Glenfis COBIT5 Eng Questionnaire BAI07 r2 v2.0

COBIT5
Assessment Questionnaire
BAI07 Manage Change

Acceptance & Testing
COBIT5
BAI07 Manage Change Acceptance & Testing
Document History
Drafted Reviewed Approved
V. Modification Date Who Date Who Date Who
1.00 Initial
Document Information
Author: Daniel Frutschi
Manager: Martin Andenmatten
Document Name: GLF_COBIT5_eng_T11_Questionnaire_BAI07_r2_v2.0.doc
Title: Assessment Questionnaire
Subject: BAI07 Manage Change Acceptance & Testing
Category: Assessment Questionnaire
Comment: Questionnaire for the COBIT5 process assessment.
2
COBIT5
Summary
1. Individual Data ........................................................................................................ 4
2. BAI07 Manage Change Acceptance & Testing .................................................... 5
2.1. Base Practices .......................................................................................................... 7
2.2. Process Work Products .......................................................................................... 15
2.3. Process Maturity Level 1 Assessment .................................................................... 17
2.5. Work Products for Level 2 ...................................................................................... 22
3
COBIT5
1. Individual Data
Seniority in the
Name Current Position Organization
and History of Positions
Daily Tasks Description

% of Time Spent on This Location Specific Skills
Process
Degree of Involvement During Interview Comments
4
COBIT5
2. BAI07 Manage Change Acceptance & Testing
Process ID BAI07
Process Name Manage Change Acceptance & Testing
Process Formally accept and make operational new solutions, including

Description implementation planning, system and data conversion, acceptance testing,
communication, release preparation, promotion to production of new or
changed business processes and IT services, early production support, and
a post-implementation review.
Process Implement solutions safely and in line with the agreed-on expectations and
Purpose outcomes.
Statement
Management BAI07.01 Establish an implementation plan.

Practice Establish an implementation plan that covers system and data conversion,
acceptance testing criteria, communication, training, release preparation,
promotion to production, early production support, a fallback/backout plan,
and a post-implementation review. Obtain approval from relevant parties.
BAI07.02 Plan business process, system and data conversion.

Prepare for business process, IT service data and infrastructure migration as
part of the enterprises development methods, including audit trails and a
recovery plan should the migration fail.
BAI07.03 Plan acceptance tests.

Establish a test plan based on enterprisewide standards that define roles,
responsibilities, and entry and exit criteria. Ensure that the plan is approved
by relevant parties.
BAI07.04 Establish a test environment.

Define and establish a secure test environment representative of the planned
business process and IT operations environment, performance and capacity,
security, internal controls, operational practices, data quality and privacy
requirements, and workloads.
BAI07.05 Perform acceptance tests.

Test changes independently in accordance with the defined test plan prior to
migration to the live operational environment.
BAI07.06 Promote to production and manage releases.

Promote the accepted solution to the business and operations. Where
appropriate, run the solution as a pilot implementation or in parallel with the
old solution for a defined period and compare behaviour and results. If
significant problems occur, revert back to the original environment based on
the fallback/backout plan. Manage releases of solution components.
5
COBIT5
BAI07.07 Provide early production support.

Provide early support to the users and IT operations for an agreed-on period
of time to deal with issues and help stabilise the new solution.
BAI07.08 Perform a post-implementation review.

Conduct a post-implementation review to confirm outcome and results,
identify lessons learned, and develop an action plan. Evaluate and check the
actual performance and outcomes of the new or changed service against the
predicted performance and outcomes (i.e., the service expected by the user
or customer).
6
COBIT5
2.1. Base Practices
BAI07.BP1 BAI07.01 Establish an implementation plan

Establish an implementation plan that covers system and data conversion,
acceptance testing criteria, communication, training, release preparation,
promotion to production, early production support, a fallback/backout plan, and
a post-implementation review. Obtain approval from relevant parties.
Are the following activities planned, done, checked and improved?
1. Create an implementation plan that reflects the broad implementation
strategy, the sequence of implementation steps, resource requirements,
inter-dependencies, criteria for management acceptance of the production
implementation, installation verification requirements, transition strategy for
production support, and update of BCPs.
2. Confirm that all implementation plans are approved by technical and
N/P/L/F/N.A.
business stakeholders and reviewed by internal audit, as appropriate.
3. Obtain commitment from external solution providers to their involvement in
each step of the implementation.
4. Identify and document the fallback and recovery process.
5. Formally review the technical and business risk associated with
implementation and ensure that the key risk is considered and addressed in
the planning process.
7
COBIT5
BAI07.BP2 BAI07.02 Plan business process, system and data conversion.

