Академический Документы
Профессиональный Документы
Культура Документы
ABusinessFrameworkfortheGovernance
andManagementofEnterpriseIT
COBIT5isaregisteredtrademarkofISACA.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged.
Corporate Training, Consulting, Examinations, Process
COBIT5:Implementation
Improvements, Assessments
Module 0:
Introduction
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 2
COBIT5:Implementation
0 Introduction COBIT5Implementation
4PAdvisoryServices
Module0:Agenda
Administration
CopyrightandAcknowledgement
Dos andDonts
Administration
CourseInformation
ParticipantIntroduction
LearningObjectives
CourseTopics
ExaminationInformation,ProceduresandTips
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 3
COBIT5:Implementation
0 Introduction COBIT5Implementation
4PAdvisoryServices
Copyright&Acknowledgements
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 4
COBIT5:Implementation
0 Introduction COBIT5Implementation
4PAdvisoryServices
DosandDonts
DO DONT
Getinvolved UseLaptops,Tablets,Smartphones,
SmartWatches
Shareexperiences Leadtoirrelevantoutofscope
discussions
Keepanopenmind Bedisruptive
Agree todisagree!
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 5
COBIT5:Implementation
0 Introduction COBIT5Implementation
4PAdvisoryServices
Administration
Firesafety
Plannedfirealarmtests
Evacuationproceduresandfireexits
Toilets/Washrooms
Securityofbelongings
Coursetimingsandbreaks
Mobiles/blackberries
PhotoIDandpencilsforexaminations
Lotsofquestions/discussionplease!
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 6
COBIT5:Implementation
0 Introduction COBIT5Implementation
4PAdvisoryServices
CourseInformation
CourseStructureandApproach
Presentationsessions
Groupexercises
CaseStudies
Exampreparation
CourseMaterials@(www.isaca.org)
COBIT5Kitcanbedownloaded.
COBIT5ImplementationGuidecanbedownloaded.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 7
COBIT5:Implementation
0 Introduction COBIT5Implementation
4PAdvisoryServices
CourseSyllabusInformation
The syllabus is presented by syllabus areas. This is the unit of learning which may
relate to a chapter from the manual/guidance or several concepts commonly
grouped together in a training course module. The following syllabus areas are
identified.
IP Initiate the program (What are the drivers? Phase 1)
DP Define Problems & Opportunities (Where are we now and where do we
want to be? Phases 2 & 3)
PE Plan & Execute the program (What needs to be done & How do we get
there? Phases 4 & 5)
RB Realize Benefits and Review effectiveness (Did we get there and how do we
keep the momentum going? Phases 6 & 7)
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 8
COBIT5:Implementation
0 Introduction COBIT5Implementation
4PAdvisoryServices
CourseReferenceInformation
ReferenceMaterial:
COBIT5ImplementationGuide
COBIT5EnablingProcessesGuide
TheCOBIT5Toolkit(containstoolsthatwillbereferencedandusedinthe
training)
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 9
COBIT5:Implementation
0 Introduction COBIT5Implementation
4PAdvisoryServices
COBIT5Publications
COBIT5Publications:
COBIT5*
COBIT5Implementation
COBIT5:EnablingProcesses
COBIT5:EnablingInformation
COBIT5ProfessionalGuides
COBIT5forInformationSecurity
COBIT5forAssurance
COBIT5forRisk
COBIT5AssessmentProgrammePublications
ProcessAssessmentModel
SelfAssessmentGuide
AssessorGuide
*TheCOBIT5Framework
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 10
COBIT5:Implementation
0 Introduction COBIT5Implementation
4PAdvisoryServices
ExamInformation
COBIT5Implementation:
DeliveryComputer(web)orPaperbased
Type4Multiplechoicequestions(20itemseach)
Singleresponse,oneoffourpossibleanswers
Multipleresponse,XofYpossibleanswers
Matchingresponse
Assertionresponse
Eachquestionisawardedone(1)mark
Duration150minutes
PassMark50%(40ormoremarks)
OpenBook:COBIT5Implementationbookonly
PrerequisitesCOBIT5FoundationCertificate
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 11
COBIT5:Implementation
0 Introduction COBIT5Implementation
4PAdvisoryServices
ParticipantIntroductions
TrainersIntroduction
ParticipantsIntroduction
Name
Role&experienceintheITGovernancedomain
Professionalexperience
Currentrole&correspondingresponsibilities
Whatyouknowaboutthetopicsundercoverage?
Whatyouexpectfromthesession?
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 12
COBIT5:Implementation
0 Introduction COBIT5Implementation
4PAdvisoryServices
LearningObjective
Analysetheenterprisedrivers
Applytheimplementationchallenges,theirrootcausesandsuccessfactors
Assesscurrentprocesscapability
Determinetargetprocesscapability
Scopeandplanimprovements
Considerpracticalimplementationfactors
Identifyandavoidpotentialpitfalls
Leveragethelatestgoodpractices
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 13
COBIT5:Implementation
0 Introduction COBIT5Implementation
4PAdvisoryServices
CourseModules:1of2
Module1 Module3
IntroductiontoCOBIT IPInitiatetheprogram(Whatarethe
drivers? Phase1)
Module2 Module4
IntroductiontoCOBIT5and DP:DPDefineProblems&
ImplementationPractices Opportunities
ICIntroductiontoCOBIT Principles, Module3.1DPDefineProblems&
Enablers,ProcessesandPRM Opportunities(Wherearewenow
(ProcessReferenceModel) Phase2)
CSCaseStudyandDiscussions Module3.2DPDefineProblems&
PMCSIModelandProgram Opportunities(Wheredowewantto
ManagementforCOBIT be? Phases3)
Implementation
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 14
COBIT5:Implementation
0 Introduction COBIT5Implementation
4PAdvisoryServices
CourseModules:2of2
Module5 Module6
PE:PEPlan&Executethe RB:RealizeBenefitsandReview
program effectiveness
4.1PEPlan&Executethe 5.1RBRealizeBenefitsandReview
program(Whatneedstobe effectiveness(Didwegetthere?
done? Phase4) Change Phase6)
Enablement? 5.2RBRealizeBenefitsandReview
effectiveness(Howdowekeepthe
4.2PEPlan&Executethe momentumgoing? Phase7)
program(Howdowegetthere? Module7
Phase5) CE&CIChangeEnablementand
ContinuousImprovement
Module8
COBIT5AssessmentSteps
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 15
COBIT5:Implementation
0 Introduction COBIT5Implementation
4PAdvisoryServices
AboutISACA
Module 1:
Introduction to Governance
and COBIT5
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 17
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
CorporateGovernancevs.ITGovernance
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 18
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
LearningOutcomes
Understandtheconceptsrelatingtothestructureandformatofthe
framework,thedriversandbusinessbenefitsofusingtheCOBIT5
framework,Specificallytoidentify:
o ThedriversforthedevelopmentofCOBIT5,specificallytheneedsfor
thenextgenerationofISACAsguidanceontheenterprisegovernance
andmanagementofIT.
o ThebenefitstotheenterprisestakeholdersbyusingtheCOBIT5
framework
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 19
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
DefiningGovernance
GovernanceisaboutNegotiatinganddecidingamongstdifferentstakeholders
valueinterests.
Wikipedia:Governancerefersto"allprocessesofgoverning,whether
undertakenbyagovernment,marketornetwork,whetheroverafamily,
tribe,formalorinformalorganizationorterritoryandwhetherthroughlaws,
norms,powerorlanguage.
ISACA:GovernanceExerciseofauthority;control;government;arrangement
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 20
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
DefiningManagement
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 21
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
PurposeofGovernance&Management
4PAdvisoryServices
WhyCOBIT5Developed?
COBIT 5:
ISACA Board of Directors directive: Tie together and reinforce all ISACA
knowledge assets with COBIT.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 23
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
TheEvolutionofCOBIT5
GovernanceofEnterpriseIT
ITGovernance
BMIS
(2010)
Evolution
Management
ValIT2.0
(2008)
Control
Audit RiskIT
(2009)
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 24
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
COBIT5Scope
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 25
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
Benefits
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 26
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
EnterpriseBenefits
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 27
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
StakeholderValue
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 28
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
Benefits...
