• Bookmark

COBIT Focus Archives

Performance Measurement Musings

By Peter T. Davis, CISA, CISM, CGEIT, COBIT Foundation, COBIT Implementation, COBIT Assessor, COBIT INCS, CISSP, CPA, CMA, CMC, ITIL FC, ISO 9001 FC, ISO 20000 FC/LI/LA, ISO 27001 LI/LA, ISO 27005/31000 RM, ISO 28000 FC, ISTQB CTFL, Lean IT FC, Open FAIR FC, PMI-RMP, PMP, PRINCE2 FC, SSGB, RESILIA FC

COBIT Focus | 21 December 2015 Arabic | French | German | Italian | Japanese | Korean | Portuguese | Spanish


I keep returning to the COBIT 5 Culture, Ethics and Behaviour enabler as it is so difficult to address and it is where many companies fail. Let us focus on performance measurement in this article. You have most likely heard the expression, “You get the behavior you reward.” Most people look at this as the basis for their reward systems. Read More >>

ISO/IEC 27001 Process Mapping to COBIT 4.1 to Derive a Balanced Scorecard for IT Governance

By Christopher Anoruo, CISM, CGEIT, CRISC

COBIT Focus | 14 December 2015


The balanced scorecard (BSC) initially developed by Kaplan and Norton is a performance management system that should allow enterprises to drive their strategies on measurement and follow-up.

In recent years, the BSC has been applied to IT and, currently, the first real-life IT security governance application has been developed based on ... Read More >>

COBIT 5 and the Added Value of Governance of Enterprise IT

By Arturo Umana, COBIT Foundation, ITIL Foundation

COBIT Focus | 7 December 2015 Arabic | French | German | Japanese | Korean | Portuguese | Spanish


It is a well-known fact that one of the major improvements in COBIT 5 was the integration of both Val IT and Risk IT into the framework. This follows the logical development line of COBIT along its different versions and reflects better the needs of appropriate governance of enterprise IT (GEIT) for modern enterprises. Read More >>


Driving Enterprise IT Strategy Alignment and Creating Value Using the COBIT 5 Goals Cascade

By Tichaona Zororo

COBIT Focus | 30 November 2015


The goals cascade is the nerve center of COBIT 5. It supports the identification of stakeholder needs and enterprise goals through the achievement of technical outcomes which, in turn, support the successful use of enabling processes and organizational structures (figure 1). Read More >>


Culture Eats Process for Breakfast


COBIT Focus | 23 November 2015


I, like many of you, used to think corporate culture did not matter because others convinced me it did not. Discussion of vision, mission and values was for someone living in an ivory tower, I was told by some. They did not have time for that as they lived in the real world and had to get things done. Read More >>

Using COBIT 5 to Measure the Relationship Between Business and IT

By Mark T. Edmead, CISA, COBIT 5 Assessor, BRMP, CASM, CISSP, DevOps Foundation, Lean IT Foundation, TOGAF 9.1

COBIT Focus | 16 November 2015


An enterprise is much more than just information technology. The common infrastructure is that there are many functional areas including human resources (HR), IT, manufacturing, operations, finance and so on. The challenge is to get all of these functional departments to work cohesively and with the same goal in mind. Read More >>

Does a COBIT 5 Self-assessment Help the Business to Get Control of a Shared Service Center?

By Jörg Schorning, COBIT Assessor, COBIT Foundation, COBIT Implementation

COBIT Focus | 9 November 2015


In the summer of 2014, the chief information officer (CIO) of a shared service center (SSC) owned by 3 different, culturally diverse types of companies asked the author to perform an assessment based on COBIT 5. The most pressing question the CIO needed to answer for his organization’s board of directors (BoD) was, “Are we in control of IT?” Read More >>

COBIT 5 Adoption: Understand and Be Understood

By Oliver Crespo, CISA, CISM, ISO 2700

COBIT Focus | 2 November 2015


One of the most important discoveries for the human age was the Rosetta Stone. This piece of granite was the key element to decoding and understanding Egyptian hieroglyphs. Using this stone, it became possible to understand what the Egyptians wrote in their papyrus and allowed us to understand how the ancient Egyptians lived and thought. Read More >>

Addressing Sustainability and Social Responsibility in COBIT 5 IT Governance Processes

By Graciela Braga

COBIT Focus | 26 October 2015 Chinese | French | Italian | Korean | Portuguese | Spanish


Sustainability, sustainable development and social responsibility are related terms.

Social responsibility includes an organization’s responsibility for the impact of its decisions and activities on society, the environment and economy, and, therefore... Read More >>

Aligning Universities and Enterprises Using COBIT 5

By Bruno Horta Soares, CISA, CGEIT, CRISC, PMP, and Miguel Mira da Silva, Ph.D.

COBIT Focus | 19 October 2015


The alignment of academic knowledge with professional skills is now one of the main challenges faced by universities around the world, particularly in the field of information systems management and governance, where the evolution of concepts and their application are constantly changing. Read More >>

Towards Building a Privacy Programme: A Personal Journey

By Russell Raizenberg, CGEIT, CRISC

COBIT Focus | 12 October 2015


During November 2013, South Africa enacted legislation that seeks to regulate the processing of personal information. It is known as the Protection of Personal Information Act of 2013 (POPIA). Given its infancy and the number of entities seeking compliance, it is understandable that existing resources are limited, constrained and, very likely, expensive. Read More >>

Leveraging COBIT to Implement Information Security (Part 4)

By John Frisken, CISA, CA

COBIT Focus | 5 October 2015


This article is the final article of a 4-part “Leveraging COBIT to Implement Information Security” series. Part 1 covered how COBIT 5 can be used to establish the overall framework for the collaboration of technical standards such as the IT Infrastructure Library (ITIL), ISO/IEC 27001 and SANS Critical Security Controls (SANS Top 20). Read More >>

Implementation of Service Integration in a Multiprovider Environment Using COBIT 5

By Martin Andenmatten, CISA, CGEIT, CRISC, ITIL Master

COBIT Focus | 28 September 2015 French | German | Portuguese | Spanish


We are living in a constantly changing world. While technology is getting smarter and easier to handle for users, governance and management of enterprise IT (GEIT) is becoming overly complex.

ISACA’s COBIT Conference Europe Provides Actionable Insights and Training for All

By Okanlawon Zachy Olorunojowon, CISA, CGEIT, PMP

COBIT Focus | 21 September 2015


Getting the foundation right is critical. COBIT is an important foundation for good governance and management of enterprise IT (GEIT). Are you looking to build a solid foundational understanding of COBIT 5, earn the COBIT 5 Foundation certificate, or gain actionable and practical guidance on using the COBIT 5 framework? Read More >>

COBIT 5 and Independent IT Services Suppliers

By Vincent Pearce, CGEIT, ITIL, priSM

COBIT Focus | 14 September 2015


I focus on delivering IT managed service outsource transitions and implementations, working with organisations that are outsourcing IT services or transitioning between suppliers. As an IT managed service specialist, I have extensive experience with ITIL; however, when bearing in mind the end-to-end requirements to be considered and addressed... Read More >>

Reinventing Our Processes


COBIT Focus | 8 September 2015


Some COBIT processes focus on the need to reinvent your organization. Innovation (as in COBIT 5 process APO04 Manage innovation), for example, is always a matter of reinventing, reengineering or continually improving. Read More >>

Leveraging COBIT to Implement Information Security (Part 3)

By John Frisken, CISA, CA

COBIT Focus | 31 August 2015


This article is a continuation of the article originally published 4 May 2015 called ‘Leveraging COBIT to Implement Information Security’. Part 1 covered how COBIT 5 can be used to establish the overall framework for the collaboration of technical standards such as the IT Infrastructure Library (ITIL), ISO/IEC 27001 and SANS Critical Security Controls. Read More >>

Benchmarking of COBIT 5 PAM Assessments Performed in Brazilian Public Sector Banking Organizations

By Joao Souza Neto, Ph.D., CGEIT, CRISC, PMP, Geraldo Loureiro, CRISC and Diana Santos, PMP

COBIT Focus | 24 August 2015


This article presents the process capability assessments of the governance domain of COBIT 5 for 3 Brazilian public sector banking organizations. Read More >>

How COBIT 5 Helped Al Rajhi Bank to Meet Compliance and Regulatory Requirements

By Ibrahim Al-Rashid, Vaseem Nasiruddeen, COBIT Foundation, ITIL Expert, PMP, CMQ/OE, and Sreechith Radhakrishnan, COBIT Certified Assessor, ISO/IEC 20000 LA, ISO/IEC 27001 LA, ISO22301 LA, ITIL Expert, PMP

COBIT Focus | 10 August 2015 Arabic | French (Canada) | Japanese | Portuguese | Spanish


Founded in 1957, Al Rajhi Bank is one of the largest Islamic banks in the world with total assets of SR 288 billion (US $76.8 billion), a paid up capital of US $4.3 billion and an employee base of more than 8,400 associates. Read More >>

Leveraging COBIT to Implement Information Security (Part 2)

By John Frisken, CISA, CA

COBIT Focus | 27 July 2015


Studies by many organisations have highlighted that companies that are remaining secure are focusing on implementing security controls as an integral part of their IT service management (ITSM) systems, not as stand-alone management systems. Read More >>

Are You a COBIT 5 Expert, Champion or Consultant? Be Aware!

