Spawned from a humble white paper titled “Control Objectives” and developed into broader guidance on control objectives, the COBIT framework is celebrating its 20th anniversary this year.COBIT was first published in April 1996 and is now in its fifth version. Initially, COBIT was intended to provide guidance for auditors. As it gained use, there were calls for greater guidance for internal control.
The next iteration, COBIT 2, was published in 1998 and offered additional guidance for controls. As an audit and controls guidance framework, COBIT 2 gained broader exposure. The marketplace then began asking ISACA to provide greater assistance in managing the entire IT function. Additional guidance was developed and COBIT 3rd Edition was released as a management framework in 2000.
IT governance is more inclusive than management, and the marketplace needed still greater guidance on aligning IT strategy with management. Thus, COBIT 4.0 was released as an IT governance framework in 2005. Market feedback indicated that the structure of the control objectives was more complicated than necessary, so two years later COBIT 4.1 was released with a reduced set of control objectives.
The latest evolution of the framework, COBIT 5, was published in 2012 and provides a comprehensive business framework for the governance of enterprise IT. COBIT 5 presents a model for the alignment of overall enterprise strategy with IT strategy, operates on a relatively simple foundation of five principles with seven enablers, and is aligned with several significant internationally recognized standards bodies, such as ISO/IEC and ITIL. More than 800 people provided input into the design of COBIT 5, which required nearly two years to develop and is now available in 16 languages.
COBIT user surveys have shown that COBIT 5 is very beneficial in helping enterprises manage their risks and more clearly demonstrate the delivery of value to stakeholders. In a recent survey of COBIT 5 purchasers and downloaders, more than 9 in 10 said they would recommend COBIT 5 to others.
Because governance guidance must reflect the needs of practitioners, and as the technological and threat landscapes evolve, COBIT also will continue to evolve to best serve its users.
To access infographics, testimonials and information on COBIT’s history—or to submit your own COBIT stories and photos—click here.
Peter Tessin, Technical Research Manager, ISACA
[ISACA Now Blog]