Document Purpose

The purpose of this document is to bring together various existing mappings related
to COBIT 5 in a hierarchical tree format, including:
1. Mapping of COBIT 5 Processes to IT Goals to Business Goals to IT Balanced Scorecard
2. Mapping COBIT 5 Processes to IT Goals (subset of information contained in item above)
3. Self-diagnostic Tool
The intent for the mappings of the COBIT 5 processes is that they will be incorporated into IT process
assessment guidance documents, which will enable practitioners to efficiently identify and focus on those
COBIT processes that may be higher priorities for their enterprises.

© ISACA 2013 All rights reserved.

 Scoping Process Steps

1. Identify relevant business drivers for the assessment of IT processes. On the basis of these business drivers, define the
objective of the assessment. The prioritisation and selection of one or more COBIT 5 processes for inclusion in the process
assessment should be based on the business drivers for the assessment. The following table provides some examples of
possible business drivers for completing an assessment of IT processes.

2. Identify and prioritise the enterprise’s IT processes that should be included within the scope of the assessment. Utilise the
business drivers and assessment objectives identified previously, along with, as appropriate, the COBIT 5 process mappings
contained in the scoping tool kit. For example, if the objective of the assessment is to assist IT management in identifying and
prioritising improvement initiatives related to one or more specified goals identified, the COBIT process mappings may be
useful to identify the processes most closely related to those IT goals.
3. Perform a preliminary scoping selection of target processes for inclusion in the assessment, based on the previous
prioritisation. Ensure that they will satisfy the identified business drivers and meet the objectives of the assessment.
4. Confirm the preliminary selection of target COBIT 5 processes with the project sponsor and key stakeholders of the
process assessment.
5. Finalise the COBIT 5 processes to be included in the assessment.
6. Document the scoping methodology in the assessment records.

NOTES ON USING THE TOOLS

There are three selection tool sets provided on separate worksheet tabs.
- Self-diagnostic tool to help an assessor and the sponsor manually decide, based on the criteria shown, which processes
should be assessed.
- IT-related Goals Hierarchy that links or maps the processes to the IT-related goals. This is a quick way to select in-scope
processes based on the specific IT-related goal(s) required. Click on the + sign to expand the goals and it brings you the
related IT processes analysed into Primary and Secondary categories.
- Enterprise Goals Hierarchy has been provided in the balanced scorecard format; the balanced scorecard domains are
linked to enterprise goals and enterprise goals are linked to the IT-related goals. The IT-related goals are colour-coded to
show Primary (dark blue) and Secondary (light blue). Each IT-related goal contains a hyperlink, which takes you to tab 2 in the
IT-related goals hierarchy when you click on the selected goal.
 Hierarchy of COBIT Processes to Achieve IT and Business Goals
Based on mapping in ISACA's COBIT process cabability assessment model
d

G)
ecar

l (ITR
l
Goa
Scor

G oa
rises
nced

lated
rp
Bala

Ente

IT-re

COBIT Process
Financial
1. Stakeholder value of business investments
ITRG 01 Alignment of IT and business strategy
ITRG 03 Commitment of executive management for making IT-related decisions
ITRG 05 Realised benefits from IT-enabled investments and services portfolio
ITRG 06 Transparency of IT costs, benefits and risk
ITRG 07 Delivery of IT services in line with business requirements
ITRG 08 Adequate use of applications, information and technology solutions
ITRG 09 IT agility
ITRG 11 Optimisation of IT assets, resources and capabilities
ITRG 12 Enablement and support of business processes by integrating applications and
technology into business processes

ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting

requirements and quality standards
ITRG 14 Availability of reliable and useful information for decision making

ITRG 16 Competent and motivated business and IT personnel

ITRG 17 Knowledge, expertise and initiatives for business innovation
2. Portfolio of competitive products and services
ITRG 01 Alignment of IT and business strategy
 ITRG 03 Commitment of executive management for making IT-related decisions
ITRG 05 Realised benefits from IT-enabled investments and services portfolio
ITRG 07 Delivery of IT services in line with business requirements
ITRG 08 Adequate use of applications, information and technology solutions
ITRG 09 IT agility
ITRG 11 Optimisation of IT assets, resources and capabilities
ITRG 12 Enablement and support of business processes by integrating applications and
technology into business processes
ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting
requirements and quality standards
ITRG 14 Availability of reliable and useful information for decision making