COBIT 5 :
Defines the starting point of governance and management activities with the
stakeholder needs related to enterprise IT
Creates a more holistic, integrated and complete view of enterprise
governance and management of IT that is consistent, provides an endtoend
view on all ITrelated matters and provides a holistic view
Creates a common language between IT and business for the enterprise
governance and management of IT
Is consistent with generally accepted corporate governance standards, and
thus helps to meet regulatory requirements
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 29
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
Examples:Factors,whichmayindicateaneedfortheimproved
governanceofenterpriseIT:
SignificantincidentsrelatedtoITrisk,suchasdatalossorprojectfailure,
havebeenexperienced.
LackofconfidenceinITmanagement
ITinvestmentsandriskswerebeingmanagedbyvariousITdepartmentsin
isolation,resultinginduplicatedeffortsinsomeareasandgapsinothers.
LackofinformationconsistencyandaccountabilityacrossallITgroups.
ITgoalsandperspectivesnotclearlyalignedtotheorganizationalgoals.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 30
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
TheCOBIT5Format
Simplified
COBIT5directlyaddressestheneedsoftheviewerfromdifferent
perspectives
Developmentcontinueswithspecificpractitionerguides
COBIT5isinitiallyin3volumes:
1. TheFramework
2. ProcessReferenceGuide
3. ImplementationGuide
COBIT5isbasedon:
5principlesand
7enablers
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 31
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
COBIT5:Principles
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 32
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
Principle1:MeetingStakeholderNeeds
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 33
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
Principle2:CoveringtheEnterpriseEndtoEnd
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 34
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
Principle3 SingleIntegratedFramework.
OneSimple
Architecture
Integrationof
Completenessin Knowledgeacross
Enterprise domains
Coverage Single
Integrated
Framework
Alignmentwith
otherrelevant ISO/IEC15504for
frameworks& Assessment
Standards
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 35
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
Principle4:EnablingaHolisticApproach
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 36
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
Principle5 GovernanceandManagementDefined
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 37
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
COBIT5ProductFamily
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 38
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
TheCOBIT5IntegratorModellinksCOBIT5toexisting
COBITandOtherITGovernanceFrameworks
COSO
COBIT
ISO 27002
ISO 9000
ISACAguidancepublications.
SCOPE OF COVERAGE
Source ISACA
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 39
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
COBIT5MappingSpecifics..1
ISO/IEC 38500
o ISOs 6 principles map to COBIT 5
The following areas and domains are covered by ITIL 2011:
o A subset of process in the DSS domain
o A subset of processes in the BAI domain
o Some processes in the APO domain
ISO/IEC 27000 (currently 27001:2013)
o Security and ITrelated processes in domains EDM, APO and DSS
o Some monitoring of security monitoring activities in MEA
ISO/IEC 31000
o Risk management related activities in EDM and APO
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 40
COBIT5:Implementation
1 IntroductiontoCOBIT
Introduction COBIT5Implementation
4PAdvisoryServices
COBIT5MappingSpecifics..2
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 41
Corporate Training, Consulting, Examinations, Process
COBIT5:Implementation
Improvements, Assessments
Module 2:
An Introduction to COBIT5
Implementation
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 42
COBIT5:Implementation
2 AnIntroductiontoCOBIT5 COBIT5Implementation
ImplementationPractices 4PAdvisoryServices
COBIT5Implementation
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 43
COBIT5:Implementation
2 AnIntroductiontoCOBIT5 COBIT5Implementation
ImplementationPractices 4PAdvisoryServices
COBIT5Implementationcont.
The COBIT 5 Implementation Guide was released at the same time as the
COBIT 5 Framework and COBIT 5 Enabling Processes
Information and information technology are increasingly part of every
aspect of business.
The need to drive more value from IT investments and manage an increasing
array of ITrelated risk has never been greater
Increasing regulation and legislation is also raising awareness of the
importance of good governance
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 44
COBIT5:Implementation
2 AnIntroductiontoCOBIT5 COBIT5Implementation
ImplementationPractices 4PAdvisoryServices
ChallengestoSuccess
Whatarethedrivers?
Wherearewenowandwheredowewanttobe?
Whatneedstobedone?
Howdowegetthere?
Didwegetthereandhowdowekeepthemomentumgoing?
2012ISACA.AllRightsReserved.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 45
COBIT5:Implementation
2 AnIntroductiontoCOBIT5 COBIT5Implementation
ImplementationPractices 4PAdvisoryServices
RolesinCreatinganAppropriateEnvironment
2012ISACA.AllRightsReserved.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 46
COBIT5:Implementation
2 AnIntroductiontoCOBIT5 COBIT5Implementation
ImplementationPractices 4PAdvisoryServices
RACIchartforCreatinganAppropriateEnvironment
2012ISACA.AllRightsReserved.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 47
COBIT5:Implementation
2 AnIntroductiontoCOBIT5 COBIT5Implementation
ImplementationPractices 4PAdvisoryServices
ComponentsoftheLifecycle
ProgramManagement
1. Initiateprogram
2. Defineproblemsand
opportunities
3. Defineroadmap
4. Developprogramplan
5. Executeplan
6. Realizebenefits
7. Reviewprogram
effectiveness
8. Sustain
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 48
COBIT5:Implementation
2 AnIntroductiontoCOBIT5 COBIT5Implementation
ImplementationPractices 4PAdvisoryServices
COBIT5Implementation
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 49
COBIT5:Implementation
2 AnIntroductiontoCOBIT5 COBIT5Implementation
ImplementationPractices 4PAdvisoryServices
EnterpriseInternalandExternalfactors
UnderstandingtheEnterpriseInternalandexternalfactorsastheyapplyto
changemanagementsuchas:
o Ethicsandculture
o Applicablelaws,regulationsandpolicies
o Mission,visionandvalues
o Governancepoliciesandpractices
o Businessplansandstrategicintentions
o OperatingModel
o Managementstyle
o Riskappetite
o Capabilitiesandavailableresources
o Industrypractices
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 50
COBIT5:Implementation
2 AnIntroductiontoCOBIT5 COBIT5Implementation
ImplementationPractices 4PAdvisoryServices
KeySuccessFactors
TopManagementprovidingthedirectionandmandatefortheinitiativeas
wellasongoingcommitment
Allpartiessupportingthegovernanceandmanagementprocessesto
understandthebusinessandITobjectives.
Ensuringeffectivecommunicationandenablementofthenecessarychanges
TailoringCOBITandothersupportinggoodpracticesandstandardstofitthe
uniquecontextoftheenterpriseand
Focusingonquickwinsandprioritisingthemostbeneficialimprovements
thatareeasiesttoimplement.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 51
COBIT5:Implementation
2 AnIntroductiontoCOBIT5 COBIT5Implementation
ImplementationPractices 4PAdvisoryServices
ContinuousImprovementthrough7enablers
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 52
COBIT5:Implementation
2 AnIntroductiontoCOBIT5 COBIT5Implementation
ImplementationPractices 4PAdvisoryServices
CaseStudyScenario:ITGovernanceInitiative
Following the takeover the local organization is now known as the local office and the
purchaser is known as the Overseas Head Office.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 53
COBIT5:Implementation
2 AnIntroductiontoCOBIT5 COBIT5Implementation
ImplementationPractices 4PAdvisoryServices
CaseStudyScenario:BackgroundandCurrentIssues
Theorganizationcurrentlyisexperiencingissueswithchangemanagement.Asa
resultofthetakeover,furtherchangesarebeingintroducedwhichtheexistingprocesses
cannothandle.Theproblemsarebeingexacerbatedbythesizeandthevolumeofthe
requiredchanges.
Althoughthetakeoverfromtheoverseascompanyisrecent,OverseasRegulators
arealreadyseekingvisibilityofcompliance.
PriortobeingtakenoverthecurrentBoardhadongoingconcernswithITsecurity.
