Since 1996, COBIT® framework has helped improve performance by managing and governing organisations’ information and technology. According to ISACA, the top four benefits of COBIT are:
1. Business or IT integrations (73%)
2. Better risk management (60%)
3. Uncovering security gaps (49%)
4. Better visibility for the board of directors (45%)
With the introduction of COBIT® 2019, practitioners have started questioning whether to pursue this certification despite being certified in COBIT® 5. Thus the question: what are the major differences between COBIT 5 and COBIT 2019 frameworks?
To clearly understand the difference between both COBIT frameworks and their certifications, let’s go over what they both offer first.
What is COBIT 5?
Released in 2012, COBIT 5 addresses the biggest challenges enterprises face over the years, which are missed IT project deadlines, disconnect between IT and business strategies, and cyber threat landscape.
COBIT 5.0 expanded on COBIT 4.1, detailing the then-latest techniques for enterprise governance and management. It can be combined with other ISACA resources to accommodate clients’ needs, ensure performance satisfaction, and differentiate between governance and management.
Applying COBIT 5.0 principles effectively reduces the risks of IT implementations. The managerial procedures in the framework are aligned carefully with process activities, inputs and outputs processes, key process objectives, performance measures, elementary maturity model, and performance measures.
COBIT 5 further provides globally acceptable practices, principals, and tools that enable value from IT. The extended guidance provides IT, risk, assurance, business, and security on objectives and on strategy.
What is COBIT 2019?
COBIT 2019 is an updated version of COBIT 5. It is built on the solid foundation of its predecessor while integrating the latest developments affecting enterprise information and technology.
In addition to the updates we will detail in a bit, the latest framework offers certificate candidates implementation resources, guidance and insights, as well as training opportunities. It further positions businesses for future success through:
- Coverage of the critical elements to an enterprise, i.e. data, projects and compliance
- An open-source model which allows the global governance community to propose enhancements for updating the framework
- Flexible framework implementation for either specific problem solving or enterprise-wide adoption
Why COBIT 5 Evolved into COBIT 2019
The release of COBIT 2019 was necessary as COBIT 5 was introduced more than seven years ago in 2012. Since then, the trends, technologies, and security needs for organisations have dramatically changed. Organisations which fail to adapt with time become obsolete easily. This is especially true when it comes to the evolution of IT as it plays a vital role in almost all the processes across a business.
To indicate the new change, COBIT 2019 was released with a new logo. In addition to a modern font to reflect the new framework, the new logo features a different ‘O’. The red arrow shown below denotes the continuous changes in the world of technology.
ISACA actually explained this change in their logo –
“To remain relevant, it is imperative that COBIT continues to evolve requiring more frequent and fluid updates. The red arrow symbolizes this notion of continuous evolution.”
Upgrading COBIT was also necessary to ensure better alignment with global standards, frameworks, and best practices such as ITIL®, CMMI®, and TOGAF®. In this context, alignment means not contradicting any guidance or copying the contents of related standards. That way, COBIT can maintain its positioning as an umbrella framework.
COBIT 5 vs COBIT 2019: Main Differences
According to ISACA, COBIT 2019 introduces new concepts, adds updates to enhance the relevancy of COBIT, rolls out an ‘open-source’ model for global governance, and offers new guidance and tools for a best-fit governance system.
Let’s look at these changes in more detail.
Modified COBIT Principles
COBIT 2019 has classified principles into two areas: Governance Systems Principles and Governance Framework Principles. COBIT 5 defined five principles that are now part of the Governance System Principles.
The updated COBIT 2019 principles are as follows:
COBIT 2019’s Design Factors
The latest iteration of COBIT includes an additional guide: COBIT 2019 Design Guide: Designing an Information and Technology Governance Solution. It goes over the design factors which influence the design of an enterprise’s governance system while ensuring its success in the use of IT.
COBIT 2019 introduces 11 design factors which are broadly categorised as:
- Contextual (i.e. outside the control of the enterprise)
- Strategic (reflect the decisions the enterprise makes)
- Tactical (based on implementation choices regarding resourcing models, IT methods, and technology adoption choices).