ITRG 16 Competent and motivated business and IT personnel

ITRG 17 Knowledge, expertise and initiatives for business innovation

3. Managed business risk (safeguarding of assets)

ITRG 01 Alignment of IT and business strategy
ITRG 04 Managed IT-related business risk
ITRG 06 Transparency of IT costs, benefits and risk
ITRG 07 Delivery of IT services in line with business requirements
ITRG 08 Adequate use of applications, information and technology solutions
ITRG 09 IT agility
ITRG 10 Security of information, processing infrastructure and applications
ITRG 12 Enablement and support of business processes by integrating applications and
technology into business processes
ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting
requirements and quality standards

ITRG 14 Availability of reliable and useful information for decision making

ITRG 15 IT compliance with internal policies

ITRG 16 Competent and motivated business and IT personnel
4. Compliance with external laws and regulations
 ITRG 02 IT compliance and support for business compliance with external laws and
regulations
ITRG 04 Managed IT-related business risk
ITRG 07 Delivery of IT services in line with business requirements
ITRG 10 Security of information, processing infrastructure and applications
ITRG 14 Availability of reliable and useful information for decision making
ITRG 15 IT compliance with internal policies
5. Financial transparency
ITRG 06 Transparency of IT costs, benefits and risk
Customer
6. Customer-oriented service culture
ITRG 01 Alignment of IT and business strategy
ITRG 05 Realised benefits from IT-enabled investments and services portfolio
ITRG 07 Delivery of IT services in line with business requirements
ITRG 08 Adequate use of applications, information and technology solutions
ITRG 09 IT agility
ITRG 12 Enablement and support of business processes by integrating applications and
technology into business processes
ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting
requirements and quality standards
ITRG 16 Competent and motivated business and IT personnel
ITRG 17 Knowledge, expertise and initiatives for business innovation
7. Business service continuity and availability
ITRG 01 Alignment of IT and business strategy
ITRG 04 Managed IT-related business risk
ITRG 07 Delivery of IT services in line with business requirements
ITRG 08 Adequate use of applications, information and technology solutions
ITRG 10 Security of information, processing infrastructure and applications
ITRG 14 Availability of reliable and useful information for decision making
8. Agile responses to a changing business environment
ITRG 01 Alignment of IT and business strategy
ITRG 03 Commitment of executive management for making IT-related decisions
ITRG 04 Managed IT-related business risk
 ITRG 05 Realised benefits from IT-enabled investments and services portfolio
ITRG 07 Delivery of IT services in line with business requirements
ITRG 09 IT agility
ITRG 11 Optimisation of IT assets, resources and capabilities
ITRG 12 Enablement and support of business processes by integrating applications and
technology into business processes
ITRG 16 Competent and motivated business and IT personnel
9. Information-based strategic decision making
ITRG 01 Alignment of IT and business strategy
ITRG 03 Commitment of executive management for making IT-related decisions
ITRG 06 Transparency of IT costs, benefits and risk
ITRG 07 Delivery of IT services in line with business requirements
ITRG 08 Adequate use of applications, information and technology solutions
ITRG 14 Availability of reliable and useful information for decision making
ITRG 17 Knowledge, expertise and initiatives for business innovation
10. Optimisation of service delivery costs
ITRG 01 Alignment of IT and business strategy
ITRG 05 Realised benefits from IT-enabled investments and services portfolio
ITRG 06 Transparency of IT costs, benefits and risk
ITRG 08 Adequate use of applications, information and technology solutions
ITRG 11 Optimisation of IT assets, resources and capabilities
ITRG 12 Enablement and support of business processes by integrating applications and
technology into business processes
ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting
requirements and quality standards
Internal
11. Optimisation of business process functionality
ITRG 01 Alignment of IT and business strategy
ITRG 03 Commitment of executive management for making IT-related decisions
ITRG 07 Delivery of IT services in line with business requirements
ITRG 08 Adequate use of applications, information and technology solutions
ITRG 09 IT agility
ITRG 11 Optimisation of IT assets, resources and capabilities
 ITRG 12 Enablement and support of business processes by integrating applications and
technology into business processes
ITRG 14 Availability of reliable and useful information for decision making
ITRG 17 Knowledge, expertise and initiatives for business innovation
12. Optimisation of business process costs
ITRG 01 Alignment of IT and business strategy
ITRG 05 Realised benefits from IT-enabled investments and services portfolio
ITRG 06 Transparency of IT costs, benefits and risk
ITRG 07 Delivery of IT services in line with business requirements
ITRG 08 Adequate use of applications, information and technology solutions
ITRG 11 Optimisation of IT assets, resources and capabilities
ITRG 12 Enablement and support of business processes by integrating applications and
technology into business processes
ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting
requirements and quality standards
13. Managed business change programmes
ITRG 01 Alignment of IT and business strategy
ITRG 03 Commitment of executive management for making IT-related decisions
ITRG 04 Managed IT-related business risk
ITRG 07 Delivery of IT services in line with business requirements
ITRG 09 IT agility
ITRG 11 Optimisation of IT assets, resources and capabilities
ITRG 12 Enablement and support of business processes by integrating applications and
technology into business processes
ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting
requirements and quality standards
ITRG 17 Knowledge, expertise and initiatives for business innovation
14. Operational and staff productivity
ITRG 05 Realised benefits from IT-enabled investments and services portfolio
ITRG 08 Adequate use of applications, information and technology solutions
ITRG 09 IT agility
ITRG 11 Optimisation of IT assets, resources and capabilities
 ITRG 12 Enablement and support of business processes by integrating applications and
technology into business processes
ITRG 16 Competent and motivated business and IT personnel

