• Bookmark

COBIT Focus Archives

Employing COBIT 2019 for Enterprise Governance Strategy

By Christopher C. Anoruo, CRISC, CISM, CGEIT

COBIT Focus | 28 October 2019


Strategy is a plan for achieving a set objective. COBIT 2019 is here to help practitioners apply standard information and technology (I&T) controls to enterprise governance strategy. Mapping control objectives from the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) standard ISO/IEC 27001:2013 Information Security Management through COBIT 5 to the COBIT 2019 framework is a useful exercise to help develop a governance strategy. Read More >>

Using COBIT 2019 Performance Management Model to Assess Governance and Management Objectives

By Leela Ravi Shankar Dhulipalla, CGEIT, COBIT Certified Assessor, COBIT 2019 and COBIT 5 Trainer, IAITAM Accredited Trainer, Certified IT Asset Manager, PMP, TOGAF 9

COBIT Focus | 16 September 2019


The purpose of COBIT performance management (CPM) is to evaluate how well the governance and management system and all the components of an enterprise work, and how they can be improved to achieve target levels of process and practice capability and maturity. CPM concepts and methods align to and extend CMMI V2.0 capability and maturity levels. Read More >>

Achieving Digital Business Transformation Using COBIT 2019

By Oluwaseyi Ojo, CRISC, CISM, CGEIT, COBIT Certified Assessor, CEng, CISSP, CSA, SABSA, TOGAF 9

COBIT Focus | 19 August 2019


In today’s economy, digital business transformation is not an option—it is business imperative. Many enterprises develop a false sense of transformation security by running isolated digital projects and change initiatives that are not strategically transformational. Read More >>

Impressions From Delivering COBIT 2019 Foundation Training for Auditors

By Andrey Drozdov, CISA, CISM, CGEIT, COBIT 2019 Accredited Trainer

COBIT Focus | 5 August 2019


Due to the nature of their profession, IT auditors are some of the stakeholders most interested in COBIT. Delivering COBIT 2019 Foundation training to groups of IT auditors is a good way to glean insights and tips from the IT auditor’s perspective. Those learnings can benefit the wider audience of COBIT 2019 users and, therefore, should be shared. . Read More >>

Why Peter Pan Hates COBIT 2019

By Bruno Horta Soares, CISA, CRISC, CGEIT, PMP

COBIT Focus | 15 July 2019


Why would Peter Pan have an opinion on COBIT 2019, and a dark one no less? No, COBIT is not the name of the newest deckhand working for Captain Hook. Rather, it can be explained by my experience in which many enterprises are averse to change and, therefore, refuse to evolve and adopt new practices related to the governance and management of enterprise information and technology (I&T). Read More >>

Lessons Learned While Combining COBIT 5 and ITIL

By Shobhit Mehta, CISA, CISM, CISSP, ISO 27001:2013 LA, ISO 27005:31000, ITIL v3 Foundation

COBIT Focus | 24 June 2019


An engagement at a financial technology (fintech) organization provided a novel first-hand experience of working with COBIT 5. Despite more than 7 years’ experience in governance, risk and compliance (GRC) projects that involved COBIT 5, this engagement was the practitioner’s first opportunity not only to initiate a project under COBIT 5... Read More >>

Five Steps for Effective Auditing of IT Risk Management Using ISACA’s IT Risk Management Audit/Assurance Program

By Alexander Obraztsov, CISA, CISSP, PMP

COBIT Focus | 10 June 2019


With the increasing complexity of IT systems and their widespread implementation in virtually all spheres of life (e.g., medicine, banking, manufacturing, education), managing IT risk effectively becomes extremely challenging. In the most IT-mature industries, regulators already expect organizations to have mature IT risk management programs operating at the first and second lines of defense and providing holistic coverage of all possible IT risk. Read More >>

