COBIT 5 Product Family

COBIT® 5
COBIT 5 Enabler Guides
COBIT® 5: COBIT® 5: Other Enabler
Enabling Processes Enabling Information Guides

COBIT 5 Professional Guides

COBIT® 5 COBIT® 5 COBIT® 5 Other Professional
COBIT® 5 Implementation for Information for Assurance for Risk Guides
Security

COBIT 5 Online Collaborative Environment

Source: COBIT 5, figure 11

COBIT 5 Principles

1. Meeting
Stakeholder
Needs

5. Separating 2. Covering the

Governance Enterprise
From End-to-end
Management
COBIT 5
Principles

4. Enabling a 3. Applying a
Holistic Single
Approach Integrated
Framework

Source: COBIT 5, figure 2

3701 Algonquin Road, Suite 1010 • Rolling Meadows, IL 60008 USA

Phone: +1.847.253.1545 • Fax: +1.847.253.1443 • Email: info@isaca.org
Web site: www.isaca.org
© 2012 ISACA. A l l r i g h t s r e s e r v e d . F o r u sa g e g u i d e l i n e s , s e e w w w . i s a c a . o r g / CO B I T u s e .
 COBIT 5 Goals Cascade Overview

Stakeholder Drivers
(Environment, Technology Evolution, …)

Influence

Stakeholder Needs
Benefits Risk Resource
Realisation Optimisation Optimisation

Cascade to Appendix D

Enterprise Goals Figure 5

Cascade to Appendix B

IT-related Goals Figure 6

Cascade to Appendix C

Enabler Goals

Source: COBIT 5, figure 4

© 2012 ISACA. A l l r i g h t s r e s e r v e d . F o r u sa g e g u i d e l i n e s , s e e w w w . i s a c a . o r g / CO B I T u s e .
 Governance and Management in COBIT 5

Governance Objective: Value Creation

Benefits Risk Resource

Realisation Optimisation Optimisation

Governance Governance
Enablers Scope

Roles, Activities and Relationships

Source: COBIT 5, figure 8

Key Roles, Activities and Relationships

Roles, Activities and Relationships

Instruct and
Delegate Set Direction
Owners and Align Operations
Governing Management and
Stakeholders Body
Accountable Monitor Report Execution

Source: COBIT 5, figure 9

COBIT 5 Governance and Management Key Areas

Business Needs

Governance
Evaluate

Direct Management Feedback Monitor

Management

Plan Build Run Monitor

(APO) (BAI) (DSS) (MEA)

Source: COBIT 5, figure 15

© 2012 ISACA. A l l r i g h t s r e s e r v e d . F o r u sa g e g u i d e l i n e s , s e e w w w . i s a c a . o r g / CO B I T u s e .
 The Seven Phases of the Implementation Life Cycle

mentu
m going? 1 What a
the mo re th
ed
eep rive
ek Initiat rs?
viewness
w e pr
do Re ogr
ow ive am
fect me
7H

ef
Establ
is
stai
n to ch h des
Su ang ire

2W
e

Def opport
re?

efits
6 Did we get the

ine
Recog

here a
r
nito

Fo
Mo and need nise

rm team
• Programme management

probleities
Realise ben

ate act to
approach ew

alu
es

re we now?
impl
ev
Embed n

(outer ring)

un
ementation
Operate

Asseent
e

curr te

ms and
measur

• Change enablement
sta
and

ss
(middle ring)
I m p o ve m

rg n e

• Continual improvement life cycle

imp

De
ta e t
fi
le m
r

e ta
te

en n t

m e te
s (inner ring)
ts B u il d co c a
O p d us

i m pro
ut u ni
ve m e nts
an
er

ap
e
m

m
at
E xe

e?
e Co o

dm
5H

to b
cu

I d e n tif y r o l e
oa
ow

te

ant
la
er
pla ye rs
n fi n
p
do

De ew
we

ow
ge

th e
ed

er
t

re ? P la n p ro g ra m m e Wh
3
4 W hat n eeds to be d one?
Source: COBIT 5, figure 17 and COBIT 5 Implementation, figure 6