Prepare for business process, IT service data and infrastructure migration as
part of the enterprises development methods, including audit trails and a
recovery plan should the migration fail.
1. Define a business process, IT: service data and infrastructure migration

plan. Consider, for example, hardware, networks, operating systems,
software, transaction data, master files, backups and archives, interfaces
with other systems (both internal and external), possible compliance
requirements, business procedures, and system documentation, in the
development of the plan.
2. Consider all necessary adjustments to procedures, including revised roles
and responsibilities and control procedures, in the business process
conversion plan.
3. Incorporate in the data conversion plan methods for collecting, converting
and verifying data to be converted, and identifying and resolving any errors
found during conversion. Include comparing the original and converted data
for completeness and integrity.
4. Confirm that the data conversion plan does not require changes in data
N/P/L/F/N.A. values unless absolutely necessary for business reasons. Document
changes made to data values, and secure approval from the business
process data owner.
5. Rehearse and test the conversion before attempting a live conversion.
6. Consider the risk of conversion problems, business continuity planning, and
fallback procedures in the business process, data and infrastructure
migration plan where there are risk management, business needs or
regulatory/compliance requirements.
7. Co-ordinate and verify the timing and completeness of the conversion
cutover so there is a smooth, continuous transition with no loss of
transaction data. Where necessary, in the absence of any other alternative,
freeze live operations.
8. Plan to back up all systems and data taken at the point prior to conversion.
Maintain audit trails to enable the conversion to be retraced and ensure that
there is a recovery plan covering rollback of migration and fallback to
previous processing should the migration fail.
9. Plan retention of backup and archived data to conform to business needs
and regulatory or compliance requirements.
8
COBIT5
BAI07.BP3 BAI07.03 Plan acceptance tests.
Establish a test plan based on enterprisewide standards that define roles,

responsibilities, and entry and exit criteria. Ensure that the plan is approved by
relevant parties.
1. Develop and document the test plan, which aligns to the programme and
project quality plan and relevant organisational standards. Communicate
and consult with appropriate business process owners and IT stakeholders.
2. Ensure that the test plan reflects an assessment of risk from the project and
that all functional and technical requirements are tested. Based on
assessment of the risk of system failure and faults on implementation, the
plan should include requirements for performance, stress, usability, pilot
and security testing.
3. Ensure that the test plan addresses the potential need for internal or
external accreditation of outcomes of the test process (e.g., financial
regulatory requirements).
4. Ensure that the test plan identifies necessary resources to execute testing
and evaluate the results. Examples of resources include construction of test
environments and use of staff time for the test group, including potential
temporary replacement of test staff in the production or development
environments. Ensure that stakeholders are consulted on the resource
implications of the test plan.
N/P/L/F/N.A.
5. Ensure that the test plan identifies testing phases appropriate to the
operational requirements and environment. Examples of such testing
phases include unit test, system test, integration test, user acceptance test,
performance test, stress test, data conversion test, security test, operational
readiness test, and backup and recovery tests.
6. Confirm that the test plan considers test preparation (including site
preparation), training requirements, installation or an update of a defined
test environment, planning/performing/documenting/retaining test cases,
error and problem handling, correction and escalation, and formal approval.
7. Ensure that the test plan establishes clear criteria for measuring the
success of undertaking each testing phase. Consult the business process
owners and IT stakeholders in defining the success criteria. Determine that
the plan establishes remediation procedures when the success criteria are
not met (e.g., in a case of significant failures in a testing phase, the plan
provides guidance on whether to proceed to the next phase, stop testing or
postpone implementation).
8. Confirm that all test plans are approved by stakeholders, including business
process owners and IT, as appropriate. Examples of such stakeholders are
application development managers, project managers and business
process end users.
9
COBIT5
BAI07.BP4 BAI07.04 Establish a test environment.
Define and establish a secure test environment representative of the planned

