COBIT 2019

COBIT 5 is Dead, Long Live COBIT 2019

Hopefully I’m not alone in thinking that COBIT – “a framework for the governance and management of enterprise information and technology (I&T), aimed at the whole organization” – is not as popular in IT service management (ITSM) as it could, and should, be. Well, things might be about to change because ISACA has released a new version of COBIT– with COBIT 2019 replacing 2012’s COBIT 5 (although ISACA will continue to support organizations in their use of COBIT 5).

This blog looks at what’s changed in COBIT 2019 but not before a quick journey through what COBIT is, how it helps organizations, and the current level of adoption in ITSM scenarios.


My real “COBIT 101” is a blog that can be found here. But, if you’re short on time – and who isn’t these days – here’s my elevator pitch (we’re in a skyscraper here though):

“COBIT (formerly also known as “Control Objectives for Information and Related Technologies,” a name that was dropped with version 5) is a good-practice framework for IT management and governance created by the international professional association ISACA.”

And to steal from my previous COBIT 101 blog: COBIT complements ITIL and other ITSM best practice methodologies by providing a practical framework on which to base governance as well as a maturity model to facilitate continual service improvement (CSI). And organizations can use COBIT to support a variety of needs, including:

  • Keeping IT running
  • Value optimization – increasing business value and reducing business risk
  • Cost management
  • Mastering complexity
  • Better aligning IT with the business
  • Meeting regulatory compliance
  • Increasing the maturity of other standards and best practices
  • The need for benchmarking

As to how this is achieved, or will be achieved with the newer version, the early messaging about COBIT 2019 states that it:

“…defines the components to build and sustain a governance system: processes, policies and procedures, organizational structures, information flows, skills, infrastructure, and culture and behaviors. These were referred to as “enablers” in COBIT 5.”

COBIT Adoption Levels for ITSM

COBIT has so much potential for ITSM. However, I remember writing a blog earlier this year which reported that COBIT is only the twelfth most popular approach used by IT service desks according to the 2017 HDI Technical Support Practices & Salary report.

The more recent, 2018, version of the HDI report (it can be found at the same link) now shows COBIT in eleventh place albeit with a drop in usage to just 14% of IT service desks versus 71% for ITIL.

I appreciate that this is only the IT service desk view of COBIT adoption in ITSM but for me it’s indicative of the gulf that has been created in ITSM between ITIL and other approaches (not just COBIT). Importantly, however, it’s not an either-or situation – COBIT is marketed as guidance that’s complementary to ITIL best practice.

Renowned industry luminaries Rob England (the IT Skeptic) and James Finister have long been advocates of the practical, “how to” focus of COBIT over ITIL. But, despite such endorsements, for whatever reason, COBIT has continued to struggle to significantly win the hearts and minds of ITSM pros as part of its stated audience of enterprise executives and consultants in:

  • “Audit and Assurance
  • Compliance
  • IT Operations
  • Governance
  • Security and Risk Management”

Hopefully though, a refreshed investment in marketing – around COBIT 2019 – will now generate more interest in, and understanding of, how COBIT will help ITSM pros.

What’s Changed in COBIT 2019

I’m writing this before reading the new-version publications (they weren’t available at the time of writing but I’ll definitely write something about them). I’m therefore a little – okay, significantly – light on the detail right now, basing this blog on what has already been publicly communicated by ISACA.

The pre-launch messaging states that the COBIT 2019 update improves COBIT across the following eight areas:

  1. It better addresses the importance of I&T governance for the enterprise. With COBIT’s governance-based guidance helping organizations to achieve benefits realization, risk optimization, resource optimization, and business and IT alignment for the enterprise.
  2. It addresses new trends in technology. For example, DevOps and Agile development, cloud, service integration and management (SIAM), and the Internet of Things (IoT).
  3. It’s more up to date, with latest standards and working methods. With referencing and alignment to concepts originating in other sources. In this context, alignment means: COBIT 2019 does not contradict any guidance in the related standards, does not copy the contents of these related standards, and provides equivalent statements or references to the related guidance.
  4. It provides greater flexibility. The COBIT Design Guide helps COBIT content to be tailored for each organization’s and each user’s particular needs and context.
  5. It introduces focus area concepts. These are certain governance topics, domains, or issues that can be addressed by a collection of governance and management objectives and their components. For example: small and medium enterprises, cybersecurity, digital transformation, and cloud computing. Thanks to the various permutations, this makes COBIT 2019 “open-ended.”
  6. It’s perceived as more prescriptive. Frameworks such as COBIT can be descriptive and/or prescriptive. The tailored COBIT governance components can be perceived as a prescription of how to set up a customized governance system for I&T.
  7. It’s a better instrument to manage performance of I&T. Because the COBIT performance management model is integrated into the conceptual model.
  8. It adds a new online collaboration feature. Via this “open source” approach, future updates will be recommended by COBIT users, vetted by a COBIT Steering Committee, to help ensure timelier updates.

Interestingly, as well as describing what COBIT 2019 is, the early ISACA messaging also states what COBIT 2019 isn’t. In my experience, it’s an approach that can be beneficial in aiding understanding and managing expectations. This is aimed at clearing up some misconceptions about COBIT, such as COBIT 2019:

  • Is not a full description of the whole I&T environment of an organization
  • Is not a framework to organize business processes
  • Is not an (IT) technical framework to manage all technology
  • Does not make or prescribe any IT-related decisions. For example, it does not answer questions such as: What is the best IT strategy? What is the best architecture? How much should IT cost? Instead, it defines all the components that describe which decisions should be taken, and how and by whom they should be taken.”

As to the detail of COBIT 2019, you’ll have to wait until I get my grubby little hands on copies of the core publications. In the meantime, however, I’d love to hear your experiences with COBIT – what worked, and what didn’t? Plus, whether you’re interested in taking a first, or repeat, look at the potential of COBIT 2019 in light of the new version. Please let me know in the comments.

Related Posts

Posted by Joe the IT Guy

Joe the IT Guy
Joe the IT Guy

Native New Yorker. Loves everything IT-related (and hugs). Passionate blogger and Twitter addict. Oh...and resident IT Guy at SysAid Technologies (almost forgot the day job!).

4 thoughts on “COBIT 5 is Dead, Long Live COBIT 2019”

  1. Mario Alfredo Diego Livano

    Hola Joe!
    Soy de Perú, al igual que tú, me apasionan los temas de Investigación, Innovación y Gobernanza de las TI. Buscando por Internet encontré tu espacio, con este post de COBIT 2019, lo he leído mu bien, y compartiré tu post ante muchos compañeros míos de IT. Gracias por este aporte.

    Con respecto al post, presiento que COBIT 2019 tiene para mucho más, he trabajado con este Marco de Trabajo, por lo pronto (COBIT 5). Tengo que decirlo Cobit 2019, se va con todo para ser de “Código Abierto”, una idea genial aprender de otras experiencias en los departamentos IT y CIOS.
    Por último, comento que trabajé con COBIT 5, 4 años y con esta nueva revolución e impulse, puedo creer que será mucho mejor. Gracias ISACA y gracias Joe!


  2. Olalekan

    Hello, am just curious as to what will happen to those who have the COBIT 5 certification. Will I have to write another exam or you can simply upgrade to the new edition?

    Many Thanks.


    1. Joe the IT Guy Joe the IT Guy Post author

      Hi Olalekan,

      The ISACA website states the following related to those currently using COBIT 5:

      ISACA will continue to support the many governments and non-government organizations that have implemented COBIT 5 since its inception in 2012. All COBIT 5 guidance (and derivative products) will continue to be available for electronic download or purchase. Additionally, all COBIT 5 products, resources and related training programs will remain available (along-side COBIT 2019).
      To access COBIT 5 guidance or for information about training options please visit

      COBIT Bridge workshop: This 1-day bridge course highlights the concepts, models and key definitions of the new framework with a primary focus on the major differences between COBIT 2019 and COBIT 5.


Leave a Reply

Your email address will not be published.