Evaluate, Direct and Monitor
Process Attributes Level 1 to 5 EDM05 Ensure Stakeholder Transparency
Monitor, Evaluate and Assess
Align, Plan & Organise...
APO13 Manage Security
BAI08 Manage Knowledge
BAI09 Manage Assets
BAI010 Manage Configuration
BAI04 Manage Availability and Capacity
BAI05 Manage Organizational Change Enablement
BAI06 Manage Changes
MEA02 Monitor, Evaluate and Assess the System of Internal Control
DSS03 Manage Problems
DSS04 Manage Continuity
DSS05 Manage Security Services
MEA03 Monitor, Evaluate and Assess Compliance With External Requirements
DSS06 Manage Business Process Controls
Cascade to
5. Seperating Governance from Management
Key Areas
Governance & Management Governance Objective: Value Creation
Principles, policies and frameworks are the vehicle to translate the desired behaviour into practical guidance for day-to-day management.
Management Feedback
Monitor
4. Enabling a Holistic Approach
5. Information
Build (BAI)
Run (DSS)
7. People, Skills and Competencies
People, skills and competencies are linked to people and are required for successful completion of all activities and for making correct decisions and taking corrective actions.
Existing ISACA Guidance (COBIT,Val IT, Risk IT, BMIS...)
Stakeholders
Goals
Life Cycle
Good Practices
• Internal Stakeholders • External Stakeholders
• Intrinsic Quality • Contextual Quality (Relevance, Effectiveness) • Accessibility and Security
• Plan • Design • Build/Acquire/ Create/Implement • Use/Operate • Evaluate/Monitor • Update/Dispose
• Practices • Work Products (Inputs/Outputs)
Principles and Policies
Culture, Ethics, Behaviour
Roles, Activities and Relationships
Organizational Structures
Information
Delegate
Owners and Stakeholders
Set Direction
Governing Body
Accountable
Management Monitor
Instruct and Align Report
COBIT 5 Product Family
Are Stakeholders Needs Addressed?
Are Enabler Goals Achieved?
Are Good Practices Applied?
COBIT 5 Professional Guides COBIT 5 Online Collaborative Environment
Metrics for Application of Practice (Lead Indicators)
tain
COBIT 5 te era e Op d us an
COBIT 5 Enabler Guides COBIT 5: Enabling Processes
COBIT 5: Enabling Information
Other Enabler Guides
COBIT 5 Implementation
COBIT 5 for Information Security
COBIT 5 for Assurance
COBIT 5 for Risk
pro
Implementation Life Cycle
gram
me
Esta
blis to c h desir e han ge
Reco r gn nito need ise Mo nd to a luate act eva
Identify role players
n
COBIT 5 Professional Guides
Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives
iate
Sus
Product Family Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; monitoring performance, compliance and progress against agreed direction and objectives.
Init
iew s Rev enes ctiv effe
se be nefits
Metrics for Achievement of Goals (Lag Indicators)
Is Life Cycle Managed?
nd ms a roble ne p tunities r oppo
Enabler Performance Management
Single Integrated Framework
COBIT 5 Enabler Guides
Programme management (outer ring) Change enablement (middle ring) Continual improvement life cycle (inner ring)
Other Professional Guides
Plan programme
COBIT 5 Online Collaborative Environment Transform
Knowledge
Create
proven experience • proven tactics • proven success
Operations and Execution
Content Filter for Knowledge Base
pla
Value
Relevancy Completeness Appropriateness Conciseness Consistency Understandability Ease of Manipulation
Skills and Competencies
te
Information
- Current Guidance and Contents - Structure for Future Contents
Processes
Service Capabilities
u ec Ex
Transform
Information Cycle
COBIT 5 Knowledge Base
Contextual Goals
IT Processes
Data
COBIT 5 Enablers
Enablers provide structure to the COBIT 5 knowledge base
Defi
Drive
Governance Scope
Form tation men imple team
Business Process
Resource Optimization
Roles, Activities and Relationships
Other Standards and Frameworks
New ISACA Guidance Materials
Assess t curren state
Generate and Process
Risk Optimization
Enablers: Generic
COBIT 5
Services, infrastructure and applications include the infrastructure, technology and applications that provide the enterprise with information technology processes and services.
3. Applying a Single Integrated Framework
Governance Enablers
Resources
Information is pervasive throughout any organization and includes all information produced and used by the enterprise. Information is required for keeping the organization running and well governed, but at the operational level, information is very often the key product of the enterprise itself.
Benefits Realization
Monitor (MEA)
4. Culture, Ethics and Behaviour
1. Principles, Policies and Frameworks
6. Services, Infrastructure and Applications
Plan (APO)
Enabler Dimension
3. Organizational Structures
2. Processes
COBIT 5 Principles
Reali
Enablers
Enabler Goals
Evaluate
Management
Organizational structures are the key decision-making entities in an enterprise.
