Compliance Glossary

COBIT is an ISACA framework abbreviated for Control Objectives for Information and Related Technology. It was developed to assist IT managers, auditors, and users in developing IT governance and control. COBIT offers a list of widely accepted measures, indicators, processes, and best practices for IT resources management, considering a particular industry’s specificity.  

COBIT can be aligned with IT management frameworks such as TOGAF, CMMI, and ITIL. However, it differs from other frameworks because it incorporates risk management, security, and information governance.

Now, the key objective of the COBIT framework is to align IT through investments with business objectives and mitigate IT risks. To achieve this, COBIT focuses on several key concepts:

• Frameworks. Both IT governance frameworks link IT activities with organizational requirements, and good information is utilized in decision-making.
• Process Descriptions. COBIT has effectively offered precise and result-oriented process definitions that remain general yet malleable to businesses. These descriptions provide a reference for planning and controlling the construction processes.
• Control Objectives. COBIT suggests that business organizations must have five control objectives to address IT risks.
• Management Guidelines. COBIT has control objectives for providing tools that allocate responsibilities, provide self-checking, and approve IT activities and performance measures.
• Maturity Models. With COBIT’s maturity models, an organization can assess the capability of its business processes, monitor the levels of improvement, and even determine the areas that require improvement.

In the latest update for 2019, forecasting the COBIT model adds new concepts and 40 management and governance objectives to improve the effectiveness of governance programs.