COBIT5FrequentlyAskedQuestions(FAQs)

1.WhatisthepurposeofCOBIT5?

COBIT5providesacomprehensiveframeworkthatassistsenterprisesinachievingtheirobjectivesfor
thegovernanceandmanagementofenterpriseinformationandtechnologyassets(IT).Simplystated,it
helpsenterprisescreateoptimalvaluefromITbymaintainingabalancebetweenrealisingbenefitsand
optimisingrisklevelsandresourceuse.COBIT5enablesITtobegovernedandmanagedinaholistic
mannerfortheentireenterprise,takinginthefullendtoendbusinessandITfunctionalareasof
responsibility,consideringtheITrelatedinterestsofinternalandexternalstakeholders.COBIT5is
genericandusefulforenterprisesofallsizes,whethercommercial,notforprofitorinthepublicsector.

2.WhoisusingCOBIT5?

COBIT5isusedgloballybythosewhohavetheprimaryresponsibilityforbusinessprocessesand
technology,dependontechnologyforrelevantandreliableinformation,andprovidequality,reliability
andcontrolofinformationandrelatedtechnology.

3.WherearethecontrolobjectivesinCOBIT5?

Basedonfiveprinciplesandsevenenablers,COBIT5usesgovernanceandmanagementpracticesto
describeactionsthatareexamplesofgoodpracticestoeffectgovernanceandmanagementover
enterpriseIT.Manyofthesepracticesandthesupportingactivitiesexertcontrolovertheprocessto
delivertherequiredoutcome.

ThemovefromthecontrolobjectivestermwasexplainedinanISACAJournalarticle,Volume4,2011,
writtenbyoneofCOBITsfirstcontributors,ErikGuldentops.ThearticlecanbefoundatthislinkWhere
HaveAllTheControlObjectivesGone?(www.isaca.org/Journal/PastIssues/2011/Volume
4/Pages/WhereHaveAlltheControlObjectivesGone.aspx)

4.ArethereothermajordifferencesbetweenCOBIT4.1andCOBIT5?

Yes,theframeworkdesignforCOBIT5wasrevisitedandrestructuredtoensurecompletecoveragefor
allmajoraspectsrelatedtothegovernanceandmanagementofenterpriseIT.ISACAhasprepareda
presentationthatoutlinesthemainchangesintroduced.Thepresentationcanbefoundatthislink
CompareCOBITversions4.1to5.

5.WhatistheoverallqualityofCOBIT5,andwereanyindustryprofessionalspartoftheexpertreview?

ToassurethehighqualityofCOBIT5,severalmeasuresweretaken.Themostimportantmeasuresare:

TheentireresearchprocesswasoverseenbybothISACAsKnowledgeBoardandFramework
Committee,whichareresponsibleforoverseeingallISACAframeworkresearchdevelopment.
Thedetailedresearchresultsanddeliverableswerequalitycontrolledthroughoutthedevelopment
processbyadedicatedtaskforceofexperiencedvolunteerprofessionals.
Adraftdesigndocumentwasissuedforpublicexposure,andthefeedbackwasintegratedintothe
developmentworktoproducethefinalCOBIT5products.Beforebeingissued,thedraft
developmentproductsweredistributedtomorethan100subjectmatterexpertsaroundtheworld
toobtaintheirprofessionalreview.

2012 ISACA

All rights reserved.

Page 1

COBIT5FrequentlyAskedQuestions(FAQs)

Onceready,draftversionsofCOBIT5andCOBIT5:EnablingProcessesweremadeavailabletothe
publicforreview.Manygoodcommentswerereceived,suggestingfurtherimprovementsfor
consideration.Surveyquestionsconcerningthelevelofsatisfactionoftheworkatthedraftstage
wereincludedinthepublicexposureactivity,with79percentoftheresponsesbeingpositive.Based
onthereviewcomments,thedevelopmentteammadechangesasappropriate.
ThefinalproductwasreviewedbyCOBIT5TaskForcemembers,theFrameworkCommitteeandthe
KnowledgeBoard.

