Digital Transformation
Showing results for 
Search instead for 
Did you mean: 

Making COBIT 5 part of your IT strategy


I was recently with a number of IT Executives at HP’s Discover Conference. I asked them how important COBIT was for their companies. For those that are new to IT management and compliance, COBIT is the business framework for enterprise IT management and governance created by the standards body ISACA. Just about everyone in the group said COBIT was extremely important. But there’s recently been a new release of COBIT (COBIT 5), and most of the people I asked didn’t seem to know what it means for their organizations. I believe COBIT is going to be increasingly important to IT organizations in the future – we already see it playing an important role in European financial institutions trying weather what has been called financial contagion. For them and you with COBIT 5 you can:


  • Mitigate organizational risk for IT and business as a whole
  • Strengthen security
  • Ease your auditing and compliance burden
  • Reduce cost while improving the consistency of IT delivery

For these reasons, I’ve decided to write a blog series to discuss what COBIT 5 asks for in terms of IT measurement and management. My goal is to provide an overview and then over successive weeks to dig into specifics. Please feel free to ask questions during our collective journey. 


Why you should care about COBIT 5

COBIT 5 is on its way to becoming an overarching IT standard even though it had its origins nearly 20 years ago as basis for auditing IT management. With the passage of Sarbanes-Oxley in 2002, COBIT got some teeth, especially for financial institutions. And if you were going to be compliant with SOX, you needed to have COBIT ingrained in your organizational DNA.

With COBIT 5, the standard takes a major leap. This isn’t just a refresh. COBIT 5 adds a governance layer. This means that COBIT 5 organizations aren’t just compliant – they’re reaping the benefits of good IT governance, like running more efficiently and effectively. So IT now has a comprehensive framework that assists it in achieving the business’s objectives for the governance and management of enterprise IT. What’s more, it puts enterprise and IT scorecards front and center.


How COBIT 5 ties to the Balanced Scorecard

The new release gives sample scorecards – one for the enterprise and one for IT – and shows the linkages between them. Not only that, it shows how to translate high-level enterprise goals into manageable, specific IT-related goals and then map these to specific processes and practices.


COBIT 5 defines a set of enterprise-related goals in balanced scorecard format and then cascades them in turn to IT-related goals also in balanced scorecard format. Each scorecard has 4 goal quadrants—financial, customer, internal, and learn and grow. This includes what they call a goal cascade allowing for defining priorities and responsibilities for improvement. They use a similar methodology to the HP Executive Scorecard although with slightly differently naming. Regardless of what performance system you use, you’ll want to have a way to relate KPIs and metrics to the COBIT scorecards.

 Over the next few weeks, I’ll look at COBIT 5’s enterprise scorecard and where IT fits. Next, I’ll do the same for the IT goals scorecard. This includes the specific metrics that relate to each. I’ll then relate these to data that existing systems produce and HP Executive Scorecard uses to create KPIs and metrics. If you walk away with anything today, let it be that COBIT 5 is going to affect how manage your organization and show your progress at control and improvement. It is here to stay, and this is the time to learn how it will affect you.


Related links:

Blog post: 3 ways IT leaders can strengthen compliance and control


Solution page:  IT Performance Management

Twitter: @MylesSuer



About the Author


Mr. Suer is a senior manager for IT Performance Management. Prior to this role, Mr. Suer headed IT Performance Management Analytics Product Management including IT Financial Management and Executive Scorecard.

Jan 30-31, 2018
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all