COBIT5FrequentlyAskedQuestions(FAQs)

1. WhatisthepurposeofCOBIT5?

COBIT5providesacomprehensiveframeworkthatassistsenterprisesinachievingtheirobjectives
forthegovernanceandmanagementofenterpriseinformationandtechnologyassets(IT).Simply
stated,ithelpsenterprisescreateoptimalvaluefromITbymaintainingabalancebetweenrealising
benefitsandoptimisingrisklevelsandresourceuse.COBIT5enablesITtobegovernedand
managedinaholisticmannerfortheentireenterprise,takinginthefullendtoendbusinessandIT
functionalareasofresponsibility,consideringtheITrelatedinterestsofinternalandexternal
stakeholders.COBIT5isgenericandusefulforenterprisesofallsizes,whethercommercial,notfor
profitorinthepublicsector.

2. WhoisusingCOBIT5?

COBIT5isusedgloballybythosewhohavetheprimaryresponsibilityforbusinessprocessesand
technology,dependontechnologyforrelevantandreliableinformation,andprovidequality,
reliabilityandcontrolofinformationandrelatedtechnology.

3. WherearethecontrolobjectivesinCOBIT5?

Basedonfiveprinciplesandsevenenablers,COBIT5usesgovernanceandmanagementpracticesto
describeactionsthatareexamplesofgoodpracticestoeffectgovernanceandmanagementover
enterpriseIT.Manyofthesepracticesandthesupportingactivitiesexertcontrolovertheprocess
todelivertherequiredoutcome.

ThemovefromthecontrolobjectivestermwasexplainedinanISACAJournalarticle(volume4,
2011)writtenbyoneofCOBITsfirstcontributors,ErikGuldentops.Thearticlecanbefoundatthis
linkWhereHaveAllTheControlObjectivesGone?(www.isaca.org/Journal/Past-Issues/2011/volume-4/
pages/Where-Have-All-the-Control-Objectives-Gone.aspx)?

4. ArethereothermajordifferencesbetweenCOBIT4.1andCOBIT5?

Yes,theframeworkdesignforCOBIT5wasrevisitedandrestructuredtoensurecompletecoverage
forallmajoraspectsrelatedtothegovernanceandmanagementofenterpriseIT.ISACAhas
preparedapresentationthatoutlinesthemainchangesintroduced.Thepresentationcanbefound
atthislinkCompareCOBITversions4.1to5.

5. WhatistheoverallqualityofCOBIT5,andwereanyindustryprofessionalspartoftheexpert
review?

ToassurethehighqualityofCOBIT5,severalmeasuresweretaken.Themostimportantmeasures
are:
TheentireresearchprocesswasoverseenbybothISACAsKnowledgeBoardandFramework
Committee,whichareresponsibleforoverseeingallISACAframeworkresearchdevelopment.
Thedetailedresearchresultsanddeliverableswerequalitycontrolledthroughoutthe
developmentprocessbyadedicatedtaskforceofexperiencedvolunteerprofessionals.
Adraftdesigndocumentwasissuedforpublicexposure,andthefeedbackwasintegratedinto
thedevelopmentworktoproducethefinalCOBIT5products.Beforebeingissued,thedraft

developmentproductsweredistributedtomorethan100subjectmatterexpertsaroundthe
worldtoobtaintheirprofessionalreview.
Onceready,draftversionsofCOBIT5andCOBIT5:EnablingProcessesweremadeavailableto
thepublicforreview.Manygoodcommentswerereceived,suggestingfurtherimprovements
forconsideration.Surveyquestionsconcerningthelevelofsatisfactionoftheworkatthedraft
stagewereincludedinthepublicexposureactivity,with79percentoftheresponsesbeing
positive.Basedonthereviewcomments,thedevelopmentteammadechangesasappropriate.
ThefinalproductwasreviewedbyCOBIT5TaskForcemembers,theFrameworkCommitteeand
theKnowledgeBoard.

