has been updated with new
information and guidance, facilitating easier, tailored implementation—
strengthening COBIT’s continuing role as an important driver of innovation and
business transformation. This document sets the scene for the upcoming release
of COBIT® 2019 guidance.
© 2018 ISACA. All rights reserved.
Remembering John Lainhart
• In dedication to John Lainhart, who was
there from COBIT day -1 in 1995 until his
passing in September 2018.
• John was the relentless support behind
many COBIT related projects, including
COBIT 2019 .
• ISACA is extremely grateful for John and
his vision, and COBIT 2019 (and its
progeny) are his legacy.
Picture provided courtesy of Dirk Steuperaert
© 2018 ISACA. All rights reserved.
COBIT 2019
DRIVERS AND BENEFITS
© 2018 ISACA. All rights reserved.
COBIT 2019
UPDATE DRIVERS
COBIT
2019
Optimizing I&T
Governance
Staying
relevant in a
changed
environment
Building on
COBIT
strengths and
identifying
opportunities
Addressing
COBIT 5
limitations
© 2018 ISACA. All rights reserved.
COBIT 2019
OPTIMIZING I&T GOVERNANCE
Enterprise
Governance of
I&T
Business/IT
Alignment Value Creation
IT – used to refer to the organizational department with main responsibility for
technology – versus I&T – all the information the enterprise generates, processes
and uses to achieve its goals, as well as the technology to support that throughout
the enterprise.
COBIT
2019
Optimizing I&T
Governance
Staying relevant
in a changed
environment
Building on
COBIT
strengths and
identifying
opportunities
Addressing
COBIT5
imperfections
© 2018 ISACA. All rights reserved.
COBIT 2019
STAYING RELEVANT IN A CHANGED ENVIRONMENT
• COBIT 5 was published in 2012, making it almost 7 years old
• New technology and business trends in the use of IT (e.g. digitization) have not
been incorporated into COBIT, requiring re-alignment
• The need for the integration of new insights from practitioners, science and
academia in the domain of I&T governance creation
• Other standards have evolved, resulting in a different standards/frameworks
landscape, requiring a re-alignment
• More fluid and frequent updates of COBIT required
COBIT
2019
Optimizing I&T
Governance
Staying
relevant in a
changed
environment
Building on
COBIT
strengths and
identifying
opportunities
Addressing
COBIT5
imperfections
© 2018 ISACA. All rights reserved.
COBIT 2019
STAYING RELEVANT IN A CHANGED ENVIRONMENT
COBIT
2019
Optimizing I&T
Governance
Staying
relevant in a
changed
environment
Building on
COBIT
strengths and
identifying
opportunities
Addressing
COBIT5
imperfections
• US National Institute of Standards and
Technology (NIST) standards:
–NIST Cybersecurity Framework v1.1
–NIST SP 800 53 Rev 5
–NIST SP 800 37 Rev 2 (Risk
Management Framework)
• ISO/IEC 20000
• ISO/IEC 27000 family:
–ISO/IEC 27001
–ISO/IEC 27002
–ISO/IEC 27004
–ISO/IEC 27005
• ISO/IEC 31000:2018
• ISO/IEC 38500
• ISO/IEC 38502
• A Guide to the Project Management
Book of Knowledge: PMBOK® Guide,
Sixth Edition, 2017
• The TOGAF® Standard, The Open
Group
• The Open Group IT4IT Reference
Architecture, version 2.0
• CIS ® Critical Security Controls, Center
for Internet Security
• King IV Report on Corporate
Governance, 2016
• Scaled Agile Framework (SAFe®)
• Cloud standards and good practices:
• Amazon Web Services (AWS®)
• Security Considerations for Cloud
Computing, ISACA
• Controls and Assurance in the Cloud:
Using COBIT ® 5, ISACA
• Enterprise Risk Management (ERM)—
Integrated Framework, Committee of
Sponsoring Organizations of the Treadway
Commission (COSO), June 2017
• The TBM Taxonomy, The TBM Council
• “Options for Transforming the IT
Function Using Bimodal IT,” MIS
Quarterly Executive (white paper)
• ITIL V3
• HITRUST ® Common Security
Framework, version 9, September 2017
• Change Management Methodology,
Prosci
• Skills Framework for the Information Age
(SFIA ® ) V6
• The Standard of Good Practice for
Information Security, Information
Security Forum (ISF), 2016
• CMMI V2.0
• The CMMI Cybermaturity Platform, 2018
• The Data Management Maturity Model,
CMMI Institute, 2014
The COBIT 2019 development team looked at following standards/frameworks to
align COBIT 2019 with:
© 2018 ISACA. All rights reserved.
STRENGTHS
• COBIT is a unique overarching IT Governance framework
• COBIT process guidance has matured and has reached its best quality level yet
• COBIT’s business perspective on IT brings a unique opportunity to further expand
its impact
OPPORTUNITIES
• The current (target) audience for COBIT is still very much IT- and Assurance
oriented
• There is an opportunity to re-discover or re-launch some of COBIT hidden gems
• More prescriptive implementation guidance such as incorporating specific design
factors
COBIT 2019
BUILDING ON COBIT STRENGTHS AND IDENTIFYING OPPORTUNITIES
COBIT
2019
Optimizing I&T
Governance
Staying relevant
in a changed
environment
Buildng on
COBIT
strengths and
identifying
opportunities
Addressing
COBIT5
imperfections
© 2018 ISACA. All rights reserved.