15. Compliance with internal policies

ITRG 02 IT compliance and support for business compliance with external laws and
regulations
ITRG 04 Managed IT-related business risk
ITRG 10 Security of information, processing infrastructure and applications
ITRG 15 IT compliance with internal policies
Learning
16. Skilled and motivated people
ITRG 01 Alignment of IT and business strategy
ITRG 03 Commitment of executive management for making IT-related decisions
ITRG 04 Managed IT-related business risk
ITRG 07 Delivery of IT services in line with business requirements
ITRG 08 Adequate use of applications, information and technology solutions
ITRG 09 IT agility
ITRG 16 Competent and motivated business and IT personnel
ITRG 17 Knowledge, expertise and initiatives for business innovation
17. Product and business innovation culture
ITRG 05 Realised benefits from IT-enabled investments and services portfolio
ITRG 07 Delivery of IT services in line with business requirements
ITRG 08 Adequate use of applications, information and technology solutions
ITRG 09 IT agility
ITRG 11 Optimisation of IT assets, resources and capabilities
ITRG 12 Enablement and support of business processes by integrating applications and
technology into business processes
ITRG 16 Competent and motivated business and IT personnel
ITRG 17 Knowledge, expertise and initiatives for business innovation
Number of Number of
Enterprise IT-related
Goals Goals
5 44
1 13
1
1
1
1
1
1
1
1

1
1
1
1 12
1
 1
1
1
1
1
1

1
1 12
1
1
1
1
1
1
1

1
1
1
1 6
 1
1
1
1
1
1
1 1
1
5 37
1 9
1
1
1
1
1

1
1
1
1 4
1
1
1
1
1
1
1 9
1
1
1
 1
1
1
1

1
1
1 7
1
1
1
1
1
1
1
1 7
1
1
1
1
1

1
5 30
1 9
1
1
1
1
1
1
 1
1
1
1 3
1
1
1
1
1
1

1
1 5
1
1
1
1
1
1

1
1
1 4
1
1
1
1
 1
1
1 2

1
1
1
1
2 13
1 6
1
1
1
1
1
1
1
1
1 6
1
1
1
1
1

1
1
1
 Hierarchy of COBIT Processes to Achieve IT-related and Enterprise Goals
Based on mapping in ISACA's COBIT 5: Enabling Processes, Appendix C
Goa d
te

