Evaluate, Direct and Monitor

Process Attributes
Level 1 to 5
EDM05 Ensure
Stakeholder
Transparency

Monitor,
Evaluate
and Assess

Align, Plan & Organise...

APO13 Manage
Security

BAI08 Manage
Knowledge

BAI09 Manage
Assets

BAI010 Manage
Configuration

BAI04 Manage
Availability
and Capacity

BAI05 Manage
Organizational
Change
Enablement

BAI06 Manage
Changes

MEA02 Monitor,
Evaluate and Assess
the System of Internal
Control

DSS03 Manage
Problems

DSS04 Manage
Continuity

DSS05 Manage
Security
Services

MEA03 Monitor,
Evaluate and Assess
Compliance With
External Requirements

DSS06 Manage
Business
Process Controls

Cascade to

5. Seperating
Governance
from
Management

Key Areas

Governance & Management

Governance Objective: Value Creation

Principles, policies and

frameworks are the
vehicle to translate the
desired behaviour into
practical guidance for
day-to-day management.

Management Feedback

Monitor

4. Enabling a
Holistic
Approach

5. Information

Build
(BAI)

Run
(DSS)

7. People,
Skills and
Competencies

People, skills and

competencies are
linked to people
and are required for
successful completion
of all activities and
for making correct
decisions and taking
corrective actions.

Existing ISACA
Guidance
(COBIT,Val IT,
Risk IT, BMIS...)

Stakeholders

Goals

Life Cycle

Good Practices

Internal
Stakeholders
External
Stakeholders

Intrinsic Quality
Contextual Quality
(Relevance,
Effectiveness)
Accessibility and
Security

Plan
Design
Build/Acquire/
Create/Implement
Use/Operate
Evaluate/Monitor
Update/Dispose

Practices
Work Products
(Inputs/Outputs)

Principles
and Policies

Culture,
Ethics,
Behaviour

Roles, Activities and Relationships

Organizational
Structures

Information

Delegate

Owners and
Stakeholders

Set Direction

Governing
Body

Accountable

Management
Monitor

Instruct and
Align
Report

COBIT 5 Product Family

Are Stakeholders
Needs Addressed?

Are Enabler
Goals Achieved?

Are Good Practices

Applied?

COBIT 5 Professional Guides

COBIT 5 Online
Collaborative
Environment

Metrics for Application of Practice

(Lead Indicators)

tain

COBIT 5
te
era e
Op d us
an

COBIT 5 Enabler Guides

COBIT 5:
Enabling Processes

COBIT 5:
Enabling Information

Other Enabler
Guides

COBIT 5 Implementation

COBIT 5
for Information
Security

COBIT 5
for Assurance

COBIT 5
for Risk

pro

Implementation
Life Cycle

gram

me

Esta

blis
to c h desir
e
han
ge

Reco
r
gn
nito
need ise
Mo nd
to
a
luate act
eva

Identify role
players

COBIT 5 Professional Guides

Management plans, builds, runs and monitors activities in alignment with the direction set
by the governance body to achieve the enterprise objectives

iate

Sus

Product Family
Governance ensures that stakeholder needs, conditions and options are evaluated to
determine balanced, agreed-on enterprise objectives to be achieved; setting direction
through prioritization and decision making; monitoring performance, compliance and
progress against agreed direction and objectives.

Init

iew s
Rev enes
ctiv
effe

se be
nefits

Metrics for Achievement of Goals

(Lag Indicators)

Is Life Cycle
Managed?

nd
ms a
roble
ne p tunities
r
oppo

Enabler Performance
Management

Single
Integrated
Framework

COBIT 5 Enabler Guides

Programme management
(outer ring)
Change enablement
(middle ring)
Continual improvement life cycle
(inner ring)

Other Professional
Guides

Plan programme

COBIT 5 Online Collaborative Environment

Transform

Knowledge

Create

proven experience proven tactics proven success

Operations
and
Execution

Content Filter
for Knowledge Base

pla

Value

Relevancy
Completeness
Appropriateness
Conciseness
Consistency
Understandability
Ease of Manipulation

Skills and
Competencies

te

Information

- Current Guidance and Contents

- Structure for Future Contents

Processes

Service
Capabilities

u
ec
Ex

Transform

Information
Cycle

COBIT 5 Knowledge Base

Contextual Goals

IT Processes

Data

COBIT 5
Enablers

Enablers provide
structure to the
COBIT 5
knowledge base

Defi

Drive

Governance
Scope

Form tation
men
imple team

Business Process

Resource
Optimization

Roles, Activities and Relationships

Other
Standards
and
Frameworks

New ISACA
Guidance
Materials

Assess
t
curren
state

Generate and Process

Risk
Optimization

Enablers: Generic

COBIT 5

Services, infrastructure and applications include

the infrastructure, technology and applications
that provide the enterprise with information
technology processes and services.

