The Evolution of COBIT 2019 from COBIT 5

The evolution of Information Technology has gone far beyond being an ordinary tool for businesses to make use of. IT practices have been the necessary foundation for several enterprises regardless of their industry or size. While several organizations fail to optimize the capabilities of their IT practices which can leave a business static and make it highly vulnerable to becoming obsolete; there is an urgent need for the development and management of internal controls and essential levels of security to cope with the trends. And hence, COBIT 5 comes into play. In this article, we will learn about the various components of COBIT 2019.

A Brief Understanding of COBIT 5!

Developed by ISACA, COBIT 5 helps businesses to create frameworks, and organize and implement strategies for information management and governance.

The COBIT 5 framework simplifies a set of managerial procedures with each procedure carefully explained together with process inputs and outputs, process objectives, key process activities, elementary maturity model, and performance measures. It additionally gives a lot of recommended best practices for organizational management and control procedure of data frameworks and technology with the point of adjusting the business to information technology. COBIT is probably the most holistic framework that is recognized internationally for achieving organizational information technology goals and objectives.

What is COBIT 2019?

The framework addresses the latest trends, technologies, and security needs for enterprises including other IT management frameworks such as ITIL, CMMI, and TOGAF as it makes an incredible choice to unify processes across an entire organization. Like COBIT 5, It also emphasizes specifically security, risk management, and information governance.

What does COBIT 2019 Include?

In COBIT 2019, new concepts and terminology have introduced the COBIT Core Model, which includes 40 governance and management objectives for establishing a governance program. The framework is intended to give organizations greater adaptability while customizing an IT governance procedure. Like any other framework related to IT, COBIT aligns the business goals and IT goals by establishing links between the two and creating a process that can help bridge a gap between specific silos within IT using their framework or standard.

According to the ISACA, COBIT 2019 was updated to include:

It additionally hosts “focus area” concepts that define specific governance topics and issues, which can be addressed by management or governance objectives. A few instances of these focus areas incorporate small and medium ventures, cybersecurity, digital transformation, and cloud computing. Focus areas will be included and changed as required depending on the trends, research, and feedback. There’s no restriction on the number of focus areas that can be incorporated into COBIT 2019.

COBIT 2019 Certification

Are you a certified professional in COBIT 5 through ISACA or in the middle of getting your certification? Are you already an accredited professional in COBIT 5 through ISACA or in the middle of getting your certification? The COBIT 5 certification course does not expire; ISACA will continue to support the accreditation and delivery of COBIT 5 training and certifications, along with COBIT 2019.

Certifications for COBIT 2019 include:

1. COBIT Bridge Workshop: A one-day course that covers the concepts, models and key definitions in COBIT 2019 with a heavy focus on the differences between COBIT 5 and COBIT 2019.

2. COBIT 2019 Foundation Exam: Prepares attendees for the COBIT 2019 Foundation certificate exam, covering the “context, components, benefits and key reasons COBIT is used as an information and technology governance framework.” You’ll be able to earn your certificate in COBIT 2019 Foundation after a two-day course from an accredited training provider.

3. COBIT 2019 Design and Implementation Exam: this certification will launch in April 2019 and will cover designing a tailor-made best-fit governance system using COBIT.

Design Factors in COBIT 2019!

Eleven design factors are introduced in COBIT 2019. The design factors influence the sort of governance system your organization needs and elevates the required capabilities. The new design factors can also influence the importance of one or more components or require specific variants.

The new design factors are shown in the image below:

COBIT 2019 Core Publications

Good governance is a vital element of strategy formulation and business transformation success, and COBIT 2019 can help chart that path forward. Below are the four core publications.

COBIT 2019 Framework: Introduction and Methodology

The new COBIT 2019 framework explains the governance principles and provides key concepts and examples. This guide also offers the structure of the overall framework, including the COBIT Core Model.

COBIT 2019 Framework: Governance and Management Objectives

This new publication provides a detailed description of the COBIT Core Model and its 40 governance/management objectives. Each objective is defined and coordinated with the related process, enterprise goals, and governance and management practices.

