COBIT 2019

What is COBIT 2019?

COBIT 2019 (Control Objectives for Information and Related Technologies) is a comprehensive IT governance and management framework published by ISACA. It provides a structured approach for organisations to govern and manage their enterprise information and technology, ensuring alignment with business objectives. COBIT is primarily used by IT leadership, CIOs, audit teams, and governance professionals to establish accountability, measure performance, and manage risk across all technology-related activities.

What are the 5 COBIT 2019 domains?

COBIT 2019 organises its 40 governance and management objectives into 5 domains:

1. Evaluate, Direct, and Monitor (EDM): 5 governance objectives covering the board's role in setting direction, evaluating performance, and ensuring compliance. Covers governance framework, benefits delivery, risk optimisation, resource optimisation, and stakeholder engagement.
2. Align, Plan, and Organise (APO): 14 management objectives addressing strategy, architecture, innovation, portfolio management, budget, human resources, relationships, service agreements, managed risk, security, and data quality.
3. Build, Acquire, and Implement (BAI): 11 management objectives covering programme and project management, requirements definition, solutions identification, availability and capacity, change management, and change acceptance.
4. Deliver, Service, and Support (DSS): 6 management objectives addressing operations management, service requests, problems, continuity, security services, and business process controls.
5. Monitor, Evaluate, and Assess (MEA): 4 management objectives covering performance and conformance monitoring, internal control assessment, and compliance with external requirements.

How does COBIT relate to ITIL?

COBIT and ITIL are complementary: COBIT focuses on IT governance (what should be done and why), while ITIL focuses on IT service management (how to do it). COBIT provides the governance framework that sets direction and evaluates performance, while ITIL provides the detailed practices for delivering and managing IT services. Many organisations use COBIT as the governance layer with ITIL as the service management layer beneath it. Our database maps COBIT 2019 to 287 other frameworks.

What are COBIT capability levels?

COBIT 2019 uses a capability model based on CMMI with six levels for each governance or management objective:

• Level 0 (Incomplete): The process is not implemented or fails to achieve its purpose
• Level 1 (Performed): The process achieves its purpose but is not well managed
• Level 2 (Managed): The process is managed (planned, monitored, adjusted) and work products are controlled
• Level 3 (Established): A defined process is used based on a standard process and contributes to defined outcomes
• Level 4 (Predictable): The process operates within defined limits using quantitative management
• Level 5 (Optimising): The process is continuously improved to meet current and projected business goals