An insight into the structure of COBIT 2019

What is COBIT?

COBIT is a framework for the management and governance of enterprise IT. As the name implies (Control Objectives for Information and Related Technologies), the framework was originally released (in 1996) as a set of control objectives to help the (financial) audit community better control and audit IT departments. Since the release, COBIT has undergone several revisions and has extended in the scope. The latest version of COBIT is 2019 (released in 2018) and covers the governance and management of information and technology (I&T) of an enterprise.

Governance vs. Management [1]

COBIT 2019 in a nutshell

In 2013, COBIT5 was released and completely reshaped its predecessor (COBIT 4.1), whereas the improvements of COBIT 2019 may be perceived as incremental. Also by considering the structure of the latest framework (figure below), these brings some confidence that the methodology and frameworks on how IT is managed have started to consolidate. Nevertheless COBIT has undergone some several minor changes in the principles, concepts and terminology as also evident from the figure below.

COBIT 2019 – The principles of a Governance System and a Governance Framework

How Does COBIT 2019 relates to Processes ?

While the previous versions of COBIT (COBIT 5, COBIT 4.1) were structured according to IT management processes, COBIT 2019 made a shift to the management (and governance) objectives, which are achieved by following the best practices of the underlying components (specified as “enablers” in COBIT5) that constitute a governance system (figure below). Nevertheless, processes remain the focal and conceptually the most sophisticated component being related “1:1” to the corresponding management objectives, i.e. performing an IT management process enables the achievement of the corresponding IT management objective.

COBIT 2019 Components of a Governance system

COBIT 2019 concepts and relationships

In order to study the structure of COBIT 2019 and how the newly introduced concepts are interrelated, reverse engineering was performed on the the COBIT 2019 core model (as specified in “COBIT 2019 Governance and Management Objectives”).

An excerpt from COBIT 2019 Governance and Management objectives

As a result, an UML Class Diagram based meta-model was created, representing the conceptual scheme of COBIT 2019 Core (figure below).

Use cases of COBIT 2019 Meta-model

The metamodel may be applied in several ways including: (1) enabling a comparison with previous versions of COBIT on the metamodel level; (2) learning purposes, for getting a quick overview on the concepts, and relationships between them; (3) for the corresponding database or software modeling in the domain; (4) for getting an overview on IT Governance terminology, etc.

In accordance to the quote “all models are wrong some are useful”, there are still ways to improve the metamodel, so I am looking forward to your feedback. Cheers!

References

  1. M. Krey, T. Keller, B. Harriehausen, in M. Knoll, „Towards a classification of Information Technology governance frameworks for the development of a IT GRC healthcare framework“, v 2011 IEEE Consumer Communications and Networking Conference (CCNC), Las Vegas, NV, USA, jan. 2011, str. 34–38, doi: 10.1109/CCNC.2011.5766488.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s