6. CanIuseCOBIT5asastatementofcriteriaforspecificauditconclusions?

ThereareadditionalprofessionalguidesplannedthatwillextendCOBIT5.AmongsttheseisCOBIT5
forAssurance.ThiswillserveastheguideforassuranceprofessionalswantingtouseCOBIT5in
theirwork.Oncecomplete,COBIT5forAssurancewillprovidecomprehensiveguidanceonusing
COBIT5tosupportassuranceactivities.Thecompletionofthisguideisplannedfor2013.

7. WhattrainingisavailablefortheuseofCOBIT5?

ISACAisdevelopinganeducationandtrainingportfoliotosupportCOBIT5.Astrainingisdeveloped,
ISACAwillcommunicatenewsviaappropriatemedia,includingtheEducation&Trainingpageinthe
COBIT5areaoftheISACAwebsite.

8. InwhatwaycanIsuggesttoexecutivemanagementthatituseCOBIT5?

BecauseCOBITisbusinessoriented,usingittodelivervalueandgovernandmanageITrelated
businessriskisstraightforward.TheCOBIT5twopageexecutivesummaryandsupportingshort
presentationcanbeusedinthediscussionwithmanagement.Thegoalscascadeintheframework
canbeusedto:
Determinestakeholderneedsandgovernanceobjectives(valuecreation)
Identifyenterprisegoalsthatcansupportstakeholderneeds.Ifthebalancedscorecard(BSC)is
usedtodevelopthesegoals,thenacommonsetoftermscanbeusedtocommunicatethe
goals.EnterprisegoalsfromtheBSCarereproducedinfigure5onpage19ofCOBIT5.
SelectITrelatedgoals(foreachenterprisegoal)thatwillfacilitatetheachievementofthegoals.
ITrelatedgoalscanbefoundinfigure6onpage19ofCOBIT5.
AchieveITrelatedgoals.Thisrequiresthesuccessfulapplicationanduseofenablers.The
frameworkdescribesenablersindetailinchapter5.Oneoftheenablers,processes,istreated
separatelyintheCOBIT5:EnablingProcessespublication.
Presenttheproposedsetofneeds,goalsandenablerstoexecutivemanagementasameansof
deliveringeffectivegovernanceandmanagementofITrelatedtechnology

9. IstheCOBIT5frameworksuperiortotheotherstandardsandframeworkssuchastheInternational
OrganizationforStandardization/InternationalElectrotechnicalCommission(ISO/IEC)27000series
andInformationTechnologyInfrastructureLibrary(ITIL)?

Mostenterprisestakeholdersandexecutivemanagementareawareoftheimportanceofthe
generalcontrolframeworkswithrespecttotheirfiduciaryresponsibility,suchasCommitteeof

SponsoringOrganizationsoftheTreadwayCommission(COSO),CodeofConnection(CoCo),theUK
CorporateGovernanceCode,KingIII,etc.;however,enterprisestakeholdersandexecutive
managementmaynotnecessarilybeawareofthedetailsofeachframework.Inaddition,enterprise
managersareincreasinglyawareofthemoretechnicalsecurityguidance,suchastheISO/IEC27000
series,andservicedeliveryguidance,suchasITIL.Althoughtheaforementionedstandardand
frameworkemphasisebusinesscontrolandITsecurityandservicemanagementanddeliveryissues
inspecificareasofenterpriseITrelatedactivity,onlyCOBIT5integratesallfunctionsandprocesses
thatestablishthegovernanceofenterpriseIT(GEIT)intooverallenterprisegovernanceandfroma
businessperspective.ItshouldbenotedthatISO/IEC15504andITILV3wereusedtodevelopthe
governanceandmanagementpractices.COBIT5isnotmeanttoreplaceanyoftheseframeworksor
standards.Itisintendedtoemphasisewhatgovernanceandmanagementelementsandpractices
arerequiredtocreatevaluefrominformationandtechnologyinsupportofenterprisebusiness
goals.