COBIT Processes
ls
rela
IT-

ITRG 01 Alignment of IT and business strategy

EDM01 Ensure Governance Framework Setting and Maintenance
EDM02 Ensure Benefits Delivery
EDM03 Ensure Risk Optimisation
EDM04 Ensure Resource Optimisation
EDM05 Ensure Stakeholder Transparency
APO01 Manage the IT Management Framework
APO02 Manage Strategy
APO03 Manage Enterprise Architecture
APO04 Manage Innovation
APO05 Manage Portfolio
APO06 Manage Budget and Costs
APO07 Manage Human Resources
APO08 Manage Relationships
APO09 Manage Service Agreements
APO11 Manage Quality
BAI01 Manage Programmes and Projects
BAI02 Manage Requirements Definition
BAI03 Manage Solutions Identification and Build
BAI05 Manage Organisational Change Enablement
BAI08 Manage Knowledge
DSS04 Manage Continuity
DSS05 Manage Security Services
MEA01 Monitor, Evaluate and Assess Performance and Conformance
ITRG 02 IT compliance and support for business compliance with external laws and
regulations
EDM01 Ensure Governance Framework setting and Maintenance
EDM03 Ensure Risk Optimisation
EDM05 Ensure Stakeholder Transparency
APO01 Manage the IT Management Framework
APO07 Manage Human Resources
APO10 Manage Supplies
APO11 Manage Quality
APO12 Manage Risk
APO13 Manage Security
BAI02 Manage Requirements Definition
BAI09 Manage Assets
BAI10 Manage Configuration
DSS01 Manage Operations
DSS03 Manage Problems
DSS04 Manage Continuity
DSS05 Manage Security Services
DSS06 Manage Business Process Controls
MEA01 Monitor, Evaluate and Assess Performance and Conformance
MEA02 Monitor, Evaluate and Assess the System of Internal Control
 MEA03 Monitor, Evaluate and Assess Compliance with External Requirements
ITRG 03 Commitment of executive management for making IT-related decisions
EDM01 Ensure Governance Framework Setting and Maintenance
EDM02 Ensure Benefits Delivery
EDM03 Ensure Risk Optimisation
EDM04 Ensure Resource Optimisation
EDM05 Ensure Stakeholder Transparency
APO01 Manage the IT Management Framework
APO02 Manage Strategy
APO03 Manage Enterprise Architecture
APO05 Manage Portfolio
APO06 Manage Budget and Costs
APO07 Manage Human Resources
APO08 Manage Relationships
BAI01 Manage Programmes and Projects
BAI02 Manage Requirements Definition
BAI05 Manage Organisational Change Enablement
BAI06 Manage Changes
MEA01 Monitor, Evaluate and Assess Performance and Conformance
ITRG 04 Managed IT-related business risk
EDM01 Ensure Governance Framework Setting and Maintenance
EDM03 Ensure Risk Optimisation
EDM04 Ensure Resource Optimisation
APO01 Manage the IT Management Framework
APO02 Manage Strategy
APO03 Manage Enterprise Architecture
APO04 Manage Innovation
APO05 Manage Portfolio
APO06 Manage Budget and Costs
APO07 Manage Human Resources
APO08 Manage Relationships
APO09 Manage Service Agreements
APO10 Manage Supplies
APO11 Manage Quality
APO12 Manage Risk
APO13 Manage Security
BAI01 Manage Programmes and Projects
BAI02 Manage Requirements Definition
BAI03 Manage Solutions Identification and Build
BAI04 Manage Availability and Capacity
BAI06 Manage Changes
BAI07 Manage Change Acceptance and Transitioning
BAI09 Manage Assets
BAI10 Manage Configuration
DSS01 Manage Operations
DSS02 Manage Service Requests and Incidents
DSS03 Manage Problems
DSS04 Manage Continuity
DSS05 Manage Security Services
DSS06 Manage Business Process Controls
MEA01 Monitor, Evaluate and Assess Performance and Conformance
MEA02 Monitor, Evaluate and Assess the System of Internal Control
MEA03 Monitor, Evaluate and Assess Compliance with External Requirements
ITRG 05 Realised benefits from IT-enabled investments and services portfolio
EDM01 Ensure Governance Framework Setting and Maintenance
EDM02 Ensure Benefits Delivery
EDM04 Ensure Resource Optimisation
APO02 Manage Strategy
APO03 Manage Enterprise Architecture
APO04 Manage Innovation
APO05 Manage Portfolio
APO06 Manage Budget and Costs
APO08 Manage Relationships
APO09 Manage Service Agreements
APO10 Manage Supplies
APO11 Manage Quality
BAI01 Manage Programmes and Projects
BAI02 Manage Requirements Definition
BAI03 Manage Solutions Identification and Build
BAI04 Manage Availability and Capacity
BAI06 Manage Changes
BAI07 Manage Change Acceptance and Transitioning
BAI08 Manage Knowledge
DSS01 Manage Operations
DSS03 Manage Problems
DSS04 Manage Continuity
MEA01 Monitor, Evaluate and Assess Performance and Conformance
MEA03 Monitor, Evaluate and Assess Compliance with External Requirements
ITRG 06 Transparency of IT costs, benefits and risk
EDM01 Ensure Governance Framework Setting and Maintenance
EDM02 Ensure Benefits Delivery
EDM03 Ensure Risk Optimisation
EDM04 Ensure Resource Optimisation
EDM05 Ensure Stakeholder Transparency
APO03 Manage Enterprise Architecture
APO05 Manage Portfolio
APO06 Manage Budget and Costs
APO08 Manage Relationships
APO09 Manage Service Agreements
APO10 Manage Supplies
APO12 Manage Risk
APO13 Manage Security
BAI01 Manage Programmes and Projects
BAI09 Manage Assets
BAI10 Manage Configuration
MEA01 Monitor, Evaluate and Assess Performance and Conformance
MEA02 Monitor, Evaluate and Assess the System of Internal Control
