COBIT 2019: The Complete Guide to Assessing, Governing and Monitoring IT Governance
O COBIT 2019 is one of the most recognized IT governance and management frameworks in the world. It provides guidelines to align technology and business, ensuring that IT investments deliver value, reduce risk, and increase transparency. Within it, the domain โEvaluate, Target, and Monitor (EDM)โ plays a central role in IT governance, as it is responsible for ensuring that strategic decisions are in line with corporate objectives.
What is the EDM Domain in COBIT 2019?
The EDM domain focuses on the continuous assessment of IT performance, strategic direction of IT activities, and monitoring compliance with policies and regulations. It provides a set of processes that enable organizations to:
- Evaluate IT performance against business objectives.
- Direct IT activities to ensure they are aligned with the organization's strategy.
- Monitor compliance with relevant policies, regulations and standards.
This domain is the link that connects the business strategy to IT operations, ensuring that technology is a true strategic facilitator.
If you want to better understand IT's role in strategic alignment, check out our content on IT Governance.
Parent Process Reference Framework (PRF): COBIT 2019
The reference structure of the COBIT 2019 The Direct and Monitor Domain Assessment program presents five essential processes that ensure governance, benefit delivery, risk and resource optimization, and stakeholder engagement. Below, learn about each of them:
EDM01 | Configuration and maintenance of the assured governance framework. |
EDM02 | Delivery of assured benefits. |
EDM03 | Guaranteed risk optimization. |
EDM04 | Resource optimization guaranteed. |
EDM05 | Guaranteed stakeholder engagement |
Evaluation and Monitoring Processes
EDM01: Configuration and Maintenance of the Assured Governance Framework
This process establishes a consistent, integrated approach aligned with corporate governance. Its main guidelines are:
-
Ensure that IT-related decisions are in line with the company's strategies and objectives.
-
Carry out supervision processes effectively and transparently, ensuring compliance with legal, contractual and regulatory requirements.
-
Meet governance requirements for board members, enabling the realization of desired value.
EDM02: Delivery of Assured Benefits
Focused on optimizing business value, this process aims to maximize the benefits of investments in business processes, services and IT assets. Actions include:
-
Ensure IT-enabled initiatives and assets deliver value cost-effectively.
-
Obtain a reliable and accurate picture of expected costs and benefits in order to support business needs effectively and efficiently.
Read also: Financial Management in IT and discover how to reduce costs without compromising performance.
EDM03: Guaranteed Risk Optimization
The goal here is to ensure that the risks associated with the use of IT are identified and managed appropriately. To do this, it is necessary:
-
Understand, articulate and communicate the company's risk appetite and tolerance.
-
Monitor that corporate risk related to IT does not exceed established limits.
-
Identify and manage the impact of IT risks to ensure business value is protected while minimizing potential compliance failures.
EDM04: Guaranteed Resource Optimization
This process aims to ensure that IT resources are available in the optimal quantity and quality to support corporate objectives, always at the optimal cost. The main actions involved are:
-
Optimally meet the company's resource needs.
-
Optimize IT costs, increasing the likelihood of realizing the expected benefits.
-
Prepare the organization for future changes while maintaining agility and operational efficiency.
EDM05: Ensured Stakeholder Engagement
Effective stakeholder engagement is critical to the IT governance successThis process ensures that:
-
Stakeholders are identified and integrated into the I&T governance system.
-
There is transparency in measurement, performance and compliance reporting.
-
Goals and metrics are approved, with corrective actions when necessary.
-
The IT strategy and roadmap are communicated effectively and in a timely manner, identifying areas for improvement and ensuring alignment with the company strategy.
The Importance of EDM Mastery
The EDM domain is essential to ensuring that IT delivers business value and that risks are managed effectively. By implementing EDM domain processes, organizations can:
- Improve IT alignment with business objectives.
- Optimize the use of IT resources.
- Reduce the risks associated with the use of IT.
- Increase transparency and accountability in IT activities.
- improve communication with stakeholders.
COBIT 2019 and IT Governance
COBIT 2019, with its focus on the EDM domain, provides a comprehensive framework for IT governance. By adopting its guidelines, organizations can ensure that IT is a strategic enabler of business objectives and that risks are managed effectively.ย
Additionally, frameworks such as ITIL and ISO/IEC 38500 can complement COBIT, further strengthening governance maturity and regulatory compliance.
Text Translated and adapted by 4MATT Tecnologia from the original Evaluate Direct and Monitor (COBIT 2019)
Want to know how to apply COBIT 2019 in practice? Contact 4MATT experts and discover how we can support your company on its IT Governance journey.