Back
Renewals COBIT 5 and COBIT 2019

Differences between COBIT 5 and COBIT 2019

COBIT (“Control objectives for information and related technologies”) is a widely used international IT governance framework that structures IT tasks into generic processes and control objectives. This framework is applicable to organizations across all industries, and it helps managing and improving IT processes and greatly reducing risk at the same time within an organization.

COBIT was first released in 1996 by ISACA (Global Systems Audit and Control Association); and there have been many different versions and updates throughout the years. One of the major ones – that we have introduced in one of our previous articles – COBIT 5 was published in 2012, and the latest version, COBIT 2019, was released in 2018.  

COBIT 2019 – an evolved version of COBIT 5 – aims to adapt to today’s IT landscape and technological needs by including new insights from experts in IT & governance and new technologies/business trends. ISACA states that COBIT 2019 was updated to include:

Key differences between COBIT 5 and COBIT 2019:

Source: ISACA, COBIT 2019 and COBIT 5 Comparison (isaca.org)

COBIT 2019 has slightly reworked the governance principle-structure that we have seen for COBIT 5. It now includes 6 principles as it can be seen on the figure below:

Source: ISACA®COBIT® 2019 Framework: Introduction and Methodology, figure 3.5, USA, 2018, and COBIT® 5 figure 2, USA, 2012.

  1. Providing value for the stakeholders is an important requirement for a governance system. To achieve it, the enterprise must balance resources, risks, and benefits in an optimal way to develop a strategy for implementing a governance system.
  1. There can be different types of components included when building a governance system. This point implies they must be compatible to be able to work together in a holistic way.
  2. Being dynamic for the governance system simply means If one or more design factors change (e.g., strategy or technology), the impact must be considered and handled from the system’s perspective.
  3. This point states that Governance and Management areas are distinct, therefore activities should be differentiated, and handled separately.
  4. To be suited for the enterprise’s needs, a set of design factors are implemented, which allows customization and prioritization of certain components within the governance system structure.
  5. The whole enterprise should be covered by the governance system, meaning all enterprise functions are included, with main focus being on IT.

Changes can be also noted in the processes that support the governance and management objectives. The number of processes is increased to 40 in COBIT 2019, from 37, and the terminology has slightly changed for some processes in COBIT 5 (highlighted in yellow).

Furthermore, three Governance Framework Principles have been introduced in COBIT 2019, which were not part of COBIT 5 previously:

Source: ISACA, COBIT® 2019 Implementation Guide, figure 2.2, USA, 2018.

  • Being based on a Conceptional Model for the framework allows the identification of key components and relationships between them to support automation and improve consistency.
  • The ‘Open and Flexible’ principle allows the addition of new content and the ability to address new issues in a flexible way while keeping integrity and consistency.
  • The third principle implies that the model should follow major standards, frameworks and regulations.

Performance Management and Design Factors

COBIT 2019 uses the CMMI Performance Management Scheme which allows the measurement of the capability level of processes on a 0-5 scale as follows:

Source: ISACA, COBIT 5 figure 19, USA, 2012, and COBIT 2019 Framework: Governance and Management Objectives, figure 3.5, USA, 2018.

COBIT 5COBIT 2019
0-5 scale based on ISO/IEC 33000CMMI Performance Management Scheme
Enablers available instead of Design FactorsDesign Factors introduced and removed Enablers

Enablers have been removed for simplification reasons and design factors were added into COBIT 2019. These factors influence the design of the enterprise governance system within the organization.

Source: ISACA, COBIT 2019 Framework: Introduction and Methodology, figure 7.2, USA, 2018.

In addition, to support the application of the framework, a governance system design workflow has been adopted which takes you through major questions and topics which needs to be considered before introducing the solution.

Source: ISACA, COBIT 2019 Framework: Introduction and Methodology, figure 7.2, USA, 2018.

Für weitere Informationen zum Thema Interne Kontrollsysteme, emfehlen wir unsere Präsenz Trainingskurse zu den folgenden Themen:

Tag:, , , ,

Gergely Barcs

Gergely Barcs is a Consultant at Graser Consulting. In addition to performing classic management consulting activities, his area of responsibility includes risk assesment and implementation of mitigating ICS controls (including SOX compliance). He has Telco Finance-Reporting experience and an IT & Economics studies background.

error: Content is protected !!