Governing Digital Transformation Using COBIT 2019
An Ehealth Case Study

By Aqel M. Aqel, CISA, CRISC, CGEIT, COBIT 5 Foundation, CSSGB, SMP

COBIT Focus | 20 May 2019


Many countries have launched ehealth initiatives as a response to public-sector transformation. It is one of the business sectors impacted by the vertical digitization movement that has become the trend in the last decade along with eeducation, ebanking, egovernment and more. A key indicator that summarizes ehealth maturity could be the centralized health records and access to patients’ medical histories anytime and anywhere. Read More >>

Tips for Implementing COBIT in a Continuously Changing Environment

By José Ángel Peña Ibarra, CRISC, CGEIT, COBIT 2019 Foundation, COBIT 5 Accredited Trainer

COBIT Focus | 29 April 2019


There is a new term coined here: “COBITIAN.” It describes professionals who love COBIT and are excited and happy for the evolution to COBIT 2019, including its new governance and management objectives, design factors, and focus areas concepts. Read More >>

COBIT 2019 Hot Off the Press
First Impressions Through Use at a Major Asian Bank

By Markus Walter, CISA, CISM, COBIT Foundation, CISSP, ITIL, PMP, TOGAF, and Bob Hayward

COBIT Focus | 15 April 2019


2019 is off to a strong start—there is an exciting year to come, and a refreshed and revitalized IT governance framework to explore. Released in December 2018, COBIT 2019 is a major revision of the well-established set of guides for effective IT governance. Thankfully, the perfect opportunity presented itself to test-drive COBIT 2019 with a client in Asia whose project commenced only days after the new framework was published. Read More >>

IT Governance 101: IT Governance for Dummies, Part 2
The Marriage Counselor

By Paul Wilkinson

COBIT Focus | 1 April 2019


Both business and IT are “unconsciously incompetent” when dealing with the issues relating to both the need for and scope of IT governance in this age of digital disruption. That is the thesis of the first installment of this 2-part series. This second installment addresses what can be done to foster understanding between business and IT and recognize the value in the relationship between the 2 so that both parts of the organization are working toward achieving the strategic goals of the enterprise. Read More >>

Defining Target Capability Levels in COBIT 2019: A Proposal for Refinement

By Joao Souza Neto, Ph.D., CRISC, CGEIT, COBIT Certified Assessor, Rafael Almeida, and Miguel Mira da Silva, Ph.D.

COBIT Focus | 18 March 2019


The COBIT 2019 Design Guide: Designing an Information and Technology Governance Solution outlines a robust, logical and quantifiable process for designing a governance system over enterprise information and technology (I&T). Its methodology, examples and tools update COBIT 5 in several critical respects: new concepts including design factors and focus areas increase flexibility and help enterprises customize the design process. Read More >>

Designing Your Organization’s Custom COBIT

By Stefanie Grijp

COBIT Focus | 4 March 2019


Governance over a complex and continuously evolving domain such as enterprise information and technology (I&T) requires a multitude of components, including processes, organizational structures, information flows, behaviors, etc. All of these elements must work together in a holistic way to correctly understand, design and implement a fit-for-purpose enterprise governance system for I&T. Read More >>

Agile GEIT, Building Trust and Maximizing Value Delivery: Part 2 Practitioner’s Guide

By Michael Bergman, CRISC, CISSP

COBIT Focus | 18 February 2019


To minimize the impact that ever-increasing legal and regulatory requirements have on Agile’s ability to respond effectively and efficiently to customer needs and maximize value delivery in a timely manner require a governance of enterprise IT (GEIT) system equally focused on managing IT risk and the delivery of a value-add outcome to the organization. Read More >>

COBIT Design Factors: A Dynamic Approach to Tailoring Governance in the Era of Digital Disruption

By CA. Abdul Rafeq, CISA, CGEIT, FCA

COBIT Focus | 4 February 2019


We are living in exciting times where the impact of disruptive technology is seen in all aspects of our professional and personal lives. We are witnessing the phenomenal pace of technology change and the resultant impact on enterprises in terms of innovative business processes facilitated by information systems with underlying technology. Read More >>