Theseconcernsareexpectedtoincreasegiventhedemandsofpassinginformationoverseas
tothenewOverseasHeadOffice.
Alsopriortothetakeover,relationshipsbetweenITandtheEnterprisewerenot
goodduetopreviousITprojectfailuresandlackofvisibilityofprojectbenefits.
Staffmoralehasbeenverylowwithanaboveaveragestaffturnover.Duetothe
recenttakeover,therehavebeenseniormanagementchangesandafurtherincreaseinstaff
turnoverduetothejobuncertainty.
TheorganizationhasanewandinexperiencedteaminITGovernance.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 54
COBIT5:Implementation
2 AnIntroductiontoCOBIT5 COBIT5Implementation
ImplementationPractices 4PAdvisoryServices
CaseStudyScenario:Currentprojectsinplace
Therearetwoexistingprojectsunderway:
HRProject ThereiscurrentlyaHRprojectinprogresstoaddressthehighlevelofstaff
turnover.Itsobjectiveistoreducethecurrentturnoverlevels.
ITSecurity Thelocalofficehasrecentlyengagedateamofexternalsecurityspecialiststo
reviewthecurrentlevelofITsecurityandtorecommendappropriatesolutions.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 55
COBIT5:Implementation
2 AnIntroductiontoCOBIT5 COBIT5Implementation
ImplementationPractices 4PAdvisoryServices
CaseStudyScenario:RolesandResponsibilities
AnextractoftheorganizationalstructureoftheFinancialServicesOrganisation (notincluding
theOverseasHeadOffice)isgivenbelow.
ITManagementconsistsoftheCIOandhisdirectreports.
TheAuditManagerisfromtheOverseasHeadOfficeandisresponsibleforthelocalAuditteam
TheITGovernance,RiskandCompliance(ITGRC)Managerisnewlyappointedandhasrecentlyattendeda
COBIT5course.
TheTechnicalSupportManagerhasbeenwiththeenterpriseforover20yearsandtakesaveryhandson
approach.Thisroleisresponsibleforensuringtheongoingavailabilityofthenetworkinfrastructure.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 56
COBIT5:Implementation
2 AnIntroductiontoCOBIT5 COBIT5Implementation
ImplementationPractices 4PAdvisoryServices
CaseStudyScenario:ITGovernanceInitiativeStartup
AsaresultoftheoverseascomplianceregulationstheITGovernance,Riskand
Compliance(ITGRC)ManagerhasdecidedtolaunchamajorITGovernanceInitiative.
Theinitiativewillincorporatethecompliancerequirementsmandatedbythe
OverseasHeadOfficeinadditiontoimprovementsingovernanceandchangemanagement.
Theexistingprojectswillbeincludedwithinthescope.
TheOverseasHeadOfficewillsponsortheprogramme andtheITGRCManagerhas
beenappointedastheProgramme Manager.However,someproblemshavealreadybeen
experienced:
AlthoughtheITGRCManagerhaslaunchedaninitiativeitisnotclearwhois
supportingtheinitiativeandwhichprocessesarerequiredtobetargeted.
CurrentattemptsbytheITGRCManagertogettheinitiativeoffthegroundhave
currentlybeenunsuccessful.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 57
COBIT5:Implementation
2 AnIntroductiontoCOBIT5 COBIT5Implementation
ImplementationPractices 4PAdvisoryServices
CaseStudyScenario:MappingofProcessestoIssues
TheITGRCManagercompletedasmallassessmentoftheissuesfacingtheneworganisation
includingthetwoexistingprojectsonHRandSecurityandareportsummarising theirsecurity
issues.HediscoveredmoreissuesrelatedtotheexistingchangemanagementandHRand
Securityproblems.HehasmappedthesetorisksandrecommendedthefollowingCOBIT
processestobeincludedintheimprovementprogramme inordertoassistandleveragebest
practiceforthefollowingIssuesandProblemareas:
ImplementationPractices 4PAdvisoryServices
CaseStudyScenario:MappingofProcessestoIssues
PROBLEMS & ISSUES RISKS COBIT PROCESSES
2. Security Issues
Accessbyexternal Users circumventing logical access rights DSS05; DSS04
contractorspoorlycontrolled Users obtaining access to unauthorized
information.
NopolicyandprocessforEnd Loss/disclosure of portable media, lap DSS05
Pointsecurityincludingmobile tops mobile devices etc.
devices. Accidental disclosure of sensitive
information.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 59
COBIT5:Implementation
2 AnIntroductiontoCOBIT5 COBIT5Implementation
ImplementationPractices 4PAdvisoryServices
CaseStudyScenario:MappingofProcessestoIssues
PROBLEMS & ISSUES RISKS COBIT PROCESSES
3.ChangeManagementIssues BAI05
Neworganisationcannotcope Business managers not involved in important BAI05
withchangerequestsfor It investment decision making regarding new
processes. applications, prioritisations or new
technology opportunities
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 60
COBIT5:Implementation
2 AnIntroductiontoCOBIT5 COBIT5Implementation
ImplementationPractices 4PAdvisoryServices
CaseStudyScenario:PlanandExecutetheProgram
Awarenessofthebusinessfrustrationaboutthelackofvisibilityofthecompliance
programhasreachedtheOverseasHeadOffice.Asaresultofthis,theOverseasHeadOffice
hasinstructedtheFinancialServicesOrganizationtoquicklysolvethisissuerelatingtothe
poorrelationshipsbetweenITandthebusiness.TheinstructionhascomedownforITto
solvethisaspartoftheGovernanceInitiative.
TheITGRCManagerisalreadyoverloadedwithworkandhencehasaskedoneof
hisjuniormembersofhisteamtotakeownershipofthetask.
Hehastoldthejuniormemberthatthesolutiontothisissuewillbetoinclude
informationrelatingtothecomplianceprogramontheFinancialServicesOrganizations
existingIntranet.AccesstothisIntranetisalreadyavailabletothebusiness.Duetobudget
constraints,therewillbealimitontheamountofinformationthatcanbeaddedtothe
Intranet.Thisworkmustbedoneinhouse.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 61
Corporate Training, Consulting, Examinations, Process
COBIT5:Implementation
Improvements, Assessments
Module 3:
IP Initiate the program
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 62
COBIT5:Implementation
3 IP:Initiatetheprogram(Whatarethe COBIT5Implementation
ContinualImprovementLifecyclePhase1
Ref.Figure15
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 63
COBIT5:Implementation
3 IP:Initiatetheprogram(Whatarethe COBIT5Implementation
RolesinPhase1
Ref.Figure16
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 64
COBIT5:Implementation
3 IP:Initiatetheprogram(Whatarethe COBIT5Implementation
Phase1Description(1/4)
Ref.Figure17
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 65
COBIT5:Implementation
3 IP:Initiatetheprogram(Whatarethe COBIT5Implementation
Phase1Description(2/4)
Ref.Figure17
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 66
COBIT5:Implementation
3 IP:Initiatetheprogram(Whatarethe COBIT5Implementation
Phase1Description(3/4)
Ref.Figure17
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 67
COBIT5:Implementation
3 IP:Initiatetheprogram(Whatarethe COBIT5Implementation
Phase1Description(4/4)
Ref.Figure17
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 68
COBIT5:Implementation
3 IP:Initiatetheprogram(Whatarethe COBIT5Implementation
Phase1RACIChart
Ref.Figure18
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 69
COBIT5:Implementation
3 IP:Initiatetheprogram(Whatarethe COBIT5Implementation
Phase1 WhatAretheDrivers?
TheBasics
InitiatetheProgramme
Establishdesiretochange:
Recogniseneedtoact
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 70
COBIT5:Implementation
3 IP:Initiatetheprogram(Whatarethe COBIT5Implementation
Phase1 WhatAretheDrivers?
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 71
COBIT5:Implementation
3 IP:Initiatetheprogram(Whatarethe COBIT5Implementation
Phase1 SWOT?
