COBIT 2019 is an IT governance and management framework created by ISACA that helps companies align technology, strategy, and business results, promoting value and control. Therefore, in this definitive guide, you will understand how COBIT 2019 works, its main differences compared to COBIT 5, its domains and processes, and how to apply it to improve your company's IT governance. This is because the 2019 version is more flexible and adaptable than previous versions, integrating principles from frameworks such as ITIL, ISO, and TOGAF. Furthermore, implementing it can increase the maturity and strategic value of IT.
What is COBIT 2019?
COBIT 2019 is the evolution of COBIT 5, a global reference model for information technology governance and management. In other words, it guides organizations in creating value through IT, balancing benefits, risks, and resources.
Why COBIT 2019 is essential for modern IT governance.
Technological advancement and digital transformation demand a solid framework for governing information and technology. Therefore, COBIT 2019 emerges as a response to this need, updating concepts and practices from its previous version to reflect the agility and integration that the market requires.
It was designed to be flexible, customizable, and integrable with other frameworks. Therefore, companies can use it in conjunction with methodologies such as ITIL, ISO 27001, PMBOK, and TOGAF, ensuring complete management of corporate IT.
Differences between COBIT 2019 and COBIT 5
1. Structure and components: COBIT 2019 introduced new governance components, expanding the scope of processes and practices. Thus, each governance and management objective contains elements such as policies, culture, information, and infrastructure.
2. Focus on personalization: COBIT 5 had a more standardized approach, but COBIT 2019 is modular and scalable, allowing each company to adapt the framework to its strategic context.
3. Continuous updating: The new version is dynamic, meaning it can be continuously updated by ISACA, keeping pace with governance trends and technological innovation.
See also others Differences between the 2019 and 2005 versions. in the image below:
The five domains of COBIT 2019 explained
COBIT 2019 organizes its processes into five main domains, ranging from planning to operational support. See below for a detailed explanation of how each one works:
1. EDM – Evaluate, Direct and Monitor
Focused on corporate governance, EDM ensures that strategic decisions are aligned with the organization's objectives. In other words, it helps leaders assess risks, direct investments, and monitor results.
Furthermore, the COBIT 2019 reference framework for direct domain assessment and monitoring presents five essential processes that ensure governance, benefit delivery, risk and resource optimization, and stakeholder engagement. Below, we examine each of them:
| EDM01 | Configuration and maintenance of the assured governance framework. |
| EDM02 | Delivery of assured benefits. |
| EDM03 | Guaranteed risk optimization. |
| EDM04 | Resource optimization guaranteed. |
| EDM05 | Guaranteed stakeholder engagement |
The EDM domain is essential to ensure that IT adds value to the business and that risks are managed effectively. Therefore, by implementing EDM domain processes, organizations can:
- Improve IT alignment with business objectives.
- Optimize the use of IT resources.
- Reduce the risks associated with the use of IT.
- Increase transparency and accountability in IT activities.
- improve communication with stakeholders.
2. APO – Align, Plan and Organize
APO deals with IT strategic planning. Therefore, it covers topics such as organizational structure, culture, communication, security, and human resources, ensuring that everything is aligned with the business.
In this way, APO brings together 14 essential processes, which structure everything from strategy to risk management and corporate data.
| APO01 | Define the IT management system, roles and responsibilities, ensuring governance and compliance. |
| APO02 | Integrate IT and business strategies, promoting alignment and digital maturity. |
| APO03 | Develop a unified architecture of processes, data, and technology to optimize resources. |
| APO04 | Monitor trends and adopt emerging technologies to drive innovation. |
| APO05 | Plan and prioritize the portfolio of IT projects and investments in accordance with corporate goals. |
| APO06 | Controlling financial resources and ensuring efficiency in IT spending. |
| APO07 | To plan and develop the skills and capabilities of the IT team. |
| APO08 | To promote effective communication and collaboration between IT, business, and stakeholders. |
| APO09 | Establish and monitor SLAs and KPIs to ensure quality in IT services. |
| APO10 | Select, monitor, and evaluate suppliers based on performance and risk. |
| APO11 | Implement quality standards and continuous improvement practices in IT. |
| APO12 | Identify, assess, and mitigate risks related to IT and information. |
| APO13 | To guarantee the protection of information and technological infrastructure. |
| APO14 | Establish data governance and management throughout the entire lifecycle. |
3. BAI – Build, Acquire, and Implement
BAI encompasses the entire IT solution lifecycle, from development to delivery. Therefore, it ensures that projects add value and are delivered on time and within budget.