By Paras Kesharichand Shah, CISA, CGEIT, CRISC, CA

COBIT Focus | 13 July 2015


The COBIT 5 Implementation guide1 is one of the most valuable jewels in the COBIT 5 crown. Any practitioner who has used any of the COBIT 5 practices and guidance might have come across the implementation guidance at some point in time. Read More >>

State and Impact of GEIT in Organizations: Key Findings of an International Study

By Steven De Haes, Ph.D., Anant Joshi, Ph.D., and Wim Van Grembergen, Ph.D.

COBIT Focus | 6 July 2015


Information and related technology are increasingly important in enabling enterprises to deliver value to their stakeholders. As a result, enterprises are increasingly making investments in their governance of enterprise IT (GEIT) and are often drawing upon the practical relevance of generally accepted good practice frameworks such as COBIT. Read More >>

Using Versus Implementing COBIT 5

By Barry D. Lewis, CISM, CGEIT, CRISC, COBIT Foundation, CISSP

COBIT Focus | 22 June 2015


Enterprises are being encouraged to implement COBIT to improve their governance of enterprise IT (GEIT) and this is good advice. However, many enterprises are understandably reluctant to undergo such a massive project, or have difficulty obtaining senior management buy-in due to budget, staffing or indecision over benefits. Read More >>

Information Is the Ichor of Your Organization

By Peter T. Davis, CISA, CISM, CGEIT, COBIT Foundation, COBIT Implementation, COBIT Assessor, COBIT INCS, CISSP, CPA, CMA, CMC, ITIL FC, ISO 27001 LI/LA, ISO 27005/31000 RM, ISO 20000 FC/LI/LA, ISO 9001 FC, ISO 28000 FC, ISTQB CTFL, Open FAIR FC, PMI-RMP, PMP, PRINCE2 FC, SSGB

COBIT Focus | 15 June 2015


In Greek mythology, ichor was the ethereal golden fluid that was the blood of the gods and immortals. So is information the golden lifeblood that runs through your organization? In APMG’s COBIT 5 Foundation course material, there are a couple of slides about the value of information. Students seem somewhat disinterested, blasé or jaundiced when shown these slides. Read More >>

Critical Success Factors for Continually Monitoring, Evaluating and Assessing Management of Enterprise IT

By Zhiwei Fu, Ph.D., CISA, CRISC, CGEIT, CFE, CISSP, PMP, and Eric H. Mittnight, CISA, CGEIT, CISSP, PMP

COBIT Focus | 8 June 2015


To achieve their objectives and sustain their competitive edge, it has become increasingly necessary for contemporary businesses to bring more effective and efficient enterprise IT management capabilities to bear across their enterprises. Read More >>

Lessons Learned From the COBIT Conference

By Mark Thomas, CGEIT, CRISC

COBIT Focus | 1 June 2015


I thought I knew COBIT, but then I went to the inaugural COBIT Conference hosted by ISACA (16-18 March 2015 in Orlando, Florida, USA) and learned that there is much more to COBIT than I ever imagined—not just from a content perspective, but from a real adoption perspective. Read More >>

COBIT 5 and ITIL Adaptation at a Saudi Municipality

By Govind Kulkarni, COBIT5, CSQA, ITIL Expert, PMP

COBIT Focus | 25 May 2015 Arabic | French | Italian | Portuguese | Spanish


The Municipality of Eastern Region (MER) based in Dammam, Saudi Arabia, is a government-owned institution that has been in existence for 50 years. Its main purpose is to serve citizens within the scope of its region. Read More >>

Bahrain Government Embraces COBIT 5 Governance and IT Management

By Harikrishnan Sugumaran, ITIL, ToGAF, Khalid Al-Mutawah, Ph.D., Zakareya Ahmed Al-Khaja, Ph.D.

