Figure 4.

1
COBIT Overview
• Enterprise strategy
• Enterprise goals
• Enterprise size
• Role of IT
Inputs to COBIT 2019 COBIT 2019 • Sourcing model for IT
• Compliance requirements
• Etc.

COBIT 5 COBIT Core

Reference Model of Governance Design Factors
Standards, and Management Objectives Tailored Enterprise
Frameworks, Governance
Regulations
System for
EDM01—Ensured
Governance EDM02—Ensured EDM03—Ensured EDM04—Ensured EDM05—Ensured
Framework Setting Benefits Delivery Risk Optimization Resource Stakeholder
and Maintenance Optimization Engagement

Community Information and

Contribution APO01—Managed
I&T Management
Framework
APO02—Managed
Strategy
APO03—Managed
Enterprise
Architecture
APO04—Managed
Innovation
APO05—Managed
Portfolio
APO06—Managed
Budget and Costs
APO07—Managed
Human Resources
MEA01—Managed
Performance and
Conformance
Technology
Monitoring
APO09—Managed

Focus Area
APO08—Managed Service APO10—Managed APO11—Managed APO12—Managed APO13—Managed APO014—Managed
Relationships Agreements Vendors Quality Risk Security Data

➢ Priority governance
MEA02—Managed
System of Internal
BAI01—Managed BAI02—Managed BAI03—Manage BAI07—Managed Control
BAI04—Managed BAI05—Managed
Solutions

and management
Programs Requirements Availability BAI06—Managed IT Change
Identification Organizational IT Changes Acceptance and
Definition and Capacity Change
and Build Transitioning

MEA03—Managed
• SME objectives

2019
BAI08—Managed BAI09—Managed BAI10—Managed BAI11—Managed Compliance with

➢ Specific guidance
Knowledge Assets Configuration Projects

• Security
External
Requirements

• Risk from focus areas

DSS01—Managed
Operations
DSS02—Managed
Service Requests
and Incidents
DSS03—Managed
Problems
DSS04—Managed
Continuity
DSS05—Managed
Security
Services
DSS06—Managed
Business
Process Controls
MEA04—Managed
Assurance • DevOps ➢ Target capability
• Etc. and performance
management
guidance

COBIT® 2019 Framework:

Introduction and Methodology
COBIT Core
Publications
COBIT® 2019 Framework: COBIT® 2019 Design Guide: COBIT® 2019 Implementation Guide:
Governance and Designing an Information and Technology Implementing and Optimizing an
Management Objectives Governance Solution Information and Technology
Governance Solution
© 2018 ISACA. All Rights Reserved.
Figure 2.1
COBIT Stakeholders

Stakeholder Benefit of COBIT

Internal Stakeholders
Boards Provides insights on how to get value from the use of I&T and explains relevant board
responsibilities
Executive Management Provides guidance on how to organize and monitor performance of I&T across the
enterprise
Business Managers Helps to understand how to obtain the I&T solutions enterprises require and how best
to exploit new technology for new strategic opportunities
IT Managers Provides guidance on how best to build and structure the IT department, manage
performance of IT, run an efficient and effective IT operation, control IT costs, align
IT strategy to business priorities, etc.
Assurance Providers Helps manage dependency on external service providers, get assurance over IT, and
ensure the existence of an effective and efficient system of interal controls
Risk Management Helps to ensure the identitication and management of all IT-related risk

External Stakeholders
Regulators Helps to ensure the enterprise is compliant with applicable rules and regulations and has
the right governance system in place to manage and sustain compliance
Business Partners Helps to ensure that a business partner’s operations are secure, reliable and compliant with
applicable rules and regulations
IT Vendors Helps to ensure that an IT vendor’s operations are secure, relaible and compliant with
applicable rules and regulations

Figure 3.1
Governance System Principles
1. Provide 3. Dynamic
2. Holistic
Stakeholder Governance
Approach
Value System

4. Governance 5. Tailored to 6. End-to-End

Distinct From Enterprise Governance
Management Needs System

Figure 3.2
Governance Framework Principles
1. Based on
2. Open and
Conceptual
Flexible
Model

3. Aligned to
Major Standards

© 2018 ISACA. All Rights Reserved.

Figure 4.16
COBIT Goals Cascade
Stakeholder
Drivers and
Needs

Enterprise
Cascade to Goals

Alignment
Cascade to
Goals

Governance
and
Cascade to
Management
Objectives

Figure 4.3
COBIT Components of a Governance System
Processes

Services,
Infrastructure Organizational
and Structures
Applications

Governance
People, Skills System Principles,
and Policies,
Competencies Procedures

Culture, Ethics
and Information
Behavior

© 2018 ISACA. All Rights Reserved.