| BAI01 | Managed Programs |
| BAI02 | Definition of managed requirements |
| BAI03 | Identification and construction of managed solutions |
| BAI04 | Managed availability and capacity |
| BAI05 | Managed organizational change |
| BAI06 | Managed IT Changes |
| BAI07 | Managed change acceptance and transition |
| BAI08 | Managed Knowledge |
| BAI09 | Managed Assets |
| BAI10 | managed configuration |
| BAI11 | Managed Projects |
4. DSS – Deliver, Serve, and Support
This domain handles day-to-day operations, including technical support, service continuity, and security. In short, it ensures that everything runs smoothly.
| DSS01 | Managed Operations |
| DSS02 | Managed service requests and incidents |
| DSS03 | Managed Issues |
| DSS04 | managed continuity |
| DSS05 | Managed Security Services |
| DSS06 | Managed business process controls |
5. MEA – Monitor, Evaluate and Analyze
MEA focuses on auditing and performance. In other words, it collects metrics and indicators to measure the success of IT governance and management practices.
In this way, it seeks to ensure that IT processes and IT-supported business processes comply with laws, regulations, and contractual requirements. It aims to obtain assurance that requirements have been identified and respected, and to integrate them into compliance with the organization's overall standards.
Read also:
Evaluate, guide and monitor (EDM)
Align, plan and organize (APO)
Delivery, Services and Support (DSS)
Build, Acquire and Implement (BAI)
Monitor, Evaluate and Measure Compliance
Key benefits of COBIT 2019 for businesses
- – It increases transparency between IT and business.
- – Reduces operational and compliance risks.
- – Improves the efficiency of internal processes.
- – Strengthens strategic decision-making.
- – Facilitates international audits and certifications.
- – It increases the organization's digital maturity.
How to implement COBIT 2019 in practice
Implementation can be gradual and customized. Here are the main steps for implementation:
- Initial diagnosis: Assess the current maturity level of IT governance.
- Define governance objectives: Align IT goals with the company's strategy.
- Choose the priority processes: Use the COBIT 2019 component model.
- Adopt key performance indicators (KPIs): Monitor results and make adjustments.
- Empower the team: Promote training based on the COBIT methodology.
Furthermore, it's also worth considering the use of integrated governance platforms, such as ServiceNow, which accelerates digital maturity and improves operational efficiency.
FAQ – Frequently Asked Questions about COBIT 2019
1. Does COBIT 2019 replace COBIT 5?
Yes, but it is fully compatible. It expands and updates concepts while maintaining the foundation of COBIT 5.
2. Who should use COBIT 2019?
IT managers, auditors, consultants, and corporate governance professionals.
3. Is COBIT 2019 only applicable to large companies?
No. It can be adapted to any size organization.
4. What certifications are available?
ISACA offers official certifications such as COBIT 2019 Foundation and Design and Implementation.
5. Is COBIT 2019 compatible with ITIL and ISO 27001?
Yes. It was designed to complement other IT governance and management frameworks.
In summary, COBIT 2019 is a strategic tool for transforming IT into a value driver for the business. After all, it offers a modern, flexible approach aligned with the current digital reality.
Do you want to implement COBIT 2019 in your company? Get in touch with our team of experts. Learn about IT governance and discover how to apply the framework in a practical and efficient way.