Roles, Activities and Relationships

(1)

Governance and Management in COBIT 5

Source: COBIT 5, figure 8

Key Roles, Activities and Relationships

Roles, Activities and Relationships

Owners and

Stakeholders

Governing

Body

Management

Operations

and

Execution

Instruct and

Align

Report

Set Direction

Monitor

Delegate

Accountable

Benefits

Realisation

Governance

Enablers

Roles, Activities and Relationships

Governance

Scope

Resource

Optimisation

Risk

Optimisation

Governance Objective: Value Creation

COBIT 5 Governance and Management Key Areas

Governance

Management

Evaluate

Direct

Monitor

Plan

(APO)

Build

(BAI)

(DSS)

Run

Monitor

(MEA)

Management Feedback

Business Needs

(2)

Processes for Management of Enterprise IT

Ev

aluate,

Direct and Monitor

Processes for Governance of Enterprise IT

Align,

Plan and Organise

Monitor

, Ev

aluate

and Assess

Build,

Acquire and Implement

Deliver

, Ser

vice and Support

EDM01

Ensure

Governance

Framework Setting and Maintenance APO01

Manage the IT Management Framework APO08 Manage Relationships APO02 Manage Strateg y APO09 Manage Ser vice Agreements APO03 Manage Enterprise Architecture APO10 Manage Suppliers APO04 Manage Innovation APO11 Manage Quality APO05 Manage Portfolio APO12 Manage Risk APO06 Manage

Budget and Costs

APO07 Manage Human Resources MEA01 Monitor , Evaluate and Assess

Performance and Conformance MEA02

Monitor

,

Evaluate and

Assess

the System of Internal

Control MEA03 Monitor , Evaluate and Assess Compliance With External Requirements APO13 Manage Security DSS01 Manage Operations DSS02 Manage Ser

vice Requests and Incidents

DSS03 Manage Problems DSS04 Manage Continuity DSS05 Manage

Security Services

DSS06 Manage Business Process Controls BAI01 Manage Programmes and Projects BAI08 Manage Knowledge BAI02 Manage

Requirements Definition _BAI09

Manage

Assets

BAI03

Manage

Solutions

Identification and Build _BAI10

Manage

Configuration

BAI04

Manage

Availability and Capacity

BAI05 Manage Organisational Change Enablement BAI06 Manage Changes BAI07 Manage Change

Acceptance and Transitioning

EDM02 Ensure Benefits Deliver y EDM03 Ensure Risk Optimisation EDM04 Ensure Resource _Optimisation EDM05 Ensure Stakeholder Transparenc y

COBIT 5 Process Reference Model

Source:

COBIT 5,

figure 16

(3)

COBIT 5 Enterprise Enablers

2. Processes

3. Organisational

_Structures

1. Principles, Policies and Frameworks

6. Services,

Infrastructure

and Applications

7. People,

Skills and

Competencies

Resources

5. Information

4. Culture, Ethics

and Behaviour

COBIT 5 Enablers: Generic

Source: COBIT 5, figure 13

Enabler Dimension

Stakeholders

Goals

Life Cycle

Good Practices

• Internal

Stakeholders

• External

Stakeholders

• Practices

• Work Products

(Inputs/Outputs)

• Intrinsic Quality

• Contextual Quality

(Relevance,

Effectiveness)

• Accessibility and

Security

• Plan

• Design

• Build/Acquire/

Create/Implement

• Use/Operate

• Evaluate/Monitor

• Update/Dispose

Enabler P

erformance

Management

Are Stakeholders

Needs Addressed?

Goals Achieved?

Are Enabler

Metrics for Achievement of Goals

(Lag Indicators)

Metrics for Application of Practice

(Lead Indicators)

Is Life Cycle

(4)

The Seven Phases of the Implementation Life Cycle

Source: COBIT 5, figure 17 and COBIT 5 Implementation, figure 6

7

How d o we k eep the momentum g oing?

6

Di d we get ther e?

5 _Ho

w d

_{o w}

e g

et th

_ere?

4 _{What needs to be done?}

3 Wh

ere

do

w

e w

an

t t

o

be

?

2

W he re a re w e n ow ?

1

_{What are} the d rivers?

• Programme management

(outer ring)

• Change enablement

(middle ring)

• Continual improvement life cycle

(inner ring)

Initiate pr

_ogram

me

De

_fin

e p

_ro

ble

_m

s a

nd

op

_po

rtu

nit

ies

De

fin

e r

oa

d

m

ap

Plan programme

Ex

ec

ute

pla

_n

Re

al

is

e

be

ne

fit

s

Rev

iew

eff

ect

iven

ess

Op era_te Identify role Co mmun icat e tea_m to _chang e an d u_se players outc ome For_m im ple_m en_ta tio n Establish desir_e Embe d ne w Sustain ap proa ches Im ple_m ent improvements state As_se ss Recogn_ise Monitor Oper ate im pro vem ents Build targe t cu rre nt need to and and Defin e sta_te act evaluate m easu re

Summary of the COBIT 5 Process Capability Model

Source: COBIT 5, figure 19

Generic Process Capability Attributes

COBIT 5 Process Assessment

Model–Capability Indicators

COBIT 5 Process Assessment

Model—Performance Indicators

Base Practices

(Management/

Governance

Practices)

Process Outcomes

Work

Products

(Inputs/

Outputs)

Generic Practices

Generic Resources

Generic Work Products

Incomplete

Process

Performed

Process

Managed

Process

Established

Process

Predictable

Process

Optimising

Process

Performance

Attribute (PA) 1.1

Process

Performance

PA 2.1 Performance Management PA 2.2 Work Product Management PA 3.1 Process Definition PA 3.2 Process Deployment PA 4.1 Process Management PA 4.2 Process Control PA 5.1 Process Innovation PA 5.2 Process Optimisation

0

1

2

3

4

5

(5)

COBIT 5 Product Family

COBIT

®

₅

COBIT

5 Online Collaborative Environment

COBIT 5 Enabler Guides

COBIT 5 Professional Guides

COBIT

®

_{5 Implementation}

COBIT

®

_5:

Enabling Information

COBIT

®

_5:

Enabling Processes

Other Enabler

_Guides

COBIT

®

₅

for Assurance

COBIT

®

₅

for Information

Security

COBIT

®

₅

for Risk

Other Professional

Guides

COBIT 5 Principles

1. Meeting

Stakeholder

Needs

5. Separating

Governance

From

Management

4. Enabling a

Holistic

Approach

3. Applying a

Single

Integrated

Framework

2. Covering the

Enterprise

End-to-end

COBIT 5

Principles

3701 Algonquin Road, Suite 1010 • Rolling Meadows, IL 60008 USA

Phone: +1.847.253.1545 • Fax: +1.847.253.1443 • Email: [email protected]

(6)

COBIT 5 Goals Cascade Overview

Benefits

Realisation

Stakeholder Drivers

(Environment, Technology Evolution, …)

Enterprise Goals

IT-related Goals

Enabler Goals

Influence

Cascade to

Appendix B

Appendix C

Figure 5

Figure 6

Resource

Optimisation

Risk

Optimisation

Stakeholder Needs

Cascade to

Appendix D