6.CanIuseCOBIT5asastatementofcriteriaforspecificauditconclusions?

ThereareadditionalprofessionalguidesplannedthatwillextendCOBIT5.AmongsttheseisCOBIT5for
Assurance.ThiswillserveastheguideforassuranceprofessionalswantingtouseCOBIT5intheirwork.
Oncecomplete,COBIT5forAssurancewillprovidecomprehensiveguidanceonusingCOBIT5to
supportassuranceactivities.Thecompletionofthisguideisplannedfor2013.

7.WhattrainingisavailablefortheuseofCOBIT5?

ISACAisdevelopinganeducationandtrainingportfoliotosupportCOBIT5.Astrainingisdeveloped,
ISACAwillcommunicatenewsviaappropriatemedia,includingtheEducation&Trainingpageinthe
COBIT5areaoftheISACAwebsite.

8.InwhatwaycanIsuggesttoexecutivemanagementthatituseCOBIT5?

BecauseCOBITisbusinessoriented,usingittodelivervalueandgovernandmanageITrelatedbusiness
riskisstraightforward.TheCOBIT5twopageexecutivesummaryandsupportingshortpresentationcan
beusedinthediscussionwithmanagement.Thegoalscascadeintheframeworkcanbeusedto:

Determinestakeholderneedsandgovernanceobjectives(valuecreation)
Identifyenterprisegoalsthatcansupportstakeholderneeds.Ifthebalancedscorecard(BSC)isused
todevelopthesegoals,thenacommonsetoftermscanbeusedtocommunicatethegoals.
EnterprisegoalsfromtheBSCarereproducedinfigure5onpage19ofCOBIT5.
SelectITrelatedgoals(foreachenterprisegoal)thatwillfacilitatetheachievementofthegoals.IT
relatedgoalscanbefoundinfigure6onpage19ofCOBIT5.
AchieveITrelatedgoals.Thisrequiresthesuccessfulapplicationanduseofenablers.The
frameworkdescribesenablersindetailinchapter5.Oneoftheenablers,processes,istreated
separatelyintheCOBIT5:EnablingProcessespublication.
Presenttheproposedsetofneeds,goalsandenablerstoexecutivemanagementasameansof
deliveringeffectivegovernanceandmanagementofITrelatedtechnology

9.IstheCOBIT5frameworksuperiortotheotherstandardsandframeworkssuchastheInternational
OrganizationforStandardization/InternationalElectrotechnicalCommission(ISO/IEC)27000seriesand
InformationTechnologyInfrastructureLibrary(ITIL)?

Mostenterprisestakeholdersandexecutivemanagementareawareoftheimportanceofthegeneral
controlframeworkswithrespecttotheirfiduciaryresponsibility,suchasCommitteeofSponsoring
OrganizationsoftheTreadwayCommission(COSO),CodeofConnection(CoCo),theUKCorporate

2012 ISACA

All rights reserved.

Page 2

COBIT5FrequentlyAskedQuestions(FAQs)

GovernanceCode,KingIII,etc.;however,enterprisestakeholdersandexecutivemanagementmaynot
necessarilybeawareofthedetailsofeachframework.Inaddition,enterprisemanagersareincreasingly
awareofthemoretechnicalsecurityguidance,suchastheISO/IEC27000series,andservicedelivery
guidance,suchasITIL.Althoughtheaforementionedstandardandframeworkemphasisebusiness
controlandITsecurityandservicemanagementanddeliveryissuesinspecificareasofenterpriseIT
relatedactivity,onlyCOBIT5integratesallfunctionsandprocessesthatestablishthegovernanceof
enterpriseIT(GEIT)intooverallenterprisegovernanceandfromabusinessperspective.Itshouldbe
notedthatISO/IEC15504andITILV3wereusedtodevelopthegovernanceandmanagementpractices.
COBIT5isnotmeanttoreplaceanyoftheseframeworksorstandards.Itisintendedtoemphasisewhat
governanceandmanagementelementsandpracticesarerequiredtocreatevaluefrominformationand
technologyinsupportofenterprisebusinessgoals.

