This article provides an overview of the risk enablers within the COBIT 5 for risk management framework.

COBIT 5 Enablers are factors that will determine whether the governance and management of IT will be effective. Enablers are directed by business goals and objectives, these include:

  1. Principles, policies and frameworks.
  2. Processes.
  3. Organisational structures.
  4. Culture, ethics and behaviour.
  5. Information.
  6. Services, infrastructure and applications.
  7. People, skills and competencies.

COBIT 5 for Risk, further enhances and builds upon the COBIT 5 framework Enablers by describing them through 2 perspectives:

  1. Risk function perspective – what is needed to build and run an IT risk function, in terms of how each enabler contributes to the overall governance and management of the IT risk function. For example certain policies, processes, services, information flows, organisational structures and people/skills are required to sustain an effective IT risk function.
  2. Risk management perspective – how the core COBIT5 processes for IT risk management, specifically risk mitigation is influenced by the enablers. For example one of the key outputs from the Managing Risk process is the risk scenario (key information representing a risk and its impact). Enablers can be used to respond to risk scenarios where there is excessive risk, such as implementing a new organisational structure or policy or service.


For more information please contact Morland-Austin at