business process and IT operations environment, performance and capacity,
security, internal controls, operational practices, data quality and privacy
requirements, and workloads.
1. Create a database of test data that are representative of the production

environment. Sanitise data used in the test environment from the production
environment according to business needs and organisational standards
(e.g., consider whether compliance or regulatory requirements oblige the
use of sanitised data).
2. Protect sensitive test data and results against disclosure, including access,
retention, storage and destruction. Consider the effect of interaction of
organisational systems with those of third parties.
N/P/L/F/N.A. 3. Put in place a process to enable proper retention or disposal of test results,
media and other associated documentation to enable adequate review and
subsequent analysis as required by the test plan. Consider the effect of
regulatory or compliance requirements.
4. Ensure that the test environment is representative of the future business
and operational landscape, including business process procedures and
roles, likely workload stress, operating systems, necessary application
software, database management systems, and network and computing
infrastructure found in the production environment.
5. Ensure that the test environment is secure and incapable of interacting with
production systems.
10
COBIT5
BAI07.BP5 BAI07.05 Perform acceptance tests.
Test changes independently in accordance with the defined test plan prior to
migration to the live operational environment.
1. Review the categorised log of errors found in the testing process by the
development team, verifying that all errors have been remediated or
formally accepted.
2. Evaluate the final acceptance against the success criteria and interpret the
final acceptance testing results. Present them in a form that is
understandable to business process owners and IT so an informed review
and evaluation can take place.
3. Approve the acceptance with formal sign-off by the business process
owners, third parties (as appropriate) and IT stakeholders prior to promotion
to production.
4. Ensure that testing of changes is undertaken in accordance with the testing
plan. Ensure that the testing is designed and conducted by a test group
independent from the development team. Consider the extent to which
business process owners and end users are involved in the test group.
Ensure that testing is conducted only within the test environment.
5. Ensure that the tests and anticipated outcomes are in accordance with the
defined success criteria set out in the testing plan.
N/P/L/F/N.A. 6. Consider using clearly defined test instructions (scripts) to implement the
tests. Ensure that the independent test group assesses and approves each
test script to confirm that it adequately addresses test success criteria set
out in the test plan. Consider using scripts to verify the extent to which the
system meets security requirements.
7. Consider the appropriate balance between automated scripted tests and
interactive user testing.
8. Undertake tests of security in accordance with the test plan. Measure the
extent of security weaknesses or loopholes. Consider the effect of security
incidents since construction of the test plan. Consider the effect on access
and boundary controls.
9. Undertake tests of system and application performance in accordance with
the test plan. Consider a range of performance metrics (e.g., end-user
response times and database management system update performance).
10. When undertaking testing, ensure that the fallback and rollback elements of
the test plan have been addressed.
11. Identify, log and classify (e.g., minor, significant, mission-critical) errors
during testing. Ensure that an audit trail of test results is available.
Communicate results of testing to stakeholders in accordance with the test
plan to facilitate bug fixing and further quality enhancement.
11
COBIT5
BAI07.BP6 BAI07.06 Promote to production and manage releases.
Promote the accepted solution to the business and operations. Where

appropriate, run the solution as a pilot implementation or in parallel with the old
solution for a defined period and compare behaviour and results. If significant
problems occur, revert back to the original environment based on the
fallback/backout plan. Manage releases of solution components.
1. Prepare for transfer of business procedures and supporting services,

