IT Governance

COBIT 2019 Design & Implementation: Full Guide

Standarity Editorial Team·IT governance and COBIT 2019 certification specialists
··9 min read

COBIT 2019 Design and Implementation is an ISACA certificate that validates your ability to tailor a governance system for enterprise information and technology using COBIT, and to run improvement programs through the framework’s implementation lifecycle. It builds directly on COBIT Foundation and moves from knowing the framework to applying it.

What the COBIT 2019 Design and Implementation certificate covers

Where the Foundation certificate confirms that you understand COBIT’s principles, components, and 40 governance and management objectives, the Design and Implementation certificate confirms that you can put them to work. ISACA describes earners as able to apply COBIT to specific business problems, pain points, trigger events, and risk scenarios, then implement it for real client initiatives. In practice that means two skills: designing a governance system that fits one enterprise, and leading the change program that stands it up.

The certificate rests on two ISACA publications: the COBIT 2019 Design Guide, which drives the tailoring workflow, and the COBIT 2019 Implementation Guide, which supplies the seven-phase lifecycle. Understanding how those two guides interlock is the core of the exam and the day-to-day work it certifies.

Governance value is now a board-level priority. In ISACA research, 81% of professionals said organizations that can demonstrate a commitment to digital trust will be more successful, and 55% of businesses consider a digital trust framework extremely or very important (ISACA State of Digital Trust, 2024). A tailored COBIT governance system is one of the most direct ways to demonstrate that commitment.

The goals cascade: from enterprise strategy to objectives

Before you tailor anything, COBIT 2019 asks you to translate strategy into concrete priorities using the goals cascade. Stakeholder drivers and needs shape enterprise goals, which cascade into alignment goals, which in turn point to the governance and management objectives that matter most. COBIT 2019 consolidated the cascade into 13 enterprise goals and 13 alignment goals, making the chain shorter and easier to defend to an executive audience.

The cascade is not the whole story, though. It is the starting point that the design factors then sharpen. Treating the cascade as one input among several, rather than the final answer, is a distinction the Design and Implementation exam expects you to make.

The 11 design factors that tailor the governance system

COBIT 2019 specifies 11 design factors that an enterprise scores to derive a governance system sized for its own context. ISACA groups them into contextual factors that sit outside the enterprise’s control, strategic factors that reflect deliberate decisions, and tactical factors driven by resourcing, methods, and technology-adoption choices. The design factors include:

  • Enterprise strategy
  • Enterprise goals (via the goals cascade)
  • Risk profile
  • I&T-related issues
  • Threat landscape
  • Compliance requirements
  • Role of IT within the enterprise
  • Sourcing model for IT
  • IT implementation methods (Agile, DevOps, traditional)
  • Technology adoption strategy
  • Enterprise size

Working through ISACA’s downloadable design toolkit, you score each factor and the tool highlights which of the 40 governance and management objectives deserve higher target capability levels. Two enterprises in the same industry can produce very different governance systems, and that is the point: COBIT is meant to be right-sized, not copied wholesale.

The 7-phase COBIT 2019 implementation lifecycle

Designing the system is only half the credential. The Implementation Guide supplies a continual-improvement lifecycle that turns the design into an operating governance capability. Each phase is framed as a plain question, which makes it easy to communicate to stakeholders:

  • Phase 1 – What are the drivers? Identify trigger events and build the case for change.
  • Phase 2 – Where are we now? Assess the current state of governance and priority objectives.
  • Phase 3 – Where do we want to be? Define the target state and improvement goals.
  • Phase 4 – What needs to be done? Analyze gaps and design concrete improvements.
  • Phase 5 – How do we get there? Plan and build the practical solutions.
  • Phase 6 – Did we get there? Implement, operate, and measure the results.
  • Phase 7 – How do we keep the momentum going? Sustain and reinforce the new ways of working.

Three components run across every phase: program management, change enablement (making sure stakeholders are ready and committed), and the continual-improvement cycle itself. The lifecycle deliberately loops, so Phase 7 feeds back into a new set of drivers rather than ending the effort.

COBIT Foundation vs Design and Implementation

The two certificates are complementary, not competing. Foundation is an entry-level credential with no formal prerequisite that tests recall and comprehension of COBIT concepts. Design and Implementation is application-focused: it expects you to run the Design Guide workflow and the implementation lifecycle on realistic scenarios. ISACA does not mandate Foundation as a formal prerequisite, but the D&I material assumes you already know the core model, so most candidates take Foundation first.

A useful rule of thumb: choose Foundation when you need shared vocabulary across a team, and move to Design and Implementation when you are personally responsible for tailoring a governance system or leading a governance improvement program. The practical, scenario-heavy nature of the D&I exam is exactly why realistic practice questions are the most efficient way to prepare.

Frequently Asked Questions

Is COBIT Foundation required before Design and Implementation?

ISACA does not list a formal prerequisite for the Design and Implementation certificate, so you can register when ready. However, the D&I material assumes working knowledge of the COBIT core model and the 40 objectives, so most candidates complete COBIT Foundation first as a practical foundation.

How many design factors are there in COBIT 2019?

There are 11 design factors, including enterprise strategy, enterprise goals, risk profile, I&T-related issues, threat landscape, compliance requirements, role of IT, sourcing model, IT implementation methods, technology adoption strategy, and enterprise size. Scoring them tailors which governance and management objectives matter most.

What are the 7 phases of the COBIT 2019 implementation lifecycle?

The phases are framed as questions: What are the drivers? Where are we now? Where do we want to be? What needs to be done? How do we get there? Did we get there? And how do we keep the momentum going? The lifecycle loops for continual improvement.

How many governance and management objectives does COBIT 2019 have?

COBIT 2019 has 40 governance and management objectives in its core model. Five governance objectives sit in the EDM domain, and 35 management objectives are split across the APO, BAI, DSS, and MEA domains.

What is the goals cascade in COBIT 2019?

The goals cascade translates stakeholder needs into enterprise goals, then into alignment goals, and finally into the governance and management objectives an enterprise should prioritize. COBIT 2019 uses 13 enterprise goals and 13 alignment goals, and the cascade feeds the design-factor workflow.

Who should take the COBIT 2019 Design and Implementation certificate?

It suits IT governance leads, consultants, auditors, and managers who are responsible for tailoring a governance system or leading a governance improvement program, rather than only understanding COBIT concepts at a conceptual level.

Explore Courses on Udemy

Intermediate

Implement IT Governance Step by Step

Intermediate

COBIT® 2019 Design and Implementation Practice Exam

Beginner

COBIT® 2019 Foundation Practice Test (450 Questions)

Intermediate

COBIT® 2019 Design and Implementation Practice Exam

Beginner

COBIT® 2019 Foundation Practice Test (450 Questions)