COBIT 5 Product Family

COBIT 5
COBIT 5 Enabler Guides
COBIT 5: Enabling Processes COBIT 5: Enabling Information Other Enabler Guides

COBIT 5 Professional Guides

COBIT 5 Implementation COBIT 5 for Information Security COBIT 5 for Assurance COBIT 5 for Risk Other Professional Guides

COBIT 5 Online Collaborative Environment

Source: COBIT 5, figure 11

COBIT 5 Principles

1. Meeting Stakeholder Needs

5. Separating Governance From Management

2. Covering the Enterprise End-to-end

COBIT 5 Principles

4. Enabling a Holistic Approach

3. Applying a Single Integrated Framework

Source: COBIT 5, figure 2

3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA Phone: +1.847.253.1545 Fax: +1.847.253.1443 Email: info@isaca.org Web site: www.isaca.org
2012 ISACA. A
l l r I g h t S r e S e r v e d

. F

o r

u S A g e

g u I d e l I n e S

S e e

w w w

i s a c a

o r g

/coBiTu

s e

COBIT 5 Goals Cascade Overview

Stakeholder Drivers (Environment, Technology Evolution, )

Influence

Stakeholder Needs
Benefits Realisation Risk Optimisation Resource Optimisation Cascade to Appendix D Figure 5

Enterprise Goals
Cascade to

Appendix B

IT-related Goals
Cascade to

Figure 6

Appendix C

Enabler Goals
Source: COBIT 5, figure 4

2012 ISACA. A

l l

r I g h t S

r e S e r v e d

. F

o r

u S A g e

g u I d e l I n e S

S e e

w w w

i s a c a

o r g

/coBiTu

s e

Governance and Management in COBIT 5

Governance Objective: Value Creation Benefits Realisation Risk Optimisation Resource Optimisation

Governance Enablers

Governance Scope

Roles, Activities and Relationships

Source: COBIT 5, figure 8

Key Roles, Activities and Relationships

Roles, Activities and Relationships

Owners and Stakeholders
Delegate Accountable

Governing Body

Set Direction

Management
Monitor

Instruct and Align Report

Operations and Execution

Source: COBIT 5, figure 9

COBIT 5 Governance and Management Key Areas

Business Needs

Governance
Evaluate

Direct

Management Feedback

Monitor

Management
Plan (APO) Build (BAI) Run (DSS) Monitor (MEA)

Source: COBIT 5, figure 15 2012 ISACA. A

l l r I g h t S r e S e r v e d

. F

o r

u S A g e

g u I d e l I n e S

S e e

w w w

i s a c a

o r g

/coBiTu

s e

The Seven Phases of the Implementation Life Cycle

going? entum mom the p kee we viewness do Re

1 What a

7H

ow

e ctiv ffe e

Initiat e pr ogr am me
Establ is to ch h des ang ire e
Recog need nise act to

re th ed rive rs?

re?

n stai Su

2W

ms and probleities ine un Def opport

Realise ben efits

6 Did we get the

re we now? here a

Embed n approach ew es

r nito Mo and ate alu ev

Operate and measur e

ementation impl rm team Fo

Programme management
(outer ring)

ss Asseent curr te sta

Change enablement
(middle ring)

dm

th e

re ?

P la n p ro g ra m m e

4 W hat n eeds to be d one?

Source: COBIT 5, figure 17 and COBIT 5 Implementation, figure 6

Wh

Summary of the COBIT 5 Process Capability Model

Generic Process Capability Attributes

Performance Attribute (PA) 1.1 Process Performance
PA 2.1 Performance Management PA 2.2 Work Product Management PA 3.1 Process Definition PA 3.2 PA 4.1 Process Process Deployment Management PA 4.2 Process Control PA 5.1 Process Innovation PA 5.2 Process Optimisation

Incomplete Process

Performed Process

Managed Process

Established Process

ed

er

ow

De

ew

la

I d e n tif y r o l e pla ye rs

oa

er

fi n

ant

to b

e?