COBIT Focus | 18 May 2015


The Kingdom of Bahrain’s eGovernment Authority is focused on ensuring the effective delivery of government services to citizens, residents, businesses and visitors (collectively, the customers). The aim is to improve the lives of a nation’s citizens by doing much more than simply implementing technology. Read More

5 Common Mistakes in Adopting COBIT 5

By Sreechith Radhakrishnan, COBIT Certified Assessor, ISO/IEC 20000 LA, ISO/IEC 27001 LA, ISO22301 LA, ITIL Expert, PMP

COBIT Focus | 11 May 2015


There are a number of key benefits to be gained from effective governance of enterprise IT (GEIT). Among those benefits are IT-business alignment, the realization of the benefits of IT investments, reduced costs, reduced IT-related business risk, and the ability to meet regulatory and compliance requirements. Read More

Leveraging COBIT to Implement Information Security

By John Frisken, CA

COBIT Focus | 4 May 2015


In delivering IT security consulting services to large enterprises in Australia, particularly in the health care, utility and large government sectors, Information Systems Group has used the International Organization for Standardization (ISO) standards extensively, for example ISO 27001 for security and ISO 20000 for IT service management. Read More

Applying COBIT in a Government Organization

By João Luiz Marciano, CISA, CGEIT, CRISC

COBIT Focus | 27 April 2015


Brazilian private, government and public organizations have been familiar with the COBIT framework since its inception in the 1990s. However, the acceptance and use of the model reached a wider audience with COBIT 4.1, which was released in 2007. Read More

COBIT 5 Principles and Enablers Applied to Strategic Planning

By David Mondragon Tapia, COBIT Foundation, ITIL Expert, ISO/IEC 20000, PRINCE2

COBIT Focus | 20 April 2015


Can COBIT 5 principles and enablers be applied to support strategic planning exercises?

Two years ago in Mexico City, work was underway at an organization that offers managed print services and document solutions. Read More

The Core COBIT Publications: A Quick Glance

By Mark Thomas, CGEIT

COBIT Focus | 13 April 2015 Chinese (Simplified) | French | Portuguese | Japanese | Spanish | Turkish


When ISACA announced it was replacing COBIT 4.1 with a new version of the framework, some experts were skeptical. COBIT 4.1 was easy. The content was very familiar. If additional information not covered in COBIT was needed, another document like Val IT or Risk IT could provide more details. Read More

COBIT Helps Organizations Meet Performance and Compliance Requirements

By Sreechith Radhakrishnan, COBIT Certified Assessor, ISO/IEC 20000 LA, ISO/IEC 27001 LA, ISO22301 LA, ITIL Expert, PMP

COBIT Focus | 6 April 2015


Many organizations need help meeting performance and compliance requirements. A consulting company in the United Arab Emirates worked with three different organizations to help each organization meet its governance, risk and compliance (GRC) requirements.
  Read More

Navigating I/O Flows/Networks to Enhance the Governance Management Cycle

By Makoto Miyazaki, CISA, CPA

COBIT Focus | 30 March 2015


What constitutes true adoption of COBIT 5? Is it a minimum condition that at least one principle of COBIT 5 is adopted for true adoption of COBIT 5? To answer this question, one must look at COBIT 5’s principles, in other words, its raison d'être. Read More

Governance of Enterprise IT Missing In Action

By Troy DuMoulin, COBIT, ITIL Expert, ISO 27000, Lean IT, Prince2

COBIT Focus | 23 March 2015 French | German | Polish | Portuguese | Spanish


For a team to win games and claim championships, it needs to be more than a group of individual star players with unique sets of specialty skills. Winning teams operate under a common vision, mission and share a playbook established by strong leaders who understand how the various members of the team are best organized to achieve team goals. Read More

Establishing a Governance and Management Structure for E-commerce Using COBIT 5

By Chidi Henry Emeribe, CISA, COBIT 5 Foundation

COBIT Focus | 16 March 2015 French | Italian | Japanese | Portuguese | Spanish


A company based in Lagos, Nigeria, is in the business of sales and distribution of its brand of shoes through physical outlets in the Lagos area. In a bid to expand its operations to areas outside of its physical outlets and to also have a better competitive showing in the Nigerian marketplace, the enterprise’s decision makers decided to use the Internet as the platform of choice to achieve this need. Read More

Nine Steps to Assess GEIT Processes

By Leela Ravi Shankar Dhulipalla, CGEIT, COBIT 5 Certified Assessor, Implementer and Accredited Trainer, PMP

