COBIT Objective -??

Evolution COBIT1 (audit), COBIT2 (control), COBIT3 (), COBIT4 (), COBIT5 ()
Major drivers for the development of a Framework is

1. Provide guidance in the following:

- Enterprise architecture
- Asset and service management
- Emerging sourcing and organization models
- Innovation and emerging technologies
2. End-to-end business and IT responsibilities
3. Better control user initiated and user controlled IT solutions
4. A need for enterprise to perform the following:
- Increased value creation
- Business user satisfaction
- Compliance with laws, regulations and policies
- Relation between business and IT
- Return of enterprise IT governance
- Align with other frameworks and standards
COBIT benefits:

1.
2.
3.
4.

Defines starting point of g and m activities as stakeholder needs

Common language between IT and business
Integrated and complete perspective of enterprise g and m
Accepted corporate governance standards

COBIT Mapping Summary: (5 domains)

EDM = Governance
APO + BAI + DSS + MEA = Management
Process group for mapping: (total 37 processes- known as PRM Process Reference Model used for audit)
EDM Evaluate, Direct and Manage (5)
APO Align, Plan and Organize (13)
BAI Build, Acquire and Implement (10)
DSS Deliver, Service and Support (6)
MEA Monitor, Evaluate and Assess (3)
5 Principles:
Principle 1: Meeting stakeholder needs
Stakeholder needs is Value creation = Benefits Realization + Risk Optimization + Resource Optimization
Goal Cascade model - Stakeholder drivers Stakeholder needs Enterprise Goals (17 goals in
BSC dimensions-Financial, Customer, Internal, Learning and Growth with Primary/Secondary
classification) IT-related Goals (17 goals also in BSC dimensions) Enabler Goals (37 process
goals)
Goal Cascade allows the definition of priorities Implementation, improvement, and assurance of
enterprise governance of IT.
Goals Category Intrinsic goals (inline with good practice, internal and external); Contextual goals
(customized and adapted, relevant, understandable, easy to apply); Accessibility and security goals
(remains confidential, accessible onlyto those who need it)

Principle 2: Covering the enterpise end-to-end

Governance Approach components are: Governance Objective = Governance Enablers +
Governance Scope
Above achieved by Roles, Activities, and Relationships (Owners and Stakeholders [Delegate]
Governing Body [Direction, Accountable] Management [Instruct and Align, Monitor] Operations and
Execution [Report])
Principle 3: Applying a Single Integrated Framework
COBIT Product Family includes
COBIT 5 integrated framework, knowledge base, Product family
COBIT 5 Product family: Cobit enablers guides, Cobit Professional guides, Cobit online collaborative
environment
Principle 4: Enabling a Holistic Approach
7 Enablers:

1) Principles, policies and frameworks (principle are core values of

enterprise; policies have 6 characteristics that are detailed to implement
principles; Relationship with other enablers 2,3,4,5)
2) Processes (5 PRM domain, 37 processes, process is a collection of
practices influenced by enterprise policies and procedures; process goals are
statement describing desired outcome of a process; Relationship with other
enablers 1,2-other processes,3,4,5,6)
3) Org structure (Operating principles, Span of control, level of authority,
delegation of responsibility, escalation procedures; Relationship with other
enablers )
4) Culture, ethics and behavior (Org ethics, individual ethics, individual
behaviors; Relationship with other enablers 1,2,3)
5) Information (Key 7 info criteria are effectiveness, efficiency,
confidentiality, integrity, availability, compliance, reliability; Metadata
information cycle is: Business Process Data Information Knowledge
Value; LEVELSPragmatic,; Relationship with other enablers )
6) Services, infrastructure and applications (5 Architecture principles
are: Reuse, Buy vs Build, Simplicity, Agility, Openness; Relationship with other
enablers )
7) People, skills and competencies ( ; Relationship with other enablers )

4 Dimensions of Enabler: Stakeholders, Goals, Lifecycle, Good practices

Lag Indicators (Stakeholders, Goals): Metrics for Achievement of Goals
Lead Indicators (Lifecycle, Good practices): Metrics for Application of Practice
Principle 5: Separating Governance from Management
Process Reference Model: Processes are aligned to COBIT 5 domains (EDM,APO, BAI, DSS, MEA)
Governance: Evaluate, Direct, Monitor (EDM) - starts with ensure
Management: Plan (APO), Build (BAI), Run (DSS), Monitor (MEA) first three starts with manage
And last starts with monitor

Impl is seven phased implementation lifecycle (Programme mgt; Change enablement; Continual impr)
Business case important tool for management to understand value realization
Phase 1: Initiate Programme; Establish desire to change; Recognise need to act
Phase 2: Define problems and opportunities; Form implementation team; Assess current state
Phase 3: Define Road Map; Communicate outcome; Define target state
Phase 4: Plan Programme; Identify role players; Build improvement
Phase 5: Execute Plan; Operate and use; Implement improvement
Phase 6: Realise Benefits; Embed new approaches; Operate and measure
Phase 7: Review Effectiveness; Sustain; Monitor and evaluate
Internal and External factors:
Trigger events and IT Pain points:
Fsdfdsfgdfg
Process Assessment: as per ISO 15504-4 Capability assessment is done
Process improvement initiative or capability determination approach
COBIT assessment is done annual basis
External (capability assessment) = PAM + Assessors Guide
Internal (process improvement assessment) = PAM + Self-assessment Guide
5 levels of Capability Assessment are: Incomplete, Performed, Managed, Established, Predictable,
Optimising.
Benefits of ISO 15504:

Improved focus on achieving its purpose

Elimination of duplication
More acceptance of ISO standards worldwide

Purpose of process assessment:

Enables benchmarking of process capability

Enables As-is and to-be health checks to support decision-making
Gap analysis and improvement planning to support definition of improvement
projects
Provide assessment ratings to measure and monitor capabilities

Process Reference Model (PRM) Defines scope, process purpose and outcomes
Measurement Framework 6 Capability levels, 9 process attributes, 4 Rating scale
Process Assessment Model (PAM) Defines scope,
Capability dimension vs Process dimension
CD focusses on process capability dimension (1 to 5) based on PAI (process attribute indicators)
PD contains additional indicators based on specific performance indicators
Any process to be capable, Level 5

Learn more on

ISACA knowledge assets

COSO
SFIA - skill framework info age