m Co o

ap

B u il d i m pro ve m e nts

m ut u ni co c a m e te

le m I m p o ve m r imp

fi rg n e ta e t te

e en n t ts

De

ta

Continual improvement life cycle (inner ring)

at er O p d us an

E xe
cu

COBIT 5 Process Assessment ModelPerformance Indicators Process Outcomes Base Practices (Management/ Governance Practices) Work Products (Inputs/ Outputs) Generic Practices

Source: COBIT 5, figure 19

2012 ISACA. A

5H
ow

te
ge

do
we

Predictable Process

Optimising Process

COBIT 5 Process Assessment ModelCapability Indicators

Generic Resources

Generic Work Products

l l

r I g h t S

r e S e r v e d

. F

o r

u S A g e

g u I d e l I n e S

S e e

w w w

i s a c a

o r g

/coBiTu

s e

COBIT 5 Enterprise Enablers

2. Processes

3. Organisational Structures

4. Culture, Ethics and Behaviour

1. Principles, Policies and Frameworks

5. Information

6. Services, Infrastructure and Applications

7. People, Skills and Competencies

Resources
Source: COBIT 5, figure 12

COBIT 5 Enablers: Generic

Enabler Dimension

Stakeholders
Internal Stakeholders External Stakeholders

Goals
Intrinsic Quality Contextual Quality (Relevance, Effectiveness) Accessibility and Security

Life Cycle
Plan Design Build/Acquire/ Create/Implement Use/Operate Evaluate/Monitor Update/Dispose

Good Practices
Practices Work Products (Inputs/Outputs)

Enabler Performance Management

Are Stakeholders Needs Addressed?

Are Enabler Goals Achieved?

Is Life Cycle Managed?

Are Good Practices Applied?

Metrics for Achievement of Goals (Lag Indicators)

Metrics for Application of Practice (Lead Indicators)

Source: COBIT 5, figure 13

2012 ISACA. A

l l

r I g h t S

r e S e r v e d

. F

o r

u S A g e

g u I d e l I n e S

S e e

w w w

i s a c a

o r g

/coBiTu

s e

COBIT 5 Process Reference Model

Processes for Governance of Enterprise IT

Evaluate, Direct and Monitor

EDM02 Ensure Benefits Delivery EDM03 Ensure Risk Optimisation EDM04 Ensure Resource Optimisation EDM05 Ensure Stakeholder Transparency

2012 ISACA. A

EDM01 Ensure Governance Framework Setting and Maintenance

l l

Align, Plan and Organise

APO03 Manage Enterprise Architecture APO04 Manage Innovation APO05 Manage Portfolio APO06 Manage Budget and Costs APO07 Manage Human Resources

r I g h t S

Monitor, Evaluate and Assess

APO01 Manage the IT Management Framework

APO02 Manage Strategy

r e S e r v e d

APO08 Manage Relationships APO10 Manage Suppliers APO11 Manage Quality

APO09 Manage Service Agreements APO12 Manage Risk APO13 Manage Security

MEA01 Monitor, Evaluate and Assess Performance and Conformance

. F
BAI03 Manage Solutions Identification and Build BAI04 Manage Availability and Capacity BAI05 Manage Organisational Change Enablement BAI06 Manage Changes BAI010 Manage Configuration DSS03 Manage Problems DSS04 Manage Continuity DSS05 Manage Security Services DSS06 Manage Business Process Controls

o r

Build, Acquire and Implement

BAI07 Manage Change Acceptance and Transitioning MEA02 Monitor, Evaluate and Assess the System of Internal Control

u S A g e

BAI01 Manage Programmes and Projects

BAI02 Manage Requirements Definition

g u I d e l I n e S

BAI08 Manage Knowledge

BAI09 Manage Assets

S e e

w w w

Deliver, Service and Support

MEA03 Monitor, Evaluate and Assess Compliance With External Requirements

i s a c a

DSS01 Manage Operations

DSS02 Manage Service Requests and Incidents

o r g

Processes for Management of Enterprise IT

/coBiTu

Source: COBIT 5, figure 16

s e