applications and infrastructure from testing to the production environment in
accordance with organisational change management standards.
2. Determine the extent of pilot implementation or parallel processing of the
old and new systems in line with the implementation plan.
3. Promptly update relevant business process and system documentation,
configuration information and contingency plan documents, as appropriate.
4. Ensure that all media libraries are updated promptly with the version of the
N/P/L/F/N.A. solution component being transferred from testing to the production
environment. Archive the existing version and its supporting documentation.
Ensure that promotion to production of systems, application software and
infrastructure is under configuration control.
5. Where distribution of solution components is conducted electronically,
control automated distribution to ensure that users are notified and
distribution occurs only to authorised and correctly identified destinations.
Include in the release process backout procedures to enable the distribution
of changes to be reviewed in the event of a malfunction or error.
6. Where distribution takes physical form, keep a formal log of what items
have been distributed, to whom, where they have been implemented, and
when each has been updated.
12
COBIT5
BAI07.BP7 BAI07.07 Provide early production support.
Provide early support to the users and IT operations for an agreed-on period of
time to deal with issues and help stabilise the new solution.
1. Provide additional resources, as required, to end users and support

N/P/L/F/N.A.
personnel until the release has stabilised.
2. Provide additional IT systems resources, as required, until the release is in
a stable operational environment.
13
COBIT5
BAI07.BP8 BAI07.08 Perform a post-implementation review.
Conduct a post-implementation review to confirm outcome and results, identify

lessons learned, and develop an action plan. Evaluate and check the actual
performance and outcomes of the new or changed service against the predicted
performance and outcomes (i.e., the service expected by the user or customer).
1. Establish procedures to ensure that post-implementation reviews identify,

assess and report on the extent to which:
Enterprise requirements have been met.
Expected benefits have been realised.
The system is considered usable.
Internal and external stakeholder expectations are met.
Unexpected impacts on the enterprise have occurred.
Key risk is mitigated.
The change management, installation and accreditation processes
N/P/L/F/N.A. were performed effectively and efficiently.
2. Consult business process owners and IT technical management in the
choice of metrics for measurement of success and achievement of
requirements and benefits.
3. Conduct the post-implementation review in accordance with the
organisational change management process. Engage business process
owners and third parties, as appropriate.
4. Consider requirements for post-implementation review arising from outside
business and IT (e.g., internal audit, ERM, compliance).
5. Agree on and implement an action plan to address issues identified in the
post-implementation review. Engage business process owners and IT
technical management in the development of the action plan.
14
COBIT5
2.2. Process Work Products
Process Input Work Products

ID Name Used Name in the Location
(X) Organization
BAI07.01 Establish an implementation plan
BAI01.09 Quality management plan
BAI06.01 Change plan and schedule

Approved requests for change
BAI01.09 Requirements for independent

verification of deliverables
BAI03.07 Test procedures
Test plan
BAI03.08 Test result communications
Test result logs and audit trails
APO11.03 Review results of quality of service,

including customer feedback
BAI05.05 Success measures and results
APO11.04 Results of quality reviews

and audits
APO11.05 Root causes of quality
delivery failures
Results of solution and
service delivery quality
monitoring
BAI05.05 Success measures and results
15
COBIT5
Process Output Work Products

(X) Organization
BAI07.01 Establish an implementation plan
Internal Approved implementation plan
Internal Implementation fallback and
recovery process
DSS06.02 Migration plan
BAI01.04 Approved acceptance
BAI01.08 test plan
Internal Test data
Internal Test results log
BAI01.06 Evaluation of acceptance
results
BAI01.04 Approved acceptance and
release for production
BAI10.01 Release plan
Internal Release log
APO08.04 Supplemental support plan
APO08.05
DSS02.04
BAI01.13 Post-implementation review report
BAI01.14
BAI01.13 Remedial action plan
BAI01.14
16
COBIT5
2.3. Process Maturity Level 1 Assessment
Level 1 The implemented process achieves its Process Purpose.

