COBIT: Journey from Control Objectives for Auditors to Governance and Management Framework for Enterprise IT


My COBIT journey began in 1995 when the draft executive summary of COBIT 1st Edition was published in the ISACA Journal. I had passed the CISA exam and had decided to focus on IT audit as my new career. My first reading of the summary made me realize that this was the one-stop shop reference guide for me. After two decades, I can still say with a firm conviction that COBIT has empowered me to remain relevant and add value in all my assignments. Back to the story…

As I used and adapted COBIT’s control objectives, for multiple assignments and clients (small, medium or large), COBIT became the best collection of practices and approaches to use to remain ahead of the technology curve. The next release of COBIT, with the management guidelines, provided a new perspective for managing performance of IT through the key goal indicators and key performance indicators.

The release of COBIT Control Practices added the next layer of best practice and expanded the scope of application to a more detailed level. The fourth edition of COBIT included an IT governance framework. This became immensely popular, as it met both management and regulatory requirements. It aligned IT with business goals. As technology became all-pervasive, there was a compelling need for a holistic approach to implement controls, not just from management but also from a governance perspective.COBIT 5 met this need as the umbrella framework with its tightly knit governance and management framework. The goals cascade linked enterprise goals with IT goals with relevant processes, procedures and practices.

COBIT can be complex or simple, depending on the perspective from which it is read, understood and implemented. The best approach is to consider COBIT as codified common sense that is presented in a structured, systematic way. COBIT can be customized and adapted to enterprise requirements, as it is a framework and not a standard.

The value of COBIT is in what it brings through its effective implementation. Over the years I have realized the key challenge is not whether COBIT is relevant and useful but whether the enterprise has the right skill-sets to customize COBIT to derive value from implementation. The key to successful implementation is the skills of COBIT-trained professionals who can adapt it as required based on their domain expertise.

For a new user, COBIT initially looks quite vast in its coverage and intimidating in its complexity. However, as the reader understands the core principles, uniform structure in which contents are presented and the systematic approach for implementation, the philosophy and practical relevance of COBIT gets demystified. Further, as they start implementing COBIT, COBIT becomes easier to understand.

COBIT’s contents are quite dense and the extent to which they can be expanded by integrating with other frameworks depends on the skill-sets of the user. COBIT can be used only to the extent required. It is not necessary to understand every word of COBIT to implement it. The more one reads and applies COBIT, the easier it becomes.

In the past two decades, COBIT has evolved to become an effective enabler that harnesses and leverages the power of technology to meet enterprise goals. We have witnessed the information revolution aided by the transformation ushered by technology. COBIT has always kept ahead of this technology race by transforming from an audit-oriented framework to a governance-oriented framework. This has helped COBIT maintain its relevance.

The COBIT mantra is “IT is complicated; IT governance doesn’t have to be.”  COBIT is the de facto framework of choice for both professionals and enterprises to remain relevant and add value. The knowledge repository of best practices of COBIT 5, coupled with its holistic approach to governance and management of enterprise IT, provide the right blend of processes and practices to seamlessly integrate technology infrastructure into the business process fabric.

Even after being a student of COBIT for two decades, the COBIT journey is still unfolding for me, leading to new discoveries of how I can leverage my skill-sets using the knowledge repository of COBIT. I invite readers who have not read COBIT to drop apprehensions and start the journey. And for those who think they know COBIT, I suggest that they read it again to get new meaning, insights and practical perspectives of application. Please begin or restart your journey of understanding and implementing COBIT. There are definitely exciting times ahead. COBIT helps enterprises and professionals to be better prepared to meet dynamic challenges of digital age!

Abdul Rafeq, CISA, CGEIT, Managing Director, WINCER Infotech Limited

[ISACA Now Blog]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.