ITRG 07 Delivery of IT services in line with business requirements
EDM01 Ensure Governance Framework Setting and Maintenance
EDM02 Ensure Benefits Delivery
EDM03 Ensure Risk Optimisation
EDM04 Ensure Resource Optimisation
EDM05 Ensure Stakeholder Transparency
APO01 Manage the IT Management Framework
APO02 Manage Strategy
APO03 Manage Enterprise Architecture
APO05 Manage Portfolio
APO06 Manage Budget and Costs
APO07 Manage Human Resources
APO08 Manage Relationships
APO09 Manage Service Agreements
APO10 Manage Supplies
APO11 Manage Quality
APO12 Manage Risk
APO13 Manage Security
BAI01 Manage Programmes and Projects
BAI02 Manage Requirements Definition
BAI03 Manage Solutions Identification and Build
BAI04 Manage Availability and Capacity
BAI06 Manage Changes
BAI07 Manage Change Acceptance and Transitioning
BAI08 Manage Knowledge
BAI09 Manage Assets
DSS01 Manage Operations
DSS02 Manage Service Requests and Incidents
DSS03 Manage Problems
DSS04 Manage Continuity
DSS05 Manage Security Services
DSS06 Manage Business Process Controls
MEA01 Monitor, Evaluate and Assess Performance and Conformance
MEA02 Monitor, Evaluate and Assess the System of Internal Control
MEA03 Monitor, Evaluate and Assess Compliance with External Requirements
ITRG 08 Adequate use of applications, information and technology solutions
EDM02 Ensure Benefits Delivery
EDM03 Ensure Risk Optimisation
EDM04 Ensure Resource Optimisation
APO02 Manage Strategy
APO03 Manage Enterprise Architecture
APO04 Manage Innovation
APO05 Manage Portfolio
APO06 Manage Budget and Costs
APO08 Manage Relationships
APO09 Manage Service Agreements
APO10 Manage Supplies
APO11 Manage Quality
APO12 Manage Risk
APO13 Manage Security
BAI01 Manage Programmes and Projects
BAI02 Manage Requirements Definition
BAI03 Manage Solutions Identification and Build
BAI04 Manage Availability and Capacity
BAI05 Manage Organisational Change Enablement
BAI06 Manage Changes
BAI07 Manage Change Acceptance and Transitioning
BAI08 Manage Knowledge
BAI10 Manage Configuration
DSS01 Manage Operations
DSS02 Manage Service Requests and Incidents
DSS03 Manage Problems
DSS04 Manage Continuity
DSS05 Manage Security Services
DSS06 Manage Business Process Controls
MEA01 Monitor, Evaluate and Assess Performance and conformance
MEA02 Monitor, Evaluate and Assess the System of Internal Control
ITRG 09 IT agility
EDM01 Ensure Governance Framework Setting and Maintenance
EDM04 Ensure Resource Optimisation
APO01 Manage the IT Management Framework
APO02 Manage Strategy
APO03 Manage Enterprise Architecture
APO04 Manage Innovation
APO05 Manage Portfolio
APO07 Manage Human Resources
APO09 Manage Service Agreements
APO10 Manage Supplies
APO11 Manage Quality
APO12 Manage Risk
BAI02 Manage Requirements Definition
BAI04 Manage Availability and Capacity
BAI05 Manage Organisational Change Enablement
BAI06 Manage Changes
BAI07 Manage Change Acceptance and Transitioning
BAI08 Manage Knowledge
BAI09 Manage Assets
BAI10 Manage Configuration
DSS01 Manage Operations
DSS03 Manage Problems
DSS04 Manage Continuity
MEA01 Monitor, Evaluate and Assess Performance and Conformance
ITRG 10 Security of information, processing infrastructure and applications
EDM01 Ensure Governance Framework Setting and Maintenance
EDM03 Ensure Risk Optimisation
APO01 Manage the IT Management Framework
APO03 Manage Enterprise Architecture
APO07 Manage Human Resources
APO09 Manage Service Agreements
APO10 Manage Supplies
APO12 Manage Risk
APO13 Manage Security
BAI02 Manage Requirements Definition
BAI06 Manage Changes
BAI08 Manage Knowledge
BAI09 Manage Assets
BAI10 Manage Configuration
DSS01 Manage Operations
DSS02 Manage Service Requests and Incidents
DSS04 Manage Continuity
DSS06 Manage Business Process Controls
MEA01 Monitor, Evaluate and Assess Performance and Conformance
MEA02 Monitor, Evaluate and Assess the System of Internal Control
MEA03 Monitor, Evaluate and Assess Compliance with External Requirements
ITRG 11 Optimisation of IT assets, resources and capabilities
EDM01 Ensure Governance Framework setting and Maintenance
EDM02 Ensure Benefits Delivery
EDM04 Ensure Resource Optimisation
APO01 Manage the IT Management Framework
APO02 Manage Strategy
APO03 Manage Enterprise Architecture
APO04 Manage Innovation
APO05 Manage Portfolio
APO06 Manage Budget and Costs
APO07 Manage Human Resources
APO08 Manage Relationships
APO09 Manage Service Agreements
APO10 Manage Supplies
APO11 Manage Quality
BAI01 Manage Programmes and Projects
BAI02 Manage Requirements Definition
BAI03 Manage Solutions Identification and Build
BAI04 Manage Availability and Capacity
BAI05 Manage Organisational Change Enablement
BAI06 Manage Changes
BAI08 Manage Knowledge
BAI09 Manage Assets
BAI10 Manage Configuration
DSS01 Manage Operations
DSS03 Manage Problems
DSS04 Manage Continuity
DSS05 Manage Security Services
DSS06 Manage Business Process Controls
MEA01 Monitor, Evaluate and Assess Performance and Conformance
ITRG 12 Enablement and support of business processes by integrating applications and
technology into business processes
EDM01 Ensure Governance Framework Setting and Maintenance