Performed
Process
PA 1.1 The Process Performance attribute is a measure of the extent to which the
Process Process Purpose is achieved. As a result of full achievement of this attribute, the
Performance process achieves its defined Expected Results.
Attribute
Did this process reach its objectives, its Expected Results, and show some
tangible evidence of process activities (e.g. information or document)?
What could be improved?
GP 111
Achieve the
Process
Expected
Results
17
COBIT5
Level 2 The Performed Process is now implemented in a managed fashion

Managed (planned, monitored, and adjusted) and its Work Products are
Process appropriately established, controlled, and maintained.
PA 2.1 The Performance Management attribute is a measure of the extent to which

Performance the performance of the process is managed.
Management
Attribute
Are the objectives of the process defined?
Are there deadlines, constraints, or target values to reach?
Who defines those objectives?
GP 211 Identify
the Objectives
for the
Performance of
the Process
Is there a plan of actions to execute the process? What type of plan is it?
Is there any monitoring of process activities against that plan?
Are activities appropriately and regularly monitored?
Is the time to perform the process estimated and tracked?
GP 212 Plan
and Monitor the
Performance of
the Process to
Fulfill the
Identified
Objectives
18
COBIT5
Is someone tracking the process activities? Does someone notice and react if
they are not performed?
Are there corrective actions when process results dont meet objectives?
(More resources, new planning)?
GP 213 Adjust
the
Performance of
the Process
What are the roles and responsibilities that have been identified for this
process?
Are they clearly defined (even not formally at this stage)? Are they
communicated to everyone?
Who is responsible for that?
GP 214 Define
Responsibilities
and Authorities
for Performing
the Process
Do you think that existing HR are well trained and efficient? Are they
numerous enough and available? Are other resources available when needed
(monitoring, tracking, and reporting tools)?
GP 215 Identify
and Make
Available
Resources to
Perform the
Process
according to
Plan
19
COBIT5
Who are involved parties in the process? Who uses the outputs from this
process (reporting, documents or information)?
What type of communication is there between the different stakeholders?
How is the coordination between the organizational functions involved in the
process managed?
GP 216
Manage the
Interfaces
Between
Involved
Parties
PA 2.2 Work The Work Product Management attribute is a measure of the extent to which
Product the Work Products produced by the process are appropriately managed.
Management
Attribute
What are the documents/information used or resulting from the process?
Do you have defined requirements and quality criteria for these documents
(and information)?
Do you know what they should contain?
GP 221 Define Are the input and output of the process based on templates (at your level)?
the
Requirements
for the Work
Products
Do you have specific rules to manage the process inputs and outputs?
Are there rules for versioning? Document naming?
Are there access rules for documents, information, databases?
GP 222 Define
the
Requirements
for
Documentation
and Control of
the Work
Products
20
COBIT5
Are these rules applied in the field?

Overall, do you have trouble handling documents?
Does it happen that people do not have access to the information when they
should? that you cannot find the latest version of a document?
GP 223
Identify,
Document, and
Control the
Work Products
Are there reviews of the documents and other outputs produced by the
process? Do you compare the actual documents to their requirements and
quality criteria?
Is there a frequency for reviewing the documents and other outputs produced
by the process?
If any problem is detected, are corrective actions taken? How?
GP 224 Review
and Adjust
Work Products
to Meet the
Defined
Requirements
21
COBIT5
2.5. Work Products for Level 2
Work Products
(X) Organization
PA 2.1 Performance Management Attribute
3-00 Plan
5-00 Record
6-00 Report
PA 2.2 Work Product Management Attribute
1-00 Object
3-00 Plan
5-00 Record
8-00 Specification
22
COBIT5
Level 3 The Managed Process is now implemented using a standard process

Established definition capable of achieving its process Expected Results.
Process
PA 3.1 Process The Process Definition attribute is a measure of the extent to which a
Definition standard process is defined and maintained to support the deployment of the
Attribute Process.
Is this process described formally?
Are all the process activities described in a reference guide, a Quality or
Service Management System (SMS or QMS), or in procedures?
Do you have templates supporting the process?
GP 311 Define
the Standard
Process that will
support the
Deployment of
the Process
Are the connections between the process activities and other processes
clearly identified and defined? Where?
Do you have a diagram describing the relationships?
GP 312
Determine the
Sequence and
Interaction
between
Processes so
that they work
as an Integrated
System of
Processes
23
COBIT5
Is there a clear description of required competencies for those activities?

