HPE Business Insights
Showing results for 
Search instead for 
Do you mean 

Making COBIT 5 part of your IT strategy

MylesS on ‎07-09-2012 08:02 AM

I was recently with a number of IT Executives at HP’s Discover Conference. I asked them how important COBIT was for their companies. For those that are new to IT management and compliance, COBIT is the business framework for enterprise IT management and governance created by the standards body ISACA. Just about everyone in the group said COBIT was extremely important. But there’s recently been a new release of COBIT (COBIT 5), and most of the people I asked didn’t seem to know what it means for their organizations. I believe COBIT is going to be increasingly important to IT organizations in the future – we already see it playing an important role in European financial institutions trying weather what has been called financial contagion. For them and you with COBIT 5 you can:


  • Mitigate organizational risk for IT and business as a whole
  • Strengthen security
  • Ease your auditing and compliance burden
  • Reduce cost while improving the consistency of IT delivery

For these reasons, I’ve decided to write a blog series to discuss what COBIT 5 asks for in terms of IT measurement and management. My goal is to provide an overview and then over successive weeks to dig into specifics. Please feel free to ask questions during our collective journey. 


Why you should care about COBIT 5

COBIT 5 is on its way to becoming an overarching IT standard even though it had its origins nearly 20 years ago as basis for auditing IT management. With the passage of Sarbanes-Oxley in 2002, COBIT got some teeth, especially for financial institutions. And if you were going to be compliant with SOX, you needed to have COBIT ingrained in your organizational DNA.

With COBIT 5, the standard takes a major leap. This isn’t just a refresh. COBIT 5 adds a governance layer. This means that COBIT 5 organizations aren’t just compliant – they’re reaping the benefits of good IT governance, like running more efficiently and effectively. So IT now has a comprehensive framework that assists it in achieving the business’s objectives for the governance and management of enterprise IT. What’s more, it puts enterprise and IT scorecards front and center.


How COBIT 5 ties to the Balanced Scorecard

The new release gives sample scorecards – one for the enterprise and one for IT – and shows the linkages between them. Not only that, it shows how to translate high-level enterprise goals into manageable, specific IT-related goals and then map these to specific processes and practices.


COBIT 5 defines a set of enterprise-related goals in balanced scorecard format and then cascades them in turn to IT-related goals also in balanced scorecard format. Each scorecard has 4 goal quadrants—financial, customer, internal, and learn and grow. This includes what they call a goal cascade allowing for defining priorities and responsibilities for improvement. They use a similar methodology to the HP Executive Scorecard although with slightly differently naming. Regardless of what performance system you use, you’ll want to have a way to relate KPIs and metrics to the COBIT scorecards.

 Over the next few weeks, I’ll look at COBIT 5’s enterprise scorecard and where IT fits. Next, I’ll do the same for the IT goals scorecard. This includes the specific metrics that relate to each. I’ll then relate these to data that existing systems produce and HP Executive Scorecard uses to create KPIs and metrics. If you walk away with anything today, let it be that COBIT 5 is going to affect how manage your organization and show your progress at control and improvement. It is here to stay, and this is the time to learn how it will affect you.


Related links:

Blog post: 3 ways IT leaders can strengthen compliance and control


Solution page:  IT Performance Management

Twitter: @MylesSuer



About the Author


Mr. Suer is a senior manager for IT Performance Management. Prior to this role, Mr. Suer headed IT Performance Management Analytics Product Management including IT Financial Management and Executive Scorecard.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
1-3 December 2015
Discover 2015 London
Discover 2015 in London, the ultimate showcase technology event for business and IT professionals to learn, connect, and grow.
Read more
November 2015
Software Online Expert Days
Join us online to talk directly with our Software experts.
Read more
View all