COBIT

Welcome Control Objectives for Information and related Technology (COBIT) was first released in 1996; the current version, COBIT 5, was published in 2012. Its mission is “to research, develop, publish and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers, IT professionals and assurance professionals. COBIT, initially an acronym for 'Control OBjectives for Information and related Technology', defines a set of generic processes to manage IT. Each process is defined together with process inputs and outputs, key process activities, process objectives, performance measures and an elementary maturity model. The framework supports governance of IT by defining and aligning business goals with IT goals and IT processes

The Control OBjectives for Information and related Technology (COBIT) Framework.
The framework provides good practices across a domain and process framework. The business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement, and identifying the associated responsibilities of business and IT process owners. The process focus of COBIT 4.1 is illustrated by a process model that subdivides IT into four domains (Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate) and 34 processes in line with the responsibility areas of plan, build, run and monitor. It is positioned at a high level and has been aligned and harmonized with other, more detailed, IT standards and good practices such as COSO, ITIL, ISO 27000, CMMI, TOGAF and PMBOK. COBIT acts as an integrator of these different guidance materials, summarizing key objectives under one umbrella framework that link the good practice models with governance and business requirements.

Why Use Control OBjectives for Information and related Technology (COBIT)
Because COBIT is business-oriented, using it to understand IT control objectives to deliver IT value and manage IT-related business risks is straightforward: The Purpose Of Control OBjectives for Information and related Technology (COBIT)
The purpose of COBIT is to provide management and business process owners with an information technology (IT) governance model that helps in delivering value from IT and understanding and managing the risks associated with IT. COBIT helps bridge the gaps amongst business requirements, control needs and technical issues. It is a control model to meet the needs of IT governance and ensure the integrity of information and information systems.

Who is using Control OBjectives for Information and related Technology (COBIT)
COBIT is used globally by those who have the primary responsibilities for business processes and technology, those who depend on technology for relevant and reliable information, and those providing quality, reliability and control of information technology. Control OBjectives for Information and related Technology (COBIT) is IT process-oriented and, therefore, addresses itself in the first place to the owners of these processes. Referring to Porter's Generic Business Model, core processes (e.g., procurement, operations, marketing, sales) are discussed, as well as support processes (e.g., human resources, administration, information technology). As a consequence, COBIT is not only to be applied by the IT department, but by the business as a whole.

This approach stems from the fact that in today's enterprises, the process owners are responsible for the performance of their processes, of which IT has become an integral part. In other words, they are empowered but also accountable. As a consequence, business process owners bear the final responsibility for the information technology as deployed within the confines of their business process. Of course, they will make use of services provided by specialized parties such as the traditional IT department or the third-party service provider. Control OBjectives for Information and related Technology (COBIT) provides business process owners with a framework, which should enable them to control all the different activities underlying IT deployment. As a result, on this basis they can gain reasonable assurance that IT will contribute to the achievement of their business objectives. Moreover, COBIT provides business process owners with a generic communication framework to facilitate understanding and clarity amongst the different parties involved in the delivery of IT services.

The Control OBjectives for Information and related Technology (COBIT) framework has been structured into 34 IT processes clustering interrelated life cycle activities or interrelated discrete tasks. The process model was preferred for several reasons. First, a process by its nature is results-oriented in the way that it focuses on the final outcome while optimizing the use of resources. The way these resources are physically structured, e.g., people/skills in departments, is less relevant in this perspective. Second, a process, especially its objectives, is more permanent in nature and does not risk change as often as an organizational entity. Third, the deployment of IT cannot be confined to a particular department and involves users and management as well as IT specialists. In this context, the IT process remains, nevertheless, the common denominator.

The Future Direction of Control OBjectives for Information and related Technology (COBIT)
As with any comprehensive and groundbreaking research, COBIT will be updated to a new version approximately every three years, with minor enhancements in between. This will ensure that the model and the framework remain comprehensive and valid. The validation will also entail ensuring that the primary reference materials have not changed, or, if they have, those changes are reflected in the document.

COBIT's maturity models useful to CMMI organizations
Even though the approaches are different, an enterprise that has already adopted and applied CMMI can use COBIT to cover areas not addressed by CMMI, and will be able to use the CMMI experience to apply COBIT's models to whatever formal level they require, in areas not covered by the scope that was defined for the CMMI assessment. For example, an advanced software development shop could broaden its maturity assessment to apply it to their entire IT function, including other important COBIT IT processes. The mapping publication, available from the ITGI, showing how COBIT compares to CMMI, would be a very helpful resource, but the enterprise would need to devise its own CMMI-like assessment approach using COBIT's generic guidance as a starting point, or follow the suggested approach in the ITGI publication—IT Governance Implementation Guide: Using COBIT and Val IT, 2nd Edition. In time, it is expected that the CMMI guidance will broaden into other areas such as service management, which would be equivalent to the ITIL processes and principally the COBIT DS domain.