The Golden Nuggets in COBIT 5

Most of the tech press coverage of COBIT 5 so far amounts to little more than an announcement of its launch and a rehash of the press release. Such is one of the hallmarks of our age. But it isn’t all that helpful when you’re running an IT department at full speed half staffed. So let’s just cut to the chase, shall we, and get down to discussing what it is, what it can do, who’s doing what with it, and the golden nuggets you can put to use right now.

COBIT 5 in a nutshell

COBIT 5 was developed by ISACA, a nonprofit, independent, global association of nearly 100,000 business and IT experts who purport to understand the most critical and relevant issues faced by enterprise leaders around the world. It was released on April 10 but it arrived already popular. ISACA had 15,000 requests to reserve a copy long before the release date and interest is still running high.

“Basically, it is a set of globally accepted principles, practices, analytical tools and models that can be customized for enterprises of all sizes, industries and geographies,” said Derek Oliver, co-chair of the COBIT 5 Task Force and an information audit and security specialist with more than 28 years’ experience.

To clarify further, COBIT 5 is an end-to-end umbrella framework that pulls together many existing frameworks.

“This is important and incredibly valuable in dealing with the many IT specialties,” explained Bob Frelinger, manager of the Process Management program for Oracle’s Global IT group.

“Specialists are very good at what they do,” he said. “Service management professionals manage and, for most, their preferred guidance is ITIL. Security professionals protect, and, for many of them, the preferred guidance is the ISO/IEC 27000 series. By using a COBIT-inspired model, all groups were able to see how their work fit under an overall umbrella and how their work related to each other’s work.”

Put another way, COBIT 5 provides an end-to-end framework that integrates other standards and approaches, such as ITIL, into overall enterprise governance, said Oliver. “COBIT 5 will not replace these other standards and approaches. Instead, it is an umbrella that helps them all fit together. COBIT 5 is the frame on which ITIL can provide additional substance in the daily management of IT.”

Since COBIT 5 is so new, there are no case studies available yet. However, there are a number of enterprise case studies on use of other COBIT versions such as Sun/Oracle, Unisys, National Stock Exchange of India, Grupo Bancolombia, MetLife, Blue Cross Blue Shield of North Carolina and the Government of Dubai, among many others. Looking those over may prove helpful.

“One important point is that most enterprises do not use all of COBIT,” said Oliver. “They choose the areas of COBIT that can best help them address pain points and other issues that are priorities to them.”

It is extremely helpful to have this level of flexibility as no two companies are alike and thus needs and mileage vary. By picking and choosing what parts to use first, companies get the most immediate desired effect first.

“COBIT is an amazing body of work,” said Oracle’s Frelinger. “There are golden nuggets throughout all of the material. For example, Oracle uses the guidance in COBIT to help provide a line of sight between the activities of our individual contributors and our business goals; individual contributors see how their work is contributing to process, IT and business goals.

“There are lots of good, best, and common practice concepts embedded in the COBIT framework. When I have a business issue that needs further study, these concepts are the clues I use for further research into the best course of action for my company.”

Taking aim

“Understand that COBIT is not the target,” advised Frelinger. “The target is improved governance and management of your enterprise’s information and technology. To do so means leveraging the industry-accepted concepts and practices that are embedded in COBIT.”

Start by focusing on your highest-value projects and use COBIT to get more from the information systems you already have in play. Although it is still too early to get any meaningful metrics and analysis on COBIT 5, there are early user experiences to report.

According to the Global Status Report on the Governance of Enterprise IT (GEIT) 2011, from ISACA’s affiliated IT Governance Institute, when looking at business outcomes of GEIT, 42 percent said COBIT 5 improved management of IT-related risk, 40 percent said it improved communication and relationships between business and IT, 38 percent said it lowered IT costs, 37 percent said it improved IT delivery of business objectives, and 28 percent said it improved business competitiveness.

“COBIT 5 is about more than technology,” explained Oliver. “It can help your enterprise create optimal value from information in every format as well as related technology by maintaining a balance between realizing benefits and optimizing risk levels and resource use.”

A prolific and versatile writer, Pam Baker writes about technology, science, business, and finance for leading print and online publications including ReadWriteWeb, CIO and, Institutional Investor, Fierce Markets Network, I Six Sigma magazine, CIO Update, E-Commerce Times, and many others. Her published credits include eight traditional books, a smattering of eBooks, and several analytical studies on various technologies for research firms on two continents. Among other awards, Baker won international acclaim for her documentary on the paper-making industry, and is a member of the National Press Club and the Internet Press Guild (IPG). She lives in Georgia, USA with her family and two dogs.