COBIT has been, without doubt, the dominant resource for IT audit professionals and others when it comes to IT controls and security. In addition, the guidance on IT governance from the IT Governance Institute (an arm of ISACA) has been excellent, as has been the RiskIT framework from ISACA.
ISACA is now combining these, together with its ValIT framework, which is all about optimizing the value obtained from IT, in a new and very important product: COBIT 5.
You can download the draft documents (Framework and Process Reference Guide) from the ISACA site, which is also where you can submit comments.
I will be reviewing the drafts myself, but am curious about opinions on a few points:
Should the guidance be about "information" (as it says in the opening section) or about "technology?" The former implies it's about the bits and bytes and how they are processed/stored. The latter is more about how technology is used to run the business.
Should the guidance be about the IT function or about the use of technology in the business? More and more, technology is not the sole province of the IT department.
Wouldn't it be better to scrap the COBIT name and replace it with "Technology Governance and Use," or something similar? At least they might consider a descriptive subtitle for COBIT 5.
I welcome your views.