3. Applying a
Single
Integrated
Framework

Governance
Enablers

Resources

Information is pervasive throughout any organization

and includes all information produced and used by
the enterprise. Information is required for keeping
the organization running and well governed, but at the
operational level, information is very often the key
product of the enterprise itself.

Benefits
Realization

Monitor
(MEA)

4. Culture, Ethics
and Behaviour

1. Principles, Policies and Frameworks

6. Services,
Infrastructure
and Applications

Plan
(APO)

Enabler Dimension

3. Organizational
Structures

2. Processes

COBIT 5
Principles

Reali

Enablers

Enabler Goals

Evaluate

Management

Organizational structures
are the key decision-making
entities in an enterprise.

2. Covering the
Enterprise
End-to-end

Governance

Processes for Management of Enterprise IT

Culture, ethics and

behaviour of individuals
and of the enterprise are
very often underestimated
as a success factor
in governance and
management activities.

IT-related Goals

MEA Monitor, Evaluate & Assess

Direct

A process describes an
organized set of practices and
activities to achieve certain
objectives and produce a set of
outputs in support of achieving
overall IT-related goals.

Cascade to

1. Meeting
Stakeholder
Needs

DSS Deliver, Service and

Support

COBIT 5 Processes

Business Needs

Deliver, Service & Support

DSS02 Manage
Service Requests
and Incidents

COBIT 5
Principles

BAI - Build, Acquire and Implement

BAI07 Manage
Change
Acceptance and
Transitioning

Resource
Optimisation

ap

BAI03 Manage
Solutions
Identification
and Build

Risk
Optimisation

Enterprise Goals

APO Align Plan and Organize

BAI02 Manage
Requirements
Definition

Risk
Optimisation

Process Dimension

EDM Evaluate, Direct,

Monitor

BAI01 Manage
Programmes and
Projects

Resource
Optimisation

Cascade to

Build, Acquire & Implement...

DSS01 Manage
Operations

Benefits
Realisation

BP : Base practices (Level 1)

WP : Work products (Level 1)

dm

APO12 Manage
Risk

MEA01 Monitor,
Evaluate and Assess
Performance and
Conformance

Level 0

Benefits
Realisation

ro
a

APO11 Manage
Quality

APO07 Manage
Human Resources

Stakeholder Needs

Governance Objectives:Value Creation

Process Performance Indicators

ne

APO10 Manage
Suppliers

APO06 Manage
Budget and Costs

Level 1

Influence

De
fi

APO09 Manage
Service
Agreements

APO05 Manage
Portfolio

Level 2

m
ou mun
tco ica
me te

APO08 Manage
Relationships

APO04 Manage
Innovation

Level 3

Stakeholder Drivers
(Environment, Technology Evolution, ...)

De
tar fine
sta get
te

APO02 Manage
Strategy

APO03 Manage
Enterprise
Architecture

Level 4

Stakeholder
Needs

COBIT 5 PCAIs
GP : Generic Practice (Levels 2 to 5 only)
GR : Generic Resource (Not defined)
GWP : Generic Work Product (Levels 2 to 5 only)

Co

APO01 Manage
the IT Management
Framework

PA5.2 Continuous optimization

PA5.1 Process innovation
PA4.2 Process control
PA4.1 Process measurement
PA3.2 Process deployment
PA3.1 Process definition
PA2.2 Performance management
PA2.1 Work product management
PA1.1 Process performance

Level 5

Oper
ate
and
mea
sure

EDM04 Ensure
Resource
Optimization

EDM03 Ensure
Risk Optimization

Goals
Cascade

Process Capability Attribute Indicators (PCAIs)

Level 1 to 5

Embed
appro new
aches

EDM02 Ensure
Benefits Delivery

Capability Dimension

EDM01 Ensure
Governance
Framework Setting
and Maintenance

Value Creation

Process Assessment Model

Process Reference Model (PRM)

Drive

Processes for Governance of Enterprise IT

Copyright 2014 by Service Management Art Inc. All rights reserved.

