1 WHAT IS THE ASSESSED LEVEL OF INFORMATION TECHNOLOGY PROCESS CAPABILITY LEVEL

SURVEY

Company ____________________________ Date _____________

Name of Respondent _________________________________________

Position in the Company ______________________________________

Greetings in St. La Salle!

We, the undergraduate accountancy students from De La Salle University - Manila are

conducting a study to assess the overall level of compliance of the Philippine Telecommunication

Sector in accordance with the Control Objectives for Information and Related Technology

(COBIT).

Kindly rate your company in terms of process/capability level on the 37 COBIT processes.

In case of clarification, follow-up interviews will be done with your consent. There are no right or

wrong answers. Rest assured, we will not disclose individual personal information sent through

your responses, unless otherwise you authorized to do so.

Our group highly appreciates your participation in this study, thank you very much!

Yours in St. La Salle,

Bersabe, Adrian A. De Borja, Mia R.

Chen, Jacqueline S. Lanugon, Patricia I.

2 WHAT IS THE ASSESSED LEVEL OF INFORMATION TECHNOLOGY PROCESS CAPABILITY LEVEL

Instructions and Legends:

1. The following rows on the survey form are the 37 processes of the 5 domains of COBIT

Framework. On the left side is the Level of Performance while on the right side is Rationale

of Implementation and Prioritization is available.

2. Kindly check the Level of Performance of your company on the following IT processes.

Please answer based on the following scale:

Level of Performance
0 The process is not implemented or fails to achieve its process purpose
1 The implemented process achieves its purpose
2 The process is managed (planned, monitored, and adjusted) and its work products are
appropriately established control and maintained
3 The process is standardized and effectively deployed
4 The process is measured and controlled to ensure achievement of process objective
5 The process is continuously improved to meet relevant current and projected business goals

3. Kindly choose the deciding factor of your company in implementing such processes based

on the following Rationale of Implementation and Prioritization:

Rationale of Implementation and Prioritization

I. Resource - Based the implementation of IT is used primarily as a business resource
View to obtain competitive advantage

II. Knowledge - the implementation of IT is used to obtain product knowledge,

Based View customer knowledge, and managerial knowledge to gain
competitive advantage
III. Stakeholder Needs the implementation of IT is used to address the changing needs
of telecom stakeholders to provide a better service
3 WHAT IS THE ASSESSED LEVEL OF INFORMATION TECHNOLOGY PROCESS CAPABILITY LEVEL

SURVEY FORM

Level of
Rationale
Performance COBIT5 Processes
0 1 2 3 4 5 I II III
Provide transparency of performance and conformance
and drive achievement of goals.
Provide a consistent management approach to enable the
enterprise governance requirements to be met, covering
management processes, organizational structures, roles
and responsibilities, reliable and repeatable activities and
skills and competencies.
Ensure that the enterprise is compliant with all applicable
external requirements.
Keep the impact and occurrence of information security
incidents within the enterprise’s risk appetite levels.
Create feasible optimal solutions that meet enterprise
needs while minimizing risk.
Prepare and commit stakeholders for business change and
reduce risk of failure.
Implement solutions safely and in line with the agreed-on
expectations and outcomes.
Ensure that IT services and service levels meet current
and future enterprise needs.
Minimize the business impact of operational information
security vulnerabilities and incidents.
Obtain transparency for key stakeholders on the adequacy
of the system of internal controls and thus provide trust in
operations, confidence in the achievement of enterprise
objectives and an adequate understanding of residual risk.
Maintain service availability, efficient management of
resources, and optimization of system performance
through prediction of future performance and capacity
requirements.
Continue critical business operations and maintain
availability of information at a level acceptable to the
enterprise in the event of a significant disruption.
Provide a consistent approach integrated and aligned with
the enterprise governance approach. To ensure that IT-
related decisions are made in line with the enterprise’s
strategies and objectives, ensure that IT-related processes
are overseen effectively and transparently, compliance
with legal and regulatory requirements is confirmed, and
the governance requirements for board members are met.
4 WHAT IS THE ASSESSED LEVEL OF INFORMATION TECHNOLOGY PROCESS CAPABILITY LEVEL

Optimize the performance of the overall portfolio of

programs in response to program and service
performance and changing enterprise priorities and
demands.
Achieve competitive advantage, business innovation, and
improved operational effectiveness and efficiency by
exploiting information technology developments.
Ensure that IT-related enterprise risk does not exceed risk
appetite and risk tolerance, the impact of IT risk to
enterprise value is identified and managed, and the
potential for compliance failures is minimized.
Maintain information integrity and the security of
information assets handled within business processes in
the enterprise or outsourced.
Ensure that the resource needs of the enterprise are met in
the optimal manner, IT costs are optimized, and there is
an increased likelihood of benefit realization and
readiness for future change.
Create improved outcomes, increased confidence, trust in
IT and effective use of resources.
Minimize the risk associated with non-performing
suppliers and ensure competitive pricing.
Provide the knowledge required to support all staff in
their work activities and for informed decision making
and enhanced productivity.
Realize business benefits and reduce the risk of
unexpected delays, costs and value erosion by improving
communications to and involvement of business and end
users, ensuring the value and quality of project
deliverables and maximizing contribution to the
investment and services portfolio.
Deliver IT operational services outcomes as planned.

Account for all IT assets and optimize the value provided

by these assets.
Integrate the management of IT-related enterprise risk
with overall ERM, and balance the costs and benefits of
managing IT-related enterprise risk.
Foster partnership between IT and enterprise stakeholders
to enable the effective and efficient use of IT-related
resources and provide transparency and accountability of
the cost and business value of solutions and services.
Enable the enterprise to make informed decisions
regarding the use of IT solutions and services.
5 WHAT IS THE ASSESSED LEVEL OF INFORMATION TECHNOLOGY PROCESS CAPABILITY LEVEL

Ensure consistent delivery of solutions and services to

meet the quality requirements of the enterprise and
satisfy stakeholder needs.
Secure optimal value from IT-enabled initiatives, services
and assets, cost-efficient delivery of solutions and
services, and a reliable and accurate picture of costs and
likely benefits so that business needs are supported
effectively and efficiently.
Make sure that the communication to stakeholders is
effective and timely and the basis for reporting is
established to increase performance, identify areas for
improvement, and confirm that IT-related objectives and
strategies are in line with the enterprise’s strategy.
Enable fast and reliable delivery of change to the
business and mitigation of the risk of negatively
impacting the stability or integrity of the changed
environment.
Align strategic IT plans with business objectives. Clearly
communicate the objectives and associated
accountabilities so they are understood by all, with the IT
strategic options identified, structured and integrated with
the business plans.
Provide sufficient information about service assets to
enable the service to be effectively managed, assess the
impact of changes and deal with service incidents.
Represent the different building blocks that make up the
enterprise and their inter-relationships as well as the
principles guiding their design, and evolution over time,
enabling a standard, responsive and efficient delivery of
operational and strategic objectives.
Achieve increased productivity and minimize disruptions
through quick resolution of user queries and incidents.
Optimize human resources capabilities to meet enterprise
objectives.
Increase availability, improve service levels, reduce
costs, and improve customer convenience and satisfaction
by reducing the number of operational problems.

-End-