ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > The Future of COBIT—We Need Your Input

The Future of COBIT—We Need Your Input

John Lainhart, Matthew Conboy, Frank Schettini
| Posted at 12:00 PM by ISACA News | Category: COBIT-Governance of Enterprise IT | Permalink | Email this Post | Comments (8)

It is time to consider the next evolution of the COBIT framework beyond COBIT 5—and here is your chance to play an important role.

As you are well aware, COBIT is the premier IT governance framework, helping organizations around the world realize significant value. ISACA is seeking your help to ensure that COBIT continues to evolve as a vibrant framework that encompasses the new capabilities and threats (Internet of Things, big data, cyber security, DevOps, etc.) constantly arising in the world of IT governance.

We are in the process of evaluating and fundamentally changing COBIT to better serve COBIT users and would like to get your feedback and thoughts. A key part of the evaluation process is our belief that, to fully enable organizations worldwide, we recommend changing the delivery model by providing COBIT-as-a-Service (CaaS).

As a starting point, we have considered usage feedback and market data of existing COBIT 5 and COBIT 4.1 frameworks, as well as enhancements leveraging the recent acquisition of the CMMI Institute.

What We Know:

  • COBIT is highly regarded as the single comprehensive IT framework and has excellent brand recognition globally.
  • There are no direct competitors with “like” products that include IT audit, cyber security, IT risk, IT governance and business principles.
  • COBIT 5 is 5 years old and it needs to be dynamically updated going forward.
  • Key industry trends of crowdsourcing and open sourcing solutions improve relevance of products.

We Want Your Input on This New Idea—Providing COBIT-as-a-Service (CaaS):

  • Provide a fully-online, interactive COBIT framework, COBIT Implementation, COBIT Enabling Processes and COBIT Enabling Information to ALL. Crowdsource to members and non-members to ensure currency in a dynamic and changing environment through frequent content refresh.
  • Determine whether we need to provide oversight to updates or leave it up to the practitioner base to address any issues that arise.
  • Add additional domains and industry-specific content with data tags to allow users to create a custom/tailored COBIT to allow many different views of COBIT—e.g., by subject area, by role, by industries, etc.
  • Partner with internal (e.g., CMMI) and external organizations to go deeper in areas of expertise (e.g., cyber security), and also with organizations that go outside the traditional areas of focus for COBIT (e.g., IT supporting product development).
  • Provide cross-linkage to externally referenced frameworks (e.g., ITIL).
  • Create unique and relevant principles, policies, processes, practices and tools for specific industries (e.g., health care) and audiences (e.g., privacy).
  • Develop a digital platform (mobile/web) for viewing, updating and using COBIT content.
  • Build a broader community of experts and involve them in thought leadership.

We Need Your Help to Achieve This Future State
Please provide your thoughts and comments on the vision for COBIT by 1 December, and let us know what else you would like by emailing

About the authors:

John Lainhart, CISA, CISM, CGEIT, CRISC, CIPP/G, CIPP/US, serves as the Cybersecurity Fellow, emeritus for IBM’s Center for the Business of Government. He is also on the Board of Directors of George Washington University’s Center for Cyber and Homeland Security, serves on the Cyber Maryland Advisory Board and as an advisor to the ISACA Board of Directors.

Matthew Conboy, CISA, is a strategic operations manager at Cigna, and has over 10 years of experience leading and consulting within the strategy, project execution and risk/audit domains, with special focus on the bridge between IT and Business. Since 2008 he has been on the board of his local Greater Hartford Connecticut (GHC) ISACA chapter, and currently is the chapter’s vice president and chair of the Education and Marketing and Communications Committees.

Frank Schettini, MBA, is Chief Innovation Officer of ISACA. Prior to joining ISACA, he worked as vice president of information technology at Project Management Institute (PMI). His experience includes more than 30 years in various industries in the areas of strategic planning; project, program and portfolio management; process improvement; enterprise architecture; and change management.


Future of COBIT A few comments

Before we look at COBIT , ISACA needs to refresh its strategy and enterprise architecture as an organisation; is it a for profit, not for profit, a Governance, security audit, all things to all professions etc. ? there is market confusion about its offerings for professional certifications and the products it offers.