• COBIT users find it hard to locate relevant contents for their needs
• Perceived as complex and challenging to apply in practice
• The enabler model is incomplete in terms of development and guidance, and
thus often ignored
• A challenging process capability model and general lack of support of
performance management for other enablers
• The perceived reputation of IT Governance itself as an inhibitor of change and
(administrative) overhead – not per se a COBIT weakness but an IT Governance
problem at large
COBIT 2019
ADDRESSING COBIT 5 LIMITATIONS
COBIT
2019
Optimizing I&T
Governance
Staying relevant
in a changed
environment
Building on
COBIT
strengths and
identifying
opportunities
Addressing
COBIT5
limitations
© 2018 ISACA. All rights reserved.
INTRODUCTION
ENTERPRISE GOVERNANCE OF INFORMATION &
TECHNOLOGY (EGIT) AND THE NATURE OF COBIT
© 2018 ISACA. All rights reserved.
In the light of digital transformation, information and technology (I&T)
have become crucial in the support, sustainability and growth of
enterprises.
• Previously, governing boards and senior management could delegate, ignore or
avoid I&T-related decisions
• In most sectors and industries, such attitudes are now ill advised
• Digitized enterprises are increasingly dependent on I&T for survival and growth
• Stakeholder value creation is often driven by a high degree of digitization in new
business models, efficient processes, successful innovation, etc.
INTRODUCTION
ENTERPRISE GOVERNANCE OF INFORMATION AND TECHNOLOGY (EGIT)
© 2018 ISACA. All rights reserved.
Given the centrality of I&T for enterprise risk management and value
generation, a specific focus on enterprise governance of information
and technology (EGIT) has arisen over the last two decades.
EGIT is an integral part of corporate governance
• Exercised by the board that oversees the definition and implementation of
processes, structures and relational mechanisms
• Enables both business and IT people to execute their responsibilities in support
of business/IT alignment
• Enables creation of business value from I&T-enabled business investments
INTRODUCTION
ENTERPRISE GOVERNANCE OF INFORMATION AND TECHNOLOGY (EGIT)
© 2018 ISACA. All rights reserved.
Fundamentally, EGIT is concerned with value
delivery from digital transformation and the
mitigation of business risk that results from
digital transformation.
More specifically, three main outcomes can be
expected after successful adoption of EGIT.
INTRODUCTION
ENTERPRISE GOVERNANCE OF INFORMATION AND TECHNOLOGY (EGIT)
Benefits
Realization
Risk
Optimization
Resource
Optimization
© 2018 ISACA. All rights reserved.
COBIT is a framework for the governance and management of
enterprise information and technology, aimed at the whole enterprise.
• Enterprise I&T means all the technology and information processing the
enterprise puts in place to achieve its goals, regardless of where this
happens in the enterprise
• Enterprise I&T is not limited to the IT department of an organization, but
certainly includes it
INTRODUCTION
COBIT AS AN INFORMATION & TECHNOLOGY (I&T) FRAMEWORK
© 2018 ISACA. All rights reserved.
Governance
(Board Level)
Management
(Executive Level)
INTRODUCTION
GOVERNANCE AND MANAGEMENT DEFINED
• Plans, builds, runs and monitors
activities, in alignment with the direction
set by the governance body, to achieve
the enterprise objectives
• Ensure stakeholder needs, conditions
and options are evaluated to determine
enterprise objectives
• Ensure direction is set through
prioritization and decision making
• Ensure performance and compliance are
monitored against objectives
© 2018 ISACA. All rights reserved.
INTRODUCTION
WHAT IS COBIT AND WHAT IT IS NOT: SETTING THE RIGHT EXPECTATIONS
COBIT IS
• A framework for the governance and
management of enterprise I&T
• COBIT defines the components to build
and sustain a governance system
• COBIT defines the design factors that
should be considered by the enterprise
to build a best fit governance system
• COBIT is flexible and allows guidance
on new topics to be added
COBIT IS NOT
• A full description of the whole IT
environment of an enterprise
• A framework to organize business
processes
• An (IT-) technical framework to manage
all technology
• COBIT does not make or prescribe any
IT-related decisions
© 2018 ISACA. All rights reserved.
APPENDIX
© 2018 ISACA. All rights reserved.
ABOUT ISACA
Nearing its 50th year, ISACA® (isaca.org) is a global association helping individuals
and enterprises achieve the positive potential of technology. Today’s world is
powered by technology, and ISACA equips professionals with the knowledge,
credentials, education and community to advance their careers and transform their
organizations.
ISACA leverages the expertise of its 450,000 engaged professionals in information
and cyber security, governance, assurance, risk and innovation, as well as its
enterprise performance subsidiary, CMMI® Institute, to help advance innovation
through technology. ISACA has a presence in 188 countries, including 217 chapters
worldwide and offices in both the United States and China.
