COBIT 2019 & COBIT 5 - Everything You Need to Know

What's new in COBIT 2019? How does it differ from COBIT 5? We take a look at what you need to know about the COBIT 2019 framework

Try a Free Module
COBIT® 5 Foundation Banner

UPDATE - Visit our What is COBIT 2019 page for information on the LATEST version of the COBIT framework, or take a look at our COBIT 2019 Foundation course and try a FREE trial today!

Over the years, Information Technology (IT) has evolved far beyond being just another tool for businesses. It now forms the strategic foundation of most, if not all, successful organizations, regardless of their size, age, sector, or industry. A business that fails to optimize its digital and IT capabilities can easily find itself vulnerable to competitors in the dynamic and ever-evolving landscape of the Digital Age.

‘IT governance’, the process of making sure IT is strategically aligned with business requirements, will usually branch out into virtually every aspect of an organization, including the provision of customer services, the processes which generate end products, and even change management. This, naturally, begs the question: in a growing business with a web of activities, how does one not only keep track of IT operations but also make sure that they are optimized, targeted, and refined?

Indeed, the ‘governance’ of IT will usually branch out into virtually every aspect of an organization, including the provision of customer services, the processes which generate end products and even change management. This, of course, begs the question: in a growing business with a web of activities, how does one not only keep track of IT operations, but also make sure that they are optimized and refined?

COBIT is a leading framework for the governance and management of enterprise IT. Created by the non-profit ISACA, COBIT was built by experts to suit the requirements of both business executives and IT professionals. It combines enterprise governance and management techniques, providing principles, practices, models and analytical tools to help users consistently increase the value of, and trust in, their IT systems.

Part of COBIT’s success comes from the fact that it has been consistently updated to meet the ever-changing needs of IT governance. For example, the latest version, COBIT 5, is better able to integrate with other popular frameworks, standards and resources, including VAL IT, Risk IT and ITIL.

So, what exactly does COBIT 5 do in a nutshell? It enables organizations to balance resource usage, risk optimization and realizing benefits, helping them to improve business outcomes and ensure that their IT systems are supporting them as much as possible.

COBIT 2019 (sometimes referred to as ‘COBIT 19’) also provides a level of flexibility that helps organizations to:

  • Adapt to user demands

  • Conform to industry regulations and compliance initiatives

  • Manage risks and security

  • Maximize the value of intellectual property

  • Make sure IT is capable of supporting major changes

As you can probably tell by now, enterprise IT is an enormous subject. Very few tools cover it in such depth as COBIT 5, making it an excellent investment for any organization serious about optimizing its use of IT.

How Does COBIT 2019 Work?

COBIT 5, the previous iteration of the framework, was focused on providing tools, best practices, and objectives that were universally applicable to all IT operations. COBIT 2019, on the other hand, is geared towards creating bespoke IT frameworks suited to the goals and requirements of individual companies. While the changes may take some getting used to, especially for those used to the much-loved process reference model, the new framework has a great deal to offer.

To start off, it is worth getting a key piece of information out of the way: COBIT 2019 is not a cheat sheet but a generic tool. That is not to say that it is not unique or comprehensive; rather, the tools and practices offered by the framework are flexible enough to be used by enterprises regardless of their size or immediate goals. At the same time, there is a lot to learn, and not all of the COBIT 2019 methodology will be relevant for everyone.

  • Objectives - COBIT 2019 contains ‘Management Objectives’ and ‘Governance Objectives’, with a total of 40 as part of its ‘Core Model’. Practitioners prioritize or ignore these objectives based on the needs of customers, stakeholders, users, and so on, allowing them to create comprehensive and bespoke IT strategies and frameworks

  • Domains - Every COBIT Objective fits within a specific ‘Domain’. Management Objectives are categorized into ‘Monitor, Evaluate and Assess (MEA)’, ‘Build Acquire and Implement (BAI)’, ‘Deliver, Service and Support (DSS)’, and ‘Align, Plan and Organize (APO)’. Governance Objectives are found under ‘Evaluate, Direct, and Monitor (EDM)’

