Академический Документы
Профессиональный Документы
Культура Документы
SURVEY
We, the undergraduate accountancy students from De La Salle University - Manila are
conducting a study to assess the overall level of compliance of the Philippine Telecommunication
Sector in accordance with the Control Objectives for Information and Related Technology
(COBIT).
Kindly rate your company in terms of process/capability level on the 37 COBIT processes.
In case of clarification, follow-up interviews will be done with your consent. There are no right or
wrong answers. Rest assured, we will not disclose individual personal information sent through
Our group highly appreciates your participation in this study, thank you very much!
1. The following rows on the survey form are the 37 processes of the 5 domains of COBIT
Framework. On the left side is the Level of Performance while on the right side is Rationale
2. Kindly check the Level of Performance of your company on the following IT processes.
Level of Performance
0 The process is not implemented or fails to achieve its process purpose
1 The implemented process achieves its purpose
2 The process is managed (planned, monitored, and adjusted) and its work products are
appropriately established control and maintained
3 The process is standardized and effectively deployed
4 The process is measured and controlled to ensure achievement of process objective
5 The process is continuously improved to meet relevant current and projected business goals
3. Kindly choose the deciding factor of your company in implementing such processes based
SURVEY FORM
Level of
Rationale
Performance COBIT5 Processes
0 1 2 3 4 5 I II III
Provide transparency of performance and conformance
and drive achievement of goals.
Provide a consistent management approach to enable the
enterprise governance requirements to be met, covering
management processes, organizational structures, roles
and responsibilities, reliable and repeatable activities and
skills and competencies.
Ensure that the enterprise is compliant with all applicable
external requirements.
Keep the impact and occurrence of information security
incidents within the enterprise’s risk appetite levels.
Create feasible optimal solutions that meet enterprise
needs while minimizing risk.
Prepare and commit stakeholders for business change and
reduce risk of failure.
Implement solutions safely and in line with the agreed-on
expectations and outcomes.
Ensure that IT services and service levels meet current
and future enterprise needs.
Minimize the business impact of operational information
security vulnerabilities and incidents.
Obtain transparency for key stakeholders on the adequacy
of the system of internal controls and thus provide trust in
operations, confidence in the achievement of enterprise
objectives and an adequate understanding of residual risk.
Maintain service availability, efficient management of
resources, and optimization of system performance
through prediction of future performance and capacity
requirements.
Continue critical business operations and maintain
availability of information at a level acceptable to the
enterprise in the event of a significant disruption.
Provide a consistent approach integrated and aligned with
the enterprise governance approach. To ensure that IT-
related decisions are made in line with the enterprise’s
strategies and objectives, ensure that IT-related processes
are overseen effectively and transparently, compliance
with legal and regulatory requirements is confirmed, and
the governance requirements for board members are met.
4 WHAT IS THE ASSESSED LEVEL OF INFORMATION TECHNOLOGY PROCESS CAPABILITY LEVEL
-End-