COBIT 2019: COBIT 2019 Foundation

A principle associated with the key components of a governance framework is that key components should function independently to maintain integrity. Key components include governance components (such as structures, processes, principles, policies, etc.), governance enablers (such as people, skills, culture, information, services, etc.), and governance outcomes (such as value creation, risk optimization, resource optimization, etc.). These components should operate independently from each other to avoid conflicts of interest, bias, or undue influence. They should also have clear roles, responsibilities, authorities, and accountabilities.COBIT ensures the independence of key components by defining their relationships and interactions in a transparent and consistent manner.14Reference:COBIT 2019 Framework: Introduction and Methodology,COBIT 2019 Framework: Governance System

IT-related issues should be considered as part of the design factors for a governance system in order to manage risks that have a high impact. Design factors are the characteristics of the enterprise that influence the design and operation of a governance system, such as size, industry, culture, strategy, etc. IT-related issues are one of the 11 design factors defined in COBIT 2019, and they refer to the specific challenges or opportunities that arise from the use of information and technology in the enterprise, such as cybersecurity, digital transformation, innovation, etc. These issues may pose significant risks to the enterprise's objectives, performance, or reputation, and therefore need to be addressed by the governance system.The answer is based on the COBIT 2019 Design Guide1, page 15.Reference:1: COBIT 2019 Design Guide | Digital | English.

The pursuit of continuous improvement is the most essential attribute of the highest process capability level (Level 5). A process capability level is a measure of how well a process or activity is performed in terms of effectiveness, efficiency, completeness, reliability, etc. A process capability level can range from 0 (incomplete) to 5 (optimizing). Level 5 (optimizing) means that the process continuously improves its performance through both incremental and innovative improvements.The pursuit of continuous improvement is the most essential attribute of Level 5, as it implies that the process is constantly monitored, evaluated, learned from, and enhanced.14Reference:CMMI for Development, Version 1.3,CMMI Institute - Capability Maturity Model Integration

The number of focus areas describing a certain governance topic or issue that can be addressed by governance objectives is virtually unlimited. Focus areas are topics or issues that can be addressed by governance objectives, such as digital transformation, cybersecurity, privacy, etc. Focus areas can be defined by any stakeholder or group within or outside the enterprise, depending on their needs and interests.COBIT provides examples of some common focus areas, but they are not exhaustive or prescriptive.13Reference:COBIT 2019 Framework: Introduction and Methodology,COBIT 2019 Design Guide: Designing an Information and Technology Governance Solution

An element of governance is evaluating stakeholder needs to determine enterprise objectives.This is based on the principle of stakeholder value, which states that ''governance of enterprise I&T should ensure that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives''1.Evaluating stakeholder needs involves identifying who the stakeholders are, what their interests and expectations are, and how they can influence or be influenced by the enterprise's activities2.Reference:1: COBIT 2019 Framework: Introduction and Methodology, page 232: COBIT 2019 Framework: Governance and Management Objectives, page 18

A guiding principle in the development of COBIT is that COBIT aligns with other related and relevant I&T standards, frameworks and regulations. This is based on the principle of integration, which states that ''governance of enterprise I&T should ensure integration into enterprise governance; alignment with other related standards, frameworks and regulations; and provision of a common language for all stakeholders'' . COBIT does not include or replace other standards, frameworks or regulations, but rather complements them by providing a holistic and comprehensive approach to governance of enterprise I&T.

COBIT defines stakeholder value creation as the realization of benefits at an optimal resource cost while optimizing risk. This is based on the principle of balance, which states that ''governance of enterprise I&T should ensure that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives'' . Value creation is not only about reducing costs or mitigating risks, but also about optimizing them in relation to the expected benefits.