Summary of the COBIT 5 Process Capability Model

Generic Process Capability Attributes

Performance PA 2.1 PA 2.2 PA 3.1 PA 3.2 PA 4.1 PA 4.2 PA 5.1 PA 5.2

Attribute (PA) 1.1 Performance Work Process Process Process Process Process Process
Process Management Product Definition Deployment Management Control Innovation Optimisation
Performance Management

Incomplete Performed Managed Established Predictable Optimising

Process Process Process Process Process Process
0 1 2 3 4 5

COBIT 5 Process Assessment COBIT 5 Process Assessment

Model—Performance Indicators Model–Capability Indicators
Process Outcomes

Base Practices Work

(Management/ Products Generic Practices Generic Resources Generic Work Products
Governance (Inputs/
Practices) Outputs)

Source: COBIT 5, figure 19

© 2012 ISACA. A l l r i g h t s r e s e r v e d . F o r u sa g e g u i d e l i n e s , s e e w w w . i s a c a . o r g / CO B I T u s e .
 COBIT 5 Enterprise Enablers

3. Organisational 4. Culture, Ethics

2. Processes Structures and Behaviour

1. Principles, Policies and Frameworks

6. Services, 7. People,
5. Information Infrastructure Skills and
and Applications Competencies

Resources

Source: COBIT 5, figure 12

COBIT 5 Enablers: Generic

Stakeholders Goals Life Cycle Good Practices

Enabler Dimension

• Internal • Intrinsic Quality • Plan • Practices

Stakeholders • Contextual Quality • Design • Work Products
• External (Relevance, • Build/Acquire/ (Inputs/Outputs)
Stakeholders Effectiveness) Create/Implement
• Accessibility and • Use/Operate
Security • Evaluate/Monitor
• Update/Dispose
Enabler Performance

Are Stakeholders Are Enabler Is Life Cycle Are Good Practices

Management

Needs Addressed? Goals Achieved? Managed? Applied?

Metrics for Achievement of Goals Metrics for Application of Practice

(Lag Indicators) (Lead Indicators)

Source: COBIT 5, figure 13

© 2012 ISACA. A l l r i g h t s r e s e r v e d . F o r u sa g e g u i d e l i n e s , s e e w w w . i s a c a . o r g / CO B I T u s e .
 COBIT 5 Process Reference Model

Processes for Governance of Enterprise IT

Evaluate, Direct and Monitor

EDM01 Ensure
Governance EDM02 Ensure EDM03 Ensure EDM04 Ensure EDM05 Ensure
Framework Setting Benefits Delivery Risk Optimisation Resource Stakeholder
and Maintenance Optimisation Transparency

© 2012 ISACA. A
l l
Align, Plan and Organise Monitor, Evaluate
and Assess

r i g h t s
APO01 Manage APO02 Manage APO03 Manage APO06 Manage APO07 Manage
the IT Management Enterprise APO04 Manage APO05 Manage
Strategy Innovation Portfolio Budget and Costs Human Resources
Framework Architecture

MEA01 Monitor,
Evaluate and Assess
APO09 Manage Performance and

r e s e r v e d
APO08 Manage APO10 Manage APO11 Manage APO12 Manage APO13 Manage Conformance
Service Risk Security
Relationships Agreements Suppliers Quality

. F
o r
Build, Acquire and Implement

u sa g e
BAI03 Manage BAI04 Manage BAI05 Manage BAI07 Manage
BAI01 Manage BAI02 Manage Solutions Organisational Change
Programmes and Requirements Availability BAI06 Manage
Identification and Capacity Change Changes Acceptance and MEA02 Monitor,
Projects Definition and Build Enablement Transitioning Evaluate and Assess
the System of Internal
Control

BAI08 Manage BAI09 Manage BAI010 Manage

,g u i d e l i n e s
Knowledge Assets Configuration

s e e
Deliver, Service and Support

.w w w
MEA03 Monitor,
DSS02 Manage DSS05 Manage DSS06 Manage Evaluate and Assess
DSS01 Manage DSS03 Manage DSS04 Manage Compliance With
Operations Service Requests Security Business
Problems Continuity

i s a c a
and Incidents Services Process Controls External Requirements

.o r g
Processes for Management of Enterprise IT

/ CO B I T u
Source: COBIT 5, figure 16

.s e