Mapping

ACF® × COBIT 2019

Mapping of the 17 ACF® cards to the COBIT 2019 governance and management objectives. This is the bridge between agentic governance and your organisation’s classical IT audit.

iNote

If your internal audit function runs on COBIT, ACF® plugs into it naturally: EDM-01 for the agentic charter, MEA-01 for the signed register, BAI-09 for the agent card, DSS-02 for the kill switch. No rewrite of the audit framework is needed — ACF® documents its artifacts in the vocabulary your auditors already use.

ISACA COBIT 2019 framework ↗

COBIT 2019 — ISACA framework for the governance and management of enterprise IT. The reference for IT audit shops and internal audit functions. Articulates around domains: Evaluate-Direct-Monitor (EDM), Align-Plan-Organise (APO), Build-Acquire-Implement (BAI), Deliver-Service-Support (DSS), Monitor-Evaluate-Assess (MEA).

ACF® mapping → COBIT 2019

Each row below is an ACF® methodological card and the principal article of the standard it maps to. The mapping is deliberately conservative — when a card covers several articles, only the principal article is cited here. The full multi-standard view is on the matrix.

Card	Title	COBIT 2019
`ACF-00`	Sovereignty Score	`EDM-01`
`ACF-01`	Decision Map	`EDM-03`
`ACF-02`	Criticality Matrix	`APO-12`
`ACF-03`	Agentic Constitution	`EDM-01`
`ACF-04`	Agent Card	`BAI-09`
`ACF-05`	Supervision & Governance	`MEA-02`
`ACF-06`	Kill Switch	`DSS-02`
`ACF-07`	First Agent Dossier	`BAI-01`
`ACF-08`	Agentic Decision Register	`MEA-01`
`ACF-09`	Action & Improvement Plan	`BAI-08`
`ACF-10`	30-Day Governance Audit	`MEA-02 + MEA-03`
`ACF-11`	Agentic Risk Assessment	`APO-12`
`ACF-12`	Agent Mandate	`APO-05`
`ACF-13`	Guided Practical Case	`BAI-05`
`ACF-14`	Teacher Guide	`APO-07`
`ACF-15`	Governance Simulation	`BAI-06`
`ACF-16`	Accountability by Design	`EDM-01`