ISACA Issues COBIT 5 Governance Framework

Survey: 44% of Enterprises Worldwide Plan to Increase IT Investments...

Rolling Meadows, IL (10 April 2012)

ISACA today released COBIT 5, the only business framework for the governance and management of enterprise IT. The new version of COBIT promotes seamless continuity between an enterprise’s IT department and its overall business goals and represents a major evolution of the globally accepted framework in use at enterprises worldwide for more than 15 years. The COBIT 5 framework is available from ISACA—a nonprofit global association of more than 95,000 IT governance professionals—as a free download at

 According to a recent global survey of more than 3,700 IT professionals who are members of ISACA, nearly half of respondents’ enterprises (44 percent) are planning to increase their IT-related investments selectively in the next 12 months, based on expected contribution to business value. The survey also showed that 74 percent of executive teams consider information and technology to be very important to the delivery of the enterprise’s strategy and vision.

 COBIT 5 provides globally accepted principles, practices, analytical tools and models designed to help business and IT leaders maximize trust in, and value from, their enterprise’s information and technology assets. This update is the result of a four-year initiative led by a global task force and has been reviewed by more than 95 experts worldwide. To date, more than 16,000 professionals have preregistered to receive a copy. The previous version of COBIT has been downloaded more than 100,000 times.

“The advance interest in COBIT 5 has been overwhelming. It is clear that enterprises everywhere are aggressively seeking guidance on how to manage and ensure value from the growing mountain of information and increasingly complex technologies they are grappling with,” said Derek Oliver, Ph.D., CISA, CISM, CRISC, CITP, FBCS, FISM, MInstISP, and co-chair of the COBIT 5 Task Force. “Information is the currency of the 21st century, and COBIT helps enterprises effectively govern and manage this critical asset.”

How COBIT 5 Is Used
COBIT 5 can be tailored to meet an enterprise’s specific business model, technology environment, industry, location and corporate culture.

Because of its open design, it can be applied to meet needs related to:

  • Information security
  • Risk management
  • Governance and management of enterprise IT
  • Assurance activities
  • Legislative and regulatory compliance
  • Financial processing or CSR reporting

 According to the ISACA survey, in the past 12 months:

  •  48% of responding enterprises experienced project overruns
  • 41% experienced a high cost of IT with a low or unknown return on investment
  • 38% said there was a disconnect between business and IT strategies
  • 22% experienced a security breach
  • 21% reported challenges related to mobile device security

CobiT5Enablers “COBIT 5 offers a much-needed common vocabulary and set of processes to enlist stakeholders from across the organization—not just IT—in considering the issues and impact of key business and technology issues such as cloud computing, growth of mobile devices and BYOD (bring your own device), data privacy and cybersecurity threats,” said John Lainhart, CISA, CISM, CGEIT, CRISC, CIPP/G, past international president of ISACA and co-chair of the COBIT 5 Task Force. “Most people wouldn’t venture into a major storm without protective gear like an umbrella. Yet, that’s what enterprises do every day when they leave their technology assets unprotected.”

 Five Principles and Seven Enablers  (Did you try that puzzle?)

 This significant update of the COBIT framework simplifies governance challenges with just five principles and seven enablers. The principles are: 1) Meeting Stakeholder Needs, 2) Covering the Enterprise End-to-end, 3) Applying a Single, Integrated Framework, 4) Enabling a Holistic Approach, and 5) Separating Governance From Management. The enablers, which help achieve enterprise goals, are: Processes; Principles, Policies and Frameworks; Organisational Structures; People, Skills and Competencies; Culture, Ethics and Behaviour; Services, Infrastructure and Applications; and Information.

 The new version of COBIT is also designed to integrate other approaches and standards, including TOGAF, PMBOK, Prince2, COSO, ITIL, PCI DSS, the Sarbanes-Oxley Act and Basel III.

 COBIT 5 is available to all as a free-of-charge download at ISACA also today released COBIT 5: Enabling Processes (free to ISACA members and US $134 for nonmembers) and COBIT 5 Implementation (free to ISACA members and US $50 for nonmembers), which help framework users apply the guidance. Print editions of all three guides are available for purchase from the ISACA Bookstore ( Full survey results are available at

Editors Note

Related infographic, full survey results, and spokesperson video are available at



COBIT 5 process reference model

Two Areas, Government, and Management

  • The COBIT 5 process reference model subdivides the IT-related practices and activities of the enterprise into two main areas—governance and management—with management further divided into domains of processes
  • The GOVERNANCE domain contains five governance processes; within each process, evaluate, direct and monitor (EDM) practices are defined.
  • 01 Ensure governance framework setting and maintenance
  • 02 Ensure benefits delivery
  • 03 Ensure risk optimization
  • 04 Ensure resource optimization
  • 05 Ensure stakeholder transparency
  • The four MANAGEMENT domains are in line with the responsibility areas of plan, build, run and monitor (PBRM).
  • Alignment of CobiT 5 to ISM



  • ISACA is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit ISACA offers the CISA®, CISM®, CGEIT® and CRISC™ designations. ISACA developed COBIT 5, a business framework for the governance and management of enterprise IT.
  • Twitter:
  • LinkedIn:
  • Facebook:
  • ISACA Knowledge Center:–center
  • Contacts:
  • Kristen Kessinger, +1.847.660.5512, This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Joanne Duffer, +1.847.660.5564, This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Marv Gellman, +646.935.3907, This email address is being protected from spambots. You need JavaScript enabled to view it.  

Chicks are cool