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 72
COBIT5:Implementation
3 IP:Initiatetheprogram(Whatarethe COBIT5Implementation
Phase1 TypicalPainPoints
FailedITinitiatives Resourcewastethrough
Risingcosts duplicationoroverlapinIT
Perceptionoflowbusinessvalue initiatives
forITinvestments InsufficientITresources
SignificantincidentsrelatedtoIT ITstaffburnout/dissatisfaction
risk(e.g.dataloss) ITenabledchangesfrequently
Servicedeliveryproblems failingtomeetbusinessneeds
Failuretomeetregulatoryor (latedeliveriesorbudget
contractualrequirements overruns)
AuditfindingsforpoorIT MultipleandcomplexITassurance
performanceorlowservice efforts
levels Boardmembersorsenior
Hiddenand/orrogueITspending managersthatarereluctantto
engagewithIT
2012ISACA.AllRightsReserved.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 73
COBIT5:Implementation
3 IP:Initiatetheprogram(Whatarethe COBIT5Implementation
Phase1 RelevantTriggerEvents
Merger,acquisitionordivestiture Anenterprisewidegovernance
Shiftinthemarket,economyor focusorproject
competitiveposition AnewCIO,CFO,COOorCEO
Externalauditorconsultant
Changeinbusinessoperating
assessments
modelorsourcingarrangements
Anewbusinessstrategyor
Newregulatoryorcompliance priority
requirements
Significanttechnologychangeor
paradigmshift
Byusingpainpointsortriggereventsasthelaunchingpoint
forITgovernanceinitiatives,thebusinesscase forGEIT
improvementcanberelatedtoissuesbeingexperienced,
whichwillimprovebuyintothebusinesscase.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 74
COBIT5:Implementation
3 IP:Initiatetheprogram(Whatarethe COBIT5Implementation
CaseStudyScenario:AdditionalPhase1Information
IntryingtounderstandwheretheFinancialServicesOrganizationcurrentlystandsin
respecttoGovernance,theITGRCManagerhasidentifiedanumberofissues:
ThelocalofficemanagementisconfusedaboutwhattheInitiativeistryingtoachieveand
doesntappeartobefullyengaged
Concernshavealsobeenexpressedastothepotentialcostoftheproposed
Initiativeforwhatappearstobeverylittlebenefit.Suggestionshaveevenbeenmadethatif
theOverseasHeadOfficewantstheworkcompletingthenitshouldpayforit
Additionally,thelongstandingrelationshipissuebetweenITandBusiness
Managementcausedbypreviousprojectfailuresisstillverymuchinexistence
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 75
COBIT5:Implementation
3 IP:Initiatetheprogram(Whatarethe COBIT5Implementation
Exercise001
1. Which reason is a root cause for a lack of Senior Management buyin to an improvement initiative
according to the COBIT 5 Implementation Guide?
A. Lack of dedicated resources.
B. Poor perception of the credibility of the IT function.
C. Best practices are copied and are NOT adopted.
D. Continual improvement is NOT part of the culture.
2.WhichreasonisarootcauseofwhyITcouldhavedifficultyingettingtherequiredbusiness
participationaccordingtotheCOBIT5ImplementationGuide?
A.BarriersbetweenITandthebusinessinhibitparticipation.
B.ITbudgetcommittedtoinfrastructure.
C.Prioritiesincorrectlyallocated.
D.Fearofrevealinginadequatepractices.
3.Whichreasonisarootcauseforthelackofcurrententerprisepolicyanddirectionwithinan
organizationaccordingtotheCOBIT5ImplementationGuide?
A.ITbudgetcommittedtoinfrastructure.
B.BestpracticesarecopiedandareNOTadopted.
C.Overlyoptimisticgoals.
D.Weakenterpriseriskmanagement.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 76
COBIT5:Implementation
3 IP:Initiatetheprogram(Whatarethe COBIT5Implementation
Exercise001
4.Which2documentsareInputstoPhase1?
A.OutlineBusinessCasefortheGovernanceInitiative.
B.Reportsshowingthevolumeofchangessincethetakeover.
C.AreportfromHRonstaffturnover.
D.AlistofstakeholdersatthelocalofficeandOverseasHeadOffice.
E.DocumentedapprovalfromtheCEOtoproceed.
5.Which2documentsareOutputsfromPhase1?
A.AprocessforengaginglocalManagementabouttheGovernanceInitiative.
B.Areportshowingthelocalofficescapabilitytocopewiththerequiredamountofprocesschangeasaresultof
theGovernanceInitiative.
C.AnagreedlistofthelocalofficesRolesandResponsibilitiesfortheGovernanceInitiative.
D.Reportsshowingthevolumeofchangessincethetakeover.
E.ReportontheSecurityissues.
6.Which2activitiesareProgramme ManagementtasksperformedduringPhase1?
A.UnderstandfullimpactoftheGovernanceInitiative.
B.Raiseawarenessofcomplianceissueswiththelocaloffice.
C.ObtainbuyinandapprovalfromtheCEOtoproceed.
D.ProduceoutlineGovernanceInitiativebusinesscase.
E.IdentifyotherprojectdependenciessuchastheSecurityandHRprojects.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 77
COBIT5:Implementation
3 IP:Initiatetheprogram(Whatarethe COBIT5Implementation
Exercise001
7.Which2activitiesareChangeEnablementtasksperformedduringPhase1?
A.ObtainapprovalfromtheCEOtoproceed.
B.ProduceoutlineGovernanceInitiativebusinesscase.
C.UnderstandfullimpactoftheGovernanceInitiative.
D.Raiseawarenessofcomplianceissueswiththelocaloffice.
Issuethechangeplanbasedontheoverseascompliancerequirements.
8.Which2activitiesareContinualImprovementtasksperformedduringPhase1?
A.EnsuretheunderstandingoftheOverseasHeadOfficescompliancerequirementsforthelocalofficeis
correct.
B.UnderstandfullimpactoftheGovernanceInitiative.
C.Raiseawarenessofcomplianceissueswiththelocaloffice.
D.IdentifyotherprojectdependenciessuchastheSecurityandHRprojects.
E.RaiselocalManagementsawarenessoftheimportanceoftheInitiative.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 78
Corporate Training, Consulting, Examinations, Process
COBIT5:Implementation
Improvements, Assessments
Module 4:
DP Define Problems &
Opportunities
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 79
Corporate Training, Consulting, Examinations, Process
COBIT5:Implementation
Improvements, Assessments
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 80
COBIT5:Implementation
4.1 DPDefineProblems&Opportunities COBIT5Implementation
(WherearewenowPhase2) 4PAdvisoryServices
ContinualImprovementLifeCyclePhase2
Ref.Figure19
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 81
COBIT5:Implementation
4.1 DPDefineProblems&Opportunities COBIT5Implementation
(WherearewenowPhase2) 4PAdvisoryServices
RolesinPhase2
Ref.Figure20
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 82
COBIT5:Implementation
4.1 DPDefineProblems&Opportunities COBIT5Implementation
(WherearewenowPhase2) 4PAdvisoryServices
Phase2Description(1/5)
Ref.Figure21
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 83
COBIT5:Implementation
4.1 DPDefineProblems&Opportunities COBIT5Implementation
(WherearewenowPhase2) 4PAdvisoryServices
Phase2Description(2/5)
Ref.Figure21
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 84
COBIT5:Implementation
4.1 DPDefineProblems&Opportunities COBIT5Implementation
(WherearewenowPhase2) 4PAdvisoryServices
Phase2Description(3/5)
Ref.Figure21
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 85
COBIT5:Implementation
4.1 DPDefineProblems&Opportunities COBIT5Implementation
(WherearewenowPhase2) 4PAdvisoryServices
Phase2Description(4/5)
Ref.Figure21
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 86
COBIT5:Implementation
4.1 DPDefineProblems&Opportunities COBIT5Implementation
(WherearewenowPhase2) 4PAdvisoryServices
Phase2Description(5/5)
Ref.Figure21
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 87
COBIT5:Implementation
4.1 DPDefineProblems&Opportunities COBIT5Implementation
(WherearewenowPhase2) 4PAdvisoryServices
Phase2RACIChart
Ref.Figure22
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 88
COBIT5:Implementation
4.1 DPDefineProblems&Opportunities COBIT5Implementation
(WherearewenowPhase2) 4PAdvisoryServices
Phase2 WhereareWeNow?
