Limited time: Get 2 months free with annual plan — Claim offer →
Certifications Tools Flashcards Career Paths Exam Guides Blog Pricing
Start for free
Exam GuidesISACACOBIT 2019 Foundation
ISACAFoundation2026 Updated

COBIT 2019 Foundation

Updated May 1, 202612 min readWritten by Certsqill experts
Quick facts — COBIT 2019 Foundation
Exam cost
$500 (exam voucher; ISACA membership discount available)
Questions
75 multiple-choice items
Time limit
2 hours
Passing score
65% (49 out of 75)
Valid for
3 years (CPE credits required for renewal)
Testing
PSI online proctored or PSI test center

Who this exam is for

The COBIT 2019 Foundation certification is designed for professionals who work with or want to work with ISACA technologies in a professional capacity. It is taken by cloud engineers, DevOps practitioners, IT administrators, and technical professionals looking to validate their expertise.

You do not need extensive prior experience to attempt it, but you will benefit from hands-on familiarity with the subject matter. The exam tests applied knowledge and architectural judgment, not just memorization. If you can reason about trade-offs and real-world scenarios, structured practice will handle the rest.

Domain breakdown

The COBIT 2019 Foundation exam is built around official domains, each with a fixed percentage of the question pool. This distribution should directly inform how you allocate your study time.

Domain
Weight
Focus areas
Introduction and Framework Overview
25%
COBIT history and evolution, core concepts (governance vs. management), components of a governance system, and the purpose of an enterprise governance of information and technology (EGIT) framework.
Governance System and Components
30%
The seven components of a governance system: processes, organisational structures, principles and policies, information, culture and behaviour, people skills and competencies, and infrastructure and applications.
Governance and Management Objectives
25%
The 40 governance and management objectives across five domains: EDM (Evaluate, Direct, Monitor), APO (Align, Plan, Organise), BAI (Build, Acquire, Implement), DSS (Deliver, Service, Support), and MEA (Monitor, Evaluate, Assess).
Implementation and Tailoring
20%
Implementation lifecycle, design factors for tailoring COBIT to an organisation, the focus area concept, and how to prioritise governance and management objectives.

Note the domain with the highest weight — many candidates under-invest here because it feels conceptual. In practice, this is where the exam is most precise, with scenario-based questions that test specifics.

What the exam actually tests

This is not a memorization exam. Questions require applied judgment under constraints. Almost every question includes a scenario with explicit requirements and asks you to select the most appropriate solution.

Here are examples of the question types you will encounter:

Definition / Concept Recall
"Which COBIT 2019 component ensures that individuals understand their responsibilities and act accordingly?"
Tests knowledge of the seven governance system components. Know the exact name and purpose of each component and practice distinguishing "culture and behaviour" from "people, skills and competencies."
Domain and Objective Mapping
"An organisation needs to ensure its IT investments deliver expected benefits. Which COBIT domain is PRIMARILY responsible?"
Maps a business need to the correct COBIT domain (EDM, APO, BAI, DSS, MEA) and its relevant objectives. Create a domain summary card with the three most important objectives per domain.
Design and Tailoring Application
"A mid-sized financial services firm wants to implement COBIT. Which design factor should it consider FIRST to determine which governance objectives are most relevant?"
Tests understanding of the 11 design factors (enterprise strategy, goals cascade, risk profile, etc.). The exam frequently asks which design factor drives prioritisation, which is the enterprise strategy or risk profile.

How to prepare — 4-week study plan

This plan assumes one hour per weekday and roughly 30 minutes of lighter review on weekends. It is calibrated for someone with some relevant experience. If you are starting from zero, add an extra week before Week 1 to familiarise yourself with the basics.