Are the various roles defined in job descriptions, competence profiles?
GP 313 Identify
the Roles and
Competencies
for Performing
the Standard
Process
Is the required work environment appropriately identified and described?

Are the tools required for supporting the process performance specified?
GP 314 Identify
the Required
Infrastructure
and Work
Environment for
Performing the
Standard
Process
Is a mechanism defined to monitor the efficiency and suitability of the process

across the organization?
Have you identified the need for internal audits or management reviews? Are
these internal audits or management reviews planned?
GP 315
Do you have defined the way to identify the weaknesses (and strengths) of
Determine
your process? And how to benefit from them?
Suitable
Methods to
Monitor the
Effectiveness
and Suitability
of the Standard
Process
24
COBIT5
Have you identified the different audiences for the service management
reports?
Have you defined the layout, contents, and frequency of Service
Management reports (according to the audience)?
[ITIL 2011: Was it agreed with the business?
Service
Reporting]
GP 316 Define
and Agree upon
the Content of
Service
Management
Reports
PA 3.2 Process The Process Deployment attribute is a measure of the extent to which the
Deployment standard process is effectively deployed to achieve its process Expected
Attribute Results.
Does the process implemented correspond to the one that is described
formally?
How do you organize the deployment of the process across the organization?
GP 321 Deploy
a Standard
Process that
satisfies the
context-specific
Requirements
from the
Standard
Process
Definition
25
COBIT5
Are all the defined roles for this process assigned to someone?
Are all the responsibilities identified and communicated? With appropriate
authority lead?
GP 322 Assign
and
Communicate
Roles,
Responsibilities,
and Authorities
for Performing
the Standard
Process
Do you think that people working on this process have the right level of
knowledge or training?
How do you ensure that the competence level is adequate?
Do you look at particular skills when hiring people?
Is there a training plan for the actors of this process? Are there training
sessions organized to improve the competence level?
GP 323 Ensure
necessary
Competencies
for Performing
the Standard
Process
26
COBIT5
Are resources and required information available to implement the process?

Do you have enough financial and human resources? Do you miss any other
resource?
GP 324 Provide
Resources and
Information to
Support the
Performance of
the Standard
Process
Does the work environment correspond to what has been defined formally for
implementing this process?
Do you have enough technical (HW, SW) resources?
GP 325 Provide Do you have the appropriate tools?
Adequate
Process
Infrastructure to
Support the
Performance of
the Standard
Process
Do you collect information on the performed activities?

Do you collect and analyze data on the process implementation?
What for? (to ensure that the process activities meet the requirements
defined in the standard guide, or to check that it is suitable and effective)
GP 326 Collect How do you analyze this data? Can it help determine process efficiency?
and Analyze
Data about the
Performance of
the Process to
Demonstrate its
Suitability and
Effectiveness
27
COBIT5
Do you produce Service Management reports according to service reporting

policies and rules? What is the frequency?
Do you communicate Service Management reports to interested parties?
How?
[ITIL 2011:
Service
Reporting]
GP 327
Produce and
Publish Service
Management
Reports
28
COBIT5
Work Products
(X) Organization
PA 3.1 Process Definition Attribute
2-00 Description
3-00 Plan
4-00 Procedure
5-00 Record
8-00 Specification
PA 3.2 Process Deployment Attribute
2-00 Description
3-00 Plan
5-00 Record
6-00 Report
8-00 Specification
29
COBIT5
Level 4 The Established Process now operates within defined limits to achieve its
Predictable process Expected Results.
Process
PA 4.1 The Process Measurement attribute is a measure of the extent to which
Process measurement results are used to ensure that the performance of the process
Measurement supports the achievement of the relevant process performance objectives in
Attribute support of defined business goals.
Are business goals known?
What process information is necessary to determine whether business goals
are met?
GP 411
Identify
Process
Information
Needs, in
Relation with
Business
Goals
What needs to be measured in this process?

