Executive Overview

The value of COBIT5

© 2011 ECC International

Participants Introduction
Participants kindly state the following:

• Name

• Area of responsibility

• Knowledge about & Experience in problem solving and decision making methods

• Expectations from the Training

2
© 2011 ECC International
House Rules

• Health and safety

– Fire alarms
– Fire exits
– Assembly points
– Security
• Logistics and refreshments
– Rest-rooms
– Location for meals and refreshments
– Timing of breaks
– Use of telephones and laptops etc

3
© 2011 ECC International
Learning Objectives

At the end of the training, participants are expected to:

• Understand the philosophy of the COBIT5 framework
• Know how COBIT5 can be used to managed IT service quality
• Know the role of COBIT5 in the broader IT governance
framework

4
© 2011 ECC International
Course Outline
Key challenges in realizing the value of IT

COBIT5: The Biz Framework for the Governance and Management of Enterprise IT

Getting value from COBIT5

Alignment with corporate strategy

Define and assess IT service management processes

Define roles & responsibilities

Define services targets & metrics

Process improvement

Audit process compliance

Assess process maturity

5
Key considerations of COBIT5 adoption
© 2011 ECC International
 What are your top IT management challenges?

1.

2.

3.

6
© 2011 ECC International
 CIOs’ Concerns - 2010
CIO MAGAZINE 2010 STATE OF THE CIO SURVEY

Focus in Current Role Percent

Aligning IT initiatives with business goals 64%
Improving IT operations/systems performance 51%
Cultivating the IT/business partnership 48%
Cost control/expense management 43%
Implementing new systems and architecture 42%
Leading change efforts 39%
Driving business innovation 34%
Redesigning business processes 32%
Identifying opportunities for competitive differentiation 24%
Developing and refining business strategy 22%
Negotiating with IT vendors 20%
Managing IT crises 19%
Developing new go-to-market strategies & technologies 16%
Security management 13%
Studying market trends/customer needs to identify commercial opportunities 12%
Source: CIO.com. (2013). 2010 State of the CIO Survey., viewed 7 July, 2013, <http://www.cio.com/documents/pdfs/
StateoftheCIOJanuary2010.pdf>
Scope of Authority Percent
Enterprise-wide IT 85% 7
© 2011 ECC International
Division IT only 15%
developing!leadership!and!crossFfunctional!skills!among!their!IT!staff!and!increasing!their!attention!
and!focus!on!customers.!One!third!of!CIOs!now!actively!call!on!customers,!up!from!just!18!percent!
two!years!ago!and!34!percent!train!their!IT!staff!to!focus!on!external!customers,!up!from!25!percent!
in!the!2011!survey.!!! CIOs’ Concerns - 2010
!
!
Stakeholder!Relations!! 2011! 2012! 2013!
Met!more!frequently!with!influential!stakeholders! 62%! 59%! 63%!
Delegated!more!IT!operations!to!trusted!lieutenants! 35%! 46%! 53%!
Created!quick!wins!for!business!partners!! 44%! 44%! 51%!
Fixed!major!problems!with!systems!operations! 50%! 51%! 48%!
Trained!IT!staff!to!partner!better!with!business! 36%! 41%! 45%!
stakeholders!
Initiated!new!products!and!services!for!competitive! 40%! 40%! 44%!
advantage!
Developed!a!crossFfunctional!focus!among!IT!managers! 32%! 36%! 44%!
Developed!IT!leadership!capabilities!in!senior!managers! 28%! 38%! 40%!
Created!a!portfolio!approach!to!IT!! 37%! 39%! 38%!
Trained!IT!staff!to!focus!on!external!customers! 25%! 28%! 34%!
Called!on!customers! 18%! 23%! 33%!
Cultivated!a!relationship!with!a!board!member! 25%! 29%! 32%!
Created!a!project!management!office!! 25%! 27%! 25%!
Deepened!staff!bench!strength!in!management/!leadership! 15%! 18%! 24%!
expertise!
! Source: CIO.com. (2013). 2013 State of the CIO Survey., viewed 7 July, 2013, <http://www.cio.com/documents/pdfs/
! 2013%20State%20of%20the%20CIO%20Exec%20Summary.pdff>
Those!relationshipFbuilding!activities!appear!to!be!paying!off.!!Fewer!CIOs!this!year!say!their!
company’s!business!stakeholders!perceive!their!IT!organization!as!a!cost!center!lacking!enterprise!8
© 2011 ECC International
value!(15!percent,!versus!21!percent),!while!a!higher!percentage!are!viewed!as!business!peers!
 COBIT  5:    Now  One  Complete
 Business  Framework   for
Evolution of scope Governance of Enterprise IT