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 90
COBIT5:Implementation
4.2 DPDefineProblems&Opportunities COBIT5Implementation
ContinualImprovementLifeCyclePhase3
Ref.Figure23
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 91
COBIT5:Implementation
4.2 DPDefineProblems&Opportunities COBIT5Implementation
RolesinPhase3
Ref.Figure24
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 92
COBIT5:Implementation
4.2 DPDefineProblems&Opportunities COBIT5Implementation
Phase3Description(1/5)
Ref.Figure25
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 93
COBIT5:Implementation
4.2 DPDefineProblems&Opportunities COBIT5Implementation
Phase3Description(2/5)
Ref.Figure25
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 94
COBIT5:Implementation
4.2 DPDefineProblems&Opportunities COBIT5Implementation
Phase3Description(3/5)
Ref.Figure25
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 95
COBIT5:Implementation
4.2 DPDefineProblems&Opportunities COBIT5Implementation
Phase3Description(4/5)
Ref.Figure25
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 96
COBIT5:Implementation
4.2 DPDefineProblems&Opportunities COBIT5Implementation
Phase3Description(5/5)
Ref.Figure25
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 97
COBIT5:Implementation
4.2 DPDefineProblems&Opportunities COBIT5Implementation
Phase3RACIChart
Ref.Figure26
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 98
COBIT5:Implementation
4.2 DPDefineProblems&Opportunities COBIT5Implementation
Phase3 WhereDoWeWanttoBe?
Definetheroadmap
o Describethehighlevelchangeenablementplanandobjectives
Communicatedesiredvision
o Developacommunicationstrategy
o Communicatethevision
o Articulatetherationaleandbenefitsofthechange
o Setthetoneatthetop
Definetargetstateandperformgapanalysis
o Definethetargetforimprovement
o Analyzethegaps
o Identifypotentialimprovements
2012ISACA.AllRightsReserved.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 9
9
99
COBIT5:Implementation
4 DPDefineProblems&Opportunities COBIT5Implementation
4PAdvisoryServices
CaseStudyScenario:AdditionalPhase2&3Information
TheCIOapproachedtheITGRCmanagerandisnotconvincedthathehascapturedallofthe
COBITprocessesneededtomitigatetherisksassociatedwiththeirissues.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 100
COBIT5:Implementation
4 DPDefineProblems&Opportunities COBIT5Implementation
4PAdvisoryServices
Exercise002
1.Which2reasonsarerootcausesoftheinabilitytogainthebackingoflocalbusinessmanagement,accordingto
theCOBIT5ImplementationGuide?
A. Therecenttakeoverhasleftuncertaintyandthethreatoffurtherchanges.
B. TheprioritiesoftheInitiativeareNOTinlinewiththeobjectivesofthelocaloffice.
C. ThereispoorcommunicationabouttheexpectedsuccessesoftheInitiative.
D. Morechangeisbeingenforcedandthecurrentprocessesareunabletocopewiththeexistingamountof
change.
E. Theimplementationsolutionappearstohavetoomanymanualworkarounds.
2.Which2reasonsarerootcausesofwhythecostoftheITGovernanceInitiativeappearstoexceedanybenefitat
thelocaloffice,accordingtotheCOBIT5ImplementationGuide?
A. Thereisaperceptionthatthereisalackofrequiredcomplianceskillsatthelocaloffice.
B. StructureoftheITGovernanceInitiativedoesNOTdemonstratewhatthebenefitswillbeatthisstageofthe
programme.
C. Therecenttakeoverhasleftuncertaintyandthethreatoffurtherchanges.
D. Budgetfundshavealreadybeenspentonthetakeoverandthisisseenasafurtherdrainonresources.
E. ThereispoorcommunicationabouttheexpectedsuccessesoftheInitiative.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 101
COBIT5:Implementation
4 DPDefineProblems&Opportunities COBIT5Implementation
4PAdvisoryServices
Exercise002
3.Which2actionsaresuccessfactorswhichshouldhelpresolvethecurrentlackoftrustbetweenthelocalofficeIT
functionandBusinessManagement,accordingtotheCOBIT5ImplementationGuide?
A. ProduceaRACImatrixforGovernancerelatedrolesforthelocaloffice.
B. EducatethebusinessbyrunningaCOBIT5trainingcourse.
C. Produceaplanofexpectedchangesfortheyearaheadwhichtakeaccountofthecompliancerequirements.
D. Onlyimplementimprovementsthataddvaluetothelocaloffice.
E. EnsureallresourcesarefulltimeanddedicatedtotheGovernanceInitiative.
4.Which2actionsaresuccessfactorsshouldhelpresolvetheinabilitytogainsupportfromthelocaloffices
businessmanagement,accordingtotheCOBIT5ImplementationGuide?
A. ProduceaRACImatrixforGovernancerelatedrolesforthelocaloffice.
B. Onlyimplementimprovementsthataddvaluetothelocaloffice.
C. ExpresstheGovernanceInitiativeintermsthatarerelevanttobusinessmanagement.
D. SetuparegularComplianceforumwhichincludesmembersofbothlocalandOverseasBusinessManagement
andlocalITManagement.
E. EnsureallresourcesarefulltimeanddedicatedtotheGovernanceInitiative
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 102
COBIT5:Implementation
4 DPDefineProblems&Opportunities COBIT5Implementation
4PAdvisoryServices
Exercise002
5.Which2actionsaresuccessfactorsshouldhelpresolvetheconcernsthatthelocalofficehasregardingthecost
ofimprovementsoutweighinganypotentialbenefits,accordingtotheCOBIT5ImplementationGuide?
A. LiaisewithBusinessManagementtoidentifyinitiativesthatcanberesolvedquickly.
B. Securesecondments*ofcompliancestafffromtheoverseasoffice.
C. EnsureallresourcesarefulltimeanddedicatedtotheGovernanceInitiative.
D. Onlyimplementimprovementsthataddvaluetothelocaloffice.
E. FocusonthechangeprocessasanareatobetackledbytheInitiative.
6.ThereisacurrentlackofownershipforboththebusinessandITinrespectofwhohasaroletoplayinthis
GovernanceInitiative. WhichCEtaskisexecutedtoaddresstheconcernoflackofownershipfortheGovernance
InitiativeatthelocalofficeduringPhase2?
A. EngagewithHRaboutproducingacommunicationsplanaboutthefuturebenefitsoftheInitiative.
B. Developanescalationprocess.
C. ElectkeyrepresentativesfromthelocalofficeandtheOverseasHeadOffice.
D. CreatesteeringcommitteesforrelevantpartsoftheInitiative.
*Secondment:Atemporarytransferofanofficialorworkertoanotherpositionoremployment.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 103
Corporate Training, Consulting, Examinations, Process
COBIT5:Implementation
Improvements, Assessments
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 104
Corporate Training, Consulting, Examinations, Process
COBIT5:Implementation
Improvements, Assessments
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 105
COBIT5:Implementation
5.1 PEPlan&Executetheprogram COBIT5Implementation
ContinualImprovementLifeCyclePhase4
Ref.Figure27
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 106
COBIT5:Implementation
5.1 PEPlan&Executetheprogram COBIT5Implementation
RolesInPhase4
Ref.Figure28
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 107
COBIT5:Implementation
5.1 PEPlan&Executetheprogram COBIT5Implementation
Phase4Description(1/5)
Ref.Figure29
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 108
COBIT5:Implementation
5.1 PEPlan&Executetheprogram COBIT5Implementation
Phase4Description(2/5)
Ref.Figure29
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 109
COBIT5:Implementation
5.1 PEPlan&Executetheprogram COBIT5Implementation
Phase4Description(3/5)
Ref.Figure29
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 110
COBIT5:Implementation
5.1 PEPlan&Executetheprogram COBIT5Implementation
Phase4Description(4/5)
Ref.Figure29
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 111
COBIT5:Implementation
5.1 PEPlan&Executetheprogram COBIT5Implementation
Phase4Description(5/5)
Ref.Figure29
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 112
COBIT5:Implementation
5.1 PEPlan&Executetheprogram COBIT5Implementation
Phase4RACIChart
Ref.Figure30
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 113
COBIT5:Implementation
5.1 PEPlan&Executetheprogram COBIT5Implementation
Phase4 WhatNeedstoBeDone?