These materials include COBIT 5 & 4.1, which is used with the permission of ISACA. 1996-2012 ITGI.
COBIT is a registered trademark of the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI).
NOT FOR RESALE, Version 2.4

5
IT n
B io
O it
C Ed

COBIT 5 Foundation Overview

For more information:

Call: Toll Free 1 866 616 4195
Email: Info@ServiceManagementArt.com

COBIT 5 Goals Cascade

Financial

Internal

Customer

Financial

IT-related Goal

Customer

01

Alignment of IT and business

strategy

02

IT compliance and support for

business compliance with external
laws and regulations

03

Commitment of executive
management for making IT-related
decisions

04

Managed IT-related business risk

05

Realized benefits from IT-enabled

investments of services portfolio

06

Transparency of IT costs, benefits

and risk

07

Delivery of IT services in line with

business requirements

08

Adequate use of applications,

information and technology
solutions

09

IT agility

10

Security and information,

processing infrastructure and
applications

11

Optimization of IT assets,
resources and capabilities

12

Enablement and support of

business processes by integrating
applications and technology into
business processes

13

Delivery of programmes delivering

benefits, on time, on budget, and
meeting requirements and quality
standards

14

Availability of reliable and useful

information for decision making

15

IT compliance with internal

policies

16

Competent and motivated

business and
IT personnel

17

Knowledge, expertise and

initiatives for business innovation

S
S

S
S

P
S

S
S

S
S

S
P

P
P

S
P

Learning
and
Growth

Internal

S
S

P
P

P
S

S
S

P
P

P
P

Manage Continuity

Manage Security Services

Manage Business Process Controls

Monitor, Evaluate and Assess Performance and

Conformance

Monitor, Evaluate and Assess the System on Internal

Controls

Monitor, Evaluate and Assess Compliance with

External Requirements

DSS04

DSS05

DSS06

MEA01

MEA02

MEA03

S
P

S
S

Mange Problems

Manage Operations
DSS01

DSS03

Manage Configuration
BAI10

S
S

Manage Service Requests and Incidents

Manage Assets
BAI09

DSS02

Manage Knowledge
BAI08

P
S

Manage Change Acceptance and Transitioning

Manage Requirements Definition

BAI02

BAI07

Manage Programmes and Projects

BAI01

Manage Changes

Manage Security
APO13

BAI06

Manage Risk
APO12

Manage Organizational Change Enablement

Manage Quality
APO11

S
S

Monitor,
Evaluate and
Assess

Deliver, Service and

Support

Build, Acquire and Implement

BAI05

Manage Suppliers
APO10

Manage Availability and Capacity

Manage Service Agreements

APO09

BAI04

Manage Relationships
APO08

Manage Solutions Identification and Build

Manage Human Resources

APO07

S
P

BAI03

Manager Budgets and Costs

Align, Plan and Organize

Evaluate, Direct and

Monitor

APO06

17

Manage Portfolio

16

APO05

15

Manage Innovation

Product and business innovation culture

14

APO04

Skilled and motivated people

13

Manage Enterprise Architecture

Compliance with internal policies

12

APO03

Operational and staff productivity

11

Manage Strategy

Managed business change programmes

10

APO02

Optimization of business process costs

Manage the IT Management Framework

Optimization of business process functionality

APO01

Optimization of service delivery costs

Ensure Stakeholder Transparency

Information-based strategic decision making

EDM05

Agile responses to a changing business environment

Ensure Resource Optimization

Business service continuity and availability

EDM04

Customer-oriented service culture

Ensure Risk Optimization

Financial transparency

EDM03

Compliance with external laws and regulations

Process Goals

Ensure Benefits Delivery

Managed business risk (safeguarding of assets)

Secondary
Relationship

Cascade to

EDM02

Portfolio of competitive products and services

IT-related Goals

Ensure Governance Framework Setting and

Maintenance

Primary
Relationship

Cascade to

EDM01

Enterprise Goals

Learning and
Growth

COBIT 5 Processes

Stakeholder value of business investments

Enterprise Goal

S
S