In a popular professional social network recently, an individual penned a post suggesting that considering COBIT 5 a “business framework” was nonsense. He challenged readers to provide an explanation to justify such a definition for ISACA’s model.
Here goes mine! In its early years, COBIT was more of an IT model. Nonetheless, its latest edition— COBIT 5—has actually evolved into a “business framework.” This needs clarification; otherwise it would be easy to make the mistake of thinking that we are talking about a model for traditional business processes, such as sales, engineering, marketing, etc.
Nothing could be further from the truth! This is clearly detailed by ISACA, which describes COBIT 5 as “a business framework for the governance and management of enterprise IT.” That means—as anyone who knows the model’s background can tell you—that the new version maintains a focus on IT but with a more pronounced business approach and emphasis. The stakeholders on the business side can benefit along with those on the IT side. In other words, driving and controlling (governing) the IT behavior within any organization goes beyond the CIO’s realm.
In this way, COBIT 5 becomes a framework for the corporate governance of IT. Previous editions—from the first COBIT, introduced in 1996, to 2007’s COBIT 4.1—focused more on practices to help the CIO better manage the IT shop.
Of course, the message of COBIT 5 is not a new one. This message emerged seven years ago, back in 2006 when Val IT was born. Val IT was the first of ISACA’s models that provided a business standpoint of IT and its related issues, highlighting that there are many IT-related activities that should be performed by the “business people,” not the IT team.
If you explore this idea through the RACI matrix, to model the number of accountabilities and responsibilities beyond the CIO’s, you see how COBIT 5 is a framework not exclusively designed for the IT team.
Since it is a collection of good practices to be adopted and adapted in the implementation of an overarching IT governance-and-management system, COBIT 5 can be—should be—referred to as a business framework for the governance and management of enterprise IT.
There is nothing nonsensical about that.
Miguel García-Menéndez, CISA, CISM, CGEIT, CRISC
Co-founder, CEO and Research Director, Innovation & Technology Trends Institute ( iTTi)
Board Member and Research Director, ISACA Madrid Chapter
Continue the conversation…engage with your peers in the COBIT 5-Use it Effectively topic in ISACA’s Knowledge Center.