Developprogramplan
Prioritizepotentialinitiatives
Developformalandjustifiableprojects
Useplansthatincludecontributionandprogramobjectives
Empowerroleplayersandidentifyquickwins
Highbenefit,easyimplementationsshouldcomefirst
Obtainbuyinbykeystakeholdersaffectedbythechange
Identifystrengthsinexistingprocessesandleverageaccordingly
Designandbuildimprovements
Plotimprovementsontoagridtoassistwithprioritization
Considerapproach,deliverables,resourcesneeded,costs,estimated
timescales,projectdependenciesandrisks
2012ISACA.AllRightsReserved.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 114
Corporate Training, Consulting, Examinations, Process
COBIT5:Implementation
Improvements, Assessments
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 115
COBIT5:Implementation
5.2 PEPlan&Executetheprogram COBIT5Implementation
ContinualImprovementLifeCyclePhase5
Ref.Figure31
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 116
COBIT5:Implementation
5.2 PEPlan&Executetheprogram COBIT5Implementation
RolesinPhase5
Ref.Figure32
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 117
COBIT5:Implementation
5.2 PEPlan&Executetheprogram COBIT5Implementation
Phase5Description
Ref.Figure33
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 118
COBIT5:Implementation
5.2 PEPlan&Executetheprogram COBIT5Implementation
Phase5Description
Ref.Figure33
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 119
COBIT5:Implementation
5.2 PEPlan&Executetheprogram COBIT5Implementation
Phase5Description
Ref.Figure33
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 120
COBIT5:Implementation
5.2 PEPlan&Executetheprogram COBIT5Implementation
Phase5Description
Ref.Figure33
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 121
COBIT5:Implementation
5.2 PEPlan&Executetheprogram COBIT5Implementation
Phase5RACIChart
Ref.Figure34
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 122
COBIT5:Implementation
5.2 PEPlan&Executetheprogram COBIT5Implementation
Phase5 HowDoWeGetThere?
Executetheplan
Executeprojectsaccordingtoanintegratedprogramplan
Provideregularupdatereportstostakeholders
Documentandmonitorthecontributionofprojectswhilemanaging
risksidentified
Enableoperationanduse
Buildonthemomentumandcredibilityofquickwins
Planculturalandbehavioralaspectsofthebroadertransition
Definemeasuresofsuccess
Implementimprovements
Adoptandadaptbestpracticestosuittheenterprisesapproachto
policiesandprocesschanges
2012ISACA.AllRightsReserved.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 123
COBIT5:Implementation
5 PEPlan&Executetheprogram COBIT5Implementation
4PAdvisoryServices
CaseStudyScenario:AdditionalPhase4&5Information
TheCIOapproachedtheITGRCmanagerandisnotconvincedthathehascapturedallofthe
COBITprocessesneededtomitigatetherisksassociatedwiththeirissues
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 124
COBIT5:Implementation
5 PEPlan&Executetheprogram COBIT5Implementation
4PAdvisoryServices
Exercise003
1.Which2additionalprocessesshouldbeselectedtohelpmitigatealloftherisksassociated
withthesecurityissues(issue2)?
A. APO07
B. DSS01
C. BAI06
D. APO01
E. APO08
2.Which2additionalprocessesshouldbeselectedtohelpmitigatetherisksofprojectsfailing
duetocost,delays,scopecreeporchangedbusinessprioritiesassociatedwiththeprojectdeliveryissues
(issue4)?
A. BAI03
B. APO03
C. EDM04
D. MEA01
E. APO06
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 125
COBIT5:Implementation
5 PEPlan&Executetheprogram COBIT5Implementation
4PAdvisoryServices
CaseStudyScenario:AdditionalPhase4&5Information
UsingtheScenario,answerthefollowingquestionsaboutchangeenablementtasks.The
projectisnowatPhase4Whatneedstobedone?TheITGRCManagercalledaProject
planningmeetinganddecidedonsomeChangeEnablementobjectivesinordertogetthings
moving.DecidewhethertheactiontakenbytheITGRCManagertoaddresseachobjectiveis
anappropriatePhase4ChangeEnablement(CE)taskandselecttheresponsethatsupports
yourdecision.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 126
COBIT5:Implementation
5 PEPlan&Executetheprogram COBIT5Implementation
4PAdvisoryServices
Exercise003
3.Objective1: Obtainbuyinfromthelocaloffice.Action:TheITGRCManagerhasheldaworkshop
withkeymembersofbusinessandITtoreviewandconfirmtheproposedchangemanagementprocess?Isthis
actionanappropriatePhase4CEtaskforObjectiveNo1?
A. No,becauseanyrequiredchangeswillbeenforcedthroughlocalmanagementortheOverseasHeadOffice.
B. No,becausethecommitmenttomakethechangeshouldhavebeenobtainedinPhase3.
C. Yes,becauseconsultingaffectedstakeholderswillhelpmakethemresponsibletoacceptresults.
D. Yes,becausethiswillensurethechangemanagementprocessisimplementedasaquickwin.
4.Objective2: SpeeduptheimplementationforanewChangeprocesswhichwillapplytoboththe
businessandIT.Action:TheITGRCManagerhasdecidedtoimplementanITversionofthechangeresponseplans.
IsthisactionanappropriatePhase4CEtasktoaddressObjectiveNo2?
A. No,becauseengagementshouldhavebeenmadewithallaffectedareaspriortotheimplementatione.g.the
businessmanagement.
B. No,becausetheimplementationofthechangeresponseplanshouldhavebeenperformedatPhase3.
C. Yes,becauseaPhase4CEtaskisaboutunderstandingwhatITsolutionswillbeneededtosupporttheOverseas
HeadOfficecompliancerequirements.
D. Yes,becauseaPhase4CEtaskistoprioritizeandselectimprovements.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 127
COBIT5:Implementation
5 PEPlan&Executetheprogram COBIT5Implementation
4PAdvisoryServices
Exercise003
5.Objective3: BuildonPhase2Wherearewenowandidentifytasksthatdonttakelongto
implement.Action:TheITGRCManagerhasdecidedtogoaheadandimplementquickwinsinasshortastimeas
possiblewithoutimmediateconsultationwiththebusiness.IsthisactionanappropriatePhase4CEtasktoaddress
ObjectiveNo3?
A. No,becausechangestoexistingprocessesatthelocalofficeshouldbedesignedduringPhase1.
B. No,becausevisibilityofthechangesbymethodssuchasaworkshopisneeded.
C. Yes,becauseprovidingtheconceptofthechangehasbeenproven.
D. Yes,becauseaPhase4activityistoperformagapanalysistoidentifytheimprovementsneededtothechange
managementprocess.
6.Objective4: Leverageexistingprocesses(fromtheOverseasHeadOffice).Action:TheITGRC
ManagerhasobtaineddetailsofanumberofcompliancerelatedprocessesfromtheOverseasHeadOfficewhich
areusedsuccessfullytomanageCompliance.Theplanistoadapttheseprocessesforuseatthelocaloffice.Isthis
actionanappropriatePhase4CEtasktoaddressObjectivesNo4?
A. No,becausechangestoexistingprocessesatthelocalofficeshouldhavebeendesignedduringPhase1.
B. No,becausetheprocessesshouldbeimplementedasisiftheyhavebeenusedsuccessfullyattheOverseas
HeadOffice.
