Course Name: IT Audit & Assessment [ CSE 6165 ]
Course Instructor: SUMAN AHMED[ Asst. Professor, UIU ]
Topic: COBIT® 2019 FRAMEWORK
MOZAFFAR HOSSAIN
FAZLA RABBI ABIR
1

Overview Of COBIT
COBIT is published by ITGI, a nonprofit research entity created by ISACA in 1998. First released
in 1996, COBIT was often perceived as merely an audit framework, from the version 2 the
framework to apply outside the auditing community. COBIT 2019 is the most current version
of the framework.
2
COBIT ( Control OBjectives for Information and related Technology )
- COBIT is an Information Technology management framework developed by ISACA to
help businesses, develop, organize and implement strategies around information management
and governance.
A model designed to control of the IT function.
ISACA – ( Information Systems Audit and Control Association )ISACA is an international
professional association focused on IT governance. ISACA provides guidance, benchmarks and governance
tools for enterprises that use information systems. ISACA also hosts a series of international conferences that
focus on both technical and managerial topics relating to IS assurance, control, security and IT governance. It
also coordinates several certification programs, currently ISACA offering 8 certificate programs.

What CobiT is not!!
❖ COBIT is not a full description of the whole IT environment of an enterprise.
❖ COBIT is not a framework to organize business processes
❖ COBIT is not an (IT-)technical framework to manage all technology.
❖ Audit software
❖ An IT audit plan
❖ An IT Internal Audit work program
❖ An IT audit testing plan
❖ Guide on “How to Audit” IT
3
Overview Of COBIT
Then what is CobiT?
❖ A methodology consisting of standards and controls created to assist
IT professionals in the implementation, review,administration and
monitoring of an IT environment.
❖ A tool that for IT professionals that has linked information technology
and control practices

❖ COBIT represents
1. A control framework,
2. A set of generally accepted control objectives, &
3. The COBIT Audit Guidelines.
4
Overview Of COBIT
What is the purpose of CobiT?
❖ To provide management and business process owners with an Information Technology (IT)
governance model that helps in understanding and managing the risks associated with IT.
❖ CobiT helps bridge the gaps between business risks, control needs and technical issues by
presenting the controls through one vehicle.
❖ It is a control model to meet the needs of IT governance and ensure the integrity of

Enterprise Governance of I&T and Benefits
Enterprise governance of IT is about defining processes and structures throughout the organization
that enable boards and business and IT people to execute their responsibilities in support of
business/IT alignment and value creation.
5
Figure 1— The Context of Enterprise Governance of Information and Technology

Enterprise Governance of I&T and Benefits
Benefits of Information and Technology Governance
❖ Benefits realization— IT value should also be measured in a way that shows the
impact and contributions of IT-enabled investments in the value creation process of the
enterprise.
❖ Risk optimization— Risk management focuses on the preservation of value.
❖ Resource optimization— It recognizes the importance of people, in addition to
hardware and software, it focuses on providing training, promoting retention and ensuring
competence of key IT personnel.
6
Figure 2-- IT Governance Benefits

COBIT STAKEHOLDERS
The target audience for COBIT is the stakeholders for EGIT and by extension, the stakeholders
for corporate governance. In COBIT there are two category of stakeholders as below:
7
Internal Stakeholders External Stakeholders
➢ Boards
➢ Executive Management
➢ Business Managers
➢ IT Managers
➢ Assurance Providers
➢ Risk Management
➢ Regulators
➢ Business Partners
➢ IT Vendors

How Does COBIT Work 8
Information Technology Infrastructure Library (ITIL®), and related standards from the
International Organization for Standardization (ISO). For a successful implementation of
COBIT 2019 within an Enterprise, a combination of the listed objectives must be used. A
specified set of 40 objectives becomes the heart of COBIT 2019. These objectives are to be
fulfilled if the enterprise goals are to be achieved. These objectives are further bifurcated into
governance and management objectives, ensuring that the Boards & executive management
undertake the governance processes while management implements management
processes, respectively.

COBIT Principles
COBIT 2019 has its basis on following sets of principles:
❖ Principles enlisting the core requirements of a governance system for IT
❖ Principles to build a governance framework for the organization
COBIT 2019 has 6 system principles for a governance system:
9
❖ Satisfy stakeholder needs and to generate value.
❖ Many components form to make a governance system
❖ The governance system should be dynamic.
Figure 3— Governance System Principles

COBIT Principles
❖ There is difference amongst activities and structures for governance and management.
❖ Option of customization as per the organizational requirements.
❖ The governance system includes those organizational functions.
10
The 3 principles for a governance framework:
❖ The framework be based on a conceptual model.
❖ The framework should be open and flexible.
❖ The governance framework be aligned to relevant major related standards, frameworks and
regulations.
Figure 4— Governance Framework Principles

COBIT Components of a Governance
System
11
Figure 5—COBIT Components of a Governance System
For the achievement of governance
& management objectives, Thare
have 7 Components and these are ..
1. Process
2. Organizational Structures
3. Principles,Policies,Procedures
4. Information
5. Culture,Ethics and Behavior
6. People,Skills and Competencies
7. Services ,Infrastructure and
Applications

Tailored Governance System Design 12
Impact of Design Factors:
Design factors influence in different ways the tailoring of the
governance system of an enterprise
1. Management objective priority/selection
2. Components variation
3. Need for specific focus areas

13
T Governance System Design Process
Figure 6— Governance System Design Workflow
There is no magic formula. The final design will be a case-by-case decision, based on all the elements on
the design canvas. By following these steps, enterprises will realize a governance system that is tailored to
their needs.

14
COBIT Domain
Figure 7— Governance System Design Workflow
❖ Plan & Organize – concerned with identification of the way IT can best contribute to
the achievement of business objectives
❖ Acquire and Implement – acquiring, implementing or development of IT Solutions to
be integrated into business process
❖ Deliver & Support – delivery of required services including traditional operations,
security, and training
❖ Monitor & Evaluate – regular assessment over time for quality and compliance with
control requirements

15
Implementing Enterprise Governance
of IT
Figure 8—COBIT Implementation Road Map
❖ What are the drivers?
❖ Where are we now?
❖ Where do we want to be?
❖ What needs to be done?
❖ How do we get there?
❖ Did we get there?
❖ How do we keep the momentum
going?

COBIT Case Studies
-AL Rahji Bank
-Middle East Bank
-Tokio Marine System
-Dubai Customs
-New York State Government Agency
-Europian Electricity Transmission Network
16

COBIT-2019 GOALS 17
According to the ISACA, COBIT 2019 was updated to include:
❖ Focus areas and design factors that give more clarity on creating a
governance system for business needs
❖ Regular updates released on a rolling basis
❖ More guidance and tools to support businesses when developing a “best-fit
governance system, making COBIT 2019 more prescriptive”
❖ A better tool to measure performance of IT and alignment with the CMMI
❖ More support for decision making including new online collaborative features

COBIT-2019 Benefits & Shortcomings 18
Benefits:
❖ Improve and maintain high-quality information to support business decisions.
❖ Use IT effectively to achieve business goals;
❖ Use technology to promote operational excellence;
❖ Ensure IT risk is managed effectively;
❖ Ensure organisations realise the value of their investments in IT; and
❖ Achieve compliance with laws, regulations and contractual agreements.
Shortcomings:
Some researchers have pointed out that the biggest disadvantage with COBIT is that it
requires a great deal of knowledge to understand its framework before it could be applied as a
tool to support IT governance.

THANK YOU
19