10.Whatisthequickestandbestwaytoconvincekeyexecutivesandotherenterprisestakeholdersof
thevalueofusingCOBIT5?

Theenterprisescultureisvitallyimportant.Aproactiveculturewillbemorereceptivethanonethat
isnotproactive;however,consideremphasizingCOBITsfocusonstakeholdervaluecreation,it
beingbusinessdriven,itsalignmentwithotherinternationallyrecognisedstandardsand
frameworks,anditssimple,butcomplete,structure.COBIT5isbasedonfiveprinciplesandseven
enablers.AllothergovernanceandmanagementguidanceinCOBIT5cascadefromthesebasic
areas.

11.HastheCOBIT5frameworkbeenacceptedbyClevelexecutives?

Yes,previousversionsofCOBIThavebeenacceptedinmanyenterprisesglobally,andnewcases
continuetobedocumented.However,itshouldnotbeasurprisethatinthoseentitieswherethe
chiefinformationofficer(CIO)hasembracedCOBITasabusinessframeworkforinformationand
technology,thishascomeasadirectconsequenceofoneormoreCOBITchampionswithinthe
auditand/orITfunction(s).EvenmoreimportantthanacceptancebytheCIOisacceptancebythe
boardofdirectorsandexecutivemanagement.Successfulimplementationofgovernanceand
managementofenterpriseITusingCOBITdependsgreatlyonthecommitmentoftheexecutive
managementteamasawhole.TheCIOalonecannotimplementCOBIT5effectivelythroughoutthe
enterprisebecausethereareimplicationsformanyareasoftheenterpriseoutsideoftheIT
function.Theemphasisonvaluecreationandalignmentofstakeholderneeds,enterprisegoals,and
ITrelatedgoalswillensurethatCOBIT5isseenasabusinessframework.

12.HowisCOBIT5alignedwiththeinternationalstandardonITgovernance,ISO/IEC38500?

COBIT5clearlydifferentiatesbetweenthekeyareasofgovernanceandmanagement.Inalignment
withISO/IEC38500,COBIT5presentsgovernanceintermsofEvaluate,DirectandMonitor.These
termscomedirectlyfromthestandardsModelforCorporateGovernanceofIT.

13.DoIneedtomeetanexactlevelwhenassessingaprocessusingCOBIT'sprocessassessment
models?

ThemainpurposeoftheCOBITassessmentprogramme(theprogrammewebsitecanbefoundat
thislinkCOBITAssessmentProgramme)istogivemanagementarobust,reliable,repeatable
approachandsupportingtoolstobetterunderstandthecurrentcapabilityoftheirgovernanceand
managementprocesses,andtohelpmanagementdobenchmarking,gapanalysisandprocess
improvementplanning.Theassessmentobjectiveistounderstandthelevelofcapabilitythatis
presentandthelevelthatisappropriateforagivenprocess,basedonbusinessrequirements,and
tounderstandthenatureofanygapssothatanysignificantweaknessesintheprocesscanbe
identifiedandimproved.

14.WhatdoesCOBITstandfor?

COBITwasoriginallyanacronymforControlObjectivesforInformationandrelatedTechnology.
Nowusedinshortform,COBITisusedtoidentifythenameoftheframework.

15.WhyisCOBIT5presentedininternationalEnglish?

StartingwiththefirstCOBIT(1996),aconsciouseffortwasmadetouseinternationalEnglishto
underscoretheglobalnatureofthesourcesthatwentintoitsdevelopment(theinternational
standardsandframeworksusedasreferences)andtheglobalapplicationoftheresultingCOBIT.
Overtheyears,thisapproachhasbeenquestionedandchallengedfromtimetotime,butithas
remainedinplaceandallCOBITderivativeproductsfollowthisruleaswell.