IT Governance 101: IT Governance for Dummies, Part 1

By Paul Wilkinson

COBIT Focus | 22 January 2019


There are a lot of IT governance “dummies” out there.
    dummy (noun)
    :a stupid or silly person

Before deciding not to read on, arguably, there are a lot of us out there showing little thought or judgement about what IT governance really means... Read More >>

Agile GEIT Practitioners Guide, Part 1

By Michael Bergman, CRISC, CISSP

COBIT Focus | 7 January 2019


Ever-increasing legal and regulatory requirements have an impact on Agile’s ability to respond to customers’ needs in a timely, effective and efficient manner. To limit that impact and maximize value delivery to the organization, a governance of enterprise IT (GEIT) system focused on managing IT risk within the Agile environment is required. Read More >>

GEIT Framework at Work, Part 6: Follow-Up and Continuous Improvement

By Peter C. Tessin, CISA, CRISC, CISM, CGEIT

COBIT Focus | 26 December 2018


Readers of this series of articles have seen the progression of steps taken in the implementation of 1 particular element of governing and managing enterprise IT (GEIT): managing security, as defined in COBIT 5’s APO13 Manage security process. The preceding articles have described the activities involved in identifying the issues, developing the mitigation plans... Read More >>

A New COBIT Is in Town and I Really Like How It Looks

By Mark Thomas, CRISC, CGEIT

COBIT Focus | 10 December 2018


ISACA released the latest version of the COBIT framework and I can tell you without hesitation that this latest structure is one of the best governance and management frameworks to date for the enterprise governance of information and technology (EGIT). If you have not yet taken a look at COBIT 2019, now is the time. Read More >>

Basic Lessons From COBIT Foundation Training

By Erik van Eeden

COBIT Focus | 26 November 2018


The COBIT 5 Foundation course helps students prepare for a multiple-choice exam. However, the answer options offered on the exam are not the only choices the learner should be making. Students who want to maximize the value they receive from the training have an array of decisions they must make about how to study and how to apply what they learn. Read More >>

Board Support Can Revolutionize Cities. COBIT 5 Can Help Attain It

By Graciela Braga, CGEIT, COBIT 5, CSXF, CPA

COBIT Focus | 12 November 2018


Most people, including many readers of this article, live in cities. Revolutionizing cities may seem like it is not an IT or technical issue, but smart sustainable cities are important for IT professionals. Why is revolutionizing cities relevant to IT communities and society as a whole? Because information technology has been and can be a strategic resource not only to transform a city into a smart city or a smart sustainable city, but also to transform citizens’ lives. Read More >>

Introducing COBIT 2019: The Motivation for the Update?

By John Lainhart, 1946-2018, CISA, CRISC, CISM, CGEIT

COBIT Focus | 29 October 2018


The upsurge of digital transformation has made information and technology (I&T) crucial in the support, sustainability and growth of enterprises. Whereas governing boards and senior management might once have delegated, ignored or avoided I&T-related decisions, they know now that this approach is ill advised. Read More >>

GEIT Framework at Work, Part 5: Confirming the Results

By Peter C. Tessin, CISA, CRISC, CISM, CGEIT

COBIT Focus | 2 October 2018 Chinese Simplified | Spanish


There comes a point in any long-term initiative when the issues have been identified, the mitigation plans developed, the appropriate work products defined, and those products and plans have been implemented. That is where the process described in this series of articles finds itself. In the last installment, the APO13 Manage Security process was fully implemented and stands ready to operate as business as usual. Read More >>

GEIT Framework at Work, Part 4: Outlining the Work Products

By Peter C. Tessin, CISA, CRISC, CISM, CGEIT

COBIT Focus | 17 September 2018 Chinese Simplified | Spanish


No governance of enterprise IT (GEIT) initiative can be accomplished without careful attention to the work products and the project plan. They are the elements that deliver tangible results from GEIT. This article—the fourth in a 6-part series that looks at the practical application of a GEIT framework—outlines the work that is required to create the defined work products and execute the project plan in an efficient, effective and successful manner. Read More >>