There is also market confusion surrounding CMMI ( A SCAMPI approach) verses the current ISO SPICE COBIT 5 approach, they are totally different. There are also many issues with COBIT 5 that requires attention; too big for short comments and finally we need to get back to basics, the IT language used is confusing from Cloud, to Big Data to Containerisation etc. We live in a Digital world so we should no longer use IT and simplify to Digital Business with sub sections like Digital security, Risk, Audit & Assurance Governance etc. Happy to submit a paper on issues with recommendations
Gary396 at 11/14/2016 2:04 AM

Re: The Future of COBIT—We Need Your Input

Not to sure what is the need for another version of COBIT. People and companies are still struggling to adopt COBIT 5 and with the new version, everything will be rolled-back. I believe COBIT 5 is quite comprehensive and at the moment there's no need to change to the next version. Those who are COBIT 5 certified, what would be there future? There's a lot more things which ISACA and this elite panel need to work on before moving to the next version.
HAFIZ SHEIKH ADNAN AHMED at 11/15/2016 11:21 PM

Re: The Future of COBIT—We Need Your Input

I think that the current version of COBIT 5 should be supplemented by providing the guides for all facilitators and also providing professional guides according to different industries and audiences.
Andre755 at 11/16/2016 9:37 AM

COBIT 5 Foundation

It is time to make a change. Is APMG International really going to promote the popularity of the COBIT 5.0 Foundation and training? I don't think so. It is a pain for self study individual to book a test. What have they done to encourage more people looking into the Foundation, in order to take the next step? Make it available with Prometric or Pearson Vue.

Kah Weng313 at 11/22/2016 7:58 AM

COBIT 4.1 Processes - Maturity Model Pages

COBIT 4.1 was good in measuring the processes maturity level & highlighting the gaps to the next level which we miss in COBIT 5

It will be appreciated if we can have it back in next COBIT 5.1 / 6
Ali171 at 11/30/2016 6:31 AM

COBIT is a core element of our value proposition

For the future of COBIT, here are a few issues that should be addressed:
• Instead of integrating COBIT in their practice, accounting firms and consulting firms appear to have pushed either their own proprietary frameworks or recognized but less comprehensive frameworks and standards such as ITL and ISO series.

• Maturity Model vs Process Capacity; the goal is to establish the organization's current situation and the target situation.  From there on, you need executive and management buy-in to move forward.  The maturity model appears to be more contructive and less judgmental and therefore more prone to engage people.

• COBIT is among the few elements that will always differentiate ISACA from the competition.  Others have research, education and certification.  Some have their own reference material.  Many need to refer to global frameworks and standards with limited scope.  ISACA is THE association that has THE single comprehensive framework that integrates the best of the best of all other relevant frameworks and standards.

COBIT should therefore be factored into most or all of ISACA's initiatives.
M. Lambert, Québec City
M.Lambert at 12/1/2016 4:09 PM

The Future of COBIT—We Need Your Input Cobit 5 Framework  COBIT-as-a-Service (CaaS):

The new CaaS must be compliance with GPDR EU and help to adapt Binding Corporate Rules with regular procedures for processor and for controller

More info in

This is mandatory to sensitive data and cyberdefense in Europe.
ramoncod at 12/12/2016 10:25 AM

The future of COBIT-We need your input COBIT CaaS

I am sharing these links that will help you have a better understanding from usage of COBIT 4.1 and more applicable usage of COBIT 5 through ISO27001 process control mapping:

Both articles are based and derived from exercises in process controls done through ISO27001, and mapped to COBIT 4.1 and COBIT 5 processes respectively. The article on COBIT 5 mapping specified the gains from separation of management and governance. Governance is fully addressed in COBIT 4.1 and additional details of incorporating management of enterprise IT with COBIT has helped in building COBIT 5.
My contribution to this quest is to allow the understanding, maturity and exploration of COBIT 5, hopefully the evolution and transformation that will further enhance COBIT will be smoother and more welcoming.
Chris Emeka Anoruo at 12/16/2016 2:21 PM
You must be logged in and a member to post a comment to this blog.