COBIT is a framework that helps an organisation's leadership govern and manage its information technology. Created by ISACA, it gives boards and senior managers a structured way to make sure IT delivers value, that risk is controlled and that resources are used well. COBIT focuses on governance: the level above day-to-day IT management.
What COBIT is
COBIT is a governance framework for IT, published and maintained by ISACA, an international professional association focused on IT governance, audit and information security. The current edition, COBIT 2019, sets out a set of objectives that help leadership govern and manage IT in a structured, repeatable way.
It's aimed at boards, executives and senior IT leaders. Its purpose is to give that audience a common language and a clear set of principles for steering IT decisions at the strategic level. It separates governance (setting direction and overseeing outcomes) from management (the work of planning and running IT day to day).
What COBIT is for
The central question COBIT helps leadership answer is whether IT is delivering value for the organisation. It does this by connecting IT decisions to business goals and setting out how to balance three things: the benefits IT should produce, the risks it introduces and the resources it consumes.
ISO/IEC 38500, the international standard for the governance of IT for organisations, describes the same territory: leadership directing, evaluating and monitoring the use of IT to ensure it serves the organisation's needs. COBIT is one of the most widely used practical frameworks for putting those principles into effect.
For a growing business, this matters when IT spending is increasing, when a board or investors want assurance that IT is under control or when the business is preparing for a compliance requirement. See our entry on what IT governance is for the broader picture.
COBIT vs ITIL
The two frameworks address different layers of IT. COBIT is about governance: are the board and senior leaders directing and overseeing IT well? ITIL is about service management: how is the day-to-day IT work planned and delivered? COBIT sits above ITIL in the organisational hierarchy.
They complement each other well and many larger organisations use both. COBIT defines what leadership needs to ensure; ITIL and ITSM practices describe how the operational work gets done to meet those expectations. Using one doesn't exclude the other.
Is COBIT for smaller businesses?
COBIT is built for larger enterprises. It's a detailed framework with dozens of governance and management objectives, and adopting it in full would be disproportionate for most small or medium-sized businesses. The effort required to implement it fully is substantial.
That said, its core principles are sound at any scale: clear accountability for IT decisions, a focus on value and active management of risk. A smaller business can draw on those principles to put proportionate governance in place without adopting the full framework. If your business is thinking about how to govern IT better, you might also find our article on what should be in your 2026 tech budget a useful starting point.
Proportionate IT governance for growing businesses Red Eagle Tech helps growing businesses put sensible IT governance in place - drawing on frameworks like COBIT without the enterprise overhead. Find out how our technology governance service can give your board confidence in how IT is being directed and managed.
