Defining the Cobit 5 principles
New user demands, industry-specific regulations and risk scenarios emerge every day. Maximizing the value of intellectual property, managing risk and security and assuring compliance through effective ICT governance and management has never been more important. The purpose of COBIT 5 is to provide management and business process owners with an ICT governance model that helps them deliver added ICT value. Understanding and managing the risks associated with ICT is an integral part of the COBIT 5 framework.
COBIT 5 helps to bridge the gaps amongst business requirements, control needs and technical issues. It is a model geared towards risk limitation to meet the needs of ICT governance and ensure the integrity of information and information systems.
New user demands, industry-specific regulations and risk scenarios emerge every day. Maximizing the value of intellectual property, managing risk and security and consolidating compliance through effective ICT governance and management has never been more crucial to get right.
The COBIT 5’s benefits
No other framework focused on enterprise ICT offers the breadth or benefits of COBIT 5. It helps SME’s as well as large international corporates:
- Maintain high-quality information to support business decisions
- Achieve strategic goals through effective and innovative use of IT
- Achieve operational excellence through reliable, efficient application of technology
- Maintain IT-related risk at an acceptable level
- Optimize the cost of IT services and technology
- Support compliance with relevant laws, regulations, contractual agreements and policies
The COBIT 5 framework is built around five core principles.
Each principle will be discussed and relates to concepts and insights from professional and academic literature.
1. Meeting Stakeholder Needs—Strategic Business/IT Alignment
Principle one implies that COBIT 5 provides all the required processes and other enablers to support business value creation using ICT. This principle runs parallel with the long-standing concept of strategic alignment. However, a continuing challenge for organizations is how to achieve this alignment. COBIT 5 suggests that organizations should start with analysing their business/IT strategic alignment through defining and linking enterprise goals and IT-related goals.
2. Covering the Enterprise End-to-end - IT Savvy
The principle of covering the enterprise end-to-end asserts that COBIT 5 covers all functions and processes within the enterprise. COBIT 5 does not only focus on the ICT function, but treats information and related technologies as assets that need to be dealt with just like any other asset within the enterprise. The business must take ownership of, and be accountable for, governing the use of IT in creating value from IT-enabled business investments.
3. Applying a Single Integrated Framework - IT Savviness
Compared to its previous versions, COBIT 5 includes a more thorough and complete involvement of business management in governing and managing ICT. For example, three newly inserted processes that address specific business roles are APO3- Manage enterprise architecture, APO4- Manage innovation and BAI05- Manage organizational change.
4. Enabling a Holistic Approach - Organisational Systems
The fourth principle (enabling a holistic approach) explains that efficient and effective implementation of GEIT requires a holistic approach, considering several interacting components—processes, structures and people. This implementation challenge is related to what is described in strategic management literature as the need for an organizational system, i.e., the way a firm enables its employees to work together to carry out the business. So-called organizational systems require a holistic definition and application of structures (e.g., organizational units and functions) and processes (to ensure that tasks are coordinated and integrated), as well as attention to people and relational aspects (e.g., culture, values, joint beliefs).
5. Separating Governance from Management - ISO/IEV 38500 (2008)
Finally, principle 5 (separating governance from management) is about the distinction COBIT 5 makes between governance and management. This distinction aligns with the predefined guidelines in ISO/IEC 38500. COBIT 5 differentiates between ICT governance and ICT management processes as they encompass different types of activities.