10.Whatisthequickestandbestwaytoconvincekeyexecutivesandotherenterprisestakeholdersof
thevalueofusingCOBIT5?

Theenterprisescultureisvitallyimportant.Aproactiveculturewillbemorereceptivethanonethatis
notproactive;however,consideremphasizingCOBITsfocusonstakeholdervaluecreation,itbeing
businessdriven,itsalignmentwithotherinternationallyrecognisedstandardsandframeworks,andits
simple,butcomplete,structure.COBIT5isbasedonfiveprinciplesandsevenenablers.Allother
governanceandmanagementguidanceinCOBIT5cascadefromthesebasicareas.

11.HastheCOBIT5frameworkbeenacceptedbyClevelexecutives?

Yes,previousversionsofCOBIThavebeenacceptedinmanyenterprisesglobally,andnewcases
continuetobedocumented.However,itshouldnotbeasurprisethatinthoseentitieswherethechief
informationofficer(CIO)hasembracedCOBITasabusinessframeworkforinformationandtechnology,
thishascomeasadirectconsequenceofoneormoreCOBITchampionswithintheauditand/orIT
function(s).EvenmoreimportantthanacceptancebytheCIOisacceptancebytheboardofdirectors
andexecutivemanagement.Successfulimplementationofgovernanceandmanagementofenterprise
ITusingCOBITdependsgreatlyonthecommitmentoftheexecutivemanagementteamasawhole.The
CIOalonecannotimplementCOBIT5effectivelythroughouttheenterprisebecausethereare
implicationsformanyareasoftheenterpriseoutsideoftheITfunction.Theemphasisonvaluecreation
andalignmentofstakeholderneeds,enterprisegoals,andITrelatedgoalswillensurethatCOBIT5is
seenasabusinessframework.

12.HowisCOBIT5alignedwiththeinternationalstandardonITgovernance,ISO/IEC38500?

COBIT5clearlydifferentiatesbetweenthekeyareasofgovernanceandmanagement.Inalignmentwith
ISO/IEC38500,COBIT5presentsgovernanceintermsofEvaluate,DirectandMonitor.Theseterms
comedirectlyfromthestandardsModelforCorporateGovernanceofIT.

13.DoIneedtomeetanexactlevelwhenassessingaprocessusingCOBIT'sprocessassessment
models?

ThemainpurposeoftheCOBITassessmentprogramme(theprogrammewebsitecanbefoundatthis
linkCOBITAssessmentProgramme)istogivemanagementarobust,reliable,repeatableapproachand
supportingtoolstobetterunderstandthecurrentcapabilityoftheirgovernanceandmanagement
processes,andtohelpmanagementdobenchmarking,gapanalysisandprocessimprovementplanning.

2012 ISACA

All rights reserved.

Page 3

COBIT5FrequentlyAskedQuestions(FAQs)

Theassessmentobjectiveistounderstandthelevelofcapabilitythatispresentandthelevelthatis
appropriateforagivenprocess,basedonbusinessrequirements,andtounderstandthenatureofany
gapssothatanysignificantweaknessesintheprocesscanbeidentifiedandimproved.

14.WhatdoesCOBITstandfor?

COBITwasoriginallyanacronymforControlObjectivesforInformationandrelatedTechnology.Now
usedinshortform,COBITisusedtoidentifythenameoftheframework.

15.WhyisCOBIT5presentedininternationalEnglish?

StartingwiththefirstCOBIT(1996),aconsciouseffortwasmadetouseinternationalEnglishto
underscoretheglobalnatureofthesourcesthatwentintoitsdevelopment(theinternationalstandards
andframeworksusedasreferences)andtheglobalapplicationoftheresultingCOBIT.Overtheyears,
thisapproachhasbeenquestionedandchallengedfromtimetotime,butithasremainedinplaceand
allCOBITderivativeproductsfollowthisruleaswell.

2012 ISACA

All rights reserved.

Page 4