Professional Documents
Culture Documents
1.WhatisthepurposeofCOBIT5?
COBIT5providesacomprehensiveframeworkthatassistsenterprisesinachievingtheirobjectivesfor
thegovernanceandmanagementofenterpriseinformationandtechnologyassets(IT).Simplystated,it
helpsenterprisescreateoptimalvaluefromITbymaintainingabalancebetweenrealisingbenefitsand
optimisingrisklevelsandresourceuse.COBIT5enablesITtobegovernedandmanagedinaholistic
mannerfortheentireenterprise,takinginthefullendtoendbusinessandITfunctionalareasof
responsibility,consideringtheITrelatedinterestsofinternalandexternalstakeholders.COBIT5is
genericandusefulforenterprisesofallsizes,whethercommercial,notforprofitorinthepublicsector.
2.WhoisusingCOBIT5?
COBIT5isusedgloballybythosewhohavetheprimaryresponsibilityforbusinessprocessesand
technology,dependontechnologyforrelevantandreliableinformation,andprovidequality,reliability
andcontrolofinformationandrelatedtechnology.
3.WherearethecontrolobjectivesinCOBIT5?
Basedonfiveprinciplesandsevenenablers,COBIT5usesgovernanceandmanagementpracticesto
describeactionsthatareexamplesofgoodpracticestoeffectgovernanceandmanagementover
enterpriseIT.Manyofthesepracticesandthesupportingactivitiesexertcontrolovertheprocessto
delivertherequiredoutcome.
ThemovefromthecontrolobjectivestermwasexplainedinanISACAJournalarticle,Volume4,2011,
writtenbyoneofCOBITsfirstcontributors,ErikGuldentops.ThearticlecanbefoundatthislinkWhere
HaveAllTheControlObjectivesGone?(www.isaca.org/Journal/PastIssues/2011/Volume
4/Pages/WhereHaveAlltheControlObjectivesGone.aspx)
4.ArethereothermajordifferencesbetweenCOBIT4.1andCOBIT5?
Yes,theframeworkdesignforCOBIT5wasrevisitedandrestructuredtoensurecompletecoveragefor
allmajoraspectsrelatedtothegovernanceandmanagementofenterpriseIT.ISACAhasprepareda
presentationthatoutlinesthemainchangesintroduced.Thepresentationcanbefoundatthislink
CompareCOBITversions4.1to5.
5.WhatistheoverallqualityofCOBIT5,andwereanyindustryprofessionalspartoftheexpertreview?
ToassurethehighqualityofCOBIT5,severalmeasuresweretaken.Themostimportantmeasuresare:
TheentireresearchprocesswasoverseenbybothISACAsKnowledgeBoardandFramework
Committee,whichareresponsibleforoverseeingallISACAframeworkresearchdevelopment.
Thedetailedresearchresultsanddeliverableswerequalitycontrolledthroughoutthedevelopment
processbyadedicatedtaskforceofexperiencedvolunteerprofessionals.
Adraftdesigndocumentwasissuedforpublicexposure,andthefeedbackwasintegratedintothe
developmentworktoproducethefinalCOBIT5products.Beforebeingissued,thedraft
developmentproductsweredistributedtomorethan100subjectmatterexpertsaroundtheworld
toobtaintheirprofessionalreview.
2012 ISACA
Page 1
COBIT5FrequentlyAskedQuestions(FAQs)
Onceready,draftversionsofCOBIT5andCOBIT5:EnablingProcessesweremadeavailabletothe
publicforreview.Manygoodcommentswerereceived,suggestingfurtherimprovementsfor
consideration.Surveyquestionsconcerningthelevelofsatisfactionoftheworkatthedraftstage
wereincludedinthepublicexposureactivity,with79percentoftheresponsesbeingpositive.Based
onthereviewcomments,thedevelopmentteammadechangesasappropriate.
ThefinalproductwasreviewedbyCOBIT5TaskForcemembers,theFrameworkCommitteeandthe
KnowledgeBoard.