Tips for Implementing IT Governance With COBIT 5

By Zachy Olorunojowon, CISA, CGEIT, COBIT 5 Foundation, Implementation and Assessor, CSXF, PMP

COBIT Focus | 4 September 2018 Japanese


Underlying the implementation of a number of governance of enterprise IT (GEIT) initiatives are information governance and information management issues such as big data, analytics, information disintermediation, security, privacy, compliance and the need to drive quality decisions based on quality information, among others. Read More >>

Better the Process You Know Than the Gaps You Don’t

By James Reeve, CISA, CRISC, CISM, CGEIT, COBIT 5 Foundation and Assessor

COBIT Focus | 20 August 2018


James Reeve The FirstRand Group is a financial services provider in South Africa. It is one of the largest financial institutions in South Africa and the holding company of First National Bank (FNB), a retail and commercial bank. One of the core principles of the FirstRand Group is an ownership culture in which each subsidiary is empowered to make business decisions. Read More >>

COBIT 5—How to Get Inspired

By Andrey Drozdov, CISA, CISM, CGEIT, COBIT 5 Accredited Trainer

COBIT Focus | 6 August 2018 Chinese Simplified | Portuguese


Even best-in-class frameworks need to be half as inspiring as a good novel—and twice as inspiring for practitioners to read and use them! As a COBIT trainer, I use the following tips on how to capitalize on COBIT for IT governance-related projects and workshops. Read More >>

GEIT Framework at Work, Part 3: Creating a Project Plan

By Peter C. Tessin, CISA, CRISC, CISM, CGEIT

COBIT Focus | 23 July 2018 Chinese Simplified | Spanish


Peter C. Tessin There is an old saying about the importance of planning: “Failing to plan is planning to fail.” While the saying has become almost a cliché from years of use, it is essentially true. Very few projects are successful in achieving their goals without the support of a clear, comprehensive, fully defined and approved plan. Read More >>

The Victorian Protective Data Security Framework and COBIT 5

By Syed Salman, CISA

COBIT Focus | 9 July 2018 Chinese Simplified | Japanese


Syed Salman The amount of data being produced, processed, communicated and stored is larger than ever before. Most people are well aware that information about them is typically held by a variety of organizations ranging from governments to private organizations. The information can be personal in nature, which individuals would not want to have disclosed to others without their express consent. Read More >>

Tips for Making COBIT 5 Implementation Fit the Enterprise

By Rohit Banerjee, CRISC, CGEIT, COBIT 5 Implementation, CSX Foundation, ISO/IEC 27001 Lead Auditor, ISO/IEC 38500 Lead IT Corporate Governance Manager, ISO 21500 Lead Project Manager, ISO 9001 Lead Auditor and Lead Implementer, ITIL V3 2011 Foundation, MSP Practitioner, PRINCE2, PMP, Six Sigma Black Belt

COBIT Focus | 25 June 2018 Chinese Simplified


Rohit Banerjee Implementing COBIT 5 in an organization is an ambitious aspiration and a noteworthy endeavor. It demonstrates the maturity, willingness and commitment to improve. However, practical implementation challenges are often daunting and numerous. While the COBIT 5 framework and the COBIT 5 Implementation guide, along with several other references, do provide a very solid foundation on which to build... Read More >>

GEIT Framework at Work, Part 2: Plan the Solution

By Peter C. Tessin, CISA, CRISC, CISM, CGEIT

COBIT Focus | 11 June 2018 Chinese Simplified | Spanish


This article is the second in a 6-part series that looks at the practical application of a governance of enterprise IT (GEIT) framework. This article focuses on planning the resolution of the issue identified in part 1. In part 1, the issue identified was a reliance on controls identified and designed by management without involving anyone responsible for looking at the control portfolio from the enterprise perspective. Read More >>

Update of System Audit Standard and System Management Standard in Japan

By Masatoshi Kajimoto, CISA, CRISC

COBIT Focus | 29 May 2018


Masatoshi Kajimoto The Japanese Ministry of Economy, Trade and Industry (METI) published the System Audit Standard and the System Management Standard in 2004. Despite significant changes to the IT environment after that date, no updates to these materials were published. Needless to say, they had become quite outdated. Read More >>

