COBIT 2019
COBIT 2019
Control Objectives for Information and Related Technologies 2019
1. Overview of COBIT 2019, a Framework for Tailored IT Governance Design
flowchart LR
A["One-size-fits-all IT governance"] -- "Shift to tailored enterprise governance" --> B["COBIT 2019"]
Definition: An EGIT (Enterprise Governance of IT) framework that aligns business objectives with IT management to build an enterprise’s governance system for information and technology (I&T).
Characteristics:
(Tailored design) Introduces Design Factors to support governance tailoring suited to organizational characteristics.
(Performance management) Applies a CMMI-based performance management model to quantitatively measure process maturity.
(Flexible scalability) Selects and combines 40 governance objectives in a modular way, applicable regardless of organizational scale.
2. COBIT 2019 Structure and Core Mechanisms
A. Core Model
flowchart TB
subgraph GOV["Governance Area (Board / Executives)"]
EDM["EDM<br/>Evaluate · Direct · Monitor"]
end
subgraph MGT["Management Area (Operating Units)"]
APO["APO<br/>Align, Plan & Organize"]
BAI["BAI<br/>Build, Acquire & Implement"]
DSS["DSS<br/>Deliver, Service & Support"]
MEA["MEA<br/>Monitor, Evaluate & Assess"]
end
GOV -->|"Set direction / objectives"| MGT
MGT -->|"Report performance / feedback"| GOV
APO --> BAI --> DSS --> MEA
MEA -->|"Improvement feedback"| APO
style GOV fill:#EFF6FF,stroke:#2563EB,color:#1E3A5F
style MGT fill:#F0FDF4,stroke:#16A34A,color:#14532D
style EDM fill:#2563EB,stroke:#1D4ED8,color:#fff
style APO fill:#16A34A,stroke:#15803D,color:#fff
style BAI fill:#0891B2,stroke:#0E7490,color:#fff
style DSS fill:#7C3AED,stroke:#6D28D9,color:#fff
style MEA fill:#EA580C,stroke:#C2410C,color:#fff
| Area | Key Content | Note |
|---|---|---|
| EDM (Governance) | Evaluate, Direct, Monitor | Board/executive level |
| APO/BAI/DSS/MEA | Plan, build, operate, assess performance | Operating unit level |
B. Key Components for Implementing Tailored Governance
Tailoring Process
flowchart LR
DF["Design Factor Analysis<br/>Design Factors<br/>Enterprise strategy / risk profile<br/>IT role / size (11 factors total)"]
OPT["Guideline Optimization<br/>Governance System Design<br/>Deriving objective priorities<br/>Selecting and adjusting processes"]
FA["Applying Focus Areas<br/>Focus Areas<br/>Cloud · Cybersecurity<br/>DevOps · other specialized guidance"]
CPM["Performance Management<br/>CPM<br/>Measuring capability level<br/>Levels 0-5"]
DF --> OPT --> FA --> CPM
style DF fill:#2563EB,stroke:#1D4ED8,color:#fff
style OPT fill:#7C3AED,stroke:#6D28D9,color:#fff
style FA fill:#EA580C,stroke:#C2410C,color:#fff
style CPM fill:#16A34A,stroke:#15803D,color:#fff
Performance Levels (CPM: Capability and Performance Management)
flowchart LR
L0["0<br/>Incomplete"]
L1["1<br/>Performed"]
L2["2<br/>Managed"]
L3["3<br/>Established"]
L4["4<br/>Predictable"]
L5["5<br/>Optimizing"]
L0 --> L1 --> L2 --> L3 --> L4 --> L5
style L0 fill:#f5f5f5,stroke:#ccc
style L1 fill:#d4edda,stroke:#28a745
style L2 fill:#c3e6cb,stroke:#28a745
style L3 fill:#ffc107,stroke:#e0a800,color:#000
style L4 fill:#fd7e14,stroke:#e96b02,color:#fff
style L5 fill:#dc3545,stroke:#c82333,color:#fff
| Level | Name | Meaning |
|---|---|---|
| 0 | Incomplete | The process is not implemented or fails to achieve its purpose |
| 1 | Performed | The purpose is achieved, but the management system is insufficient |
| 2 | Managed | Planning, monitoring, and adjustment are carried out |
| 3 | Established | The process is defined and applied across the organization |
| 4 | Predictable | Predictable and controllable using quantitative metrics |
| 5 | Optimizing | A state of continuous improvement and optimization |
Six Principles
flowchart TD
ROOT["COBIT 2019: Six Principles"]
P1["Provide stakeholder value"]
P2["Enterprise-wide approach"]
P3["Dynamic governance system"]
P4["Separation of governance and management"]
P5["Tailored to enterprise needs"]
P6["End-to-end coverage"]
ROOT --> P1
ROOT --> P2
ROOT --> P3
ROOT --> P4
ROOT --> P5
ROOT --> P6
style ROOT fill:#1E3A5F,color:#fff
3. Expected Effects and Applications of Adopting COBIT 2019
flowchart TD
COBIT["Adopting COBIT 2019"]
subgraph STR["Strategic"]
S1["IT-business alignment<br/>Used as a governance standard<br/>when establishing digital transformation strategy"]
end
subgraph OPS["Operational"]
O1["Optimizing risk and resources<br/>Building an IT audit and<br/>compliance response framework"]
end
subgraph CUL["Cultural"]
C1["Ensuring accountability<br/>Clarifying roles and responsibilities<br/>within the IT organization using a RACI chart"]
end
COBIT --> STR
COBIT --> OPS
COBIT --> CUL
style COBIT fill:#1E3A5F,stroke:#1E3A5F,color:#fff
style STR fill:#EFF6FF,stroke:#2563EB,color:#1E3A5F
style OPS fill:#F0FDF4,stroke:#16A34A,color:#14532D
style CUL fill:#FFF7ED,stroke:#EA580C,color:#7C2D12
style S1 fill:#2563EB,stroke:#1D4ED8,color:#fff
style O1 fill:#16A34A,stroke:#15803D,color:#fff
style C1 fill:#EA580C,stroke:#C2410C,color:#fff
| Category | Key Expected Effect | Application and Practical Use |
|---|---|---|
| Strategic | IT-business alignment | Used as a governance standard when establishing digital transformation (DX) strategy |
| Operational | Optimizing risk and resources | Building an IT audit and compliance response framework |
| Cultural | Ensuring accountability | Clarifying roles and responsibilities within the IT organization using a RACI chart |