COBIT® 2019 FRAMEWORK: GOVERNANCE AND MANAGEMENT OBJECTIVES
Several misconceptions about COBIT should be dispelled:
•COBIT is not a full description of the whole IT environment of an enterprise.
•COBIT is not a framework to organize business processes.
•COBIT is not an (IT-)technical framework to manage all technology.
•COBIT does not make or prescribe any IT-related decisions. It will not decide what the best IT strategy is, what the best architecture is, or how much IT can or should cost. Rather, COBIT defines all the components that describe which decisions should be taken, and how and by whom they should be taken.
1.2 Overview of COBIT® 2019
The COBIT® 2019 product family is open-ended and designed for customization. The following publications are currently available.2
•COBIT® 2019 Framework: Introduction and Methodology introduces the key concepts of COBIT® 2019.
•COBIT® 2019 Framework: Governance and Management Objectives comprehensively describes the 40 core governance and management objectives, the processes contained therein, and other related components. This guide also references other standards and frameworks.
•COBIT® 2019 Design Guide: Designing an Information and Technology Governance Solution explores design factors that can influence governance and includes a workflow for planning a tailored governance system for the enterprise.
•COBIT® 2019 Implementation Guide: Implementing and Optimizing an Information and Technology Governance Solution represents an evolution of the COBIT® 5 Implementation guide and develops a road map for continuous governance improvement. It may be used in combination with the COBIT® 2019 Design Guide.
Figure 1.1 shows the high-level overview of COBIT® 2019 and illustrates how different publications within the set cover different aspects.
Figure 1.1—COBIT Overview
Inputs to COBIT 2019
COBIT 5
Standards,
Frameworks,
Regulations
Community
Contribution
COBIT 2019
|
|
COBIT Core |
|
|
||||
|
Reference |
Model of Governance |
|
|||||
|
and Management Objectives |
|
||||||
EDM01—Ensured |
|
|
|
|
EDM04—Ensured |
EDM05—Ensured |
|
|
Governance |
EDM02—Ensured |
EDM03—Ensured |
|
|||||
Framework Setting |
Benefits Delivery |
Risk Optimization |
Resource |
Stakeholder |
|
|||
and Maintenance |
|
|
|
|
Optimization |
Engagement |
|
|
APO01—Managed |
APO02—Managed |
APO03—Managed |
APO04—Managed |
APO05—Managed |
APO06—Managed |
APO07—Managed |
|
|
I&T Management |
Enterprise |
|
||||||
Framework |
Strategy |
Architecture |
|
Innovation |
Portfolio |
Budget and Costs |
Human Resources |
MEA01—Managed |
|
|
|
|
|
|
|
|
Performance and |
|
|
|
|
|
|
|
|
Conformance |
APO08—Managed |
APO09—Managed |
APO10—Managed |
APO11—Managed |
APO12—Managed |
APO13—Managed |
APO014—Managed |
Monitoring |
|
Service |
|
|||||||
Relationships |
Agreements |
Vendors |
|
Quality |
Risk |
Security |
Data |
|
|
|
|
|
|
|
|
|
MEA02—Managed |
|
|
BAI03—Manage |
|
|
|
|
BAI07—Managed |
System of Internal |
BAI01—Managed |
BAI02—Managed |
BAI04—Managed |
BAI05—Managed |
BAI06—Managed |
Control |
|||
Programs |
Requirements |
Solutions |
|
Availability |
Organizational |
IT Change |
|
|
|
Definition |
Identification |
|
and Capacity |
Change |
IT Changes |
Acceptance and |
|
|
|
and Build |
|
|
|
Transitioning |
|
|
BAI08—Managed |
BAI09—Managed |
BAI10—Managed |
BAI11—Managed |
|
|
|
MEA03—Managed |
|
Knowledge |
Assets |
Configuration |
|
Projects |
|
|
|
Compliance with |
|
|
|
|
|
|
|
External |
|
|
|
|
|
|
|
|
|
Requirements |
DSS01—Managed |
DSS02—Managed |
DSS03—Managed |
DSS04—Managed |
DSS05—Managed |
DSS06—Managed |
|
MEA04—Managed |
|
Service Requests |
Security |
Business |
|
|||||
Operations |
and Incidents |
Problems |
|
Continuity |
Services |
Process Controls |
|
Assurance |
•Enterprise strategy
•Enterprise goals
•Enterprise size
•Role of IT
•Sourcing model for IT
•Compliance requirements
•Etc.
Design Factors |
Tailored Enterprise |
||
|
|
||
|
|
Governance |
|
|
|
|
System for |
|
|
Information and |
|
|
|
Technology |
|
|
Focus Area |
|
|
|
|
Priority governance |
|
|
|
|
|
|
|
|
and management |
|
• SME |
|
objectives |
|
• Security |
|
Specific guidance |
|
• Risk |
|
from focus areas |
|
• DevOps |
|
Target capability |
|
• Etc. |
|
and performance |
|
|
|
management |
|
|
|
guidance |
|
|
|
|
COBIT® 2019 Framework:
Introduction and Methodology
COBIT Core |
|
|
|
|
|
Publications |
|
|
|
|
|
COBIT® 2019 Framework: |
|
COBIT® 2019 Design Guide: |
|
COBIT® 2019 Implementation Guide: |
|
|
|
|
|||
|
Governance and |
|
Designing an Information and Technology |
|
Implementing and Optimizing an |
|
|
|
Information and Technology |
||
|
Management Objectives |
|
Governance Solution |
|
|
|
|
|
Governance Solution |
||
|
|
|
|
|
|
|
|
|
|
|
|
2At the time of publication of this COBIT® 2019 Framework: Governance and Management Objectives title, additional titles are planned for the COBIT® 2019 product family but not yet released.
10