COBIT 2019 Design Guide: Designing an Information and Technology Governance Solution

The new design guide offers prescriptive on how to put COBIT to practical use and how to tailor a governance system to the enterprise’s unique circumstances and context, defining and listing various design factors. This guide also recommends workflows for creating the right-sized design for your governance system.

COBIT 2019 Implementation Guide: Implementing and Optimizing an Information and Technology Governance Solution

The Implementation Guide provides a roadmap for continuous governance improvement. The COBIT implementation is more practical and custom-tailored to specific governance needs.

The Guide provides a roadmap for continuous governance improvement. The COBIT implementation is more practical and custom-tailored to specific governance needs.

Source: invensislearning.com

Continue reading

COBIT vs ITIL: a real-life example of what these two can do

If you're thinking about ITSM implementation but you're unsure which framework you need, here, we'll try to help you by comparing ITIL and COBIT within an enterprise on a real-life example. But before making any practical comparisons, let’s briefly turn to the ‘theoretical’ difference between COBIT and ITIL.

ITIL vs COBIT. The difference

Definitions

COBIT is a set of practices for top management to understand how they should approach their enterprise IT. And ITIL is a roadmap of exactly what should be done to organize IT employees’ daily processes.

Scope

The first thing to mention is that COBIT and ITIL cover pretty much the same area. Although, it would be wrong to say that they both are only about ITSM because COBIT is a bit broader than just that.

Approach

This is the key point. COBIT’s approach to IT is from the business side (top down), while ITIL is looking at the matter mostly from the IT perspective (bottom up). Besides, COBIT distinguishes between the management and governance of IT. The former is like a tactic, while the latter is more of a strategy. And from COBIT’s point of view, ITIL deals with management, while COBIT itself mainly applies governance.

Objectives

COBIT’s main aims are for business to control enterprise IT and set the right direction for it. Besides that, it means to align business goals with IT goals, bring IT value to business (preferably in the form of financial profit) and manage resources, risks and IT efficiency.

While ITIL mainly aims to organize IT services on the whole and IT departments’ work in particular and provide an opportunity for constant operational perfection.

A real-life example to make it simple

Now that we’ve outlined the difference between these IT ‘guidance’ frameworks (ITIL and COBIT), let’s look at their usage on a real-life example. To do that, let’s imagine a company, say, MN Logistics Group, an international logistics enterprise working mainly in the US and Canada. It’s a large company that employs 15,000 people and has offices in 20 locations. They used to be one of the leaders in the field but now, due to numerous problems, they are facing a serious crisis.

How COBIT helps

Here are some of the problems that the company is facing and their COBIT-provided solutions:

General problems	COBIT’s aid
1. The organization of IT is inefficient, doesn’t meet business goals and seems outdated. IT teams always have too much on their plate and focus on the wrong things. For instance, the software that calculates quickest routes for drivers often proposes inadequate variants, which results in delivery delays. And instead of seeing to it, the IT department prefers only to do network administration (which also isn’t perfect). Besides, IT teams don’t pay much attention to IT risk management. They don’t have specific plans for emergencies, say, data center power loss or an IT service outage.	1. The ability for business leaders to prioritize their IT needs and work out corresponding plans. Using COBIT 5’s Goals Cascade, the company can translate its stakeholder needs into an actionable strategy. This way, top management can pinpoint the IT processes that they want to focus on. And such a clear strategy for business-IT relationship can establish an understanding between the two. As a result, IT teams know that their business wants them to fix route software and focus on particular IT processes more (on risk management particularly).
2. The company frequently fails audits by potential partners. To start a successful cooperation with any logistics company, the company’s clients need to be sure that this particular partner will fulfil their obligations and deliver goods on time. To establish that, service-user companies often audit their potential partners. And MN Logistics tends to fail more audits than it passes because of extremely long downtimes and overall unreliability of enterprise IT.	2. A clear system of benchmarks. Initially, COBIT was started as an audit framework. And now, it still proposes a very handy enterprise IT evaluation system. Using it, MN Logistics can perform internal audits and, when the time comes, get ready for external audits by potential partners, successfully pass them and win new clients.
3. Long-term partners tend to stop using the company’s services and prefer working with their rivals. Frequent delays, inability to monitor how soon the delivery will arrive as well as overall unreliability result in losing loyal clients.	3. Stability and new software. Due to establishing a clear Goals Cascade, the company’s IT now ensures that their delivery system works stable, with a sufficiently reduced number of delays. Besides, top management decided on and made arrangements for developing a new web and mobile app that would allow the company’s partners to monitor deliveries in real time.

