COBIT® - Control Objectives for Information and related Technology

COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.




COBIT (originally Control Objectives in IT) is owned and supported by ISACA

Brief history and description

COBIT was first released in 1996; the current version is 4.1 (2007). Version 5.0 was released in April 2012, to bring together COBIT 4.1, Val IT 2.0 and Risk IT frameworks.

Launch notice: “COBIT 5 is the latest edition of ISACA’s globally accepted framework, providing an end-to-end business view of the governance of enterprise IT that reflects the central role of information and technology in creating value for enterprises. The principles, practices, analytical tools and models found in COBIT 5 embody thought leadership and guidance from business, IT and governance experts around the world.” (Source:

COBIT focuses on what an enterprise needs to do, not how to do it. The framework provides good practices across a ‘domain’ and process framework (see Figure).

The COBIT governance framework (source:


The business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models (level 0 – non-existent – to level 5 – optimized) to measure their achievement, and identifying the associated responsibilities of business and IT process owners. COBIT describes IT processes (organized in four domains of Plan and Organize, Acquire and Implement, Deliver and Support and Monitor and Evaluate), associated control objectives, and management guidelines (activities, accountabilities, responsibilities and performance metrics). Additionally, it supports enterprise management in the development, implementation, continuous improvement and monitoring of good IT-related practices

Target Audience

Senior business management, senior IT management and (IT/EDP) auditors.

User communities and groups

ISACA provides an online IT Professional Networking and Knowledge Center. In their own words:

“ISACA’s IT Professional Networking and Knowledge Center is a meeting place for IT professionals who share common professional interests. Participants can consume information, exchange expertise and experience, and build new understanding through collaboration. A wide range of disciplines and practices powers this global professional community, making it a truly unique and holistic resource.” (Source: 

Official publisher

A comprehensive set of products has been developed by ISACA including the COBIT framework. The ISACA COBIT 5 Product Family can be obtained from their online store.

Accreditations and qualifications

ISACA runs a certification in the areas of: IT Audit, Security, Governance and Risk.

ISACA offers the following certifications:

  • Certified Information Systems Auditor (CISA);
  • Certified Information Security Manager (CISM)
  • Certified in the Governance of Enterprise IT (CGEIT)
  • Certified in Risk and Information Systems Control (CRISC)

ISACA also provides IT Professional Education, Conferences and Training.


An up-to-date listing of the current IT Audit and Assurance Standards, Guidelines, and Tools and Techniques is available online for ISACA members.


Official Sites ISACA COBIT home page
User groups and communities ISACA membership page
  ISACA knowledge center
Publications COBIT publications
Accreditations and Qualifications ISACA certification page
  ISACA education page
Tooling Information available to ISACA members
Other useful links IT Governance Institute
FREE IBPI documents Whitepapers