The COBIT 5 framework implements the ISO 38500 standard for the corporate governance of IT. Those who "govern" act as stewards and take responsibility for ensuring the organisation delivers "what" the stakeholders expect. This they do by evaluating the internal and external environment, directing management and monitoring operational performance.

COBIT 5 Governance FrameworkManagement are expected to align IT operations with business' needs and focus IT activities on the achievement of the business' objectives and the organisation's strategic goals. The integrated process model of the COBIT framework assists with identifying the essential activities and establishing the roles and responsibilities required to deliver "what" is expected. The COBIT 5 framework provides the basic structure which organisations will need to adapt to suit their own particular needs.

The management system (described in APO1) is an important component of the governance framework. It drives efficiency and effectiveness in the use of resources. The management system also supports continuous improvement across all areas, but in particular for service management, information security management, risk management, quality management or the entire IT environment.