How ITIL helps

Here’s how ITIL can solve the problems that IT teams in MN Logistics face and cause:

Specific IT problems	ITIL’s aid
1. IT teams are constantly overloaded. If some technical issue occurs (say, a network connection is unstable), MN Logistics’ employees can wait forever till IT specialists see to it. And while they wait, let’s say, they can’t finalize the waybill, the driver can’t set off, delays pile up. Downtime costs are enormous.	1. Specific ITIL processes to organize and normalize the IT departments’ work. ITIL’s Service Transition and Service Operation describe in detail how IT departments can effectively organize their work according to various ITIL processes. With this organization model, IT specialists rarely get overloaded, which dramatically reduces downtime costs.
2. It’s impossible to monitor the IT staff’s performance. The system IT guys are using only shows how much the team did last month. But there’s no information on the individual performance of the team’s members.	2. A system of accountability. ITIL provides a broad system of KPIs, against which MN Logistics can evaluate the efficiency of whole IT units or of particular IT employees. Besides, using ITIL presupposes using an ITSM platform, which stores all the data on who-did-what.
3. Similar breakdowns keep occurring. IT teams fix numerous breakdowns, but some of them just keep happening again and again. And in the existing overload, it’s impossible to find out why these issues occur and how deep they are.	3. Differentiating issues. To tackle IT issues more efficiently, ITIL offers a system that differentiates between events, incidents, problems, changes, and requests. If a similar incident happens for a, say, the third time, it can be viewed as a problem, whose root cause is analyzed and eliminated. Such a system allows to approach issues in more detail, speed up their resolution and prevent them from happening again.
4. Changes in the company’s IT infrastructure are chaotic. Since there’s no database of changes in the company’s IT, new elements of the IT infrastructure and software always puzzles users and even the IT teams themselves.	4. Change management and CMDB. ITIL lays down a detailed procedure for changes in enterprise IT. Firstly, changes are authorized. Secondly, people are informed about particular changes. And if the change isn’t successful, a preapproved backout plan is enacted.
5. Unclear IT spending. The IT department always complains about the rigid financial control of their top management. And top management is never sure that their IT department stays within budget and uses it sensibly.	5. Financial management. In its Service Strategy, ITIL dedicates a whole process to it. If applied sensibly, Financial management can shed light onto IT spending and adherence to IT budget, as well as regulate financial planning and save money.

So, ITIL vs COBIT or ITIL and COBIT?

As you can see, these two work closely together and, generally speaking, aim at one thing: making IT stable and efficient. But it doesn’t mean that this is the only way they look good: ITIL and COBIT work pretty well separately.

You may think that it is weird to use a tactic (ITIL) without a strategy (COBIT). But you should not forget that ITIL also provides ‘strategic’ basics for IT services organization, which are more than enough at early stages. Besides, judging by the differences in their approaches, definitions and, most importantly, objectives, COBIT feels more like a framework for large and more IT-mature enterprises. It needs a huge number of IT processes and a substantial enterprise IT to govern. While ITIL can be a good first step to achieving such scope on the whole and a high level of IT maturity in particular.

Continue reading

Difference between COBIT and ITIL

COBIT (Control Objectives for Information and Related Technology) and ITIL (Information Technology Infrastructure Library) have been used by information technology professionals in the IT service management (ITSM) space for many years. Used together, COBIT and ITIL provide guidance for the governance and management of IT-related services by enterprises, whether those services are provided in-house or obtained from third parties such as service providers or business partners.

ITIL could be seen as the way to manage the IT services across their lifecycle, while COBIT is about how to govern the Enterprise IT in order to generate the maximum creation of value by the business, enabled by IT investments, while optimizing the risks and the resources. COBIT 5 describes the principles and enablers that support an enterprise in meeting stakeholder needs, specifically those related to the use of IT assets and resources across the whole enterprise. ITIL describes in more detail those parts of enterprise IT that are the service management enablers (process activities, organizational structures, etc.).