6.CanIuseCOBIT5asastatementofcriteriaforspecificauditconclusions?
ThereareadditionalprofessionalguidesplannedthatwillextendCOBIT5.AmongsttheseisCOBIT5for
Assurance.ThiswillserveastheguideforassuranceprofessionalswantingtouseCOBIT5intheirwork.
Oncecomplete,COBIT5forAssurancewillprovidecomprehensiveguidanceonusingCOBIT5to
supportassuranceactivities.Thecompletionofthisguideisplannedfor2013.
7.WhattrainingisavailablefortheuseofCOBIT5?
ISACAisdevelopinganeducationandtrainingportfoliotosupportCOBIT5.Astrainingisdeveloped,
ISACAwillcommunicatenewsviaappropriatemedia,includingtheEducation&Trainingpageinthe
COBIT5areaoftheISACAwebsite.
8.InwhatwaycanIsuggesttoexecutivemanagementthatituseCOBIT5?
BecauseCOBITisbusinessoriented,usingittodelivervalueandgovernandmanageITrelatedbusiness
riskisstraightforward.TheCOBIT5twopageexecutivesummaryandsupportingshortpresentationcan
beusedinthediscussionwithmanagement.Thegoalscascadeintheframeworkcanbeusedto:
Determinestakeholderneedsandgovernanceobjectives(valuecreation)
Identifyenterprisegoalsthatcansupportstakeholderneeds.Ifthebalancedscorecard(BSC)isused
todevelopthesegoals,thenacommonsetoftermscanbeusedtocommunicatethegoals.
EnterprisegoalsfromtheBSCarereproducedinfigure5onpage19ofCOBIT5.
SelectITrelatedgoals(foreachenterprisegoal)thatwillfacilitatetheachievementofthegoals.IT
relatedgoalscanbefoundinfigure6onpage19ofCOBIT5.
AchieveITrelatedgoals.Thisrequiresthesuccessfulapplicationanduseofenablers.The
frameworkdescribesenablersindetailinchapter5.Oneoftheenablers,processes,istreated
separatelyintheCOBIT5:EnablingProcessespublication.
Presenttheproposedsetofneeds,goalsandenablerstoexecutivemanagementasameansof
deliveringeffectivegovernanceandmanagementofITrelatedtechnology
9.IstheCOBIT5frameworksuperiortotheotherstandardsandframeworkssuchastheInternational
OrganizationforStandardization/InternationalElectrotechnicalCommission(ISO/IEC)27000seriesand
InformationTechnologyInfrastructureLibrary(ITIL)?
Mostenterprisestakeholdersandexecutivemanagementareawareoftheimportanceofthegeneral
controlframeworkswithrespecttotheirfiduciaryresponsibility,suchasCommitteeofSponsoring
OrganizationsoftheTreadwayCommission(COSO),CodeofConnection(CoCo),theUKCorporate
2012 ISACA
Page 2
COBIT5FrequentlyAskedQuestions(FAQs)
GovernanceCode,KingIII,etc.;however,enterprisestakeholdersandexecutivemanagementmaynot
necessarilybeawareofthedetailsofeachframework.Inaddition,enterprisemanagersareincreasingly
awareofthemoretechnicalsecurityguidance,suchastheISO/IEC27000series,andservicedelivery
guidance,suchasITIL.Althoughtheaforementionedstandardandframeworkemphasisebusiness
controlandITsecurityandservicemanagementanddeliveryissuesinspecificareasofenterpriseIT
relatedactivity,onlyCOBIT5integratesallfunctionsandprocessesthatestablishthegovernanceof
enterpriseIT(GEIT)intooverallenterprisegovernanceandfromabusinessperspective.Itshouldbe
notedthatISO/IEC15504andITILV3wereusedtodevelopthegovernanceandmanagementpractices.
COBIT5isnotmeanttoreplaceanyoftheseframeworksorstandards.Itisintendedtoemphasisewhat
governanceandmanagementelementsandpracticesarerequiredtocreatevaluefrominformationand
technologyinsupportofenterprisebusinessgoals.
