The Promise of COBIT5, What is New?

March 2013

For anyone who benefited from COBIT 4.1 to control IT with the framework's well-organized list of domains and processes, COBIT 5 may look quite complicated or elaborate with its multi-dimensional approach and extended scope. I tried to find out what is new in the framework and how it is structured in order to help governing and managing enterprise IT.

COBIT 4.1 was well positioned as a control framework for IT to deliver against business requirements. This position perfectly supported the “monitor”, “control” and “direct” mandates of IT governance. COBIT 4.1 was process-oriented and had a flat structure for the whole list of IT processes in sets of activities with defined responsibilities, goals and performance metrics. Each process defined the control objective, its justification to meet the relevant business goals, mapping of the business goals to IT goals, and further definition of key controls to achieve those IT goals. Key metrics were listed to measure the performance of the process and activities. The relation of each IT process to the five IT governance focus areas* and the COBIT information criteria** was also provided. It was quite simple to follow this structure in order to control a single IT process.