With these design factors, organisations can tailor their governance systems to realise the most value. These are applied according to the stages and steps in the design process provided in the Design Guide. You can, however, download the COBIT 2019 Design Guide Tool Kit, which is an Excel tool for facilitating the governance system design workflow.
COBIT 2019 Performance Management Model
The COBIT performance management (CPM) model was created to evaluate how the governance and management system and all the components of an organisation work; and how they can be improved to achieve target levels of capability and maturity. Its concepts and methods align and extend CMMI v2.0 capability and maturity levels.
So, what does the CPM model have to offer practitioners? In addition to highlighting the capability and maturity of an existing process and focus area, the model can be used to improve relevant governance and management components over intervals of time.
COBIT CPM also delivers increased value to businesses, enables the measurement of current versus projected business goals, enhances benchmarking and reporting, and ensures adherence to organisational compliance.
Focus Areas Concept
“Focus areas” are part of the new COBIT® iteration. These describe governance topics and issues which can be addressed by management or governance objectives. Some examples of these areas include small and medium enterprises, cybersecurity, and cloud computing.
An interesting fact on focus areas is that there is a virtually unlimited number of these concepts. Focus areas will be added and changed based on trends, research, and feedback. This is why COBIT has become an open-ended model.
COBIT Core Model
The COBIT Core Model is an upgrade to COBIT 5’s Process Reference Model (PRM). It is the heart of the framework as it details the governance and management objectives used for establishing an organisation’s governance program.
This iteration adds three new objectives to the 37 listed in COBIT 5:
- AP014 Managed Data – As per ISACA, this process aims at achieving and sustaining the effective management of enterprise data assets across the data lifecycle. As a result, it ensures the effective utilisation of critical data assets in order to achieve business goals.
- BAI11 Managed Projects – This management objective aims to manage all projects initiated within the organisation in alignment with enterprise strategy, and according to standard project management approach. That way, defined project outcomes can be realised; the risk of unexpected delays, costs, and value erosion can be reduced; and the quality and value of project deliverables can be ensured.
- MEA04 Managed Assurance – According to its description, this objective entails planning, scoping, and executive assurance initiatives to comply with regulations, laws, and strategic objectives. This enables organisations to design and develop sustainable assurance initiatives for assurance activities.
Items Removed, Changed, and Updated
In addition to the aforementioned major changes, the following table indicates parts of COBIT® 5 which have been eliminated, changed, or updated in the latest framework.
COBIT 2019 was also rolled out with a new set of publications, which are:
- COBIT 2019 Framework: Introduction and Methodology
- COBIT 2019 Framework: Governance and Management Objectives
- COBIT 2019 Design Guide: Designing an Information and Technology Governance Solution
- COBIT 2019 Implementation Guide: Implementing and Optimizing an Information and Technology Governance Solution
Why COBIT Users Gain More from COBIT 2019
From what you have read so far, you probably noticed that even ISACA is pushing practitioners towards COBIT 2019. That too, for many good reasons.
First off, the framework has received a major update to keep up with the latest needs of businesses and IT, especially IT governance. It is now more capable than ever to increase business value, reduce business risk, and ensure compliance with regulations.
Other prominent advantages of choosing COBIT 2019 over COBIT 5.0 are:
- Enhanced alignment with global standards, frameworks, and best practices
- Regular updates and advancements due to continual changes to focus area concepts
- Continual improvement, especially through regular feedback from stakeholders
- Flexible approach to IT governance as organisations can tailor COBIT according to their needs
- Better alignment of IT with organisation goals to achieve objectives
Upgrade to COBIT 2019 Foundation Certification
While your COBIT 5 Certificate will not expire, having the latest ISACA certification will vouch for your ability to keep with the latest standards, frameworks, and compliance requirements to deliver benefits to your business.
So, make the transition to COBIT 2019. Register for a two-day COBIT 2019 Foundation training session to prepare for the certification exam.
COBIT® and ISACA® are the registered trademarks of ISACA. All logos and trademarks are the properties of their respective owner organizations.