New COBIT Resources Help Organizations Navigate I&T Risk and DevOps

SCHAUMBURG, Ill.--()--Mitigating information and technology risk and advancing digital transformation are among the top priorities for today’s enterprises. Providing business and technology leaders with new tools to support these efforts, COBIT Focus Area: Information and Technology Risk and COBIT Focus Area: DevOps, offer guidance based on COBIT 2019 to optimize governance and management practices for enterprise risk functions and for enterprises implementing DevOps.

COBIT Focus Area: Information and Technology Risk demonstrates how COBIT 2019 can be tailored as an information and technology (I&T) framework and system, examining COBIT concepts from an I&T risk perspective and showing how COBIT can be used to design, implement, govern and manage I&T risk capabilities in the enterprise. The publication outlines the benefits that boards and executive management, operational risk managers, risk function and corporate risk managers, information security practitioners, internal auditors, CFOs and other stakeholders can realize from following guidance related to this focus area, including:

  • A better understanding of risk impact on the enterprise
  • Knowledge of how to capitalize on investments related to I&T risk management practices
  • A complete risk profile, identifying the full enterprise risk exposure and enabling better utilization of enterprise resources
  • End-to-end guidance on how to manage risk, including an extensive set of measures

“Information and technology risk is ever present in an enterprise and is closely intertwined with business risk,” says Esanju Maseka, IT risk assurance specialist and member of ISACA’s Emerging Trends Working Group. “Risk governance and management approaches need to factor in the entire spectrum of I&T-related risk, and having a relevant, customized governance framework and system with this in mind can offer an advantage in managing this risk and reduce business impact.”

COBIT Focus Area: DevOps Using COBIT 2019 provides tailored guidance specific to the governance and management system components relevant to DevOps. The global digital transformation drive has created a demand for effective and efficient development and delivery of software products, services and solutions. This publication outlines the concepts and guidance that DevOps teams can adopt and practitioners in risk and assurance can consider to help ensure the benefits of DevOps are realized while potential risk is mitigated. DevOps Focus Area benefits include:

  • Establishing alignment of DevOps with enterprise goals and strategic objectives
  • Integrating DevOps with the enterprise architecture
  • Understanding of governance and management systems applicable to DevOps
  • Providing a consistent governance and management framework and system related to DevOps

Both focus area publications offer a detailed overview and description of COBIT roles and organizational structures, COBIT terminology and key concepts including the components of a governance system and COBIT governance and management objectives as they pertain to I&T risk and DevOps. COBIT Focus Area: Information and Technology Risk also includes examples of I&T risk scenarios, a template for risk register entry, IT risk reporting examples and sample risk maps. COBIT Focus Area: DevOps includes a goals cascade mappings table.

“With the introduction of these additional focus areas, business leaders have new enhanced tools for building and maintaining a governance system aligned with standards, frameworks and regulations that meets their needs in addressing I&T risk and implementing DevOps,” says Nader Qaimari, ISACA chief product officer. “By continuing to evolve our COBIT resources, ISACA is committed to delivering to our global community the best practices and governance solutions to further drive business success.”

Both publications are available to ISACA members in a digital format for US $50 and in print for $60. For non-members, the digital format is available for $90 and the print version is $100. COBIT Focus Area: Information and Technology Risk is available at COBIT Focus Area: DevOps Using COBIT 2019 is available at

The publications join other available COBIT Focus Areas, including COBIT Focus Area: Information Security. Other COBIT publications include COBIT 2019 Framework: Introduction and Methodology, COBIT 2019 Framework: Governance and Management Objectives (both free downloads for ISACA members), and COBIT 2019 Design Guide: Designing an Information and Technology Governance Solution. Find all COBIT publications at

For more than 50 years, ISACA® ( has equipped individuals with knowledge, credentials, education and community to progress their careers and transform their organizations, and enabled enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation.


Emily Van Camp,, +1.847.385.7223
Kristen Kessinger,, +1.847.660.5512


Emily Van Camp,, +1.847.385.7223
Kristen Kessinger,, +1.847.660.5512