 Figure 4.2
COBIT Core Model

EDM01—Ensured
Governance EDM02—Ensured EDM03—Ensured EDM04—Ensured EDM05—Ensured
Framework Setting Benefits Delivery Risk Optimization Resource Stakeholder
and Maintenance Optimization Engagement

APO01—Managed APO03—Managed
I N T E R N AT I O N A L H E A D Q U A R T E R S

APO02—Managed APO04—Managed APO05—Managed APO06—Managed APO07—Managed

I&T Management Strategy Enterprise Budget and Costs Human Resources
Framework Innovation Portfolio
Architecture MEA01—Managed
Performance and
1700 E. Golf Road | Suite 400

Conformance
Schaumburg, IL 60173 | USA

Monitoring
APO09—Managed APO12—Managed APO13—Managed APO014—Managed
APO08—Managed Service APO10—Managed APO11—Managed
Relationships Vendors Quality Risk Security Data
Agreements
isaca.org

MEA02—Managed
System of Internal
BAI03—Managed BAI04—Managed BAI07—Managed Control
BAI01—Managed BAI02—Managed Solutions BAI05—Managed IT Change
BAI06—Managed

2019
Programs Requirements Availability Organizational
Identification and Capacity IT Changes Acceptance and
Definition and Build Change Transitioning

MEA03—Managed
BAI08—Managed BAI09—Managed BAI10—Managed BAI11—Managed Compliance With
Knowledge Assets Configuration Projects External
Requirements

DSS01—Managed DSS02—Managed DSS05—Managed DSS06—Managed

Service Requests DSS03—Managed DSS04—Managed Security Business MEA04—Managed
Operations Problems Continuity Assurance
and Incidents Services Process Controls
© 2018 ISACA. All Rights Reserved.
 Figure 4.4
COBIT Design Factors

Enterprise Enterprise I&T-Related Threat

Risk Profile
Strategy Goals Issues Landscape

Sourcing IT Technology
Compliance Model Implementation Adoption Enterprise
Role of IT
Requirements for IT Methods Strategy Size

Future Factors

The globally recognized COBIT Framework, which

Figure 7.1
helps ensure effective enterprise governance of infor- Impact of Design Factors on a
mation and technology, has been updated with new Governance and Management System

information and guidance, facilitating easier, tailored

implementation—strengthening COBIT’s
1. Management
continuing role as an important driver of innovation Objective
Priority and
and business transformation. This document Target
provides an overview of the COBIT® 2019 guidance. Capability
Levels

This excerpt is available as a complimentary PDF at

www.isaca.org/COBIT and for purchase in hard copy
at www.isaca.org/bookstore. We encourage you to Design
share this document with your enterprise leaders, Factors’
team members, clients and/or consultants. Additional Impact
information is available at isaca.org/COBIT.

3. Specific 2. Component
Focus Areas Variations

© 2018 ISACA. All Rights Reserved.

Figure 7.2
Governance System Design Workflow

2. Determine
1. Understand the initial 3. Refine the 4. Conclude the
the enterprise scope of the scope of the governance
context and governance governance system design.
strategy. system. system.

• 1.1 Understand enterprise • 2.1 Consider enterprise • 3.1 Consider the threat • 4.1 Resolve inherent priority
strategy. strategy. landscape. conflicts.
• 1.2 Understand enterprise • 2.2 Consider enterprise • 3.2 Consider compliance • 4.2 Conclude the
goals. goals and apply the requirements. governance system
• 1.3 Understand the risk COBIT goals cascade. • 3.3 Consider the role of IT. design.
profile. • 2.3 Consider the risk profile • 3.4 Consider the sourcing
• 1.4 Understand current of the enterprise. model.
I&T-related issues. • 2.4 Consider current • 3.5 Consider IT
I&T-related issues. implementation methods.
• 3.6 Consider the IT adoption
strategy.
• 3.7 Consider enterprise size.

Figure 8.1 ep
COBIT Implementation Road Map d
e ke
o w m going?
1 What a
w u re t
Ho ent he
dri
7e mom iew Initia
te p
ve
rs?
th v s
Re enes iv rog
ect ram
eff
Establ
is
sta
in to ch h des
Su ang ire
2
ere?

e
Def opport

Whe
s
6 Did we get th

ine
efit

r Recog
nito need nize
re are

Mo and
• Program management
imp team

act to
Realize ben

probleities

ate
approach ew

lu
es

a
ev
leme

(outer ring)
Embed n

Form ation

un

we now?
Operate

Asseent
e

curr te

• Change enablement
nt

ms and
measur

sta
and

ss

(middle ring)
• Continual improvement life cycle
I m p ov e m

rg n e
imp

De
ta et
fi
le m

ta
r

e
te

en n t (inner ring)
me te

s
co ca

ts B u il d
O p d us

i m p ro
ut u n i

ve m e n ts
an
er e

ap

e
m

m
e?
at
E xe

Co o
dm
5H

to b
cu

Identify role
oa
ow

te

a nt

la
er

fin
n p l a ye r s
p
do

ew

De
we

ow
ge

th
er
ed

e re
t

? Plan program Wh
3
4 W h a t n e e d s to b e d o n e ?

© 2018 ISACA. All Rights Reserved.