IT Governance

Val IT 2.0
Management (2008)

Control
Risk IT
(2009)
Audit

COBIT1 COBIT2 COBIT3 COBIT4.0/4.1 COBIT 5

1996 1998 2000 2005/7 2012

An business framework from ISACA, at www.isaca.org/cobit

© 2012 ISACA® All rights reserved.
9
© 2011 ECC International
 COBIT  5  Product  Family    

Source: COBIT® 5, figure 11. © 2012 ISACA® All rights reserved.

10
© 2011 ECC International
 The  COBIT  5  Framework  

• Simply stated, COBIT 5 helps enterprises create optimal value

from IT by maintaining a balance between realising benefits and
optimising risk levels and resource use.
• COBIT 5 enables information and related technology to be
governed and managed in a holistic manner for the entire
enterprise, taking in the full end-to-end business and functional
areas of responsibility, considering the IT-related interests of
internal and external stakeholders.
• The COBIT 5 principles and enablers are generic and useful for
enterprises of all sizes, whether commercial, not-for-profit or in
the public sector.

© 2011 ECC International

 COBIT  5  Framework  

 
COBIT 5:
• The main, overarching COBIT 5 product
• Contains the executive summary and the full description of all of the
COBIT 5 framework components:
– The five COBIT 5 principles
– The seven COBIT 5 enablers plus
– An introduction to the implementation guidance provided by ISACA (COBIT 5
Implementation)
– An introduction to the COBIT Assessment Programme (not specific to COBIT 5) and
the process capability approach being adopted by ISACA for COBIT

12
© 2011 ECC International
 COBIT  5  Principles  

Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.

13
© 2011 ECC International
 COBIT  5  Enablers  

Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.

14
© 2011 ECC International
 Governance  and  Management  

• Governance ensures that enterprise objectives are achieved by

evaluating stakeholder needs, conditions and options; setting
direction through prioritisation and decision making; and
monitoring performance, compliance and progress against agreed-
on direction and objectives (EDM).
• Management plans, builds, runs and monitors activities in
alignment with the direction set by the governance body to achieve
the enterprise objectives (PBRM).

15
© 2011 ECC International
 In  Summary  …  

COBIT 5 brings together the five principles that

allow the enterprise to build an effective governance
and management framework based on a holistic set of
seven enablers that optimises information and
technology investment and use for the benefit of
stakeholders.  

16
© 2011 ECC International
Business Alignment Case Study

• An enterprise has defined for itself a number of strategic goals, of which improving
customer satisfaction is the most important. From there, it wants to know where it needs
to improve in all things related to IT.
• How can Cobit5 help?

17
© 2011 ECC International
 Meeting Stakeholder Needs

• Principle 1. Meeting Stakeholder Needs

Enterprises exist to create value for their stakeholders.

18
© 2011 ECC International
 Goal Cascade
Translate needs to specific Goals

19
© 2011 ECC International
Cobit 5 Enterprise Goal
CHAPTER 2
PRINCIPLE 1: MEETING STAKEHOLDER NEEDS

