Current Projects 


Audit/Assurance Programs

ISACA is currently updating the audit/assurance programs for COBIT 5. The first group of programs to be released is a series of programs for the COBIT 5 processes, based on the generic structure developed in the COBIT 5 for Assurance publication. The new audit/assurance programs are fully aligned with COBIT 5, and explicitly reference all seven enablers. The programs below have been released.

COBIT 5 for Business Benefits Realisation

ISACA is writing the COBIT 5 for Business Benefits Realisation professional guide, which will support and enhance the COBIT 5 family of products by focusing on governance and management dimensions of business benefits realisation and providing contextualized guidance for consultants, experts in governance, business management, IT professionals and other interested parties at all levels of the enterprise. Business benefits realisation is a requirement from stakeholders and governance bodies to ensure that IT-business activity achieves the benefits that are envisioned when key investment decisions are made. The COBIT 5 framework helps enterprises to create optimal value from information technology by maintaining a balance between realising benefits and optimising risk levels and resource use.

Critical Cyber Event Governance and Management: Board and Executive Guidance

This white paper will discuss the need for governance over critical cyber events as a necessary component of risk management, and will outline the benefits in terms of business reputation and incident cost reduction that result when cyber event management is effectively planned for.

DevOps Series

DevOps refers to the movement within IT to improve relationships between development and operations. It relies on agile-like development methods, allowing smaller code changes to be released more frequently (e.g., every 5 to 6 days) when compared with traditional development and release management (e.g., with long cycle times). These methods may be especially promising for new web-based applications (e.g., more than legacy applications). The first publication in this series is DevOps Overview. The second paper in the series will follow in the third quarter of 2015..

Internal Controls

This white paper will attempt to clarify the issue of using and implementing internal controls and using the COBIT framework. It will also address the move from having control objectives to governance and management practices in COBIT 5. This publication is scheduled to be available in the third quarter of 2015.

Operational Risk Management/Basel Using COBIT 5

This will provide an update of the existing publication “IT Control Objectives Basel II” to align it with COBIT 5 and related publications. Concepts will be updated to reflect the current state of the technology, challenges, risk and necessary assurance practices. Publication is on hold pending the release of the updated COSO Enterprise Risk Management — Integrated Framework.


The book will describe the importance of protecting credit card and customer data and the role that compliance with the PCI DSS requirements plays in helping organizations develop and implement a security model that ensures the protection of data used for credit card processing. It will provide practical guidance related to the PCI DSS compliance requirements to help members understand how to achieve and maintain compliance with the standard through a robust security program that covers all six domains described in the PCI DSS standard. This book is scheduled to be available in second quarter 2015.

Privacy Principles and Program Management Guidance

This publication will offer uniform privacy guidance based on COBIT 5, including guidance on planning, implementing, and maintaining a comprehensive privacy program in an enterprise. The publication is scheduled to be available in the fourth quarter of 2015.