Generally speaking, COBIT is broader than ITIL in its scope of coverage.

Purpose: ITIL is an ITSM framework. COBIT is an IT practice (and now governance) framework. ITSM has grown to mean “all of IT management seen from a service perspective” but that service slant or bias remains. COBIT is intended to be a comprehensive description of all IT practices. It may not do that perfectly but it comes much closer than ITIL because it doesn’t constrain itself to ITSM.

Coverage: ITIL covers less than half of COBIT’s range and only completely covers about a quarter of the practices (8 of the 34 COBIT processes) and that’s COBIT 4.1 whereas COBIT 5 opens the gap even further.

Rigour: ITIL’s narrative style (no really, compared to other frameworks it is downright chatty) may appeal, but as a foundation for my consulting activities the rigour and structure of COBIT is more dependable and useful. COBIT is systematically numbered; and every entity has a consistent structure. I actually find the formal COBIT structure much easier to use than the ITIL rambling: I find answers quicker, I get clearer concepts with less confusion, and I frame things readily.

Benchmark: You can assess against COBIT; it has clearly defined requirements. That was one of COBIT’s early drivers for adoption: auditing IT for SOx compliance. COBIT auditors/assessors are certified (CISA). To assess against ITIL you need to go to proprietary benchmarks (including TIPA, not to be confused with my Tipu). ISO20000 compliance is not the same thing as ITIL “compliance”.

Credibility: COBIT is written by a team, not a couple of authors per book. The same team for all the books. And then the list of all COBIT contributors and reviewers runs to pages. It is owned and published by a not-for-profit membership body set up and run by auditors, process geeks and security wonks.

Accessibility: COBIT is low cost compared to ITIL. There is a copyright and trademark waiver for use by consultants and vendors. You can subscribe to an interactive personalized online version (only COBIT 4.1 for now).

Novelty: COBIT is of course not “new” any more than ITIL was when the world “discovered” it a decade ago. But COBIT has yet to be a fad, and the world is ready for a new fad as the realities of ITIL sink in. COBIT has none of the negative baggage accruing on ITIL. I think COBIT is its next silver bullet.

Governance: COBIT will be embraced because the realization is dawning that Cloud and SaaS and BYOD are business decisions not IT decisions, and that therefore it is high time the organization as a whole stepped up to its responsibilities for IT instead of abdicating and blaming IT. Organizations have failed their IT like a bad parent, and the road to redemption is via better enterprise-level governance of IT, and that’s what COBIT 5 is all about. ITIL V3 Service Strategy actually talks about governance quite a lot but nobody has read it. COBIT has the governance high ground.

Continue reading

What Are the Connections & Differences between COBIT and ITIL?

COBIT (Control Objectives for Information and Related Technology) and ITIL (Information Technology Infrastructure Library) have been used by information technology professionals in the IT service management (ITSM) space for many years. Used together, COBIT and ITIL provide guidance for the governance and management of IT-related services by enterprises, whether those services are provided in-house or obtained from third parties such as service providers or business partners.

ITIL could be seen as the way to manage the IT services across their lifecycle, while COBIT is about how to Govern the Enterpise IT in order to generate the maximum creation of value by the business, enabled by IT investments, while optimizing the risks and the resources. COBIT 5 describes the principles and enablers that support an enterprise in meeting stakeholder needs, specifically those related to the use of IT assets and resources across the whole enterprise. ITIL describes in more detail those parts of enterprise IT that are the service management enablers (process activities, organizational structures, etc.).

COBIT is based on five principles:

1. Meeting Stakeholder Needs
2. Covering the Enterprise End-to-End
3. Applying a Single, Integrated Framework
4. Enabling a Holistic Approach
5. Separating Governance from Management

And seven enablers:

1. Principles, Policies and Frameworks
2. Processes
3. Organizational Structures
4. Culture, Ethics and Behavior
5. Information
6. Services, Infrastructure and Applications
7. People, Skills and Competencies

ITIL focuses on ITSM and provides much more in-depth guidance in this area.