Figure 5—COBIT 5 Enterprise Goals

Relation to Governance Objectives
Benefits Risk Resource
BSC Dimension Enterprise Goal Realisation Optimisation Optimisation Customer
Financial 1. Stakeholder value of business investments P S satisfaction
2. Portfolio of competitive products and services P P S related goals:
3. Managed business risk (safeguarding of assets) P S 6. Customer-
4. Compliance with external laws and regulations P oriented service
5. Financial transparency P S S culture
Customer 6. Customer-oriented service culture P S 7. Business
7. Business service continuity and availability P service continuity
8. Agile responses to a changing business environment P S and availability
9. Information-based strategic decision making P P P
8. Agile
10. Optimisation of service delivery costs P P
responses to a
Internal 11. Optimisation of business process functionality P P
changing
12. Optimisation of business process costs P P
business
13. Managed business change programmes P P S
environment
14. Operational and staff productivity P P
15. Compliance with internal policies P
Learning and Growth 16. Skilled and motivated people S P P
17. Product and business innovation culture P

Figure 6—IT-related Goals

IT BSC Dimension Information and Related Technology Goal
Financial 01 Alignment of IT and business strategy 20
© 2011 ECC International02 IT compliance and support for business compliance with external laws and regulations
03 Commitment of executive management for making IT-related decisions
 12. Optimisation of business process costs P P
13. Managed business change programmes P P S
14. Operational and staff productivity P P
Cobit 5 IT Goals
15. Compliance with internal policies P
Learning and Growth 16. Skilled and motivated people S P P
17. Product and business innovation culture P

Figure 6—IT-related Goals

IT BSC Dimension Information and Related Technology Goal
Financial 01 Alignment of IT and business strategy
02 IT compliance and support for business compliance with external laws and regulations
03 Commitment of executive management for making IT-related decisions
04 Managed IT-related business risk
05 Realised benefits from IT-enabled investments and services portfolio
06 Transparency of IT costs, benefits and risk
Customer 07 Delivery of IT services in line with business requirements
08 Adequate use of applications, information and technology solutions
Internal 09 IT agility
10 Security of information, processing infrastructure and applications
11 Optimisation of IT assets, resources and capabilities
12 Enablement and support of business processes by integrating applications and technology into business processes
13 Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards
14 Availability of reliable and useful information for decision making
15 IT compliance with internal policies
Learning and Growth 16 Competent and motivated business and IT personnel
17 Knowledge, expertise and initiatives for business innovation

21
© 2011 ECC International
 When using the table in figure 22, please consider the remarks made in chapter 2 on how to use the COBIT 5
goals cascade.

Figure 22—Mapping COBIT 5 Enterprise Goals to IT-related Goals

Enterprise Goal

Agile responses to a changing business environment

Managed business risk (safeguarding of assets)

Compliance with external laws and regulations

Optimisation of business process functionality

Portfolio of competitive products and services

Information-based strategic decision making

Goal Cascades

Stakeholder value of business investments

Business service continuity and availability

Managed business change programmes

Product and business innovation culture

Optimisation of business process costs
Optimisation of service delivery costs
Customer-oriented service culture

Operational and staff productivity

Compliance with internal policies

Skilled and motivated people

Financial transparency
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17.
Learning
IT-related Goal Financial Customer Internal
and
Growth
Enterprise Goals 6, 7 & 8 cascade to
01 Alignment of IT and business strategy P P S P S P P S P S P S S the following IT Goals:
02 IT compliance and support for business
compliance with external laws and S P P
regulations
1. Alignment of IT and business
Financial

03 Commitment of executive management for

making IT-related decisions
P S S S S S P S S
strategy
P S P S P S S S
04 Managed IT-related business risk
4. Managed IT-related business risk
05 Realised benefits from IT-enabled
investments and services portfolio
P P S S S S P S S
7. Delivery of IT services in line with
06 Transparency of IT costs, benefits and risk S S P S P P
business requirements
07 Delivery of IT services in line with business
P P S S P S P S P S S S S
9. IT agility
Customer

requirements
08 Adequate use of applications, information
and technology solutions
S S S S S S S P S P S S 10. Security of information,
09 IT agility S P S S P P S S S P processing infrastructure and
10 Security of information, processing
infrastructure and applications
P P P P applications
11 Optimisation of IT assets, resources and
capabilities
P S S P S P S S S 14. Availability of reliable and useful
12 Enablement and support of business information for decision making
Internal

processes by integrating applications and S P S S S S P S S S S

technology into business processes 17. Knowledge, expertise and
13 Delivery of programmes delivering
benefits, on time, on budget, and meeting P S S S S S P S
initiatives for business innovation
requirements and quality standards
14 Availability of reliable and useful
S S S S P P S
information for decision making
15 IT compliance with internal policies S S P
16 Competent and motivated business and
22
S S P S S P P S
Learning

