Governance and Management in COBIT 5

(1)

Governance and Management in COBIT 5

Source: COBIT 5, figure 8

Key Roles, Activities and Relationships

Roles, Activities and Relationships

Owners and

Stakeholders Governing

Body Management Operations

Execution and Instruct and

Align Report Set Direction

Monitor Delegate

Accountable

Benefits Realisation

Governance Enablers

Roles, Activities and Relationships

Governance Scope Resource Optimisation Optimisation Risk

Governance Objective: Value Creation

COBIT 5 Governance and Management Key Areas

Governance

Management

Evaluate

Direct Monitor

(APO) Plan Build

(BAI) Run

(DSS) Monitor

(MEA) Management Feedback

Business Needs

(2)

Processes for Management of Enterprise IT

Ev aluate, Direct and Monitor Processes for Governance of Enterprise IT Align, Plan and Organise Monitor , Ev aluate and Assess Build, Acquire and Implement Deliver , Ser vice and Support

EDM01 Ensure Governance

Framework Setting and Maintenance APO01 Manage the IT Management Framework APO08 Manage Relationships

APO02 Manage Strategy APO09 Manage Service Agreements

APO03 Manage

Enterprise Architecture

APO10 Manage Suppliers

APO04 Manage Innovation APO11 Manage Quality

APO05 Manage Portfolio APO12

Manage Risk

APO06 Manage Budget and CostsAPO07 Manage Human Resources MEA01 Monitor, Evaluate and Assess Performance and Conformance MEA02 Monitor, Evaluate and Assess the System of Internal Control MEA03 Monitor, Evaluate and Assess Compliance With External Requirements

APO13 Manage Security DSS01 Manage OperationsDSS02 Manage Service Requests and Incidents

DSS03 Manage ProblemsDSS04 Manage ContinuityDSS05 Manage

Security Services

DSS06 Manage Business Process Controls

BAI01 Manage Programmes and Projects BAI08 Manage Knowledge

BAI02 Manage Requirements Definition BAI09 Manage Assets

BAI03 Manage Solutions Identification and Build BAI10 Manage Configuration

BAI04 Manage

Availability and Capacity BAI05 Manage Organisational Change Enablement

BAI06 Manage Changes BAI07 Manage Change Acceptance and Transitioning

EDM02 Ensure Benefits DeliveryEDM03 Ensure Risk OptimisationEDM04 Ensure Resource Optimisation

EDM05 Ensure

Stakeholder Transparenc

y

COBIT 5 Process Reference Model

(3)

COBIT 5 Enterprise Enablers

2. Processes 3. Organisational Structures

1. Principles, Policies and Frameworks

6. Services, Infrastructure and Applications

7. People, Skills and Competencies

Resources

5. Information

4. Culture, Ethics and Behaviour

COBIT 5 Enablers: Generic

Enabler Dimension

Stakeholders Goals Life Cycle Good Practices

• Internal Stakeholders

• External Stakeholders

• Practices

• Work Products (Inputs/Outputs)

• Intrinsic Quality

• Contextual Quality (Relevance, Effectiveness)

• Accessibility and Security

• Plan

• Design

• Build/Acquire/

Create/Implement

• Use/Operate

• Evaluate/Monitor

• Update/Dispose

Enabler P erformance Management

Are Stakeholders

Needs Addressed? Are Enabler Goals Achieved?

Metrics for Achievement of Goals

(Lag Indicators) Metrics for Application of Practice (Lead Indicators) Is Life Cycle

Managed? Are Good Practices

Applied?

(4)

The Seven Phases of the Implementation Life Cycle

Source: COBIT 5, figure 17 and COBIT 5 Implementation, figure 6

7

^Ho^{w d}

o we keep the momentum going?

Di

6

d we get there?

5 Ho

w d o w e g et th ere?

4 What needs to be done?

3 Wh ere

do w e w an t t o be ?

2

W here a

re we n

ow?

1

_{What are}

the d rivers?

• Programme management (outer ring)

• Change enablement (middle ring)

• Continual improvement life cycle (inner ring)

Initiate pr ogram me

De fin e p ro

ble m

s a nd

op po rtu nit

ies

De fin e r oa d m ap Plan programme

Ex ec ute pla n

Re al is e be ne fit s

Rev iew eff ect iven ess

Operate

Identify role Communicate team to _chang

e

and use

players

outcome Form

implem enntatio Establish

desire

Embed new

Sustain

approaches

Implem ent

improvements state

Assess Recognise Monitor

Operate

impro

vements Build target

curre

nt

need to and

and

Define state evaluate act measure

Summary of the COBIT 5 Process Capability Model

Generic Process Capability Attributes

COBIT 5 Process Assessment Model–Capability Indicators

COBIT 5 Process Assessment

Model—Performance Indicators

Base Practices (Management/

Governance Practices)

Process Outcomes

Products Work (Inputs/

Outputs)

Generic Practices Generic Resources Generic Work Products

Incomplete

Process Performed

Process Managed

Process Established

Process Predictable

Process Optimising Process

Performance Attribute (PA) 1.1

Process Performance

PA 2.1 Performance Management

PA 2.2 ProductWork Management

PA 3.1 Process Definition

PA 3.2 Process Deployment

PA 4.1 Process Management

PA 4.2 Process

Control

PA 5.1 Process Innovation

PA 5.2 Process Optimisation

0 1 2 3 4 5

(5)

COBIT 5 Product Family

COBIT

^®

5

COBIT

5 Online Collaborative Environment

COBIT 5 Enabler Guides

COBIT 5 Professional Guides

COBIT

^®

5 Implementation

COBIT

^®

5:

Enabling Information COBIT

^®

5:

Enabling Processes Other Enabler

Guides

COBIT

^®

5 for Assurance COBIT

^®

5

for Information Security

COBIT

^®

5

for Risk Other Professional Guides

COBIT 5 Principles

1. Meeting Stakeholder

Needs

5. Separating Governance Management From

4. Enabling a Holistic Approach

3. Applying a Single Integrated Framework

2. Covering the Enterprise End-to-end

COBIT 5 Principles

3701 Algonquin Road, Suite 1010 • Rolling Meadows, IL 60008 USA

Phone: +1.847.253.1545 • Fax: +1.847.253.1443 • Email: [email protected]

(6)

COBIT 5 Goals Cascade Overview

Benefits Realisation

Stakeholder Drivers

(Environment, Technology Evolution, …)

Enterprise Goals

IT-related Goals

Enabler Goals

Influence

Cascade to

Appendix B

Appendix C Figure 5

Figure 6 Resource

Optimisation Optimisation Risk

Stakeholder Needs

Cascade to Appendix D