C. Yes,becauseaPhase4CEtaskistoidentifyexistingstrengths.
D. Yes,becauseidentifyingworkalreadyperformedintheorganisation preventsduplicationofeffortand
encouragesreuse.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 128
Corporate Training, Consulting, Examinations, Process
COBIT5:Implementation
Improvements, Assessments
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 129
Corporate Training, Consulting, Examinations, Process
COBIT5:Implementation
Improvements, Assessments
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 130
COBIT5:Implementation
6.1 RB:RealizeBenefitsandReview
effectiveness(Didwegetthere? Phase6)
COBIT5Implementation
4PAdvisoryServices
ContinualImprovementLifeCyclePhase6
Ref.Figure35
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 131
COBIT5:Implementation
6.1 RB:RealizeBenefitsandReview
effectiveness(Didwegetthere? Phase6)
COBIT5Implementation
4PAdvisoryServices
RolesinPhase6
Ref.Figure36
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 132
COBIT5:Implementation
6.1 RB:RealizeBenefitsandReview
effectiveness(Didwegetthere? Phase6)
COBIT5Implementation
4PAdvisoryServices
Phase6Description(1/3)
Ref.Figure37
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 133
COBIT5:Implementation
6.1 RB:RealizeBenefitsandReview
effectiveness(Didwegetthere? Phase6)
COBIT5Implementation
4PAdvisoryServices
Phase6Description(2/3)
Ref.Figure37
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 134
COBIT5:Implementation
6.1 RB:RealizeBenefitsandReview
effectiveness(Didwegetthere? Phase6)
COBIT5Implementation
4PAdvisoryServices
Phase6Description(3/3)
Ref.Figure37
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 135
COBIT5:Implementation
6.1 RB:RealizeBenefitsandReview
effectiveness(Didwegetthere? Phase6)
COBIT5Implementation
4PAdvisoryServices
Phase6RACIChart
Ref.Figure38
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 136
COBIT5:Implementation
6.1 RB:RealizeBenefitsandReview
effectiveness(Didwegetthere? Phase6)
COBIT5Implementation
4PAdvisoryServices
Phase6 DidWeGetThere?
Realizebenefits
o Monitortheoverallperformanceoftheprogramagainstbusinesscase
objectives
o Monitorandmeasuretheinvestmentperformance
Embednewapproaches
o Providetransitionfromprojectmodetobusinessasusualmode
o Monitorwhethernewrolesandresponsibilitieshavebeentakenon
o Trackandassessobjectivesofthechangeresponseplans
o Maintaincommunicationandensurecommunicationbetween
appropriatestakeholderscontinues
Operateandmeasure
o Settargetsforeachmetric
o Measuremetricsagainsttargets
o Communicateresultsandadjusttargetsasnecessary
2012ISACA.AllRightsReserved.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 137
Corporate Training, Consulting, Examinations, Process
COBIT5:Implementation
Improvements, Assessments
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 138
COBIT5:Implementation
RB:RealizeBenefitsandRevieweffectiveness
6.2 (Howdowekeepthemomentumgoing? Phase7)
COBIT5Implementation
4PAdvisoryServices
ContinualImprovementLifeCyclePhase7
Ref.Figure39
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 139
COBIT5:Implementation
RB:RealizeBenefitsandRevieweffectiveness
6.2 (Howdowekeepthemomentumgoing? Phase7)
COBIT5Implementation
4PAdvisoryServices
RolesinPhase7
Ref.Figure40
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 140
COBIT5:Implementation
RB:RealizeBenefitsandRevieweffectiveness
6.2 (Howdowekeepthemomentumgoing? Phase7)
COBIT5Implementation
4PAdvisoryServices
Phase7Description(1/3)
Ref.Figure41
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 141
COBIT5:Implementation
RB:RealizeBenefitsandRevieweffectiveness
6.2 (Howdowekeepthemomentumgoing? Phase7)
COBIT5Implementation
4PAdvisoryServices
Phase7Description(2/3)
Ref.Figure41
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 142
COBIT5:Implementation
RB:RealizeBenefitsandRevieweffectiveness
6.2 (Howdowekeepthemomentumgoing? Phase7)
COBIT5Implementation
4PAdvisoryServices
Phase7Description(3/3)
Ref.Figure41
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 143
COBIT5:Implementation
RB:RealizeBenefitsandRevieweffectiveness
6.2 (Howdowekeepthemomentumgoing? Phase7)
COBIT5Implementation
4PAdvisoryServices
Phase7RACIChart
Ref.Figure42
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 144
COBIT5:Implementation
RB:RealizeBenefitsandRevieweffectiveness
6.2 (Howdowekeepthemomentumgoing? Phase7)
COBIT5Implementation
4PAdvisoryServices
Phase7 HowDoWeKeepMomentum?
Continualimprovements keepingthemomentumiscriticalto
sustainmentofthelifecycle
Reviewtheprogrambenefits
o Reviewprogrameffectivenessthroughaprogramreviewgate
Sustain
o Consciousreinforcement(rewardachievers)
o Ongoingcommunicationcampaign(feedbackonperformance)
o Continuoustopmanagementcommitment
Monitorandevaluate
o Identifynewgovernanceobjectivesbasedonprogramexperience
o Communicatelessonslearnedandfurtherimprovementrequirements
forthenextiterationofthecycle
2012ISACA.AllRightsReserved.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 145
COBIT5:Implementation
6 RB:RealizeBenefitsandReview
effectiveness
COBIT5Implementation
4PAdvisoryServices
CaseStudyScenario:AdditionalPhase6&7Information
Thefollowingquestionsabouttherootcausesofthechallengesencounteredwhen
identifyingwhethertheimplementationhasmetitsobjectives.TheITGRCManagerdecided
tospeaktoanumberofkeymembersofthelocalofficeManagementtogaugefeedbackon
theGovernanceInitiative.Thefollowingissueswereobtainedfromvariousmembersoflocal
officestaff:
Thechangemanagementprocessisseenastoohardtounderstandandhasresultedin
lowusageoftheprocesswithinthelocaloffice.Additionallytherewasfeedbackthatthe
solutionlookedlikeitwasadirectcopyoftheOverseasHeadOfficeprocesswithout
considerationoflocalfactors.
TheITstaffworkingontheInitiativeisdemotivatedastheyfelttheyhadbeenleftto
managetheprojectwithlittleornoassistancefromtheBusinessManagement.
Alotoffeedbackwasaskingthequestionwhathaveweachieved?astherewasabelief
thatverylittlehadchangedandconcernswereraisedastotheoverallvalueofthe
Initiative.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 146
COBIT5:Implementation
6 RB:RealizeBenefitsandReview
effectiveness
COBIT5Implementation
4PAdvisoryServices
Exercise004
1.Which2actionsaresuccessfactorsthatshouldhelptoresolvethelackoftakeupofthechangemanagement
process?
A. ObtaincomplianceinputfromtheOverseasHeadOfficeauditors.
B. Involvethebusinessprocessownersinthefuturerefinementofthechangeprocess.
C. EnsureallresourcesarefulltimeanddedicatedtotheGovernanceInitiative.
D. Arrangeatrainingcourseforusersofthechangeprocess.
E. ProduceaRACImatrixforGovernancerelatedrolesforthelocaloffice.
2.Which2actionsaresuccessfactorsthatshouldhelptoresolvethedemotivationoftheITstaffworkingonthe
GovernanceInitiative?
A. ProduceaRACImatrixforGovernancerelatedrolesforthelocaloffice.
B. SeektosecondaComplianceresourcefromtheOverseasHeadOffice.
C. Organise aroadshowwiththeBusinessManagement Revisitingstakeholders.
D. EnsureallresourcesarefulltimeanddedicatedtotheGovernanceInitiative.
E. Arrangeatrainingcourseforusersofthechangeprocess.
*Secondment:Atemporarytransferofanofficialorworkertoanotherpositionoremployment.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 147
COBIT5:Implementation
6 RB:RealizeBenefitsandReview
effectiveness
COBIT5Implementation
4PAdvisoryServices
Exercise004
3.Which2actionsaresuccessfactorsthatshouldhelptoresolvetheconcernraisedovertheoverallvalueofthe
GovernanceInitiative?
