COBIT 2019 Design and Implementation is an ISACA certificate that validates your ability to tailor a governance system for enterprise information and technology using COBIT, and to run improvement programs through the framework’s implementation lifecycle. It builds directly on COBIT Foundation and moves from knowing the framework to applying it.
What the COBIT 2019 Design and Implementation certificate covers
Where the Foundation certificate confirms that you understand COBIT’s principles, components, and 40 governance and management objectives, the Design and Implementation certificate confirms that you can put them to work. ISACA describes earners as able to apply COBIT to specific business problems, pain points, trigger events, and risk scenarios, then implement it for real client initiatives. In practice that means two skills: designing a governance system that fits one enterprise, and leading the change program that stands it up.
The certificate rests on two ISACA publications: the COBIT 2019 Design Guide, which drives the tailoring workflow, and the COBIT 2019 Implementation Guide, which supplies the seven-phase lifecycle. Understanding how those two guides interlock is the core of the exam and the day-to-day work it certifies.
Governance value is now a board-level priority. In ISACA research, 81% of professionals said organizations that can demonstrate a commitment to digital trust will be more successful, and 55% of businesses consider a digital trust framework extremely or very important (ISACA State of Digital Trust, 2024). A tailored COBIT governance system is one of the most direct ways to demonstrate that commitment.
The goals cascade: from enterprise strategy to objectives
Before you tailor anything, COBIT 2019 asks you to translate strategy into concrete priorities using the goals cascade. Stakeholder drivers and needs shape enterprise goals, which cascade into alignment goals, which in turn point to the governance and management objectives that matter most. COBIT 2019 consolidated the cascade into 13 enterprise goals and 13 alignment goals, making the chain shorter and easier to defend to an executive audience.
The cascade is not the whole story, though. It is the starting point that the design factors then sharpen. Treating the cascade as one input among several, rather than the final answer, is a distinction the Design and Implementation exam expects you to make.
The 11 design factors that tailor the governance system
COBIT 2019 specifies 11 design factors that an enterprise scores to derive a governance system sized for its own context. ISACA groups them into contextual factors that sit outside the enterprise’s control, strategic factors that reflect deliberate decisions, and tactical factors driven by resourcing, methods, and technology-adoption choices. The design factors include:
- Enterprise strategy
- Enterprise goals (via the goals cascade)
- Risk profile
- I&T-related issues
- Threat landscape
- Compliance requirements
- Role of IT within the enterprise
- Sourcing model for IT
- IT implementation methods (Agile, DevOps, traditional)
- Technology adoption strategy
- Enterprise size
Working through ISACA’s downloadable design toolkit, you score each factor and the tool highlights which of the 40 governance and management objectives deserve higher target capability levels. Two enterprises in the same industry can produce very different governance systems, and that is the point: COBIT is meant to be right-sized, not copied wholesale.
The 7-phase COBIT 2019 implementation lifecycle
Designing the system is only half the credential. The Implementation Guide supplies a continual-improvement lifecycle that turns the design into an operating governance capability. Each phase is framed as a plain question, which makes it easy to communicate to stakeholders:
- Phase 1 – What are the drivers? Identify trigger events and build the case for change.
- Phase 2 – Where are we now? Assess the current state of governance and priority objectives.
- Phase 3 – Where do we want to be? Define the target state and improvement goals.
- Phase 4 – What needs to be done? Analyze gaps and design concrete improvements.
- Phase 5 – How do we get there? Plan and build the practical solutions.
- Phase 6 – Did we get there? Implement, operate, and measure the results.
- Phase 7 – How do we keep the momentum going? Sustain and reinforce the new ways of working.
Three components run across every phase: program management, change enablement (making sure stakeholders are ready and committed), and the continual-improvement cycle itself. The lifecycle deliberately loops, so Phase 7 feeds back into a new set of drivers rather than ending the effort.
COBIT Foundation vs Design and Implementation
The two certificates are complementary, not competing. Foundation is an entry-level credential with no formal prerequisite that tests recall and comprehension of COBIT concepts. Design and Implementation is application-focused: it expects you to run the Design Guide workflow and the implementation lifecycle on realistic scenarios. ISACA does not mandate Foundation as a formal prerequisite, but the D&I material assumes you already know the core model, so most candidates take Foundation first.
A useful rule of thumb: choose Foundation when you need shared vocabulary across a team, and move to Design and Implementation when you are personally responsible for tailoring a governance system or leading a governance improvement program. The practical, scenario-heavy nature of the D&I exam is exactly why realistic practice questions are the most efficient way to prepare.