COBIT 5 is generic and useful for enterprises
of all sizes, whether commercial,
not-for-profit or in public sector.
Used globally by those who have the primary responsibility for business processes
and technology, depend on technology for relevant and reliable information, and
provide quality, reliability and control of information and related technology.
users include enterprise executives and consultants in the
following areas: Audit and Assurance Compliance IT
Operations Governance Security and Risk Management
WHY IS IT USED ?
New user demands, industry-specific regulations and risk scenarios
emerge every day. Maximizing the value of intellectual property,
managing risk and security and assuring compliance through effective
IT governance and management has never been more important.
No other framework focused on enterprise IT
offers the breadth or benefits of COBIT. It helps
enterprises of all sizes.
1)Maintain high-quality information to support business decisions 2)Achieve strategic goals through the
effective and innovative use of IT 3) Achieve operational excellence through reliable, efficient application
of technology 4) Maintain IT-related risk at an acceptable level Optimize the cost of IT services and
technology 5)Support compliance with relevant laws, regulations, contractual agreements and policies
WHEN SHOULD BE USED?
NOW! this is the latest concept after COBIT 4.1.
As a framework/guidance replacing COBIT
4.1. COBIT 5 incorporates the latest thinking
in enterprise governance and management
techniques, and provides globally accepted
principles, practices, analytical tools and
models to help increase the trust in, and
value from, information systems.
COBIT 5 builds and expands on COBIT 4.1 by integrating other major frameworks, standards and
resources, including ISACA's Val IT and Risk IT, Information Technology Infrastructure Library (ITIL®) and
related standards from the International Organization for Standardization (ISO).
HOW TO APPLY IT ?
1) Focus on enterprise goals. Forego the process outlined in COBIT 5 Implementation and instead use
the cascading mechanism, starting with figure 5 in the COBIT 5 framework, to focus with laser-like
precision on those processes that support the most significant enterprise goals. Doing so offers
strategic alignment, resource optimization and ultimately delivers value, which, in due course,
satisfies stakeholders.
Meet regulatory requirements. Perhaps an organization thinks its overall governance framework is
decent, but wishes to ensure legal compliance. Use figure 45 in appendix A of COBIT 5 Implementation
to learn how to focus attention on processes EDM03 and MEA03. Additionally, use figure 46 in
appendix B to determine who is accountable and who is responsible.
Focus on pain points. An organization has a big fat problem that will not go away. Again, stakeholders
could use figure 45 to focus on processes for the pain points referenced there.
Ensure process orientation. Slogging away on processes helps an organization become more capable,
more proactive and less reactive. Forget the framework and COBIT 5 Implementation and just start
doing the things in COBIT 5: Enabling Processes. When the organization has control over processes, it is
able to maintain better control during periods of rapid change and organizational crisis. The
organization becomes more resilient and less fragile.
Define a common language. Often the absence of a common vocabulary leads to a breakdown in
communication that can result in mistrust. A client once asked me to find a configuration manager, so I
searched high and low and found a suitable candidate. The client rejected the candidate out-of-hand
and, upon reconsidering their requirements, we agreed they really wanted a release-and-deploy
manager. The client and I lost time and resources because we assumed we had a common
understanding of configur.ation manager. So should an organization do nothing else, it should promote
and utilize the COBIT 5 framework nontechnical business terminology in appendix H within the
organization
Based on the 5 PRINCIPLES
Meeting stakeholder needs. Covering the enterprise end to end. Applying a
single integrated framework. Enabling a holistic approach. Separating
governance from management.
WHAT ?
According to ISACA, the only business framework for
the governance and management of enterprise IT
Control Objectives for Information Related Technologies
Often the solution to address the concerns
regarding some management & governance issues
on IT & related technologies (existed in a company)
COBIT 5 incorporates the latest thinking in enterprise governance and management
techniques, and provides globally accepted principles, practices, analytical tools and
models to help increase the trust in, and value from, information systems.