Are the reports produced compatible with process objectives and business
goals?
GP 412
Derive
Process
Measurement
Objectives
from Process
Information
Needs
30
COBIT5
GP 413 Can you give examples of process quantitative objectives that you follow?
Establish
Quantitative
Objectives for
the
Performance
of the
Standard
Process,
according to
the Alignment
of the
Process with
the Business
Goals
What metrics are measured and what is the frequency of those measurements?
With these measures can you determine whether the process reaches its
quantitative objectives?
GP 414
Identify
Product and
Process
Measures
that support
the
Achievement
of the
Quantitative
Objectives for
Process
Performance
How are those measures collected? Who is responsible for collecting, and
reporting measures?
Are they measured automatically? How hard is it? How long does it take to get
those measures?
GP 415
Collect
Product and
Process
Measurement
Results
through
performing
the Standard
Process
31
COBIT5
Who analysis the measures?

Are measurement results used to verify the achievement of the process?
Is there, somewhere, a summary of the evolution of the process indicators?
GP 416 Use
the Results of
the Defined
Measurement
to Monitor
and Verify
the
Achievement
of the
Process
Performance
Objectives
PA 4.2 The Process Control attribute is a measure of the extent to which the process is
Process quantitatively managed to produce a process that is stable, capable, and
Control predictable within defined limits.
Attribute
Are there regular statistical analyses of the process performance?
Have you defined techniques to control the process performance?
GP 421
Determine
Analysis and
Control
Techniques,
appropriate
to control the
Process
Performance
Are some performance limits defined for the process?

Where do those limits come from? How have they been defined?
GP 422
Define
Parameters
suitable to
Control the
Process
Performance
32
COBIT5
Does the analysis of measurement data enable the identification of problems

encountered in the implementation of the process itself?
Do you compare the process performance to the defined limits?
GP 423
Analyze Do you identify root causes of process performance variations?
Process and
Product
Measurement
Results to
Identify
Variations in
Process
Performance
How are special causes of variations treated? How are corrective action
implemented?
GP 424
Identify and
Implement
Corrective
Actions to
Address
Assignable
Causes
After the implementation of corrective actions, are new limits defined for
process performance?
GP 425 Re-
Establish
Control Limits
following
Corrective
Actions
33
COBIT5
Work Products
(X) Organization
PA 4.1 Process Measurement Attribute
2-00 Description
3-00 Plan
5-00 Record
6-00 Report
8-00 Specification
PA 4.2 Process Control Attribute
2-00 Description
3-00 Plan
5-00 Record
6-00 Report
34
COBIT5
Level 5 The Predictable Process is continuously improved to meet relevant,

Optimizing current, and projected business goals.
Process
PA 5.1 The Process Innovation attribute is a measure of the extent to which changes
Process to the process are identified from analysis of common causes of variation in
Innovation performance and from investigations of innovative approaches to the definition
Attribute and deployment of the process.
Do you define improvement objectives for the process based on your business
goals?
GP 511 Define
the Process
Improvement
Objectives for
the Process
that Support
the Relevant
Business
Goals
Is the process reviewed to identify potential sources of variation? Do you

identify improvement opportunities based on the analysis of these variations?
GP 512
Analyze
Measurement
Data of the
Process to
Identify Real
and Potential
Variations in
the Process
Performance
35
COBIT5
Do you watch innovation and the evolution of best practices in the process
domain to identify improvement opportunities?
GP 513
Identify
Improvement
Opportunities
of the Process
Based on
Innovation and
Best Practices
Are there reviews of new technologies? Do you define improvement

opportunities for the process based on new technologies?
GP 514 Derive
Improvement
Opportunities
of the Process
from New
Technologies
and Process
Concepts
Is there a defined improvement strategy for the process?
GP 515
Define an
Implementatio
n Strategy
based on long-
term
Improvement
Vision and
Objectives
36
COBIT5
PA 5.2 The Process Optimization attribute is a measure of the extent to which

Process changes to the definition, management, and performance of the process result
Optimization in an effective impact that achieves the relevant process improvement
Attribute objectives.
GP 521 How do you assess the proposed improvements of the standard process?
Assess the
Impact of Each
Proposed
Change
against the
Objectives of
the Defined
Standard
Process
How are the process improvements implemented? What are the steps?
GP 522
Manage the Who implements the process improvement changes? Who will follow and
Implementatio check the positive or negative effect?
n of agreed
changes to
select areas of
the Defined
Standard
Process
according to
the
Implementatio
n Strategy
GP 523 When improvement changes are implemented, is the implementation

