Dr.

Santipat Arunthari

Chief Technology officer (CTO)

PTT ICT Solutions

 Governance
COBIT

4.1 to COBIT 5.0

How to use COBIT 5.0

Governance is the process of decision-

making and the process by which decisions

are implemented (or not implemented)
directed and controlled.

Governance is the process of decision-

making and the process by which decisions

are implemented (or not implemented)
directed and controlled.
What
for whom
How

Governance is about meeting strategic

objectives (performance)

Governance is about meeting strategic

objectives (performance)
Directing the business
Setting strategic aims

Governance is about meeting strategic

objectives (performance)

Governance is about meeting strategic

objectives (performance)

Programs achieve their intended results,

Resources are used consistent with agency
mission,

Governance is about meeting strategic

objectives (performance) while meeting legal

and regulatory, contractual and other
obligatory requirements often supported by
policies (conformance).

Programs and resources are

protected from waste, fraud,
and mismanagement,
Laws and regulations are
followed, and

Governance is about meeting strategic

objectives (performance) while meeting legal

and regulatory, contractual and other
obligatory requirements often supported by
policies (conformance).

Governance is the process of decision-

making and the process by which decisions

are implemented (or not implemented)
directed and controlled.

ITG Best Practices & Standards

COBIT
COSO
ITIL/ISO20000
ISO 27001
CMMI
PMBOK/Prince2
TOGAF
ISO17799

15

Strategic
alignment

Focuses on ensuring the linkage of business and IT plans;

on defining, maintaining and validating the IT value proposition;
and on aligning IT operations with enterprise operations

Value delivery

Is about executing the value proposition throughout the delivery cycle, ensuring
that IT delivers the promised benefits against the strategy, concentrating on
optimising costs and proving the intrinsic value of IT

Resource
management

Is about the optimal investment in, and the proper management of, critical IT
resources: applications, information, infrastructure and people. Key issues
relate to the optimisation of knowledge and infrastructure.

Risk management

Performance
measurement

Requires risk awareness by senior corporate officers, a clear understanding of

the enterprises appetite for risk, understanding of compliance
requirements, transparency about the significant risks to the enterprise, and
embedding of risk management responsibilities in the organisation

Tracks and monitors strategy implementation, project completion, resource

usage, process performance and service delivery, using, for example,
balanced scorecards that translate strategy into action to achieve goals
measurable beyond conventional accounting

COBIT 4.1 to COBIT 5.0

Linking Business Goals to

IT Goals and Processes

1. New Principles
2. Increased Focus on Enablers
3. New Process Reference
Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts
9. Process Capability Maturity
Models and Assessments

COBIT 5 helps enterprises to create optimal

value from IT by maintaining a balance
between realizing benefits and optimizing
risk levels and resource use.

1. New Principles
2. Increased Focus on Enablers
3. New Process Reference
Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts
9. Process Capability Maturity
Models and Assessments

1. New Principles
2. Increased Focus on Enablers
3. New Process Reference
Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts
9. Process Capability Maturity
Models and Assessments

APO03
APO04
APO05
APO06
APO08
APO13

Manage
Manage
Manage
Manage
Manage
Manage

enterprise architecture.
innovation.
portfolio.
budget and costs.
relationships.
security.

BAI05 Manage organizational change

enablement.
BAI08 Manage knowledge.
BAI09 Manage assets.

DSS05 Manage security service.

DSS06 Manage business process controls.

1. New Principles
2. Increased Focus on Enablers
3. New Process Reference
Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts
9. Process Capability Maturity
Models and Assessments

1. New Principles
2. Increased Focus on Enablers
3. New Process Reference
Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts
9. Process Capability Maturity
Models and Assessments

Source: COBIT 4.1, page 39. 2007 IT Governance Institute All rights
reserved.

Source: COBIT 5: Enabling Processes , page 31. 2012 ISACA All rights
reserved.

35

Financial:
01 Alignment
of IT and
business
strategy

Santipat Arunthari, Ph.D.

Chief Technology Officer (CTO)

PTT ICT Solutions Company Limited

Energy Complex, Building A, 4th Floor,
555/1 Vibhavadi Rangsit Road
Chatuchak, Bangkok, 10900 Mobile: +66 (0) 8-66173000
"If you are not thinking and acting strategically,
then you are merely following orders and responding to pressure.

Date: 22/8/2555

56