COBIT Focus | 9 March 2015


The purpose of the COBIT Assessment Programme is to support the evaluation of IT process capability in an understandable, logical, repeatable, reliable and robust way (based on international standard ISO/IEC 15504). Read More

Implementing an ISO-integrated Management System Using COBIT 5

By Opeyemi Onifade, CISA, CISM, CGEIT, COBIT Certified Assessor, CISSP, ISO 20000 Practitioner, ISO 27001 LA/LI, PRINCE2 (P)

COBIT Focus | 2 March 2015


The Central Bank of Nigeria issued a compliance document titled “Nigeria Financial Services IT Standards Blueprint” in May 2013. The blueprint, which includes time lines, is the main driver for the implementation of IT-related standards such as COBIT 5, ISO/IEC 27001:2013, ISO/IEC 20000:2011... Read More

COBIT and the CPA Firm, Part 2

By R. Curtis Thompson, CISA, CPA, CITP

COBIT Focus | 23 February 2015


Last year, part 1 of this article outlined how CPA firm Yount, Hyde & Barbour was using COBIT to help build processes to allow its IT department to better serve the enterprise’s needs. While progress has been slow, the firm has seen improvements due to its implementation efforts. Read More

A New Practical Guide On Information Systems Auditing

By John Beveridge, CISA, CISM, CGEIT, CRISC, CFE

COBIT Focus | 16 February 2015


Information Systems Auditing: Tools and Techniques is a practical guide on how to write an information systems (IS) audit report. It assists IS auditors in preparing comprehensible, well-supported audit reports that comply with the requirements of the IS Audit and Assurance Standards and IS Audit and Assurance Guidelines published by ISACA. Read More

COBIT 5 Supports Cloud Computing Migration in the Brazilian Public Sector

By Wellington Evangelista and Joao Souza Neto, Ph.D., CGEIT, CRISC, COBIT Certified Assessor

COBIT Focus | 9 February 2015


Cloud computing has been seen by industry experts as able to revolutionize information technology, because it significantly changes the way IT is consumed and provided. Read More

Tips for Implementing and Sustaining Effective GEIT

By Okanlawon Zachy Olorunojowon, CISA, CGEIT, PMP

COBIT Focus | 2 February 2015


Okanlawon Zachy Olorunojowon For most organizations, the reality is setting in that alignment of IT and corporate strategies is no longer sufficient. Across various industries, banking, retail, energy, health care and other sectors, organizations are adopting and adapting IT governance frameworks, in particular COBIT 5. Read More

ISACA’s COBIT Conference Provides Training and Insights for All Levels of Expertise

By Debbie Lew, CISA, CRISC

COBIT Focus | 26 January 2015


Debbie Lew ISACA is hosting a first-of-its-kind conference devoted exclusively to COBIT. As noted in the recent IT Audit Benchmarking Survey, respondents cited COBIT as the most accepted industry framework on which IT audit risk assessments are based. Read More

Adopting COBIT 5 in a Government Entity

By Sean Atkinson, CISA, CISM, CGEIT, CRISC, COBIT 5 Foundation, CCSA, CEH, CFE, CISSP, CRMA, CSM, GCIH, N+, PMP, SCTS, Sec+, and Roger F. Aucoin, COBIT 5 Foundation, PMP

COBIT Focus | 19 January 2015


Sean Atkinson Roger F. Aucoin Imagine being on the ground floor of a new government agency in the United States, first conceived in 1994 and implemented in 2012, with the initial responsibility of developing an information system that would eventually process well over US $1 billion in payments monthly, produce enterprisewide reporting, be implemented as Software as a Service (SaaS) to more than 85,000 users in 72 external agencies and by more than 100,000 vendors. Read More

Using COBIT 5 to Deliver Information and Data Governance

By Myles Suer, ITIL, and Roger Nolan

COBIT Focus | 12 January 2015


Myles Suer Roger Nolan COBIT 5 provides guidance for IT practitioners and business leaders regarding the governance and management of data and information. COBIT 5 starts by providing an overarching set of business recommendations. Read More


COBIT 5 Applied to the Argentine Digital Accounting System

By Graciela Braga, CGEIT, CPA

COBIT Focus | 5 January 2015 Spanish


Graciela Braga In Argentina, the Code of Commerce establishes common obligations for businesses: All businesses are obliged to keep accounts and a description of their transactions. Satisfying the current regulatory requirements created a need to identify an IT management and governance framework such as COBIT 5. Read More



COBIT Focus Archives page 1 | 2 | 3 | 4 | 5