EDM02 Ensure Benefits Delivery
APO01 Manage the IT Management Framework
APO02 Manage Strategy
APO03 Manage Enterprise Architecture
APO04 Manage Innovation
APO08 Manage Relationships
BAI02 Manage Requirements Definition
BAI03 Manage Solutions Identification and Build
BAI05 Manage Organisational Change Enablement
BAI06 Manage Changes
BAI07 Manage Change Acceptance and Transitioning
DSS03 Manage Problems
DSS04 Manage Continuity
DSS05 Manage Security Services
DSS06 Manage Business Process Controls
ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting
requirements and quality standards
EDM01 Ensure Governance Framework setting and Maintenance
EDM02 Ensure Benefits Delivery
EDM03 Ensure Risk Optimisation
EDM04 Ensure Resource Optimisation
EDM05 Ensure Stakeholder Transparency
APO01 Manage the IT Management Framework
APO02 Manage Strategy
APO05 Manage Portfolio
APO06 Manage Budget and Costs
APO07 Manage Human Resources
APO08 Manage Relationships
APO09 Manage Service Agreements
APO10 Manage Supplies
APO11 Manage Quality
APO12 Manage Risk
BAI01 Manage Programmes and Projects
BAI02 Manage Requirements Definition
BAI03 Manage Solutions Identification and Build
BAI04 Manage Availability and Capacity
BAI05 Manage Organisational Change Enablement
BAI06 Manage Changes
BAI07 Manage Change Acceptance and Transitioning
MEA01 Monitor, Evaluate and Assess Performance and Conformance
ITRG 14 Availability of reliable and useful information for decision making
EDM01 Ensure Governance Framework Setting and Maintenance
EDM02 Ensure Benefits Delivery
EDM03 Ensure Risk Optimisation
EDM05 Ensure Stakeholder Transparency
APO01 Manage the IT Management Framework
APO02 Manage Strategy
APO03 Manage Enterprise Architecture
APO04 Manage Innovation
APO09 Manage Service Agreements
APO10 Manage Supplies
APO11 Manage Quality
APO12 Manage Risk
APO13 Manage Security
BAI02 Manage Requirements Definition
BAI03 Manage Solutions Identification and Build
BAI04 Manage Availability and Capacity
BAI06 Manage Changes
BAI07 Manage Change Acceptance and Transitioning
BAI08 Manage Knowledge
BAI09 Manage Assets
BAI10 Manage Configuration
DSS01 Manage Operations
DSS02 Manage Service Requests and Incidents
DSS03 Manage Problems
DSS04 Manage Continuity
DSS05 Manage Security Services
DSS06 Manage Business Process Controls
MEA01 Monitor, Evaluate and Assess Performance and Conformance
MEA02 Monitor, Evaluate and Assess the System of Internal Control
ITRG 15 IT compliance with internal policies
EDM01 Ensure Governance Framework Setting and Maintenance
EDM03 Ensure Risk Optimisation
EDM05 Ensure Stakeholder Transparency
APO01 Manage the IT Management Framework
APO02 Manage Strategy
APO07 Manage Human Resources
APO08 Manage Relationships
APO09 Manage Service Agreements
APO10 Manage Supplies
APO11 Manage Quality
APO12 Manage Risk
BAI06 Manage Changes
BAI07 Manage Change Acceptance and Transitioning
BAI09 Manage Assets
BAI10 Manage Configuration
DSS01 Manage Operations
DSS02 Manage Service Requests and Incidents
DSS03 Manage Problems
DSS04 Manage Continuity
DSS05 Manage Security Services
DSS06 Manage Business Process Controls
MEA01 Monitor, Evaluate and Assess Performance and Conformance
MEA02 Monitor, Evaluate and Assess the System of Internal Control
MEA03 Monitor, Evaluate and Assess Compliance with External Requirements
ITRG 16 Competent and motivated business and IT personnel
EDM01 Ensure Governance Framework Setting and Maintenance
EDM02 Ensure Benefits Delivery
EDM03 Ensure Risk Optimisation
EDM04 Ensure Resource Optimisation
APO01 Manage the IT Management Framework
APO02 Manage Strategy
APO07 Manage Human Resources
APO08 Manage Relationships
APO11 Manage Quality
APO12 Manage Risk
BAI01 Manage Programmes and Projects
BAI08 Manage Knowledge
DSS01 Manage Operations
DSS04 Manage Continuity
DSS06 Manage Business Process Controls
MEA01 Monitor, Evaluate and Assess Performance and Conformance
ITRG 17 Knowledge, expertise and initiatives for business innovation
EDM01 Ensure Governance Framework Setting and Maintenance
EDM02 Ensure Benefits Delivery
EDM03 Ensure Risk Optimisation
EDM04 Ensure Resource Optimisation
EDM05 Ensure Stakeholder Transparency
APO01 Manage the IT Management Framework
APO02 Manage Strategy
APO03 Manage Enterprise Architecture
APO04 Manage Innovation
APO05 Manage Portfolio
APO07 Manage Human Resources
APO08 Manage Relationships
APO10 Manage Supplies
APO11 Manage Quality
APO12 Manage Risk
BAI01 Manage Programmes and Projects
BAI02 Manage Requirements Definition
BAI03 Manage Solutions Identification and Build
BAI04 Manage Availability and Capacity
BAI05 Manage Organisational Change Enablement
BAI06 Manage Changes
BAI07 Manage Change Acceptance and Transitioning
BAI08 Manage Knowledge
DSS01 Manage Operations
DSS02 Manage Service Requests and Incidents
DSS03 Manage Problems
DSS04 Manage Continuity
DSS06 Manage Business Process Controls
MEA01 Monitor, Evaluate and Assess Performance and Conformance
MEA02 Monitor, Evaluate and Assess the System of Internal Control
MEA03 Monitor, Evaluate and Assess Compliance with External Requirements
oals

