Document Purpose The purpose of this document is to bring together various existing mappings related to COBIT 5 in a hierarchical tree

format, including:
1. Mapping of COBIT 5 Processes to IT Goals to Business Goals to IT Balanced Scorecard 2. Mapping COBIT 5 Processes to IT Goals (subset of information contained in item above) 3. Self-diagnostic Tool The intent for the mappings of the COBIT 5 processes is that they will be incorporated into IT process assessment guidance documents, which will enable practitioners to efficiently identify and focus on those COBIT processes that may be higher priorities for their enterprises.
ISACA 2013 All rights reserved.

Scoping Process Steps

1. Identify relevant business drivers for the assessment of IT processes. On the basis of these business drivers, define the objective of the assessment. The prioritisation and selection of one or more COBIT 5 processes for inclusion in the process assessment should be based on the business drivers for the assessment. The following table provides some examples of possible business drivers for completing an assessment of IT processes. 2.IdentifyandprioritisetheenterprisesITprocessesthatshouldbeincludedwithinthescopeoftheassessment. Utilise the business drivers and assessment objectives identified previously, along with, as appropriate, the COBIT 5 process mappings contained in the scoping tool kit. For example, if the objective of the assessment is to assist IT management in identifying and prioritising improvement initiatives related to one or more specified goals identified, the COBIT process mappings may be useful to identify the processes most closely related to those IT goals. 3. Perform a preliminary scoping selection of target processes for inclusion in the assessment, based on the previous prioritisation. Ensure that they will satisfy the identified business drivers and meet the objectives of the 4. Confirm the preliminary selection of target COBIT 5 processes with the project sponsor and key stakeholders of the process assessment. 5. Finalise the COBIT 5 processes to be included in the assessment. 6. Document the scoping methodology in the assessment records.

NOTES ON USING THE TOOLS There are three selection tool sets provided on separate worksheet tabs. - Self-diagnostic tool to help an assessor and the sponsor manually decide, based on the criteria shown, which processes should be assessed. - IT-related Goals Hierarchy that links or maps the processes to the IT-related goals. This is a quick way to select in-scope processes based on the specific IT-related goal(s) required. Click on the + sign to expand the goals and it brings you the related IT processes analysed into Primary and Secondary categories. - Enterprise Goals Hierarchy has been provided in the balanced scorecard format; the balanced scorecard domains are linked to enterprise goals and enterprise goals are linked to the IT-related goals. The IT-related goals are colour-coded to show Primary (dark blue) and Secondary (light blue). Each IT-related goal contains a hyperlink, which takes you to tab 2 in the IT-related goals hierarchy when you click on the selected goal.

Hierarchy of COBIT Processes to Achieve IT and Business Goals

Based on mapping in ISACA's COBIT process cabability assessment model

card nced Scor e

rpris es G oal IT-re lated Goa l (ITR G)

COBIT Process

Financial
1. Stakeholder value of business investments ITRG 01 Alignment of IT and business strategy ITRG 03 Commitment of executive management for making IT-related decisions ITRG 05 Realised benefits from IT-enabled investments and services portfolio ITRG 06 Transparency of IT costs, benefits and risk ITRG 07 Delivery of IT services in line with business requirements ITRG 08 Adequate use of applications, information and technology solutions ITRG 09 IT agility ITRG 11 Optimisation of IT assets, resources and capabilities ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards ITRG 14 Availability of reliable and useful information for decision making ITRG 16 Competent and motivated business and IT personnel ITRG 17 Knowledge, expertise and initiatives for business innovation 2. Portfolio of competitive products and services ITRG 01 Alignment of IT and business strategy ITRG 03 Commitment of executive management for making IT-related decisions ITRG 05 Realised benefits from IT-enabled investments and services portfolio ITRG 07 Delivery of IT services in line with business requirements ITRG 08 Adequate use of applications, information and technology solutions ITRG 09 IT agility ITRG 11 Optimisation of IT assets, resources and capabilities