  • Goals cascade - This tool demonstrates how drivers create needs and ultimately establish clearly defined ‘goals’. In COBIT 5, these were called ‘IT Goals’, though, in COBIT 2019, they are now known as ‘Alignment Goals’

  • Components - Formerly known as ‘Enablers’, Components are generic elements that influence IT. They typically include Skills, Infrastructure, Information Flows, Policies and Procedures, Processes, and Organizational Structures. COBIT 2019 also introduced ‘variants of generic’. With these, Components can be examined and adapted based on a ‘Focus Area’ such as a specific piece of compliance legislation like the GDPR

  • Design Factors - These factors help define the needs of an organization and how they must be addressed in a framework. ‘Contextual factors’, such as corporate landscapes and threats, are beyond the organization’s control. ‘Strategic factors’ are based on decisions made by the organization, such as the focus of enterprise strategies and the prioritization of different IT elements. Tactical factors focus on implementation choices regarding technology (such as cloud data), methods (such as DevOps, ITIL 4, or Agile), and outsourcing models

These aspects are all used to assess the requirements of IT. Based on the results, COBIT practitioners will then create bespoke frameworks that help managers to optimize the use of resources, time, and other factors in order to meet crucial targets and strategic goals.

The IT governance and management style of the framework is based on six principles:

  • Meeting stakeholder needs

  • Covering user enterprises from end to end

  • Applying a single integrated framework

  • Enabling a holistic approach

  • Separating governance from management

Combined, these principles enable organizations to build completely holistic frameworks. These frameworks, in turn, will be based on seven ‘enablers’.

  • People, policies and frameworks

  • Processes

  • Organizational structures

  • Culture, ethics and behavior

  • Information

  • Services, infrastructure and applications

  • People, skills and competencies

Like COBIT 5, COBIT 2019 can also integrate with a number of compatible best-practice frameworks and standards, including ITIL, ISO 20,000, and ISO 27,001. It can be highly useful to take an integrated approach when implementing an IT governance framework. For example, you may choose to pick segments from different frameworks in order to create a system that best meets the unique needs of your organization.

Remember, organizations must always prioritize ensuring that IT assets support strategic business goals. Without sufficient perspective, fluidity, and control, an organization may not be fully optimized or compliant in its actions - and it may not even realize it!

How Does COBIT 2019 Improve Existing Frameworks?

COBIT 2019 establishes the potential for progressive evolution in IT frameworks. With elements of digital and IT management being in constant flux, businesses must be prepared to reexamine their chosen best practices, software, technology, and compliance initiatives on a regular basis. This is not only for the sake of meeting the standards set by clients but also surpassing them.

To help users cope with this, COBIT 2019 offers several methods for continuous improvement. Firstly, it lays out the ‘COBIT Performance Management (CPM)’ system. Based on the CMMI Performance Management Scheme (and scored between 0 and 5), this is used to gauge the overall capability of a process:

  • Score = 0: Lack of any basic capability. Incomplete approach to address governance and management purpose. May or may not be meeting the intent of any process practices

  • Score = 1: The process more or less achieves its purpose through the application of an incomplete set of activities that can be characterized as initial or intuitive - not very organized

  • Score = 2: The process achieves its purpose through the application of a basic yet complete set of activities that can be characterized as performed

  • Score = 3: The process achieves its purpose in a much more organized way using organizational assets. Processes typically are well defined

  • Score = 4: The process achieves its purpose, is well defined, and its performance is (quantitatively) measured

  • Score = 5: The process achieves its purpose, is well defined, its performance is measured to improve performance and continuous improvement is pursued

Level 2 refers to the basic level of capability, with any numbers below this indicating an area for immediate improvement.

COBIT’s approach to continuous improvement is not limited to user businesses, however. COBIT 2019 also utilizes an open-source model, which allows ISACA to collect feedback from the worldwide community of IT governance and management professionals. By regularly assessing this feedback, ISACA will identify areas where the methodology can be improved, such as incorporating new best practices or integrating new technology. As a result, COBIT 2019 users will have an edge in adapting to new opportunities in the future.