Number of
Primary and Related
Secondary COBIT
Processes
23
P
P
S
S
S
P
P
P
S
P
S
P
P
S
S
P
P
S
S
S
S
S
S
20

S
S
S
P
S
S
S
P
P
S
S
P
S
S
S
P
S
S
P
P
17
P
S
S
S
P
S
S
S
S
S
S
S
S
S
S
S
S
 33
S
P
S
S
S
S
S
S
S
S
S
S
P
S
P
P
P
S
S
S
P
S
S
S
P
P
P
P
P
P
P
P
P
24
S
P
S
S
S
P
P
P
S
S
S
P
P
S
S
S
S
S
S
S
S
S
S
P
 18
S
P
P
S
P
S
S
P
S
S
S
P
P
S
P
S
S
S
34
P
P
S
S
P
S
P
S
S
S
S
P
P
P
P
S
S
S
P
P
P
P
S
S
S
P
P
P
P
S
P
P
S
S
 31
S
S
S
S
S
P
S
S
S
S
S
S
S
S
S
S
S
S
P
S
P
S
S
S
S
S
S
S
S
S
S
24
S
P
S
S
P
P
S
S
S
P
S
S
S
S
S
S
S
P
S
S
S
S
S
S
 21
S
P
S
S
S
S
S
P
P
S
P
S
S
S
S
S
S
S
S
S
S
29
S
S
P
P
S
P
P
S
S
P
S
S
S
S
S
S
S
P
S
S
S
P
P
P
P
S
S
S
P
 16