A. IssueaCompliancehealthcheckshowingprogressmade.
B. Arrangeatrainingcourseforusersofthechangeprocess.
C. SeektosecondacomplianceresourcefromtheOverseasHeadOffice.
D. IssueacompliancearticleontheIntranetsiteinbusinessterms.
E. ProduceaRACImatrixforGovernancerelatedrolesforthelocaloffice.
4.Which2documentsareInputstothePhase6reviewoftheChangeManagementprocess?
A. Revisedprocessdocumentation.
B. AsignedoffcopyoftheChangeManagementProcedure.
C. ITandbusinessmeasuresaddedintotheongoingmonitoringofthechangeprocess,(post project).
D. AcopyoftheChangeManagementprocessbeforetheimplementation.
E. AcopyoftheBenefitsoftheChangeProcess.
*Secondment:Atemporarytransferofanofficialorworkertoanotherpositionoremployment.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 148
COBIT5:Implementation
6 RB:RealizeBenefitsandReview
effectiveness
COBIT5Implementation
4PAdvisoryServices
Exercise004
5.Which2documentsareOutputsofthePhase6reviewoftheChangeManagementprocess?
A. AsignedoffcopyoftheBusinessCase.
B. Revisedprocessdocumentation.
C. BusinessandITagreedmeasurestomonitorthechangeprocess.
D. AsignedoffcopyoftheChangeManagementProcedure.
E. IdentificationoftheappropriateChangeagentswithinthelocaloffice.
6.Which2activitiesareProgramme ManagertaskstobeperformedduringthePhase6reviewoftheChange
Managementprocess?
A. ReviewiftheChangeManagementprocessismeetingitsoriginalintentions.
B. Understandwhatwentwellandwhatdidnt.
C. DevelopanescalationproceduretoManagement.
D. CommunicatetheresultsoftheChangeManagementproceduretorelevantBusinessandITparties.
E. ProduceareportofthesuccessfactorsrequiredtobemetforasuccessfulimplementationoftheChange
Managementprocess.
*Secondment:Atemporarytransferofanofficialorworkertoanotherpositionoremployment.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 149
Corporate Training, Consulting, Examinations, Process
COBIT5:Implementation
Improvements, Assessments
Module 7:
The Inner Layers:
Change Enablement and
Continuous Improvement
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 150
COBIT5:Implementation
CE&CIChangeEnablementand
7 ContinuousImprovement
COBIT5Implementation
4PAdvisoryServices
TheRelationship:IMPL Prg M CE CI
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 151
COBIT5:Implementation
CE&CIChangeEnablementand
7 ContinuousImprovement
COBIT5Implementation
4PAdvisoryServices
ChangeenablementrelationshipstoProgrammemanagement
Steps
Thesevenphasesandshownastheprogrammanagementstepstheyrelateto.Thebelowtableoutlines
thesevenenablers(thesecondorredcircle)andtherelationshiptothesevenprogrammanagement
steps(theouterringordarkbluering).:
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 152
COBIT5:Implementation
CE&CIChangeEnablementand
7 ContinuousImprovement
COBIT5Implementation
4PAdvisoryServices
MakingtheBusinessCase
ie.:JustificationtotheBoard
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 153
COBIT5:Implementation
CE&CIChangeEnablementand
7 ContinuousImprovement
COBIT5Implementation
4PAdvisoryServices
CharacteristicsofGoodBusinessCase
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 154
COBIT5:Implementation
CE&CIChangeEnablementand
7 ContinuousImprovement
COBIT5Implementation
4PAdvisoryServices
Exercise005
MakeaprojectPlanfortheCOBIT5Implementationwith
typicaltimelines.
Allocateteamstherelevantroles
DecideandHighlighttheTargetStatemetrics,comparedto
thecurrentones.
*Secondment:Atemporarytransferofanofficialorworkertoanotherpositionoremployment.
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 155
Corporate Training, Consulting, Examinations, Process
COBIT5:Implementation
Improvements, Assessments
Module 8:
Process Assessment /
Verification
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 156
COBIT5:Implementation
8 ProcessAssessment/Verification
COBIT5Implementation
4PAdvisoryServices
Overview
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 157
COBIT5:Implementation
8 ProcessAssessment/Verification
COBIT5Implementation
4PAdvisoryServices
COBIT5ProcessReferenceModel
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 158
COBIT5:Implementation
8 ProcessAssessment/Verification
COBIT5Implementation
4PAdvisoryServices
ComponentsofISO/IEC15504ProcessAssessment
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 159
COBIT5:Implementation
8 ProcessAssessment/Verification
COBIT5Implementation
4PAdvisoryServices
AssessmentProcessActivities
1 Initiation
2 PlanningtheAssessment
3 Briefing
4 DataCollection
5 DataValidation
6 ProcessAttributeRating
7 ReportingtheResults
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 160
COBIT5:Implementation
8 ProcessAssessment/Verification
COBIT5Implementation
4PAdvisoryServices
1.Initiation
161
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 161
COBIT5:Implementation
8 ProcessAssessment/Verification
COBIT5Implementation
4PAdvisoryServices
2.PlanningtheAssessment
162
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 162
COBIT5:Implementation
8 ProcessAssessment/Verification
COBIT5Implementation
4PAdvisoryServices
3.Briefing
163
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 163
COBIT5:Implementation
8 ProcessAssessment/Verification
COBIT5Implementation
4PAdvisoryServices
4.DataCollection
Theassessorobtains(anddocuments)anunderstandingoftheprocess(es)
includingprocesspurpose,inputs,outputsandworkproducts,sufficientto
enableandsupporttheassessment
Datarequiredforevaluatingtheprocesseswithinthescopeofthe
assessmentiscollectedinasystematicmanner
Thestrategyandtechniques fortheselection,collection,analysisof
dataandjustificationoftheratingsareexplicitlyidentifiedand
demonstrable
Eachprocessidentifiedintheassessmentscopeisassessedonthebasisof
objectiveevidence
Theobjectiveevidencegatheredforeachattributeofeachprocessassessedmustbe
sufficienttomeettheassessmentpurposeandscope
Objectiveevidencethatsupportstheassessorsjudgementofprocessattributeratingsis
recordedandmaintainedintheAssessmentRecord.
ThisRecordprovidesevidencetosubstantiatetheratingsandtoverifycompliance
withtherequirements.
164
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 164
COBIT5:Implementation
8 ProcessAssessment/Verification
COBIT5Implementation
4PAdvisoryServices
5.DataValidation
Actionsaretakentoensurethatthedataisaccurateandsufficientlycovers
theassessmentscope,including
seekinginformationfromfirsthand,independentsources;
usingpastassessmentresults;and
holdingfeedbacksessionstovalidatetheinformationcollected.
Somedatavalidationmayoccurasthedataisbeingcollected
165
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 165
COBIT5:Implementation
8 ProcessAssessment/Verification
COBIT5Implementation
4PAdvisoryServices
6.ProcessAttributeRating
Foreachprocessassessed,aratingisassignedforeachprocessattributeup
toandincludingthehighestcapabilityleveldefinedintheassessmentscope
Theratingisbasedondatavalidatedinthepreviousactivity
Traceabilityshallbemaintainedbetweentheobjectiveevidence
collectedandtheprocessattributeratingsassigned
Foreachprocessattributerated,therelationshipbetweentheindicatorsand
theobjectiveevidenceisrecorded
166
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 166
COBIT5:Implementation
8 ProcessAssessment/Verification
COBIT5Implementation
4PAdvisoryServices
7.ReportingtheResults
Theresultsoftheassessmentareanalysedandpresentedinareport
Thereportalsocoversanykeyissuesraisedduringtheassessmentsuchas:
observedareasofstrengthandweakness
findingsofhighrisk
i.e.magnitudeofgapbetweenassessedcapabilityand
desired/requiredcapability
167
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 167
Corporate Training, Consulting, Examinations, Process
COBIT5:Implementation
Improvements, Assessments
Nopartofthisdocumentmaybereproducedinanyformwithouttheexplicitwrittenpermissionofboththe4PAdvisoryServicesandISACA.Trademarks,acknowledged. 168