There are five stages in the ITIL Service Lifecycle:

1. Service Strategy
2. Service Design
3. Service Transition
4. Service Operation
5. Continual Service Improvement

The distinction between the two is sometimes described as “COBIT provides the ‘why’; ITIL provides the ‘how.’” While catchy, that view is simplistic and seems to force a false “one or the other” choice.

It is more accurate to state that enterprises and IT professionals who need to address business needs in the ITSM area would be well served to consider using both COBIT and ITIL guidance. Leveraging the strengths of both frameworks, and adapting them for their use as appropriate, will aid in solving business problems and supporting business goals achievement.

Continue reading

Distinction Between ITIL and COBIT

1. ITIL

ITIL (formerly an acronym for Information Technology Infrastructure Library) is a set of detailed practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. ... Organizations that wish to implement ITIL internally do not require this license.

2. COBIT

COBIT stands for Control Objectives for Information and Related Technology. It is a framework created by the ISACA (Information Systems Audit and Control Association) for IT governance and management.

Distinction Between ITIL and COBIT

ITIL	COBIT
ITIL is the most widely adopted approach for IT Service Management in the world. It provides a practical, no-nonsense framework for identifying, planning, delivering and supporting IT services to the business.	Its mission is “to research, develop, publish and promote an authoritative, up-to-date international set of generally accepted information technology control objectives for day-to-day use by business managers, IT professionals and assurance professionals
ITIL advocates that IT services must be aligned to the needs of the business and underpin the core business processes. It provides guidance guidance to organizations on how to use IT as a tool to facilitate business change , transformation and growth	COBIT are the control objectives which you can use to see if the processes are followed.
The IT Infrastructure Library (or ‘ITIL’) is an IT-specific service management framework. ITIL pertains to IT service management	COBIT is a framework created by ISACA for information technology (IT) management and IT Governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. The framework provides good practices across a domain and process framework
ITIL assists Project Management by defining the guidelines that each release must adhere to with regard to testing, acceptance scheduling, securing code etc.	The business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement and identifying the associated responsibilities of business and IT process owners.
ITIL is an IT approach to maintenance and supporting certain situation. ITIL is the IT Infrastructure Library based on IT ITIL was designed as a service management framework to help you understand how you support processes, how you deliver services	COBIT pertains to security , COBIT was designed as an IT governance model, particularly and initially with audit in mind to give you control objectives and control practices on how that process should behave
ITIL is a Process Management certification.	COBIT is cited as the most widely used framework for IT governance and controls and is referenced by a variety of standards and regulations
ITIL is focused on Service Delivery and Service Level Management.	COBIT provides alignment between business goals/financial goals/objectives and planning of policy, procedure and process for over all IT infrastructure
ITIL requires something to guide it; that is, ITIL is the “what” not the “how”.	COBIT (Control Objectives for Information and related Technology) is the method to measure ITIL.
ITIL tells you how you should be doing it.	COBIT tells you what you should be doing
ITIL focuses on operations, and mostly ignores development/solutions. ITIL seldom ventures into project management or portfolio management, and it skips a lot of aspects of request management.	COBIT is a list of critical success factors that provides succinct, non-technical best practices for each IT process and Maturity models to assist in benchmarking and decision-making for capability improvements.
The primary focus of ITIL is to provide best practice definitions and criteria for operations management. More specifically, ITIL primarily focuses on defining the functional, operational and organizational attributes that need to be in place for operations management to be fully optimized in two key categories.	The process focus of COBIT is illustrated by a process model that subdivides IT into four domains (Plan and Organize, Acquire and Implement, Deliver and Support and Monitor and Evaluate) and 34 processes in line with the responsibility areas of plan, build, run and monitor
If the objective is to continuously improve IT operations efficiency and IT customer service quality, ITIL would probably be be the better bet.	COBIT focuses on the definition, implementation, auditing, measurement and improvement of controls for specific processes that span the entire IT implementation life cycle. As such, it is an excellent reference model for IT governance across the entire implementation life cycle.

Continue reading