The principles of COBIT® 5 Tutorial

What is COBIT?

COBIT (Control Objectives for Information and Related Technology) helps organisations meet business challenges in the areas of regulatory compliance, risk management and aligning IT strategy with organisational goals. COBIT 5, the latest iteration of the framework, was released in 2012.

COBIT 5 summarised

COBIT 5 is based on five principles that are essential for the effective management and governance of enterprise IT:

• Principle 1: Meeting stakeholder needs
• Principle 2: Covering the enterprise end to end
• Principle 3: Applying a single integrated framework
• Principle 4: Enabling a holistic approach
• Principle 5: Separating governance from management

These five principles enable an organisation to build a holistic framework for the governance and management of IT that is built on seven ‘enablers’:

1. 1.People, policies and frameworks
2. 2.Processes
3. 3.Organisational structures
4. 4.Culture, ethics and behaviour
5. 5.Information
6. 6.Services, infrastructure and applications
7. 7.People, skills and competencies

Together, the principles and enablers allow an organisation to align its IT investments with its objectives to realise the value of those investments.

Top Principles of COBIT 5 Foundation – IT Security

COBIT is created by the international professional association (ISACA), which is a non-profit independent association. The COBIT (Control Objectives for Information and Related Technologies) provide a business framework for the governance and management of IT. COBIT supplies globally accepted principles, practices, and analytical tools, and a growth road map that influences proven practices. All of these are encompassed within a logical framework of IT-related processes. COBIT 5 consolidates COBIT 4.1, and following are the reasons for the transition from COBIT 4.1 to COBIT 5:

There was a need to have an all-through scope of business/organisation that covers all the IT and business functions.

• There was a need to have a rational understanding of analysing the existing standards, methods, tools, and practices that relate and supplement each other.
• There was a need for COBIT to be rigidly assimilated with other ISACA frameworks.
• There was a need to have an improvised guidance on emerging technologies and enterprise architecture.
• There was a need for COBIT to be closely bound by the external standards and frameworks.

COBIT 5 is generic and proves to be useful for all the enterprises, whether small-scale or large-scale and whether commercial or non-profit. Wherever there is a dependency on technology for reliable information or a need to provide quality and control of information, COBIT 5 is used exclusively for all the business processes. COBIT 5 benefits organization and is majorly used by top-level executives and consultants in an enterprise covering the following areas of business:

• IT Operations
• Security and Risk Management
•  Audit
• Governance
• Compliance

Following are the principles of COBIT 5:

COBIT 5 Principle 1: Meeting the Needs of the Stakeholder

COBIT 5 enables the transformation of the needs of the stakeholders into a more practical and achievable strategy. COBIT 5 strives to maintain a balance between the use of available resources and the realisation of the benefits of keeping in consideration the associated risks. This principle focuses on the governance, negotiation, and decision making about the various conflicting needs of the stakeholders. This assures that whenever the benefit, resources, and risk-assessment decisions are made for delivering the value, the needs of the stakeholders are taken into consideration. It uses a mechanism called the COBIT 5 Goals Cascade, which translates the needs of the stakeholder into more specific and manageable approaches which are then mapped to specific processes and practices.

COBIT 5 Principle 2: Covering the entirety of the Project

In this approach, COBIT performs the integration of IT governance and enterprise governance and includes all the processes used to manage information and technology. Considering the latest views and developments in governance and with the integration of IT governance into enterprise governance, COBIT can combine both forms of governance at the same time. The overall business processes and IT services are included in the COBIT 5. The four main elements of this end-to-end approach are as follows:

• The objective of governance for creating value
• The enablers, which can individually or collectively decide what will work
• Deciding the scope
• Assigning roles, responsibilities, and activities

Best COBIT Certification Training with UPDATED Syllabus By Industry Experts

• Instructor-led Sessions
• Real-life Case Studies
• Assignments

Explore Curriculum

COBIT 5 Principle 3: Applying a Single Integrated Framework

The continuous changes in the technology and added pressure from customers and suppliers have led to a challenging task for the organisations to manage and govern its information and related technology. The COBIT 5 enables the organisations to have a single Integrated Framework, providing enterprise coverage and consistency, and it also can be customised as per the needs of the organisation. COBIT 5 can retain the position of a single Integrated Framework due to the following reasons:

• COBIT 5 acts as a single integrated source of direction, even for the non-technical terms of language.
• COBIT 5 aligns itself with relevant standards and frameworks such as ITIL and ISO standards.
• Taking into account the latest standards and frameworks, COBIT 5 composes itself as a ‘Superstructure’ by aligning all the management and governance activities.

COBIT 5 Principle 4: Enabling Holistic Approach

We need to have a complete view of the organisation, including the management and governance structures and processes, while making important decisions concerning the organisation. COBIT 5 facilitates effective management and governance of IT across the organisation by the means of ‘enablers.’ Enablers are the factors driving the outcome of activities that are governance and management related. Enablers can be applied across the entire organisation, including all the internal and external resources relevant to the governance and management of IT. There are five categories of 

Enablers defined in COBIT 5, and they’re as follows:

• Principles and Policies: Performs day-to-day activities of translating the required behaviour into a logical guidance.
• Processes: It consists of applications required to achieve objectives which, in turn, produce outputs required to achieve IT-related goals.
• Structures in an Organisation: Are responsible for making informed decisions in an organisation.
• Information: It is the key product of an enterprise itself and keeps an organisation operating successfully and well governed.
• People’s skills and competencies: Links people with the right skills for successful completion of work, along with taking corrective steps and making corrective decisions.

COBIT 5 Principle 5: Separating Governance from Management

COBIT 5 clarifies that the governance and management each serve different purposes, have different responsibilities, require different types of activities, and need different supportive organisation structures. COBIT 5 uses EDM (evaluate, direct, and monitor) for governance, while PBRM (plan, build, run, and monitor) for management as follows:

• Governance or EDM ensures that the needs of the stakeholders are evaluated by identifying and agreeing on objectives to be achieved, which is directed by prioritisation and are also monitored for performance against objectives.
• Management or PBRM ensures to monitor the activities and confirm that they are in alignment with those described in the governance set.

Benefits of COBIT

The COBIT 5 framework can help organisations of all sizes:

• Improve and maintain high-quality information to support business decisions;
• Use IT effectively to achieve business goals;
• Use technology to promote operational excellence;
• Ensure IT risk is managed effectively;
• Ensure organisations realise the value of their investments in IT; and
• Achieve compliance with laws, regulations and contractual agreements.

COBIT 5 and other frameworks

COBIT 5 has been designed with integration at its heart. It is aligned with numerous best-practice frameworks and standards, such as ITIL®,ISO 20000 and ISO 27001.

It may be best to take an integrated approach when implementing an IT governance framework, using parts of several different frameworks and standards to deliver the results you need. In Pragmatic Application of Service Management, Suzanne Van Hove and Mark Thomas provide an approach to integrating COBIT 5, ITIL and ISO 20000 that delivers better return on investment and alignment of IT with organisational objectives.

Discover our range of bestselling COBIT products and services 

IT Governance offers a complete range of books, toolkits, e-learning, training, software and consultancy relating to all areas of IT governance, risk and compliance.

COBIT toolkit

IT Governance Control Framework Implementation Toolkit

• The IT Governance Control Framework Implementation Toolkit has been designed to simplify the complex process of COBIT implementation. It provides documentation templates that cover all 37 of the COBIT processes and ready-to-use policies and procedures that will save you time and money when implementing COBIT.