COBIT Governance framework
COBIT is an IT governance framework - developed by ISACA - that an organisation can use to ensure that IT is working as effectively as possible, in order to maximise the benefits of technology investments, minimise risk and optimise usage of the resources. At an early stage, COBIT provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in developing appropriate IT governance and control in a company. Effective & efficient governance over Information and Technology is the starting point for generating value for all types and sizes of organisations.
The COBIT 2019 framework describes seven governance components, which help foster the achievement of the enterprise’s framework objectives and deliver value:
- Principles, policies and procedures are the vehicle to translate the desired behaviour into practical guidance for day-to-day management;
- Processes describe an organised set of practices and activities to achieve defined objectives and produce sets of outputs in support of achieving overall IT-related goals. Each process is defined together with process inputs and outputs, key process activities, process objectives, and performance measures;
- Organisational structures are the key decision-making entities in the enterprise;
- Culture, ethics and behaviour of individuals and of the enterprise are success factors in governance and management activities;
- Information is required for keeping the organisation running and well governed, and at operational level information is often the key asset of the enterprise;
- Services, infrastructures and applications provide the enterprise with information technology and services;
- People, skills and competencies are required for successful completion of all activities, and for making correct decisions and taking corrective actions.
The COBIT 2019 framework makes a clear distinction between governance and management. These two areas include different types of activities, require different organisational structures and serve different purposes.
- Governance ensures that enterprise objectives are achieved by Evaluating stakeholder needs, conditions and options; setting Direction through prioritisation and decision-making; and Monitoring performance, compliance and progress against agreed-on direction and objectives (EDM);
- Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives. The management area contains four areas:
- Align, Plan and Organise (APO)
- Build, Acquire and Implement (BAI)
- Deliver, Service and Support (DSS)
- Monitor, Evaluate and Assess (MEA)