IT personnel
Growth
and

17 Knowledge, expertise and initiatives for

S P S P S S S S P
© 2011 ECC International business innovation
 IT-related goals can
further be cascaded to
enablers such as
processes, organization
structures, etc…

23
© 2011 ECC International
Cobit 5 Process Enabler applications

• Define new IT processes

• Define roles and responsibilities
• Define services targets & metrics
• Process improvement
• Audit process compliance
• Assess process maturity

24
© 2011 ECC International
 CHAPTER 3
CobitTHE COBIT Processes
5 Enabler: 5 PROCESS MODEL
Processes are one of the seven enabler categories for governance and management of enterprise IT, as explained in
COBIT 5, chapter 5. The specifics for the processes enabler compared to the generic enabler description are shown
in figure 8.

Figure 8—COBIT 5 Enabler: Processes

Stakeholders Goals Life Cycle Good Practices

Enabler Dimension

/
$*($" /
$*( $) 
+" *. /
"$ /
Process Practices,

*!%"() /
%$*-*+"
+" *. /
) $ Activities, Detailed
/
-*($"
",$ /
+ "'+ ( Activities

*!%"()
* ,$))
(* #&"#$* /
W%(!
(%+*)
/
))  " *.
$ /
)&(*
 $&+*)+*&+*)

+( *. /
,"+*%$ *%(
/
&* )&%)

Generic Practices for

Processes
Enabler Performance

(
*!%"() (
$"( )
 
." (
%%
(* )

Management

)
()) %")
 , $ &&" 

*( )
%(
 ,#$*
%
%") *( )
%(
&&" * %$
%
(* 


$ *%() 
$ *%()

A process is defined as ‘a collection of practices influenced by the enterprise’s policies and procedures that takes
inputs from a number of sources (including other processes), manipulates the inputs and produces outputs 25
(e.g.,
© 2011 ECC products, services)’.
International

The process model shows:

 activities within the process.

Model
Separating Governance
COBIT 5 is not &
prescriptive, but from the Management
previous text it is clear that it advocates that enterprises implement governance
and management processes such that the key areas are covered, as shown in figure 9.

In theory, an enterprise can organise its processes as it sees fit, as long as the basic governance and management objectives
are covered. Smaller enterprises may have fewer processes; larger and more complex enterprises may have many
processes, all to cover the same objectives.

Figure 9—COBIT 5 Governance and Management Key Areas

Business Needs

Governance
Evaluate

Direct Management Feedback Monitor

Management

Plan Build Run Monitor

(APO) (BAI) (DSS) (MEA)

26
© 2011 ECC International

23
 The COBIT 5 process reference model subdivides the governance and management processes of enterprise IT into two
main areas of activity—governance and management—divided into domains of processes:
s Governance—This domain contains five governance processes; within each process, EDM practices are defined.
s Management—These four domains are in line with the responsibility areas of PBRM (an evolution of the
COBIT 4.1 domains), and they provide end-to-end coverage of IT. Each domain contains a number of processes,

Processes for Enterprise IT as in COBIT 4.1 and previous versions. Although, as described previously, most of the processes require ‘planning’,
‘implementation’, ‘execution’ and ‘monitoring’ activities within the process or within the specific issue being
addressed—e.g., quality, security—they are placed in domains in line with what is generally the most relevant area of
activity when regarding IT at the enterprise level.

The COBIT 5 process reference model is the successor of the COBIT 4.1 process model, with the Risk IT and Val IT
process models integrated as well. Figure 10 shows the complete set of 37 governance and management processes
within COBIT 5.