W1
Week 1: Framework Foundations & Governance Concepts
  • Read the COBIT 2019 Framework Introduction and Governance System and Components publications; note the distinction between governance (EDM domain) and management (APO, BAI, DSS, MEA domains).
  • Study the seven governance system components: for each, write its definition, one example, and why removing it would weaken governance.
  • Learn the COBIT goals cascade: enterprise goals → alignment goals → governance and management objectives; understand how business goals translate to IT governance priorities.
  • Complete a 25-question foundational concepts quiz from an ISACA practice resource; note any unfamiliar COBIT-specific terminology.
W2
Week 2: Governance and Management Objectives — Five Domains
  • Study all five COBIT domains: memorise the full name of each domain abbreviation (EDM, APO, BAI, DSS, MEA) and the three to four most important objectives within each.
  • Focus on the EDM domain in depth: EDM01 (Governance Framework), EDM02 (Benefits Delivery), EDM03 (Risk Optimisation), EDM04 (Resource Optimisation), EDM05 (Stakeholder Engagement).
  • Study the high-frequency APO objectives: APO01 (Manage I&T Management Framework), APO12 (Manage Risk), APO13 (Manage Security), APO14 (Manage Data).
  • Complete a 30-question domain-mapping drill; for each wrong answer, locate the objective's purpose statement in the COBIT 2019 Governance and Management Objectives publication.
W3
Week 3: Implementation, Design Factors & Mock Exams
  • Study the COBIT 2019 implementation lifecycle: seven phases from acknowledging the need to sustaining the change; map each phase to its key activities and outputs.
  • Learn all 11 design factors: enterprise strategy, enterprise goals, risk profile, I&T-related issues, threat landscape, compliance requirements, role of IT, sourcing model, IT implementation methods, technology adoption strategy, and enterprise size.
  • Sit a full 75-question timed mock exam (2 hours); record your score by domain and flag any area below 60% for targeted Week 4 review.
  • Review the COBIT focus area concept: how specific focus areas (e.g., DevOps, cybersecurity, small and medium enterprises) layer on top of the core framework.
W4
Week 4: Targeted Review, Mock Exam 2 & Final Preparation
  • Run 25-question focused drills on your two lowest-scoring domains from the Week 3 mock exam.
  • Review the COBIT maturity and capability assessment model: the six capability levels (0 through 5) and the CMMI-based assessment approach.
  • Complete a second full 75-question timed mock; aim for 75%+ to build a comfortable margin above the 65% pass threshold.
  • Verify your PSI exam booking, confirm you have government-issued ID ready, and review the PSI online proctoring requirements for your exam day.

Common mistakes candidates make

These patterns appear repeatedly among candidates who resit this exam. Knowing them in advance is worth several percentage points.

Confusing governance objectives with management objectives
Governance objectives sit in the EDM domain and focus on evaluating, directing, and monitoring IT at the board or executive level. Management objectives sit in APO, BAI, DSS, and MEA and focus on executing IT activities. Many exam questions hinge on this distinction — always ask whether the activity described sets direction (governance) or executes plans (management).
Treating all 40 objectives as equally important
The COBIT 2019 Foundation exam emphasises the five EDM objectives, the high-risk APO objectives (APO12, APO13), and the MEA monitoring objectives most heavily. Candidates who spread study time equally across all 40 objectives are less prepared for the most frequently tested areas.
Ignoring the design factors and tailoring approach
With 20% of the exam covering implementation and tailoring, the 11 design factors are essential study material. Candidates who skip this section and focus only on the framework structure frequently cannot answer questions about how to prioritise governance objectives for a specific organisation type or risk profile.
Underestimating the volume of content relative to question count
COBIT 2019 covers a large framework across multiple publications. With 75 questions and a 2-hour time limit, the exam moves at a moderate pace, but the breadth of content means every domain counts. Use the official COBIT 2019 Foundation Study Guide from ISACA as your primary resource — third-party materials sometimes use outdated COBIT 5 terminology.

Is Certsqill right for you?

Honestly: Certsqill is built for candidates who have already done some studying and want to convert knowledge into exam performance. If you have never touched the subject, start with a foundational course first — then come to Certsqill when you are ready to practice.

Where Certsqill is strong: question depth, AI-powered explanations, and domain analytics. Every question is mapped to the exam blueprint. When you get something wrong, the AI tutor explains why the right answer is right and why each wrong answer fails under the specific constraints in the question.

Where Certsqill is not a replacement: video courses and hands-on labs. Use Certsqill to test and sharpen — not as your first exposure to a topic you have never encountered.

Ready to start practicing?
380 COBIT 2019 Foundation questions. AI tutor. 3 mock exams. 7-day free trial.