Finally, COBIT 2019 also lists several ‘enhancing activities’. These are suggested by ISACA to help practitioners enhance their implementation of COBIT. For example, when first adopting COBIT, managers and stakeholders may want to consider investing in COBIT online training.

How can COBIT 2019 Certification Help my Business?

It is important to realize that governance and management are two very distinct elements of IT. They form the backbone of almost every successful organization on the planet, and COBIT 2019 is built specifically to optimize them.

Because of its bespoke factors, COBIT can also be adopted by a variety of businesses. Regardless of industry, size, location, or anything else, any organization on the planet can reap the benefits of IT optimization.

Of course, you may still be worried about how the benefits of studying COBIT 2019 weigh against COBIT 2019 certification costs. So, how exactly does COBIT create value?

  • IT Alignment - COBIT 2019 goes beyond the immediate needs of users and customers and ensures IT is aligned with larger business strategies. Achieving this despite the complexities of managing day to day operations requires a well-defined and comprehensive perspective. COBIT provides this alongside a common language to help IT professionals, departments, teams, and stakeholders stay on the same page

  • Improved compliance - Modern IT must remain aligned with data and business legislation, such as the GDPR. COBIT treats these regulations as crucial details that must always factor into framework updates, ensuring that they are addressed at all levels of IT. Based on the success of COBIT 5 in this capacity, customers already have a great deal of confidence in COBIT 2019 for compliance and risk management

  • Optimization - COBIT 2019 is also designed for improving day-to-day IT management. It helps practitioners to identify priorities while also providing them with the tools and best practices required to make improvements wherever necessary. As a result, practitioners enjoy more targeted, efficient, and cost-effective IT operations, with roles and responsibilities clearly defined across teams and departments

  • Trust - The popularity of the COBIT framework can give practitioner organizations an edge when it comes to winning the confidence of customers, clients, suppliers, and stakeholders. Naturally, the reliability and potential of COBIT 2019 can also improve the positioning of a company’s offering in the marketplace

  • Future-proofing - COBIT 2019 is cutting-edge, offering insight on the latest IT tools, best practices, and so on. It also prepares practitioners for future developments, thanks to its focus on framework reassessments and its open-source model. After incorporating COBIT 2019, organizations find it much easier to evolve whenever and however necessary

IT Governance & Compliance Training

Why Study COBIT With Good e-Learning?

As useful as COBIT is, it’s still important to study and implement it in the correct way. There is a wealth of inaccurate and unaccredited material online, and while this may be cheap, it often fails to fully prepare students to sit official COBIT examinations or apply the framework in real-life situations.

Good e-Learning is a highly experienced COBIT training course provider. Our COBIT 5 and COBIT 2019 courses are fully accredited by the APMG, a partner of ISACA that delivers official certification for COBIT. In other words, you can be sure that our content will do the job!

Good e-Learning currently offers a number of Governance & Compliance courses:

  • COBIT 2019 Foundation - Accredited by APMG and created by leading experts to provide you with everything you need to pass the COBIT 2019 Foundation level exam

  • COBIT 5 Foundation - Accredited by PeopleCert and created by leading experts to provide you with everything you need to pass the COBIT 5 Foundation level exam

  • GDPR Action & Implementation - Take practical steps in complying with the GDPR by prepare all staff or individuals at all levels of the professional scale

  • GDPR Awareness - Learn the basic concepts and ideas behind the GDPR to brief decision-makers with enough knowledge to continue the conversation in their own organizations

  • COBIT 5 Foundation & GDPR Implementation Suite - This suite of courses combines the holistic capabilities of COBIT 5 with everything that businesses need to know about GDPR compliance

Key features of our COBIT courses:

  • Fully accredited

  • FREE exam voucher included

  • Quizzes and revision modules

  • Instant 6 months access

  • Practice exams

  • 24/7 Tutor support

Good e-Learning also specializes in corporate training for businesses looking to upskill multiple employees at once. We have already partnered with hundreds of global blue chips to design courses which take their uniqueness into account, including their location, size, business goals, corporate culture and, of course, budget.

Browse Courses
Our Accreditations