Home/ enterprise-architecture-it-governance/ COBIT 2019 Foundation/ Cheat Sheet
COBIT 2019 Foundation· Exam reference card · 2026 · Edureify AI
COBIT 2019 Foundation

COBIT 2019 Foundation Cheat Sheet

COBIT 2019 Foundation Tests IT Governance Framework Understanding

The exam tests whether you understand the COBIT governance system components and their relationships — not whether you can implement an IT governance program.

Check Your Readiness →
Among the harder certs
Avg: Approximately 65–70%
Pass: 750 / 1000
Most candidates understand COBIT 2019 Foundation concepts — and still fail. This exam tests how you apply knowledge under pressure.
Core Framework

COBIT 2019 Core Framework

COBIT 2019 tests the core framework: governance vs. management distinction, the 40 governance/management objectives, performance management levels, and design factors for tailoring the system. The governance/management distinction is the most critical concept.

  1. 01
    Governance Objectives — EDM (Evaluate, Direct, Monitor): governance domain
  2. 02
    Management Objectives — APO, BAI, DSS, MEA: management domains
  3. 03
    Performance Management — Capability levels 0–5 for each objective
  4. 04
    Design Factors — Contextual inputs that determine governance system priorities
  5. 05
    Focus Areas — Tailoring the governance system to specific contexts (e.g., DevOps, cybersecurity, cloud)
Scenario Traps

Wrong instinct vs correct approach

The IT department needs to determine the priority of IT governance objectives
✕ Wrong instinct

Apply all 40 COBIT objectives equally

✓ Correct approach

Use COBIT 2019 Design Factors to tailor the governance system — enterprise strategy, risk profile, I&T-related issues, and current capability levels determine which objectives receive priority focus

An organization wants to improve its IT governance capability
✕ Wrong instinct

Implement all governance processes to Level 3 or above

✓ Correct approach

Target the capability level appropriate to the business need for each objective — not all processes require Level 3+ capability; over-investing in governance for low-priority objectives is wasteful

The Board asks whether IT governance is effective
✕ Wrong instinct

Report on the completion of IT governance activities

✓ Correct approach

Monitor against governance objectives (EDM domain) using defined metrics and KPIs — activity completion is not the same as governance effectiveness; outcomes and risk indicators are the right measures

Quick Rules

Know these cold

  • Governance (EDM) = Board/leadership evaluating, directing, and monitoring strategy
  • Management (APO/BAI/DSS/MEA) = executing the plans approved by governance
  • COBIT 2019 capability levels — (Incomplete) to 5 (Optimizing)
  • Design factors determine which objectives to prioritize — one size does not fit all
  • 7 governance system components: not just processes — include culture, skills, information, structures
  • Focus areas provide pre-configured governance system templates for specific contexts
  • Governance objectives number — EDM + 35 management = 40 total objectives
Self Check

Can you answer these without checking your notes?

In this scenario: "The IT department needs to determine the priority of IT governance objectives" — what should you do first?
Use COBIT 2019 Design Factors to tailor the governance system — enterprise strategy, risk profile, I&T-related issues, and current capability levels determine which objectives receive priority focus
In this scenario: "An organization wants to improve its IT governance capability" — what should you do first?
Target the capability level appropriate to the business need for each objective — not all processes require Level 3+ capability; over-investing in governance for low-priority objectives is wasteful
In this scenario: "The Board asks whether IT governance is effective" — what should you do first?
Monitor against governance objectives (EDM domain) using defined metrics and KPIs — activity completion is not the same as governance effectiveness; outcomes and risk indicators are the right measures
Failure Patterns

Common Exam Mistakes — What candidates get wrong

Confusing governance and management

Governance (EDM domain): evaluate options, direct strategy, monitor performance — done by the governing body (Board, executive leadership). Management (APO, BAI, DSS, MEA): plan, build, run, monitor — done by management. This distinction is tested in every governance scenario question.

Misidentifying COBIT 2019 performance levels

COBIT 2019 uses 6 capability levels (0: Incomplete, 1: Performed, 2: Managed, 3: Established, 4: Predictable, 5: Optimizing). Candidates confuse these with CMMI maturity levels or use COBIT 5's PAM model — COBIT 2019 uses a different rating scheme.

Treating all 40 objectives as equally important for all organizations

COBIT 2019 introduced design factors that determine which objectives are most critical for a specific organization. Not all objectives require the same attention — contextual factors (risk profile, organization size, strategy) drive prioritization.

Confusing focus areas with governance domains

Focus areas (cybersecurity, DevOps, cloud, small/medium enterprises) are pre-configured templates that tailor the governance system for specific contexts. They are not domains — domains are EDM, APO, BAI, DSS, MEA.

Ignoring the components of a governance system

COBIT 2019 defines 7 governance system components: Processes, Organizational Structures, Policies/Procedures, Information Flows, Culture/Ethics/Behavior, People/Skills, and Services/Infrastructure. Candidates who only think of COBIT as a process framework miss the other 6 components.

COBIT 2019 tests governance framework comprehension. Test whether you understand governance vs. management.

Start Diagnostic Test → View all exams