Figure 10—COBIT 5 Process Reference Model

Processes for Governance of Enterprise IT

Evaluate, Direct and Monitor

EDM01 Ensure
Governance EDM02 Ensure EDM03 Ensure EDM04 Ensure EDM05 Ensure
Framework Setting Benefits Delivery Risk Optimisation Resource Stakeholder
and Maintenance Optimisation Transparency

Align, Plan and Organise Monitor, Evaluate

and Assess
APO01 Manage APO02 Manage APO03 Manage APO06 Manage APO07 Manage
the IT Management Enterprise APO04 Manage APO05 Manage
Strategy Innovation Portfolio Budget and Costs Human Resources
Framework Architecture

MEA01 Monitor,
Evaluate and Assess
APO09 Manage Performance and
APO08 Manage APO10 Manage APO11 Manage APO12 Manage APO13 Manage Conformance
Service Risk Security
Relationships Agreements Suppliers Quality

Build, Acquire and Implement

BAI03 Manage BAI04 Manage BAI05 Manage BAI07 Manage
BAI01 Manage BAI02 Manage Solutions Organisational Change
Programmes and Requirements Availability BAI06 Manage
Identification and Capacity Change Changes Acceptance and MEA02 Monitor,
Projects Definition and Build Enablement Transitioning Evaluate and Assess
the System of Internal
Control

BAI08 Manage BAI09 Manage BAI010 Manage

Knowledge Assets Configuration

Deliver, Service and Support

MEA03 Monitor,
DSS02 Manage DSS05 Manage DSS06 Manage Evaluate and Assess
DSS01 Manage DSS03 Manage DSS04 Manage Compliance With
Operations Service Requests Security Business
and Incidents Problems Continuity Services Process Controls External Requirements

Processes for Management of Enterprise IT

27
© 2011 ECC International
24 Personal Copy of: Mr. Tan Heng M.
COBIT Process Assessment Model

• The assessment process involves establishing a capability

rating for each process. It involves:
– Defined capability levels
– Process attributes used to rate each process
– Indicators on which to base the assessment achievement of each
process attribute
– A standard rating scale

28
© 2011 ECC International
 2.2 The Measurement Framework

Process Capability
LEVELS FROMLevels
The assessment process involves establishing a capability rating for each process. It involves:
s $EFINED CAPABILITY )3/)%# 
s 0ROCESS ATTRIBUTES USED TO RATE EACH PROCESS FROM )3/)%# 
s )NDICATORS ON WHICH TO BASE THE ASSESSMENT ACHIEVEMENT OF EACH PROCESS ATTRIBUTE BASED ON AND ALIGNED WITH
ISO/IEC 15504)
s ! STANDARD RATING SCALE FROM )3/)%# 

2.2.1 Process Capability Levels

The capability of each assessed process is expressed as a capability level from 0 to 5, as shown in figure 2. Each process
capability level is aligned with a process situation.

Figure 2—Process Capability Levels

Process Level Capability
0 (Incomplete) The process is not implemented or fails to achieve its process purpose. At this level, there is little or no evidence of any systematic
achievement of the process purpose.
1 (Performed) The implemented process achieves its process purpose.
2 (Managed) The performed process is now implemented in a managed fashion (planned, monitored and adjusted) and its work products are
appropriately established, controlled and maintained.
3 (Established) The managed process is now implemented using a defined process that is capable of achieving its process outcomes.
4 (Predictable) The established process now operates within defined limits to achieve its process outcomes.
5 (Optimizing) The predictable process is continuously improved to meet relevant current and projected business goals.

Process capability level 0 does not have an attribute. Level 0 reflects a non-implemented process or a process that fails to
at least partially achieve its outcomes.

As part of the scoping, the enterprise should choose which level of capability it requires, depending on business objectives.
Scoping can also restrict an assessment to reduce the complexity, effort and cost of the assessment.

2.2.2 Process Attributes 29

Within the COBIT PAM, the measure of capability is based on the nine process attributes (prefixed by PA) defined in
© 2011 ECC International
ISO/IEC 15504-2, as shown in figure 3. Each attribute applies to a specific process capability. Process attributes are used
to determine whether a process has reached a given capability.
 Process capability level 0 does not have an attribute. Level 0 reflects a non-implemented process or a process that fails to
at least partially achieve its outcomes.

Process Attributes
As part of the scoping, the enterprise should choose which level of capability it requires, depending on business objectives.
Scoping can also restrict an assessment to reduce the complexity, effort and cost of the assessment.

