Cobit 2019

Somchai Patviboon
CISA,CISM,CRISC,CGEIT,CSX fundamental
Axl_best@Hotmail.com
Enterprise governance of information and technology (EGIT)

Cobit 2019
www.isaca.org
Sustaining the Governance System
Typical Pain Points
• Frustration between different IT entities across the organization because
of a perception of low contribution to business value
• Frustration between business departments (i.e., the IT customer) and the
IT department because of failed initiatives or a perception of low
contribution to business value
• Significant I&T-related incidents, such as data loss, security breaches,
project failure, application errors,linked to IT
• Service delivery problems by the IT outsourcer(s)
• Failure to meet IT-related regulatory or contractual requirement
• Regular audit findings or other assessment reports about poor IT
performance or reported IT quality or service problems
• Substantial hidden and rogue IT spending
• Duplications between various initiatives, or other forms of wasted resources
• Insufficient IT resources, staff with inadequate skills and staff burnout/dissatisfaction
• IT-enabled changes or projects frequently failing to meet business needs and delivered
late or over budget
• Multiple and complex IT assurance efforts
• Reluctance of board members, executives or senior management to engage with IT, or
lack of committed business sponsors for IT
• Complex IT operating model and/or unclear decision mechanisms for IT-related
decisions
• Excessively high cost of IT
• Obstructed or failed implementation of new initiatives or innovations caused by the
current IT architecture and systems
• High level of end-user computing, creating (among other issues) a lack of
oversight and quality control over the applications that are being
developed and put in operation
• Business departments implementing their own information solutions with
little or no involvement of the enterprise IT department
• Ignorance of and/or noncompliance with security and privacy regulations
• Inability to exploit new technologies or innovate using I&T
• Regular issues with data quality and integration of data across various
sources
• Gap between business and technical knowledge
Trigger events
• Merger, acquisition or divestiture
• Shifts in the market, economy or competitive position
• Changes in business operating model or sourcing arrangements
• New regulatory or compliance requirements
• Significant technology change or paradigm shifts
• Enterprise wide governance focus or project
• External audit or consultant assessments
• New business strategy or priority
• Desire to significantly improve the value gained from I&T
 Cobit 5 vs Cobit 2019 Comparation

Cobit 5
Cobit 5
Cobit 5
Cobit 5
Cobit 5
Cobit 5
bit 5
Cobit
5
Cobit 5
Cobit 5
Cobit 5
 B. Component: Organizational Structures

Cobit 5
 C. Component: Information Flows and Items

Cobit 5
Cobit 5
Cobit 5
Cobit 5
11 Factors
Focus Areas
• Examples of focus areas include small and medium enterprises,
cybersecurity, digital transformation, cloud computing, privacy, and
DevOps
• A number of focus area content guides are in preparation, and the set
will continue to evolve. For the latest information on currently
available and pending publications and other content, please visit
www.isaca.org/cobit.
11 Factors
Factor 1 - Enterprise Strategy
Factor 2 -Understand Enterprise Goals
Factor 3- Understand the Risk Profile
Factor 4- Understand Current I&T-Related Issues
 Factor 5- Threat Landscape
Consider the Threat Landscape (Design Factor 5)
Factor 6 – Compliance Requirements
Factor 7- Role of IT
Factor 8 - the Sourcing Model for IT
Factor 9 IT Implementation Methods
Factor 10 Technology Adoption Strategy
Factor 11 Enterprise Size

13

At the time of publication of the COBIT® 2019 Design Guide: Designing an Information
26

and Technology Governance Solution, the small and medium

enterprise focus area content was in development and not yet released.
http://www.isaca.org/COBIT/Pages/COBIT-2019-Design-Guide.aspx
Enterprise Strategy (Design Factor 1)