2. Covering the Enterprise End-to-end
Governance
Processes for Management of Enterprise IT
Culture, ethics and behaviour of individuals and of the enterprise are very often underestimated as a success factor in governance and management activities.
IT-related Goals
MEA Monitor, Evaluate & Assess
Direct
A process describes an organized set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals.
Cascade to
1. Meeting Stakeholder Needs
DSS Deliver, Service and Support
COBIT 5 Processes
Business Needs
Deliver, Service & Support DSS02 Manage Service Requests and Incidents
COBIT 5 Principles
BAI - Build, Acquire and Implement
BAI07 Manage Change Acceptance and Transitioning
Resource Optimisation
ap
BAI03 Manage Solutions Identification and Build
Risk Optimisation
Enterprise Goals
APO Align Plan and Organize
BAI02 Manage Requirements Definition
Risk Optimisation
Process Dimension
EDM Evaluate, Direct, Monitor
BAI01 Manage Programmes and Projects
Resource Optimisation
Cascade to
Build, Acquire & Implement...
DSS01 Manage Operations
Benefits Realisation
BP : Base practices (Level 1) WP : Work products (Level 1)
dm
APO12 Manage Risk
MEA01 Monitor, Evaluate and Assess Performance and Conformance
Level 0
Benefits Realisation
ro a
APO11 Manage Quality
APO07 Manage Human Resources
Stakeholder Needs
Governance Objectives:Value Creation
Process Performance Indicators
ne
APO10 Manage Suppliers
APO06 Manage Budget and Costs
Level 1
Influence
De fi
APO09 Manage Service Agreements
APO05 Manage Portfolio
Level 2
m ou mun tco ica me te
APO08 Manage Relationships
APO04 Manage Innovation
Level 3
Stakeholder Drivers (Environment, Technology Evolution, ...)
De tar fine sta get te
APO02 Manage Strategy
APO03 Manage Enterprise Architecture
Level 4
Stakeholder Needs
COBIT 5 PCAIs GP : Generic Practice (Levels 2 to 5 only) GR : Generic Resource (Not defined) GWP : Generic Work Product (Levels 2 to 5 only)
Co
APO01 Manage the IT Management Framework
PA5.2 Continuous optimization PA5.1 Process innovation PA4.2 Process control PA4.1 Process measurement PA3.2 Process deployment PA3.1 Process definition PA2.2 Performance management PA2.1 Work product management PA1.1 Process performance
Level 5
Oper ate and mea sure
EDM04 Ensure Resource Optimization
EDM03 Ensure Risk Optimization
Goals Cascade
Process Capability Attribute Indicators (PCAIs) Level 1 to 5
Embed appro new aches
EDM02 Ensure Benefits Delivery
Capability Dimension
EDM01 Ensure Governance Framework Setting and Maintenance
Value Creation
Process Assessment Model
Process Reference Model (PRM)
Drive
Processes for Governance of Enterprise IT
© Copyright 2014 by Service Management Art Inc. All rights reserved. These materials include COBIT 5 & 4.1, which is used with the permission of ISACA. ©1996-2012 ITGI. COBIT is a registered trademark of the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). NOT FOR RESALE, Version 2.4
5 IT n B io O it C Ed
COBIT 5 Foundation Overview ®
For more information: Call: Toll Free 1 866 616 4195 Email:
[email protected]
COBIT 5 Goals Cascade
Financial
Internal
Customer
Financial
IT-related Goal
Customer
01
Alignment of IT and business strategy
02
IT compliance and support for business compliance with external laws and regulations
03
Commitment of executive management for making IT-related decisions
04
Managed IT-related business risk
05
Realized benefits from IT-enabled investments of services portfolio
P
06
Transparency of IT costs, benefits and risk
S
07
Delivery of IT services in line with business requirements
P
P
S
08
Adequate use of applications, information and technology solutions
S
S
09
IT agility
S
P
10
Security and information, processing infrastructure and applications
11
Optimization of IT assets, resources and capabilities
P
S
12
