Information technology has changed the world, the way people work, and the way people communicate and live.
IT has permeated almost all business tasks and routines. In addition, external stakeholders are increasingly interested in evaluating how much IT operations influence their actual and future gains and their actual and future environments.
Value as a concept now has a different meaning—a broad one. It is not only about financial or compliance issues. It is about creating and maintaining a sustainable business that operates in more complex scenarios, with new and stricter regulation and updated international standards, with more informed and demanding stakeholders and new requirements such as the participation of women, and enterprise social and environmental engagement as a form of social corporate responsibility.
Conditions are changing faster. Governance roles must react quickly when they evaluate more conflicting issues and stakeholders must select appropriate options and solutions.
More than ever, IT must be aligned with business and help it create value. For that reason, enterprise objectives-setting processes have evolved, and COBIT needs to evolve to simplify and improve this process. This is a good example of how COBIT is affected by world and enterprise realities and, in turn, influences the way enterprises act in their business environments.
On the technology side, cloud computing; blockchain; artificial intelligence (AI); digitalization; new risk scenarios in the cybersecurity, security and privacy fields; DevOps, and so on have reshaped IT’s role and capacity. In the future, new and unimaginable focus areas will appear.
From the information and data perspectives, their own value has increased and their importance is universally recognized and protected. For years, there has been discussion about IT and information and communications technology (ICT), but now there must also be talk about personal data, nonpersonal data and information in a separate way, and the focus must be on how well the data and information are processed by technology. In short, it is no longer about just IT, but rather information and technology (I&T).
Evolution of the Profession
ISACA has guided the evolution of enterprise governance of information and technology (EGIT) by updating its COBIT 5 framework with a new version, COBIT 2019. This update includes the latest trends in I&T while still focusing on I&T risk and benefits. It provides new material for the training and professional communities to help enterprises, organizations and governments obtain and improve benefits from I&T use with sound governance practices.
COBIT 2019 was developed and updated by ISACA leaders, COBIT experts, and members and volunteers in governance and related fields. COBIT has evolved because the IT management and governance, assurance, security, and project management professions have evolved during the last 50 years. To continue growing as a profession, experience must be shared and used to grow COBIT.
I&T Impact and Governance in the Future
It is difficult to imagine the real and broad impact of data and information value and I&T evolution in the future. Practitioners must be prepared to think proactively, identify new issues and problems, and contemplate ways to solve these issues. This thinking underlies COBIT 2019. In fact, the updated framework is structured so that the COBIT user community will influence future changes to the framework itself.
In short, COBIT 2019 provides a new and flexible framework for the governance and management of I&T that can be adapted to a professional’s reality and needs, while maintaining a common basic guideline structure. Figure 1 shows an overview of COBIT 2019.
ISACA, COBIT 2019 Framework: Introduction and Methodology, USA, 2018. Reprinted with permission.
Conclusion
It can be argued that a new framework is, in fact, an old one because it collates past experiences and knowledge.
Perhaps there is a want or expectation of a “perfect and complete” IT governance framework, like a “perfect and happy” life. Governance concepts always need to be measured or compared with new tendencies and scenarios, ideas, risk, implementation experiences, and members’ and volunteers’ participation.
This update can be considered a COBIT implementation road map. COBIT 2019 is all about assessing where an organization is; determining where it wants to be; doing whatever is needed; and then checking, thinking and starting again.
Graciela Braga, CGEIT
Is a certified professional in enterprise governance of information and technology (EGIT), oriented to the achievement of enterprise and alignment goals. She has worked on audits and reviews for public and private entities using international frameworks such as COBIT, Committee of Sponsoring Organizations of the Treadway Commission (COSO) and International Organization for Standardization standards. She is an author and researcher on governance and management of information and technology in various media, including the ISACA Journal and COBIT Focus. Braga was a global guidance contributor to the Global Technology Audit Guide (GTAG) Auditing IT Governance, 2nd Edition published by The Institute of Internal Auditors (IIA).