2.2.2 Process Attributes

Within the COBIT PAM, the measure of capability is based on the nine process attributes (prefixed by PA) defined in
ISO/IEC 15504-2, as shown in figure 3. Each attribute applies to a specific process capability. Process attributes are used
to determine whether a process has reached a given capability.

Figure 3—Process Attributes

Level 5: Optimizing
PA 5.1 Process Innovation
PA 5.2 Process Optimization

6 Process Level 4: Predictable

PA 4.1 Process Measurement
Capability PA 4.2 Process Control
Levels Level 3: Established
PA 3.1 Process Definition
PA 3.2 Process Deployment

Level 2: Managed
PA 2.1 Performance Management
PA 2.2 Work Product Management

Level 1: Performed 9 Process

PA 1.1 Process Performance Attributes
Level 0: Incomplete

30
© 2011 ECC10
International Personal Copy of: Mr. Heng M. Tan
 2.2.4 Rating Scale
Each attribute is rated using a standard rating scale defined in the ISO/IEC 15504 standard. These ratings consist of:
Rating Levels
s N—Not achieved. There is little or no evidence of achievement of the defined attribute in the assessed process.
s P—Partially achieved. There is some evidence of an approach to, and some achievement of, the defined attribute in
the assessed process. Some aspects of achievement of the attribute may be unpredictable.
s L—Largely achieved. There is evidence of a systematic approach to, and significant achievement of, the defined
attribute in the assessed process. Some weaknesses related to this attribute may exist in the assessed process.
s F—Fully achieved. There is evidence of a complete and systematic approach to, and full achievement of, the defined
attribute in the assessed process. No significant weaknesses related to this attribute exist in the assessed process.

There is a need to ensure a consistent degree of interpretation when deciding which rating to assign. The table in
figure 4 describes the rating in terms of both the original rating scale (defined previously) and those ratings translated
into a percentage scale showing the extent of achievement.

Figure 4—Rating Levels

N Not achieved 0 to 15% achievement
P Partially achieved >15% to 50% achievement
L Largely achieved >50% to 85% achievement
F Fully achieved >85% to 100% achievement
Source: This figure is reproduced from ISO/IEC 15504-2:2003, with the permission of ISO/IEC at www.iso.org. Copyright remains with ISO/IEC.

The assessors use these scales during their assessment to guide their judgement of the current level of achievement.

2.2.5 Determining the Capability Level

The capability level of a process is determined by whether the process attributes at that level have been largely or fully
achieved and whether the process attributes for the lower levels have been fully achieved. The table in figure 5 outlines
each level and the necessary ratings that must be achieved.

Figure 5—Levels and Necessary Ratings

Scale Process Attributes Rating
Level 1 Process Performance Largely or fully
Level 2 Process Performance Fully
31
© 2011 ECC International Performance Management Largely or fully
Work Product Management Largely or fully
 Figure 6–Self-assessment Process

Step 1
Decide on
process to
Self Assessment Process assess—
scoping.

Step 2
Determine
level 1
capability.

Step 3
Determine
capability
for levels 2 to 5.

Step 4
Record and
summarise
capability
levels.

Step 5
Plan process
improvement.

32
© 2011 ECC International
The self-assessment is supported by the:
s !SSESSMENT SUMMARY TABLE IN APPENDIX !
 COBIT  5  Mapping  Summary  

© 2012 ISACA. All rights reserved.

© 2011 ECC International
 COBIT  and  Other  IT  Governance  Frameworks  

COSO

COBIT
ISO 27002
ISO 9000

WHAT ITIL HOW

SCOPE OF COVERAGE
Source  ISACA  2007  
© 2012 ISACA. All rights reserved.
© 2011 ECC International
 Where  Does  COBIT  Fit?    

CONFORMANCE
Drivers PERFORMANCE: Basel II, Sarbanes-
Business Goals Oxley Act, etc.

Balanced
Enterprise Governance COSO
Scorecard

IT Governance
COBIT

ISO ISO ISO

Best Practice Standards 9001:2000 27002 20000

Processes and Procedures QA Security ITIL

Procedures Principles

© 2012 ISACA. All rights reserved.

