COBIT 4.1 - Basic Overview

Article Index

Basic Overview

The COBIT 4.1 book consists of four sections. The executive overview (1), the framework (2), control objectives and management guidelines and maturity models (core content) (3) and appendices (4).


COBIT domains

COBIT is organized into four domains, as followed:

  • Plan and Organize (PO)
  • Acquire and Implement (AI)
  • Deliver and Support (DS)
  • Monitor and Evaluate (ME)


Since COBIT 4.1 contains 34 processes, organized in the four domains, core content is divided accordingly. Each process is covered in four sections, combining to give a complete picture of how to control, manage and measure the process. The four sections are:

  1. Process descriptions
  2. Control objectives
  3. Management guidelines
  4. Maturity model for the process


At the end, it has been stated:

  • What the process owner needs to do (process description)
  • How the process owner is going to do it (control objectives)
  • What the process needs from others (input)
  • What the process owner needs to deliver (output)
  • What need to be delegated and to whom (RACI)
  • How the process and its goals should be measured (goals & metrics) and finally
  • How the process can be improved (maturity model)


High level processes (34)

In the “Plan and Organize” domain:

  • PO1 Define a Strategic IT Plan and direction
  • PO2 Define the Information Architecture
  • PO3 Determine Technological Direction
  • PO4 Define the IT Processes, Organization and Relationships
  • PO5 Manage the IT Investment
  • PO6 Communicate Management Aims and Direction
  • PO7 Manage IT Human Resources
  • PO8 Manage Quality
  • PO9 Assess and Manage IT Risks
  • PO10 Manage Projects


In the “Acquire and Implement” domain:

  • AI1 Identify Automated Solutions
  • AI2 Acquire and Maintain Application Software
  • AI3 Acquire and Maintain Technology Infrastructure
  • AI4 Enable Operation and Use
  • AI5 Procure IT Resources
  • AI6 Manage Changes
  • AI7 Install and Accredit Solutions and Changes


In the “Delivery and Support” domain:

  • DS1 Define and Manage Service Levels
  • DS2 Manage Third-party Services
  • DS3 Manage Performance and Capacity
  • DS4 Ensure Continuous Service
  • DS5 Ensure Systems Security
  • DS6 Identify and Allocate Costs
  • DS7 Educate and Train Users
  • DS8 Manage Service Desk and Incidents
  • DS9 Manage the Configuration
  • DS10 Manage Problems
  • DS11 Manage Data
  • DS12 Manage the Physical Environment
  • DS13 Manage Operations


In the “Monitor and Evaluate” domain:

  • ME1 Monitor and Evaluate IT Processes
  • ME2 Monitor and Evaluate Internal Control
  • ME3 Ensure Regulatory Compliance
  • ME4 Provide IT Governance



As a matter of fact, COBIT is supporting IT governance by acting in these areas:

governance areas