GEIT Framework at Work, Part 1: Identifying the Problem

By Peter C. Tessin, CISA, CRISC, CISM, CGEIT

COBIT Focus | 14 May 2018 Chinese Simplified | Spanish


Peter C. Tessin This article is the first in a 6-part series that looks at the practical application of a governance of enterprise IT (GEIT) framework. The starting point is discussed in this article—forming an awareness that a problem exists and how to approach it. The subsequent articles will move through planning and executing the solution. Read More >>

Seven COBIT 5 Implementation Pitfalls to Avoid

By Opeyemi Onifade, CISA, CISM, CGEIT, BRMP, CISSP

COBIT Focus | 9 April 2018 Chinese Simplified | Portuguese


Opeyemi Onifade Good practices are as good as those who practice them. As a COBIT trainer, I recommend the following tips which can help COBIT users become “good” COBIT 5 practitioners.
1. Principles are the guiding thoughts established to underpin the implementation of good practices. Read More >>

Improving the Service Desk by Using COBIT 5

By Claudio Cilli, Ph.D., CISA, CRISC, CISM, CGEIT

COBIT Focus | 26 March 2018 Chinese Simplified | Japanese


Claudio Cilli The IT service desk plays a significant role in the day-to-day operations of any organization. When it functions well, all other activities perform well. If the service desk cannot perform, either because it does not have the proper technical skills or does not show requisite empathy, key personnel and activities suffer. Read More >>

Here Comes the GDPR. Are You Ready?

By Mark Thomas, CRISC, CGEIT

COBIT Focus | 26 February 2018


Mark Thomas By now, most have at least heard of something called the EU General Data Protection Regulation (GDPR). If not, you may be in for a big surprise.

The EU Data Protection reform, adopted as the General Data Protection Regulation, has emerged as a seemingly unavoidable sweeping regulation that is getting the attention of organizations across the globe. Read More >>

Process Capability Assessment Using COBIT 5 as a Compliance Requirement

By Peter C. Tessin, CISA, CRISC, CISM, CGEIT

COBIT Focus | 12 February 2018 Chinese Simplified


Peter C. Tessin Governance and management of enterprise information technology (GEIT) is the practice of applying enterprise resources (enablers) to the creation and delivery of value to enterprise stakeholders. ISACA’s COBIT 5 GEIT framework is well established, having reached its 20th anniversary in 2017, and is used in many industries around the world. Read More >>

Portfolio, Program and Project Management Using COBIT 5, Part 3

By Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP, and Eswar Muthukrishnan, CISA, CPISI, MCA, PGDM

COBIT Focus | 29 January 2018


Sunil Bakshi Eswar Muthukrishnan This is the continuation of a series of articles published in COBIT Focus beginning in September 2017. The first article discussed the approach for mapping COBIT 5 with the Project Management Institute (PMI’s) standards and publication A Guide to the Project Management Body of Knowledge (PMBOK Guide). The second article discussed the differences between PMI standards and COBIT 5 at a high level. Read More >>

GDPR Countdown and COBIT 5

By Sue Milton, CISA, CGEIT

COBIT Focus | 15 January 2018


Compliance with the EU General Data Protection Regulation (GDPR) begins on 25 May 2018, giving us almost 6 months to finalize GDPR preparations. Doing nothing is not an option.

Doing Something

The exact number of days left can be found here. Read More >>

Portfolio, Program and Project Management Using COBIT 5, Part 2

By Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP, and Eswar Muthukrishnan, CISA

COBIT Focus | 2 January 2018


Sunil Bakshi Eswar Muthukrishnan This is a continuation of a previous article published in COBIT Focus in September 2017. The first article discussed the approach for mapping COBIT 5 with the Project Management Institute (PMI) standards and The Standard for Program Management–Fourth Edition. Read More >>


COBIT Focus Archives page 1 | 2 | 3 | 4 | 5