Back in November I posted about how excited I was to see ISACA’s update to the COBIT framework and provided some thoughts about navigating through the first two guides. Click here to take a look if you didn’t catch it, as it might help you with my comments in this post. Since that post, ISACA has launched two additional publications that take COBIT to a new level.

I asked a good colleague of mine, Tichaona Zororo, a well-known IT Governance Thought Leader and ISACA Board Member, about his thoughts on the new update and his response comes as no surprise. “The COBIT 2019 Framework is the first Governance and Management framework in our industry that allows an enterprise to design a fit for purpose Information and Technology governance solution. COBIT 2019 recognizes that enterprises are unique. There is no one-size-fits-all governance system for I&T. Every organization has its own distinct character and profile. In (the) future ISACA will call upon its global community to contribute content updates on a continuous basis, not only to ensure that COBIT remains relevant, but to keep it in line with latest insights on enterprise governance of I&T and the continuously evolving business models .” You can follow Tichaona on Twitter @TichaonaZororo.

Historically, a challenge with using frameworks to adopt good governance practices is that they are often difficult to customize to meet specific needs of an enterprise. Even though frameworks are designed to be flexible and non-prescriptive, many governance initiatives lose steam because implementers are often looking for the easy “copy-paste” solution and those simply don’t work.

Enter COBIT 2019. This latest version of the framework has taken feedback from the industry and created a flexible and truly customizable solution that can address the unique needs of any enterprise. It also assists in creating a tailored governance system for Information and Technology, or what I will refer to in this post as I&T.

There are four key publications in this release (available on the ISACA site here):

• COBIT 2019 Framework: Introduction and Methodology which lays out the structure of the overall framework.
• COBIT 2019 Framework: Governance and Management Objectives which contains a detailed description of the COBIT Core Model and its 40 governance and management objectives.
• COBIT 2019 Design Guide which offers guidance on how to put COBIT to practical use.
• COBIT 2019 Implementation Guide which is an updated and more relevant version of the COBIT 5 Implementation Guide.

This post will focus on the last two publications, but first let’s review some critical areas that should be understood about COBIT before we start designing our system.

The COBIT Core

One of the key areas of COBIT 2019 is the COBIT Core. This outlines the 40 Governance and Management Objectives in the COBIT framework. These are organized into 5 domains as illustrated here.