10.Whatisthequickestandbestwaytoconvincekeyexecutivesandotherenterprisestakeholdersof
thevalueofusingCOBIT5?
Theenterprisescultureisvitallyimportant.Aproactiveculturewillbemorereceptivethanonethatis
notproactive;however,consideremphasizingCOBITsfocusonstakeholdervaluecreation,itbeing
businessdriven,itsalignmentwithotherinternationallyrecognisedstandardsandframeworks,andits
simple,butcomplete,structure.COBIT5isbasedonfiveprinciplesandsevenenablers.Allother
governanceandmanagementguidanceinCOBIT5cascadefromthesebasicareas.
11.HastheCOBIT5frameworkbeenacceptedbyClevelexecutives?
Yes,previousversionsofCOBIThavebeenacceptedinmanyenterprisesglobally,andnewcases
continuetobedocumented.However,itshouldnotbeasurprisethatinthoseentitieswherethechief
informationofficer(CIO)hasembracedCOBITasabusinessframeworkforinformationandtechnology,
thishascomeasadirectconsequenceofoneormoreCOBITchampionswithintheauditand/orIT
function(s).EvenmoreimportantthanacceptancebytheCIOisacceptancebytheboardofdirectors
andexecutivemanagement.Successfulimplementationofgovernanceandmanagementofenterprise
ITusingCOBITdependsgreatlyonthecommitmentoftheexecutivemanagementteamasawhole.The
CIOalonecannotimplementCOBIT5effectivelythroughouttheenterprisebecausethereare
implicationsformanyareasoftheenterpriseoutsideoftheITfunction.Theemphasisonvaluecreation
andalignmentofstakeholderneeds,enterprisegoals,andITrelatedgoalswillensurethatCOBIT5is
seenasabusinessframework.
12.HowisCOBIT5alignedwiththeinternationalstandardonITgovernance,ISO/IEC38500?
COBIT5clearlydifferentiatesbetweenthekeyareasofgovernanceandmanagement.Inalignmentwith
ISO/IEC38500,COBIT5presentsgovernanceintermsofEvaluate,DirectandMonitor.Theseterms
comedirectlyfromthestandardsModelforCorporateGovernanceofIT.
13.DoIneedtomeetanexactlevelwhenassessingaprocessusingCOBIT'sprocessassessment
models?
ThemainpurposeoftheCOBITassessmentprogramme(theprogrammewebsitecanbefoundatthis
linkCOBITAssessmentProgramme)istogivemanagementarobust,reliable,repeatableapproachand
supportingtoolstobetterunderstandthecurrentcapabilityoftheirgovernanceandmanagement
processes,andtohelpmanagementdobenchmarking,gapanalysisandprocessimprovementplanning.
2012 ISACA
Page 3
COBIT5FrequentlyAskedQuestions(FAQs)
Theassessmentobjectiveistounderstandthelevelofcapabilitythatispresentandthelevelthatis
appropriateforagivenprocess,basedonbusinessrequirements,andtounderstandthenatureofany
gapssothatanysignificantweaknessesintheprocesscanbeidentifiedandimproved.
14.WhatdoesCOBITstandfor?
COBITwasoriginallyanacronymforControlObjectivesforInformationandrelatedTechnology.Now
usedinshortform,COBITisusedtoidentifythenameoftheframework.
15.WhyisCOBIT5presentedininternationalEnglish?
StartingwiththefirstCOBIT(1996),aconsciouseffortwasmadetouseinternationalEnglishto
underscoretheglobalnatureofthesourcesthatwentintoitsdevelopment(theinternationalstandards
andframeworksusedasreferences)andtheglobalapplicationoftheresultingCOBIT.Overtheyears,
thisapproachhasbeenquestionedandchallengedfromtimetotime,butithasremainedinplaceand
allCOBITderivativeproductsfollowthisruleaswell.
2012 ISACA
Page 4