COBIT - Control Objectives for Information and Related Technologies

An IT governance and management framework developed by ISACA for aligning IT with business goals.

28 March 2026 2 min read Updated Mar 2026

#COBIT #IT-governance #ISACA #compliance #framework

COBIT (Control Objectives for Information and Related Technologies) is a framework for the governance and management of enterprise information and technology. It provides a comprehensive set of controls, metrics, and process models that help organizations ensure IT delivers value, manage IT-related risk, and meet regulatory compliance requirements.

Origins and History

COBIT was created by the Information Systems Audit and Control Association (ISACA) with its first edition published in 1996. The framework originated from the need for a standardized set of IT control objectives to support financial auditors evaluating IT systems. COBIT 2 (1998) added control practices, COBIT 3 (2000) incorporated IT governance concepts from the IT Governance Institute, and COBIT 4.0/4.1 (2005-2007) aligned with other standards including ITIL, ISO 27001, and COSO. COBIT 5 (2012) was a significant revision that unified governance and management of enterprise IT into a single integrated framework based on five principles. The current version, COBIT 2019, introduced a more flexible design system with governance and management objectives, design factors for tailoring implementation, and a focus area concept allowing domain-specific extensions.

Core Components

COBIT 2019 is built on a Governance System with six principles: provide stakeholder value, holistic approach, dynamic governance system, governance distinct from management, tailored to enterprise needs, and end-to-end governance system. It defines 40 governance and management objectives organized into five domains: Evaluate, Direct and Monitor (EDM), Align Plan and Organize (APO), Build Acquire and Implement (BAI), Deliver Service and Support (DSS), and Monitor Evaluate and Assess (MEA). Each objective includes process descriptions, inputs/outputs, RACI charts, and maturity models.

Practical Applications

COBIT is used for IT audit planning, regulatory compliance (SOX, GDPR), aligning IT strategy with business objectives, managing IT risk, and benchmarking IT process maturity. It is frequently used alongside ITIL for service management and ISO 27001 for information security.

Sources

ISACA (2019). COBIT 2019 Framework: Introduction and Methodology. ISACA.
ISACA (2012). COBIT 5: A Business Framework for the Governance and Management of Enterprise IT. ISACA.
De Haes, S. and Van Grembergen, W. (2015). Enterprise Governance of Information Technology, 2nd ed. Springer.

Need help implementing this?

Turn this knowledge into a working prototype. Our structured workshop methodology takes you from idea to deployed AI solution in three sessions.

Explore AI Workshops