Evaluate the effectiveness assessed? Who is in charge? (top management, process
Effectiveness owner?)
of Process
Change on the
basis of actual
Performance
against
Process
Performance
and Capability
Objectives and
Business
Goals
37
COBIT5
Work Products
(X) Organization
PA 5.1 Process Innovation Attribute
2-00 Description
3-00 Plan
4-00 Procedure
5-00 Record
6-00 Report
8-00 Specification
PA 5.2 Process Optimization Attribute
2-00 Description
3-00 Plan
5-00 Record
6-00 Report
8-00 Specification
38

Glenfis COBIT5 Eng Questionnaire BAI07 r2 v2.0

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Glenfis COBIT5 Eng Questionnaire BAI07 r2 v2.0

Hochgeladen von

Copyright:

Verfügbare Formate

COBIT5

BAI07 Manage Change

Daily Tasks Description

Degree of Involvement During Interview Comments

2. BAI07 Manage Change Acceptance & Testing

Process Name Manage Change Acceptance & Testing

Process Formally accept and make operational new solutions, including

Management BAI07.01 Establish an implementation plan.

BAI07.02 Plan business process, system and data conversion.

BAI07.03 Plan acceptance tests.

BAI07.04 Establish a test environment.

BAI07.05 Perform acceptance tests.

BAI07.06 Promote to production and manage releases.

BAI07.07 Provide early production support.

BAI07.08 Perform a post-implementation review.

2.1. Base Practices

BAI07.BP1 BAI07.01 Establish an implementation plan

BAI07.BP2 BAI07.02 Plan business process, system and data conversion.

Are the following activities planned, done, checked and improved?

1. Define a business process, IT: service data and infrastructure migration

BAI07.BP3 BAI07.03 Plan acceptance tests.

Establish a test plan based on enterprisewide standards that define roles,

BAI07.BP4 BAI07.04 Establish a test environment.

Define and establish a secure test environment representative of the planned

1. Create a database of test data that are representative of the production

BAI07.BP5 BAI07.05 Perform acceptance tests.

BAI07.BP6 BAI07.06 Promote to production and manage releases.

Promote the accepted solution to the business and operations. Where

Are the following activities planned, done, checked and improved?

1. Prepare for transfer of business procedures and supporting services,

BAI07.BP7 BAI07.07 Provide early production support.

1. Provide additional resources, as required, to end users and support

BAI07.BP8 BAI07.08 Perform a post-implementation review.

Conduct a post-implementation review to confirm outcome and results, identify

1. Establish procedures to ensure that post-implementation reviews identify,

2.2. Process Work Products

Process Input Work Products

BAI01.09 Quality management plan

BAI06.01 Change plan and schedule

BAI07.03 Plan acceptance tests.

BAI01.09 Requirements for independent

BAI07.05 Perform acceptance tests.

BAI07.06 Promote to production and manage releases.

BAI07.07 Provide early production support.

APO11.03 Review results of quality of service,

BAI07.08 Perform a post-implementation review.

APO11.04 Results of quality reviews

Process Output Work Products

2.3. Process Maturity Level 1 Assessment

Level 1 The implemented process achieves its Process Purpose.

2.4. Process Maturity Level 2 Assessment

Level 2 The Performed Process is now implemented in a managed fashion

PA 2.1 The Performance Management attribute is a measure of the extent to which

Are these rules applied in the field?

2.5. Work Products for Level 2

2.6. Process Maturity Level 2 Assessment

Level 3 The Managed Process is now implemented using a standard process

Is there a clear description of required competencies for those activities?

Is the required work environment appropriately identified and described?

Is a mechanism defined to monitor the efficiency and suitability of the process

Are resources and required information available to implement the process?

Do you collect information on the performed activities?

Do you produce Service Management reports according to service reporting