S
S
S
S
S
S
P
P
S
S
P
P
S
S
S
S
23

S
S
S
S
S
S
S
P
S
P
S
S
S
P
P
P
S
S
S
P
S
S
S
 29
S
S
S
S
S
S
S
S
P
S
S
S
P
S
S
P
S
S
P
S
P
S
S
P
P
S
S
S
S
24
S
P
S
P
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
P
P
S
 16
S
S
S
P
P
S
P
S
S
S
S
S
S
S
S
S
31
S
P
S
S
S
P
P
S
P
S
P
P
S
S
S
S
S
S
S
P
S
S
P
S
S
S
S
S
S
S
S
 COBIT 5 Processes
Importance = How important it is for the enterprise on a scale from 1 (not at all) to 5 (very)
Performance = How well it is done from 1 (do not know or badly) to 5 (very well)
Formality = Existence of a contract, an SLA or a clearly documented procedure (Yes, No or ?)
Audited = Yes, No or ?
Accountable = Name or ‘do not know’

Performance
Importance

Formality
Process ID Processes for Governance of Enterprise IT

Audited
Evaluate, Direct and Monitor
EDM01 Ensure Governance Framework Setting and Maintenance
EDM02 Ensure Benefits Delivery
EDM03 Ensure Risk Optimisation
EDM04 Ensure Resource Optimisation
EDM05 Ensure Stakeholder Transparency
Align, Plan and Organise
APO01 Manage the IT Management Framework
APO02 Manage Strategy
APO03 Manage Enterprise Architecture
APO04 Manage Innovation
APO05 Manage Portfolio
APO06 Manage Budget and Costs
APO07 Manage Human Resources
APO08 Manage Relationships
APO09 Manage Service Agreements
APO10 Manage Suppliers
APO11 Manage Quality
APO12 Manage Risk
APO13 Manage Security
Build, Acquire and Implement
BAI01 Manage Programmes and Projects
BAI02 Manage Requirements Definition
BAI03 Manage Solutions Identification and Build
BAI04 Manage Availability and Capacity
BAI05 Manage Organisational Change Enablement
BAI06 Manage Changes
BAI07 Manage Change Acceptance and Transitioning
BAI08 Manage Knowledge
BAI09 Manage Assets
BAI10 Manage Configuration
Deliver, Service and Support
DSS01 Manage Operations
DSS02 Manage Service Requests and Incidents
DSS03 Manage Problems
DSS04 Manage Continuity
DSS05 Manage Security Services
DSS06 Manage Business Process Controls
Monitor, Evaluate and Assess
MEA01 Monitor, Evaluate and Assess Performance and Conformance
MEA02 Monitor, Evaluate and Assess the System of Internal Control
MEA03 Monitor, Evaluate and Assess Compliance with External Requirements
Who is accountable?