The Differences Between COBIT 5 and COBIT 2019


COBIT is an IT management framework that was created so that companies could improve the value they get from all their IT processes and manage risks at the same time. COBIT was designed specifically to govern all the IT assets of the company and reduce risks. According to an ISACA report, more than 90% of the executives who have used COBIT would recommend it to other companies. So, we thought of bringing you this COBIT 5 vs COBIT 2019 article. Check it out!

The IT landscape has changed extensively in the last decade. There is a higher need to secure the company’s assets and manage risks, making governance a necessity for companies. Since 2012, when COBIT 5 was released, there have been more threats and concerns that any company needs to address, which is why COBIT 2019 was created, so that organizations have a framework they can adapt to.

COBIT 2019 is an evolved version of COBIT 5. It uses the same foundation and adds features and services to manage different developments that could affect an organization’s IT sector. Over time, COBIT has continued to help companies improve their performance by managing their data, information, and technology. Based on ISACA’s research, companies have stated their top four benefits of COBIT to be:

  • IT integrations (73%)
  • Improved risk management (60%)
  • Discovery of gaps in the security (49%)
  • Creating a framework that provides more visibility to the board of directors (45%)

What is COBIT 5?

COBIT 5 was released in 2012 with guidelines that would help companies improve their enterprise-wide governance as well as management. This was done because the number of companies that were migrating to the cloud was increasing every day, and with that, there was a steady rise in risks. COBIT 5 gave companies a standard set of guidelines that could be applied in any industry to combat this issue. This helped organizations meet their deadlines on time and create a bridge between IT and business strategies while managing risks successfully.

The managerial processes that come with the framework align with all the company’s activities, including all inputs and outputs processes, other key objectives, maturity models, performance measures, and more. This helps in increasing the value a company gets from its IT department.

What is COBIT 2019?

COBIT 2019 can be considered to be an update to COBIT 5. It uses the same foundation as COBIT 5 along with different and new developments that organizations need today. COBIT 2019 also comes with different insights, guidelines, and other training certifications to help businesses grow even further.

COBIT 2019 gives companies a flexible framework that can be implemented to solve either a specific problem or adoption across the organization.

Why was there a need to update COBIT 5?

The world of information technology is constantly evolving. Things like IoT and cloud data have become essential for a lot of companies, and they weren’t even heard of more than two decades ago. If they want to be successful, all organizations need to adapt to the changing times, including adopting new technologies. Since COBIT 5 was released in 2012, it may not have the full capabilities of managing problems that arise today. Risks have also evolved, which means the risk management tools and strategies need to evolve too so that all IT operations are fully ready to assess, manage, and mitigate all risks and remain compliant.

What are the new features of COBIT 2019?

There are many updates that COBIT 2019 has that COBIT 5 did not. ISACA made a list of the most important ones, which are listed below:

  • The focus areas and design factors of COBIT 2019 have been improved so that organizations can easily establish risk management practices and place other governance protocols based on individual requirements.
  • COBIT 2019 is more in line with different global risk management standards, security standards, other universal frameworks, and most protocols.
  • COBIT 2019 comes with regular updates to make sure it works with new and upcoming technologies.
  • As compared to COBIT 5, the guidelines for COBIT 2019 have a more prescriptive approach because they support more integrations when it comes to governance and risk management.
  • COBIT 2019 is an open-source model that takes in feedback and incorporates it into future updates with the framework. These updates are evaluated as well by the Steering Committee for consistency and quality.
  • COBIT 2019 has a stronger focus on newer technologies and methodologies, such as various DevOps and Agile concepts. It also takes into account the updated operational practices that take place in IT-enabled organizations like cloud-based systems and outsourcing.

Moving ahead with this article on ‘COBIT 5 vs COBIT 2019’, let us check out how these two versions of COBIT framework differ.

COBIT 5 vs COBIT 2019: What is the Difference?

ISACA has added the above-mentioned features in COBIT 2019 and updated the existing features that come with COBIT 5 to align with the technological needs of this day. Some of the changes that have been made in COBIT 2019 that weren’t in COBIT 5 include:

COBIT Core Model

The core model of COBIT 2019 still has the ‘Governance Objectives’ and ‘Management Objectives’ that come with COBIT 5. Still, they have introduced several new processes along with updates, such as ‘Managed Assurance,’ the separation of Manage Programs and Project’, and other additional objectives. These objectives are now known as the ‘COBIT Core Model.’

COBIT Performance Management (CPM)

This concept is an evolution of the scoring system in COBIT 5. This CPM was made based on the framework’s Capability Maturity Model Integration (CMMI) to accurately gauge how well the governance and management system is working between 0 to 5, how competently all elements are working, and the maturity level of the system. CPM also has many enhancing activities with COBIT 2019, such as more tailored governance systems, CPM and COBIT 2019 training, capability investigation, and more.

More prescriptive guidelines

COBIT 2019 is a lot more focused on creating IT governance and management systems for highly specific companies to the organization’s needs. The Enablers element of COBIT 5 has been changed to components with different variants of the generic procedures and policies in a more specific manner. COBIT 2019 also prioritizes management and business goals, along with different reviewing systems that operate more regularly.

Design Factors

The new and updated Design Factors are spread across many categories to ensure all companies can meet their organizational needs. These categories can broadly be categorized into contextual, strategic, and tactical measures to reflect the importance of IT governance being viewed as an enterprise-wide concern.

An open-source model

ISACA offers regular updates on COBIT 2019 to keep it relevant to the changing landscape of information technology. As mentioned above, the updates are based on the feedback received and reviewed thoroughly before being implemented. 

Getting into the IT Security and Governance world

There is an increasing impetus towards IT Security and Governance best practices in enterprises worldwide. Professionals need to stay relevant by taking up popular IT Security and Governance certification courses to stay ahead of the market demand to futureproof their careers.

Some of the popular IT Security and Governance certification courses that individuals and enterprsie teams can take up are:

Previous articleStages of the Agile Transformation Journey
Next articleThe Key Concepts of Control Charts
Ingrid Horvath is an IT Security professional with more than five years of experience in risk management, compliance and privacy, crisis management, threats, and vendor vulnerability assessments. She possesses a solid technical knowledge and is gaining expertise in the IT Security and Governance domain. Ingrid focuses on emerging technological problems and privacy concerns at the enterprise level. Ultimately, she provides the best solutions by combining various aspects of IT security, risk management, and compliance privacy. Being a prolific writer, she has a passion for guiding people on security and privacy through her articles.


Please enter your comment!
Please enter your name here