Enablement and support of business processes by integrating applications and technology into business processes
S
P
S
S
13
Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards
P
S
S
S
14
Availability of reliable and useful information for decision making
S
S
S
S
15
IT compliance with internal policies
S
S
16
Competent and motivated business and IT personnel
S
S
17
Knowledge, expertise and initiatives for business innovation
S
P
P
P
S S
P
S
P
S
S S
P S
S S
S
P
S
P
S
S S
S
S
S
S
S
S P
S
S
P P
P
S
P
S
S
P
P
P
P
P
S P
P
Learning and Growth
Internal
P
S
S
P
S
S S
P
S
P
P
S
S
S
S
S
P P
S
P
S
P
P
ð
S
ð
P
ð
S
ð
S
P
ð
S
P
P
S
P
P
P
S
S
P
S
S
S
S
ð
P
S
S
ð
S
S
P
ð
S
ð
S
P
P
P
S
S
S
S
P
S
S
S
S
ð
S
S
S
S
P
S
S
S
S
ð
S
S
S
P
ð
S
S
S
ð
S
S
ð
S
P S
S
S
P
P
S
S
S
S
P
P
S
S
S
S
S
S
S
S
S
P
P
P
S
P
P
S
P
S
S
P
P
S
S
S
S
P
S
S
S
S
P
S
P
P
P
S
S
S
P
S
S
P
S
S
S
P
S
S
S
P
P
P
S
S
P
S
S
S
S
S
P
P
S
S S
S
S
S
S
S
S
S
S
S
S
S
P
S
P
S
S
S
P
S
P
S
P
P
P
P
ð
S
S
S
P
S
P
ð
S
P
S
S
S
S
S
S
P
S
S
P
P P
P
P
P
S
P
S
P
S
S
S
P
S
S
S
S
P
S
S
S
S
P
S
S
S
P
P
P
S
P
S
S
S
S
S
S
S
S
S
S
P
S
P
S
S
P
S
S
S
S
S
S
P
S
S
P
S
S
S
S
S
S
P
P
S
S
S
S
S
S
S
S
S
S
P
P
P
S
S
S
S
S
S
S
S
S
S
S
S
S
S
P P
S
S
P
S
S
S
S
S
S
P
S
S
P
S
P
Manage Continuity
Manage Security Services
Manage Business Process Controls
Monitor, Evaluate and Assess Performance and Conformance
Monitor, Evaluate and Assess the System on Internal Controls
Monitor, Evaluate and Assess Compliance with External Requirements
DSS04
DSS05
DSS06
MEA01
MEA02
MEA03
S
S
S
P
P
S P
S
S
S
S
P
S
S
S
P
S S
S
P
P
P
P
S
P
P
P
S
S
P
S
Mange Problems
Manage Operations DSS01
S
DSS03
Manage Configuration BAI10
S S
S
Manage Service Requests and Incidents
Manage Assets BAI09
S
DSS02
Manage Knowledge BAI08
S
S
P
P S
P
Manage Change Acceptance and Transitioning
Manage Requirements Definition BAI02
S
S
BAI07
Manage Programmes and Projects BAI01
S
S
Manage Changes
Manage Security APO13
S
P
BAI06
Manage Risk APO12
S
S
Manage Organizational Change Enablement
Manage Quality APO11
S
P
S
S
S
S
P
S S
P
S
S
Monitor, Evaluate and Assess
Deliver, Service and Support
Build, Acquire and Implement
S
S
BAI05
Manage Suppliers APO10
P
Manage Availability and Capacity
Manage Service Agreements APO09
P
BAI04
Manage Relationships APO08
S
Manage Solutions Identification and Build
Manage Human Resources APO07
P
S
S P
P
BAI03
Manager Budgets and Costs
Align, Plan and Organize
ð
S
S
S
Evaluate, Direct and Monitor
APO06
17
Manage Portfolio
16
APO05
15
Manage Innovation
Product and business innovation culture
14
APO04
Skilled and motivated people
13
Manage Enterprise Architecture
Compliance with internal policies
12
APO03
Operational and staff productivity
11
Manage Strategy
Managed business change programmes
10
APO02
Optimization of business process costs
9
Manage the IT Management Framework
Optimization of business process functionality
8
APO01
Optimization of service delivery costs
7
Ensure Stakeholder Transparency
Information-based strategic decision making
6
EDM05
Agile responses to a changing business environment
5
Ensure Resource Optimization
Business service continuity and availability
4
EDM04
Customer-oriented service culture
3
Ensure Risk Optimization
Financial transparency
2
EDM03
Compliance with external laws and regulations
1
Process Goals
Ensure Benefits Delivery
Managed business risk (safeguarding of assets)
Secondary Relationship
Cascade to
EDM02
Portfolio of competitive products and services
S
IT-related Goals
Ensure Governance Framework Setting and Maintenance
Primary Relationship
Cascade to
EDM01
P
Enterprise Goals
Learning and Growth
COBIT 5 Processes
Stakeholder value of business investments
Enterprise Goal
P
P
S
S
P
P
S
S
S
P
S
S
S
P
P
P
P
S
P
P
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
P
P
P
S
S
S
S
P
S
S
P
S
S
S
P
S
S
S
S
S
S
S S
S
P
S
S
P
P
S
S
S
S
S
S
S
S
S
S
S
S
P
P
S
S
S
S
S
S
S
S
S
S
S
P
S
S
S