© 2011 ECC International
COBIT 5 Mapping Specifics ..1

q ISO/IEC  38500  
o ISO’s  6  principles  map  to  COBIT  5  (appendix  E)  
q ITIL  v3The  following  5  areas  and  domains  are  covered  by  ITIL  
v3:  
o A  subset  of  process  in  the  DSS  domain  
o A  sunset  of  processes  in  the  BAI  domain    
o Some  process  in  the  APO  domain  
q ISO/IEC  27000  
o Security  and  IT-­‐related  processes  in  domains  EDM,  APO  and  DSS  
o Some  monitoring  of  security  monitoring  activities  in  MEA  
q ISO/IEC    31000  
o Risk  management  related  activities  in  EDM  and  APO  
 
© 2012 ISACA. All rights reserved.
© 2011 ECC International
COBIT 5 Mapping Specifics ..2

q TOGAF  (The  Open  Group  Architecture  Framework)  

o Resource-­‐related  processes  in  EDM    
o TOGAF  components  of  the  architecture  board  and  governance  areas  
o Enterprise  architecture  processes  of  APO  
q PRINCE2  
o Programme  and  project  management  processes  in  the  BAI  domain  
o Portfolio  related  processes  in  the  APO  domain  
q CMMI  
o Some  organisational  and  quality-­‐related  processes  in  the  APO  domain  
o Application  –building  and  acquisition  related  processes  in  BAI  

© 2012 ISACA. All rights reserved.

© 2011 ECC International
 COBIT  5  Implementa/on  

• The improvement of the governance of enterprise IT (GEIT) is

widely recognised by top management as an essential part of
enterprise governance.
• Information and the pervasiveness of information technology are
increasingly part of every aspect of business and public life.
• The need to drive more value from IT investments and manage an
increasing array of IT-related risk has never been greater.
• Increasing regulation and legislation over business use of
information is also driving heightened awareness of the importance
of a well-governed and managed IT environment.

38
© 2011 ECC International
 COBIT  5  Implementa/on  (cont.)  

• ISACA has developed the COBIT 5 framework to help enterprises

implement sound governance enablers. Indeed, implementing good
GEIT is almost impossible without engaging an effective
governance framework. Best practices and standards are also
available to underpin COBIT 5.
• Frameworks, best practices and standards are useful only if they are
adopted and adapted effectively. There are challenges that need to
be overcome and issues that need to be addressed if GEIT is to be
implemented successfully.
• COBIT 5: Implementation provides guidance on how to do this.

39
© 2011 ECC International
 COBIT  5  Implementa/on  (cont.)  

• COBIT 5: Implementation covers the following subjects:

• Positioning GEIT within an enterprise
• Taking the first steps towards improving GEIT
• Implementation challenges and success factors
• Enabling GEIT-related organisational and behavioural
change
• Implementing continual improvement that includes change
enablement and programme management
• Using COBIT 5 and its components

40
© 2011 ECC International
 COBIT  5  Implementa/on  (cont.)  

Source: COBIT® 5, figure 17. © 2012 ISACA® All rights reserved.

41
© 2011 ECC International
 Key challenges for IT

Management’s concerns How IT should response

How do responsible managers keep the

Dashboard
ship on course? • Benchmarking of IT Processes using
maturity model
How can the enterprise achieve results
that are satisfactory for the largest
possible segment of the stakeholders? Scorecards • Goals & metrics helps to define
outcome and manage performance
How can the enterprise be adapted in a
timely manner to trends and development • Activity goals enable the control of IT
in the enterprise’s environment? Benchmarking
processes

42
© 2011 ECC International
 QUESTIONS AND DISCUSSIONS

© 2011 ECC International

 Best Wishes and Thank You

Copyright © 2013 by TechnoMetric Consultancy Services

All rights reserved. No part of this material may be reproduced,

or transmitted in any form, by any means (electronic,
photocopying, recording or otherwise) without the prior written
permission of TechnoMetric Consultancy Services.

44
© 2011 ECC International