Number of Number of Enterprise IT-related Goals Goals 5 44 1 13 1 1 1 1 1 1 1 1 1 1 1 1 1 12 1 1 1 1 1 1 1

Bala

Ente

ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards ITRG 14 Availability of reliable and useful information for decision making ITRG 16 Competent and motivated business and IT personnel ITRG 17 Knowledge, expertise and initiatives for business innovation 3. Managed business risk (safeguarding of assets) ITRG 01 Alignment of IT and business strategy ITRG 04 Managed IT-related business risk ITRG 06 Transparency of IT costs, benefits and risk ITRG 07 Delivery of IT services in line with business requirements ITRG 08 Adequate use of applications, information and technology solutions ITRG 09 IT agility ITRG 10 Security of information, processing infrastructure and applications ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards ITRG 14 Availability of reliable and useful information for decision making ITRG 15 IT compliance with internal policies ITRG 16 Competent and motivated business and IT personnel 4. Compliance with external laws and regulations ITRG 02 IT compliance and support for business compliance with external laws and regulations ITRG 04 Managed IT-related business risk ITRG 07 Delivery of IT services in line with business requirements ITRG 10 Security of information, processing infrastructure and applications ITRG 14 Availability of reliable and useful information for decision making ITRG 15 IT compliance with internal policies 5. Financial transparency ITRG 06 Transparency of IT costs, benefits and risk 1 1

1 1 1 1 1 12 1 1 1 1 1 1 1 1 1 1 1 1 6 1 1 1 1 1 1 1 1 37 9 1 1 1

1 5 1

Customer
6. Customer-oriented service culture ITRG 01 Alignment of IT and business strategy ITRG 05 Realised benefits from IT-enabled investments and services portfolio ITRG 07 Delivery of IT services in line with business requirements

ITRG 08 Adequate use of applications, information and technology solutions ITRG 09 IT agility ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards ITRG 16 Competent and motivated business and IT personnel ITRG 17 Knowledge, expertise and initiatives for business innovation 7. Business service continuity and availability ITRG 01 Alignment of IT and business strategy ITRG 04 Managed IT-related business risk ITRG 07 Delivery of IT services in line with business requirements ITRG 08 Adequate use of applications, information and technology solutions ITRG 10 Security of information, processing infrastructure and applications ITRG 14 Availability of reliable and useful information for decision making 8. Agile responses to a changing business environment ITRG 01 Alignment of IT and business strategy ITRG 03 Commitment of executive management for making IT-related decisions ITRG 04 Managed IT-related business risk ITRG 05 Realised benefits from IT-enabled investments and services portfolio ITRG 07 Delivery of IT services in line with business requirements ITRG 09 IT agility ITRG 11 Optimisation of IT assets, resources and capabilities ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes ITRG 16 Competent and motivated business and IT personnel 9. Information-based strategic decision making ITRG 01 Alignment of IT and business strategy ITRG 03 Commitment of executive management for making IT-related decisions ITRG 06 Transparency of IT costs, benefits and risk ITRG 07 Delivery of IT services in line with business requirements ITRG 08 Adequate use of applications, information and technology solutions ITRG 14 Availability of reliable and useful information for decision making ITRG 17 Knowledge, expertise and initiatives for business innovation 10. Optimisation of service delivery costs ITRG 01 Alignment of IT and business strategy ITRG 05 Realised benefits from IT-enabled investments and services portfolio ITRG 06 Transparency of IT costs, benefits and risk ITRG 08 Adequate use of applications, information and technology solutions ITRG 11 Optimisation of IT assets, resources and capabilities

1 1 1 1 1 1 4 1 1 1 1 1 1 9 1 1 1 1 1 1 1 1 1 7 1 1 1 1 1 1 1 7 1 1 1 1 1

ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards

1 1 30 9 1 1 1 1 1 1 1 1 1 3 1 1 1 1 1 1 1 1 5 1 1 1 1 1 1 1 1 1 4

Internal
11. Optimisation of business process functionality ITRG 01 Alignment of IT and business strategy ITRG 03 Commitment of executive management for making IT-related decisions ITRG 07 Delivery of IT services in line with business requirements ITRG 08 Adequate use of applications, information and technology solutions ITRG 09 IT agility ITRG 11 Optimisation of IT assets, resources and capabilities ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes ITRG 14 Availability of reliable and useful information for decision making ITRG 17 Knowledge, expertise and initiatives for business innovation 12. Optimisation of business process costs ITRG 01 Alignment of IT and business strategy ITRG 05 Realised benefits from IT-enabled investments and services portfolio ITRG 06 Transparency of IT costs, benefits and risk ITRG 07 Delivery of IT services in line with business requirements ITRG 08 Adequate use of applications, information and technology solutions ITRG 11 Optimisation of IT assets, resources and capabilities ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards 13. Managed business change programmes ITRG 01 Alignment of IT and business strategy ITRG 03 Commitment of executive management for making IT-related decisions ITRG 04 Managed IT-related business risk ITRG 07 Delivery of IT services in line with business requirements ITRG 09 IT agility ITRG 11 Optimisation of IT assets, resources and capabilities ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards ITRG 17 Knowledge, expertise and initiatives for business innovation 14. Operational and staff productivity

5 1

ITRG 05 Realised benefits from IT-enabled investments and services portfolio ITRG 08 Adequate use of applications, information and technology solutions ITRG 09 IT agility ITRG 11 Optimisation of IT assets, resources and capabilities ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes ITRG 16 Competent and motivated business and IT personnel 15. Compliance with internal policies ITRG 02 IT compliance and support for business compliance with external laws and regulations ITRG 04 Managed IT-related business risk ITRG 10 Security of information, processing infrastructure and applications ITRG 15 IT compliance with internal policies 1

1 1 1 1 1 1 2 1 1 1 2 1 1 13 6 1 1 1 1 1 1 1 1 6 1 1 1 1 1 1 1 1

Learning
16. Skilled and motivated people ITRG 01 Alignment of IT and business strategy ITRG 03 Commitment of executive management for making IT-related decisions ITRG 04 Managed IT-related business risk ITRG 07 Delivery of IT services in line with business requirements ITRG 08 Adequate use of applications, information and technology solutions ITRG 09 IT agility ITRG 16 Competent and motivated business and IT personnel ITRG 17 Knowledge, expertise and initiatives for business innovation 17. Product and business innovation culture ITRG 05 Realised benefits from IT-enabled investments and services portfolio ITRG 07 Delivery of IT services in line with business requirements ITRG 08 Adequate use of applications, information and technology solutions ITRG 09 IT agility ITRG 11 Optimisation of IT assets, resources and capabilities ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes ITRG 16 Competent and motivated business and IT personnel ITRG 17 Knowledge, expertise and initiatives for business innovation

Hierarchy of COBIT Processes to Achieve IT-related and Enterprise Goals

Based on mapping in ISACA's COBIT 5: Enabling Processes, Appendix C
Number of Related COBIT Processes

ITrela ted Goa ls

COBIT Processes

Primary and Secondary

ITRG

01 Alignment of IT and business strategy EDM01 Ensure Governance Framework Setting and Maintenance EDM02 Ensure Benefits Delivery EDM03 Ensure Risk Optimisation EDM04 Ensure Resource Optimisation EDM05 Ensure Stakeholder Transparency APO01 Manage the IT Management Framework APO02 Manage Strategy APO03 Manage Enterprise Architecture APO04 Manage Innovation APO05 Manage Portfolio APO06 Manage Budget and Costs APO07 Manage Human Resources APO08 Manage Relationships APO09 Manage Service Agreements APO11 Manage Quality BAI01 Manage Programmes and Projects BAI02 Manage Requirements Definition BAI03 Manage Solutions Identification and Build BAI05 Manage Organisational Change Enablement BAI08 Manage Knowledge DSS04 Manage Continuity DSS05 Manage Security Services MEA01 Monitor, Evaluate and Assess Performance and Conformance ITRG 02 IT compliance and support for business compliance with external laws and regulations EDM01 Ensure Governance Framework setting and Maintenance EDM03 Ensure Risk Optimisation EDM05 Ensure Stakeholder Transparency APO01 Manage the IT Management Framework APO07 Manage Human Resources APO10 Manage Supplies APO11 Manage Quality APO12 Manage Risk APO13 Manage Security BAI02 Manage Requirements Definition BAI09 Manage Assets BAI10 Manage Configuration DSS01 Manage Operations DSS03 Manage Problems DSS04 Manage Continuity DSS05 Manage Security Services DSS06 Manage Business Process Controls MEA01 Monitor, Evaluate and Assess Performance and Conformance MEA02 Monitor, Evaluate and Assess the System of Internal Control MEA03 Monitor, Evaluate and Assess Compliance with External Requirements ITRG 03 Commitment of executive management for making IT-related decisions EDM01 Ensure Governance Framework Setting and Maintenance EDM02 Ensure Benefits Delivery EDM03 Ensure Risk Optimisation EDM04 Ensure Resource Optimisation EDM05 Ensure Stakeholder Transparency APO01 Manage the IT Management Framework APO02 Manage Strategy APO03 Manage Enterprise Architecture APO05 Manage Portfolio APO06 Manage Budget and Costs APO07 Manage Human Resources APO08 Manage Relationships BAI01 Manage Programmes and Projects BAI02 Manage Requirements Definition BAI05 Manage Organisational Change Enablement BAI06 Manage Changes

23 P P S S S P P P S P S P P S S P P S S S S S S 20 S S S P S S S P P S S P S S S P S S P P 17 P S S S P S S S S S S S S S S S

MEA01 Monitor, Evaluate and Assess Performance and Conformance

ITRG

ITRG

04 Managed IT-related business risk EDM01 Ensure Governance Framework Setting and Maintenance EDM03 Ensure Risk Optimisation EDM04 Ensure Resource Optimisation APO01 Manage the IT Management Framework APO02 Manage Strategy APO03 Manage Enterprise Architecture APO04 Manage Innovation APO05 Manage Portfolio APO06 Manage Budget and Costs APO07 Manage Human Resources APO08 Manage Relationships APO09 Manage Service Agreements APO10 Manage Supplies APO11 Manage Quality APO12 Manage Risk APO13 Manage Security BAI01 Manage Programmes and Projects BAI02 Manage Requirements Definition BAI03 Manage Solutions Identification and Build BAI04 Manage Availability and Capacity BAI06 Manage Changes BAI07 Manage Change Acceptance and Transitioning BAI09 Manage Assets BAI10 Manage Configuration DSS01 Manage Operations DSS02 Manage Service Requests and Incidents DSS03 Manage Problems DSS04 Manage Continuity DSS05 Manage Security Services DSS06 Manage Business Process Controls MEA01 Monitor, Evaluate and Assess Performance and Conformance MEA02 Monitor, Evaluate and Assess the System of Internal Control MEA03 Monitor, Evaluate and Assess Compliance with External Requirements 05 Realised benefits from IT-enabled investments and services portfolio EDM01 Ensure Governance Framework Setting and Maintenance EDM02 Ensure Benefits Delivery EDM04 Ensure Resource Optimisation APO02 Manage Strategy APO03 Manage Enterprise Architecture APO04 Manage Innovation APO05 Manage Portfolio APO06 Manage Budget and Costs APO08 Manage Relationships APO09 Manage Service Agreements APO10 Manage Supplies APO11 Manage Quality BAI01 Manage Programmes and Projects BAI02 Manage Requirements Definition BAI03 Manage Solutions Identification and Build BAI04 Manage Availability and Capacity BAI06 Manage Changes BAI07 Manage Change Acceptance and Transitioning BAI08 Manage Knowledge DSS01 Manage Operations DSS03 Manage Problems DSS04 Manage Continuity MEA01 Monitor, Evaluate and Assess Performance and Conformance MEA03 Monitor, Evaluate and Assess Compliance with External Requirements

33 S P S S S S S S S S S S P S P P P S S S P S S S P P P P P P P P P 24 S P S S S P P P S S S P P S S S S S S S S S S P

ITRG

ITRG

06 Transparency of IT costs, benefits and risk EDM01 Ensure Governance Framework Setting and Maintenance EDM02 Ensure Benefits Delivery EDM03 Ensure Risk Optimisation EDM04 Ensure Resource Optimisation EDM05 Ensure Stakeholder Transparency APO03 Manage Enterprise Architecture APO05 Manage Portfolio APO06 Manage Budget and Costs APO08 Manage Relationships APO09 Manage Service Agreements APO10 Manage Supplies APO12 Manage Risk APO13 Manage Security BAI01 Manage Programmes and Projects BAI09 Manage Assets BAI10 Manage Configuration MEA01 Monitor, Evaluate and Assess Performance and Conformance MEA02 Monitor, Evaluate and Assess the System of Internal Control 07 Delivery of IT services in line with business requirements EDM01 Ensure Governance Framework Setting and Maintenance EDM02 Ensure Benefits Delivery EDM03 Ensure Risk Optimisation EDM04 Ensure Resource Optimisation EDM05 Ensure Stakeholder Transparency APO01 Manage the IT Management Framework APO02 Manage Strategy APO03 Manage Enterprise Architecture APO05 Manage Portfolio APO06 Manage Budget and Costs APO07 Manage Human Resources APO08 Manage Relationships APO09 Manage Service Agreements APO10 Manage Supplies APO11 Manage Quality APO12 Manage Risk APO13 Manage Security BAI01 Manage Programmes and Projects BAI02 Manage Requirements Definition BAI03 Manage Solutions Identification and Build BAI04 Manage Availability and Capacity BAI06 Manage Changes BAI07 Manage Change Acceptance and Transitioning BAI08 Manage Knowledge BAI09 Manage Assets DSS01 Manage Operations DSS02 Manage Service Requests and Incidents DSS03 Manage Problems DSS04 Manage Continuity DSS05 Manage Security Services DSS06 Manage Business Process Controls MEA01 Monitor, Evaluate and Assess Performance and Conformance MEA02 Monitor, Evaluate and Assess the System of Internal Control MEA03 Monitor, Evaluate and Assess Compliance with External Requirements

18 S P P S P S S P S S S P P S P S S S 34 P P S S P S P S S S S P P P P S S S P P P P S S S P P P P S P P S S

ITRG

ITRG

08 Adequate use of applications, information and technology solutions EDM02 Ensure Benefits Delivery EDM03 Ensure Risk Optimisation EDM04 Ensure Resource Optimisation APO02 Manage Strategy APO03 Manage Enterprise Architecture APO04 Manage Innovation APO05 Manage Portfolio APO06 Manage Budget and Costs APO08 Manage Relationships APO09 Manage Service Agreements APO10 Manage Supplies APO11 Manage Quality APO12 Manage Risk APO13 Manage Security BAI01 Manage Programmes and Projects BAI02 Manage Requirements Definition BAI03 Manage Solutions Identification and Build BAI04 Manage Availability and Capacity BAI05 Manage Organisational Change Enablement BAI06 Manage Changes BAI07 Manage Change Acceptance and Transitioning BAI08 Manage Knowledge BAI10 Manage Configuration DSS01 Manage Operations DSS02 Manage Service Requests and Incidents DSS03 Manage Problems DSS04 Manage Continuity DSS05 Manage Security Services DSS06 Manage Business Process Controls MEA01 Monitor, Evaluate and Assess Performance and conformance MEA02 Monitor, Evaluate and Assess the System of Internal Control 09 IT agility EDM01 Ensure Governance Framework Setting and Maintenance EDM04 Ensure Resource Optimisation APO01 Manage the IT Management Framework APO02 Manage Strategy APO03 Manage Enterprise Architecture APO04 Manage Innovation APO05 Manage Portfolio APO07 Manage Human Resources APO09 Manage Service Agreements APO10 Manage Supplies APO11 Manage Quality APO12 Manage Risk BAI02 Manage Requirements Definition BAI04 Manage Availability and Capacity BAI05 Manage Organisational Change Enablement BAI06 Manage Changes BAI07 Manage Change Acceptance and Transitioning BAI08 Manage Knowledge BAI09 Manage Assets BAI10 Manage Configuration DSS01 Manage Operations DSS03 Manage Problems DSS04 Manage Continuity MEA01 Monitor, Evaluate and Assess Performance and Conformance

31 S S S S S P S S S S S S S S S S S S P S P S S S S S S S S S S 24 S P S S P P S S S P S S S S S S S P S S S S S S

ITRG

ITRG

10 Security of information, processing infrastructure and applications EDM01 Ensure Governance Framework Setting and Maintenance EDM03 Ensure Risk Optimisation APO01 Manage the IT Management Framework APO03 Manage Enterprise Architecture APO07 Manage Human Resources APO09 Manage Service Agreements APO10 Manage Supplies APO12 Manage Risk APO13 Manage Security BAI02 Manage Requirements Definition BAI06 Manage Changes BAI08 Manage Knowledge BAI09 Manage Assets BAI10 Manage Configuration DSS01 Manage Operations DSS02 Manage Service Requests and Incidents DSS04 Manage Continuity DSS06 Manage Business Process Controls MEA01 Monitor, Evaluate and Assess Performance and Conformance MEA02 Monitor, Evaluate and Assess the System of Internal Control MEA03 Monitor, Evaluate and Assess Compliance with External Requirements 11 Optimisation of IT assets, resources and capabilities EDM01 Ensure Governance Framework setting and Maintenance EDM02 Ensure Benefits Delivery EDM04 Ensure Resource Optimisation APO01 Manage the IT Management Framework APO02 Manage Strategy APO03 Manage Enterprise Architecture APO04 Manage Innovation APO05 Manage Portfolio APO06 Manage Budget and Costs APO07 Manage Human Resources APO08 Manage Relationships APO09 Manage Service Agreements APO10 Manage Supplies APO11 Manage Quality BAI01 Manage Programmes and Projects BAI02 Manage Requirements Definition BAI03 Manage Solutions Identification and Build BAI04 Manage Availability and Capacity BAI05 Manage Organisational Change Enablement BAI06 Manage Changes BAI08 Manage Knowledge BAI09 Manage Assets BAI10 Manage Configuration DSS01 Manage Operations DSS03 Manage Problems DSS04 Manage Continuity DSS05 Manage Security Services DSS06 Manage Business Process Controls MEA01 Monitor, Evaluate and Assess Performance and Conformance

21 S P S S S S S P P S P S S S S S S S S S S 29 S S P P S P P S S P S S S S S S S P S S S P P P P S S S P

ITRG

ITRG

12 Enablement and support of business processes by integrating applications and technology into business processes EDM01 Ensure Governance Framework Setting and Maintenance EDM02 Ensure Benefits Delivery APO01 Manage the IT Management Framework APO02 Manage Strategy APO03 Manage Enterprise Architecture APO04 Manage Innovation APO08 Manage Relationships BAI02 Manage Requirements Definition BAI03 Manage Solutions Identification and Build BAI05 Manage Organisational Change Enablement BAI06 Manage Changes BAI07 Manage Change Acceptance and Transitioning DSS03 Manage Problems DSS04 Manage Continuity DSS05 Manage Security Services DSS06 Manage Business Process Controls 13 Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards EDM01 Ensure Governance Framework setting and Maintenance EDM02 Ensure Benefits Delivery EDM03 Ensure Risk Optimisation EDM04 Ensure Resource Optimisation EDM05 Ensure Stakeholder Transparency APO01 Manage the IT Management Framework APO02 Manage Strategy APO05 Manage Portfolio APO06 Manage Budget and Costs APO07 Manage Human Resources APO08 Manage Relationships APO09 Manage Service Agreements APO10 Manage Supplies APO11 Manage Quality APO12 Manage Risk BAI01 Manage Programmes and Projects BAI02 Manage Requirements Definition BAI03 Manage Solutions Identification and Build BAI04 Manage Availability and Capacity BAI05 Manage Organisational Change Enablement BAI06 Manage Changes BAI07 Manage Change Acceptance and Transitioning MEA01 Monitor, Evaluate and Assess Performance and Conformance

16 S S S S S S P P S S P P S S S S 23 S S S S S S S P S P S S S P P P S S S P S S S

ITRG

ITRG

14 Availability of reliable and useful information for decision making EDM01 Ensure Governance Framework Setting and Maintenance EDM02 Ensure Benefits Delivery EDM03 Ensure Risk Optimisation EDM05 Ensure Stakeholder Transparency APO01 Manage the IT Management Framework APO02 Manage Strategy APO03 Manage Enterprise Architecture APO04 Manage Innovation APO09 Manage Service Agreements APO10 Manage Supplies APO11 Manage Quality APO12 Manage Risk APO13 Manage Security BAI02 Manage Requirements Definition BAI03 Manage Solutions Identification and Build BAI04 Manage Availability and Capacity BAI06 Manage Changes BAI07 Manage Change Acceptance and Transitioning BAI08 Manage Knowledge BAI09 Manage Assets BAI10 Manage Configuration DSS01 Manage Operations DSS02 Manage Service Requests and Incidents DSS03 Manage Problems DSS04 Manage Continuity DSS05 Manage Security Services DSS06 Manage Business Process Controls MEA01 Monitor, Evaluate and Assess Performance and Conformance MEA02 Monitor, Evaluate and Assess the System of Internal Control 15 IT compliance with internal policies EDM01 Ensure Governance Framework Setting and Maintenance EDM03 Ensure Risk Optimisation EDM05 Ensure Stakeholder Transparency APO01 Manage the IT Management Framework APO02 Manage Strategy APO07 Manage Human Resources APO08 Manage Relationships APO09 Manage Service Agreements APO10 Manage Supplies APO11 Manage Quality APO12 Manage Risk BAI06 Manage Changes BAI07 Manage Change Acceptance and Transitioning BAI09 Manage Assets BAI10 Manage Configuration DSS01 Manage Operations DSS02 Manage Service Requests and Incidents DSS03 Manage Problems DSS04 Manage Continuity DSS05 Manage Security Services DSS06 Manage Business Process Controls MEA01 Monitor, Evaluate and Assess Performance and Conformance MEA02 Monitor, Evaluate and Assess the System of Internal Control MEA03 Monitor, Evaluate and Assess Compliance with External Requirements

29 S S S S S S S S P S S S P S S P S S P S P S S P P S S S S 24 S P S P S S S S S S S S S S S S S S S S S P P S

ITRG

ITRG

16 Competent and motivated business and IT personnel EDM01 Ensure Governance Framework Setting and Maintenance EDM02 Ensure Benefits Delivery EDM03 Ensure Risk Optimisation EDM04 Ensure Resource Optimisation APO01 Manage the IT Management Framework APO02 Manage Strategy APO07 Manage Human Resources APO08 Manage Relationships APO11 Manage Quality APO12 Manage Risk BAI01 Manage Programmes and Projects BAI08 Manage Knowledge DSS01 Manage Operations DSS04 Manage Continuity DSS06 Manage Business Process Controls MEA01 Monitor, Evaluate and Assess Performance and Conformance 17 Knowledge, expertise and initiatives for business innovation EDM01 Ensure Governance Framework Setting and Maintenance EDM02 Ensure Benefits Delivery EDM03 Ensure Risk Optimisation EDM04 Ensure Resource Optimisation EDM05 Ensure Stakeholder Transparency APO01 Manage the IT Management Framework APO02 Manage Strategy APO03 Manage Enterprise Architecture APO04 Manage Innovation APO05 Manage Portfolio APO07 Manage Human Resources APO08 Manage Relationships APO10 Manage Supplies APO11 Manage Quality APO12 Manage Risk BAI01 Manage Programmes and Projects BAI02 Manage Requirements Definition BAI03 Manage Solutions Identification and Build BAI04 Manage Availability and Capacity BAI05 Manage Organisational Change Enablement BAI06 Manage Changes BAI07 Manage Change Acceptance and Transitioning BAI08 Manage Knowledge DSS01 Manage Operations DSS02 Manage Service Requests and Incidents DSS03 Manage Problems DSS04 Manage Continuity DSS06 Manage Business Process Controls MEA01 Monitor, Evaluate and Assess Performance and Conformance MEA02 Monitor, Evaluate and Assess the System of Internal Control MEA03 Monitor, Evaluate and Assess Compliance with External Requirements

16 S S S P P S P S S S S S S S S S 31 S P S S S P P S P S P P S S S S S S S P S S P S S S S S S S S

COBIT 5 Processes
Importance = How important it is for the enterprise on a scale from 1 (not at all) to 5 (very) Performance = How well it is done from 1 (do not know or badly) to 5 (very well) Formality = Existence of a contract, an SLA or a clearly documented procedure (Yes, No or ?) Audited = Yes, No or ? Accountable=Nameordonotknow

Performance

Importance

Formality

Process ID

Processes for Governance of Enterprise IT

Audited

Who is accountable?

Evaluate, Direct and Monitor

EDM01 EDM02 EDM03 EDM04 EDM05 APO01 APO02 APO03 APO04 APO05 APO06 APO07 APO08 APO09 APO10 APO11 APO12 APO13 BAI01 BAI02 BAI03 BAI04 BAI05 BAI06 BAI07 BAI08 BAI09 BAI10 DSS01 DSS02 Ensure Governance Framework Setting and Maintenance Ensure Benefits Delivery Ensure Risk Optimisation Ensure Resource Optimisation Ensure Stakeholder Transparency

Align, Plan and Organise

Manage the IT Management Framework Manage Strategy Manage Enterprise Architecture Manage Innovation Manage Portfolio Manage Budget and Costs Manage Human Resources Manage Relationships Manage Service Agreements Manage Suppliers Manage Quality Manage Risk Manage Security

Build, Acquire and Implement

Manage Programmes and Projects Manage Requirements Definition Manage Solutions Identification and Build Manage Availability and Capacity Manage Organisational Change Enablement Manage Changes Manage Change Acceptance and Transitioning Manage Knowledge Manage Assets Manage Configuration

Deliver, Service and Support

Manage Operations Manage Service Requests and Incidents

DSS03 DSS04 DSS05 DSS06 MEA01 MEA02 MEA03

Manage Problems Manage Continuity Manage Security Services Manage Business Process Controls

Monitor, Evaluate and Assess

Monitor, Evaluate and Assess Performance and Conformance Monitor, Evaluate and Assess the System of Internal Control Monitor, Evaluate and Assess Compliance with External Requirements