: Enabling Processes

Enabler Dimension

COBIT 5 Enabler: Processes

Stakeholders

Goals

Life Cycle

Good Practices

Internal
Stakeholders
External
Stakeholders

Intrinsic Quality
Contextual Quality
(Relevance,
Effectiveness)
Accessibility and
Security

Plan
Design
Build/Acquire/
Create/Implement
Use/Operate
Evaluate/Monitor
Update/Dispose

Process Practices,
Activities, Detailed
Activities
Work Products
(Inputs/Outputs)

Enabler Performance
Management

Generic Practices for

Processes

Are Stakeholder
Needs Addressed?

Is Life Cycle
Managed?

Are Enabler
Goals Achieved?

Are Good Practices

Applied?

Metrics for Application of Practice

(Lead Indicators)

Metrics for Achievement of Goals

(Lag Indicators)

Source: COBIT 5: Enabling Processes, figure 8

COBIT 5 Governance and Management Key Areas

Business Needs

Governance
Evaluate

Direct

Monitor

Management Feedback

Management
Plan
(APO)

Build
(BAI)

Run
(DSS)

Monitor
(MEA)

Source: COBIT 5: Enabling Processes, figure 9

2013 ISACA. A

l l

r i g h t s

r e s e r v e d

2013 ISACA. A

l l

r i g h t s

r e s e r v e d

BAI09 Manage
Assets

BAI02 Manage
Requirements
Definition

DSS02 Manage
Service Requests
and Incidents

Source: COBIT 5: Enabling Processes, figure 10

DSS01 Manage
Operations

Deliver, Service and Support

BAI08 Manage
Knowledge

BAI01 Manage
Programmes and
Projects

DSS04 Manage
Continuity

BAI04 Manage
Availability
and Capacity

APO11 Manage
Quality

APO04 Manage
Innovation

EDM03 Ensure
Risk Optimisation

DSS05 Manage
Security
Services

BAI05 Manage
Organisational
Change
Enablement

APO12 Manage
Risk

APO05 Manage
Portfolio

DSS06 Manage
Business
Process Controls

BAI06 Manage
Changes

APO13 Manage
Security

APO06 Manage
Budget and Costs

EDM04 Ensure
Resource
Optimisation

Processes for Management of Enterprise IT

DSS03 Manage
Problems

BAI10 Manage
Configuration

BAI03 Manage
Solutions
Identification
and Build

APO10 Manage
Suppliers

APO09 Manage
Service
Agreements

APO08 Manage
Relationships

Build, Acquire and Implement

APO03 Manage
Enterprise
Architecture

APO02 Manage
Strategy

EDM02 Ensure
Benefits Delivery

APO01 Manage
the IT Management
Framework

Align, Plan and Organise

EDM01 Ensure
Governance
Framework Setting
and Maintenance

Evaluate, Direct and Monitor

Processes for Governance of Enterprise IT

COBIT 5 Process Reference Model

BAI07 Manage
Change
Acceptance and
Transitioning

APO07 Manage
Human Resources

EDM05 Ensure
Stakeholder
Transparency

MEA03 Monitor,
Evaluate and Assess
Compliance With
External Requirements

MEA02 Monitor,
Evaluate and Assess
the System of Internal
Control

MEA01 Monitor,
Evaluate and Assess
Performance and
Conformance

Monitor, Evaluate
and Assess

: Enabling Processes

: Enabling Processes
Outputs
Outputs to all Processes
From Key
Practice
APO13.02

Output Description

Destination

Information security risk treatment plan

All EDM; All APO; All BAI; All DSS; All MEA

Outputs to all Governance Processes

From Key
Practice

Output Description

Destination

EDM01.01

Enterprise governance guiding principles

All EDM

EDM01.01

Decision-making model

All EDM

EDM01.01

Authority levels

All EDM

EDM01.02

Enterprise governance communications

All EDM

EDM01.03

Feedback on governance effectiveness and performance

All EDM

Outputs to all Management Processes

From Key
Practice

Output Description

Destination

APO01.01

Communication ground rules

All APO; All BAI; All DSS; All MEA

APO01.03

IT-related policies

All APO; All BAI; All DSS; All MEA

APO01.04

Communications on IT objectives

All APO; All BAI; All DSS; All MEA

APO01.07

Process improvement opportunities

All APO; All BAI; All DSS; All MEA

APO02.06

Communications package

All APO; All BAI; All DSS; All MEA

APO11.02

Quality management standards

All APO; All BAI; All DSS; All MEA

APO11.04

Process quality of service goals and metrics

All APO; All BAI; All DSS; All MEA

APO11.06

Communications on continual improvement and good practices

All APO; All BAI; All DSS; All MEA

APO11.06

Examples of good practice to be shared

All APO; All BAI; All DSS; All MEA

APO11.06

Quality review benchmark results

All APO; All BAI; All DSS; All MEA

MEA01.02

Monitoring targets

All APO; All BAI; All DSS; All MEA

MEA01.04

Performance reports

All APO; All BAI; All DSS; All MEA

MEA01.05

Remedial actions and assignments

All APO; All BAI; All DSS; All MEA

MEA02.01

Results of internal control monitoring and reviews

All APO; All BAI; All DSS; All MEA

MEA02.01

Results of benchmarking and other evaluations

All APO; All BAI; All DSS; All MEA

MEA02.03

Self-assessment plans and criteria

All APO; All BAI; All DSS; All MEA

MEA02.03

Results of reviews of self-assessments

All APO; All BAI; All DSS; All MEA

MEA02.04

Control deficiencies

All APO; All BAI; All DSS; All MEA

MEA02.04

Remedial actions

All APO; All BAI; All DSS; All MEA

MEA02.06

Assurance plans

All APO; All BAI; All DSS; All MEA

MEA02.08

Refined scope

All APO; All BAI; All DSS; All MEA

MEA02.08

Assurance review results

All APO; All BAI; All DSS; All MEA

MEA02.08

Assurance review report

All APO; All BAI; All DSS; All MEA

MEA03.02

Communications of changed compliance requirements

All APO; All BAI; All DSS; All MEA

Source: COBIT 5: Enabling Processes, figure 11

2013 ISACA. A

l l

r i g h t s

r e s e r v e d

ISACA Frameworks Included in COBIT 5

COBIT 4.1
Control Objectives

Map to

Val IT 2.0
Key Management
Practices

Map to

Risk IT
Management
Practices

Map to

COBIT 5
Governance and
Management
Practices

Source: COBIT 5: Enabling Processes, figure 13

Note: COBIT 5: Enabling Processes Appendix A. Mapping Between COBIT 5 and Legacy ISACA Frameworks,
figures 14, 15 and 16, contain the mapping of COBIT 4.1, Val IT and Risk IT components to COBIT 5.

3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA

Phone: +1.847.253.1545 Fax: +1.847.253.1443 Email: info@isaca.org
Web site: www.isaca.org
2013 ISACA. A

l l

r i g h t s

r e s e r v e d