COBIT 5: New evolution of COBIT guidance

Now Available for Public Comment

Ken Vander Wal, CISA, CPA is International President of ISACA. COBIT is the well known framework formerly known as Control OBjectives for Information and related Technology. Mr. Vander Wal contributed the following announcement and I hope that readers will participate in improving COBIT. Everything that follows is Mr. Vander Wal's work with minor edits.

* * *

Information is the currency of the 21st-century business enterprise. Organizations depend on their information for their survival and must constantly maximize the return on their investments in information and the technology that supports it.

According to the IT Governance Institute's 2011 Global Status Report on the Governance of Enterprise IT, business leaders reported facing the following IT-related issues in the past year:

• Increasing IT costs — 42%

• Insufficient IT skills — 33%

• Problems implementing new IT systems — 30%

• Problems with external IT service providers — 29%

• Serious operational IT incidents — 21%

• Return on investment not as expected — 19%

• IT security or privacy incidents — 18%

To help enterprises worldwide address these concerns and better manage and govern their information, an international team of volunteer subject-matter experts from the global association ISACA is developing COBIT 5. A comprehensive and flexible framework of good practices, tools and process models for managing and governing information and technology, COBIT 5 is now in public exposure and will be published in early 2012.

One of the much-anticipated features of COBIT 5 is its increased focus on integrating business and IT. This orientation will improve communication, clarify roles and responsibilities, and reduce information- and technology-related incidents that harm the enterprise.

"COBIT helps ensure governance and management of information and technology across the complete enterprise, provides a common language that unites the business and IT, and addresses the critical business issues related to information and technology," said John Lainhart, CISA, CISM, CGEIT, CRISC, Partner with IBM Global Business Services, who implemented COBIT at the U.S. House of Representatives as inspector general. "This helps enterprises identify their strengths and weaknesses and maximize their control over their information assets."

Lainhart, who is co-chair of the COBIT 5 development team, notes that the new edition is a major evolution of COBIT 4.1. Changes include elements from ISACA'sVal ITRisk ITBMIS)ITAF)Taking Governance Forward guidance andIT Governance.

• Business Model for Information Security (

• IT Assurance Framework (

• Board Briefing on

The new version  increases its focus on various stakeholders involved and shifts from control objectives to management processes.

"COBIT 5 is based on sound enterprise governance principles and will help organizations manage constantly evolving operational risks and stay on top of increasing regulatory compliance requirements," Lainhart said. "It builds and expands on COBIT's 15-year history and is being developed by senior IT and business leaders around the world to ensure that it meets stakeholders' current needs and expectations."

As part of that development, ISACA is seeking comments from international business and IT leaders. The COBIT 5 exposure draft will be available through Sept. 19 for review and feedback.

During last year's public exposure period for the draft design paper of COBIT 5, ISACA received nearly 3,000 comments from more than 600 business and IT professionals. More than 92% of respondents reported that the proposed updates to COBIT would be valuable or very valuable.

"COBIT's value is in large part due to the collaborative talents and expertise of industry leaders around the world," said Derek Oliver, PhD, CISA, CISM, CRISC, CITP, FBCS, DBA, FISM, co-chair of the COBIT 5 Task Force and CEO of Ravenswood Consultants. "IT and business professionals have a unique opportunity to drive the direction of internationally used and recognized guidance by participating in this major update to COBIT."

According to the Global Status Report on GEIT, 57% of enterprises either do not think governance is important (5%), are just starting to consider governance measures (23%) or have only ad hoc measures in place (29%). By providing a road map that can be customized to reflect the organization’s desired route, COBIT 5 has the potential to help business and IT leaders get on the same page, transform their governance and management of information and technology, and — in doing so — realize substantial value from their information.

Join us in making this version of COBIT the best yet.

* * *

Ken Vander Wal, CISA, CPA has a long and distinguished career in standards-compliance. He worked for Ernst & Young for 29 years and was a deeply involved in ensuring the quality of the firm's IT audit and security practice. He has served on the ISACA Board of Directors since 2007.

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies