ISACA All Rights Reserved.

Similar documents
Translate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests.

COBIT 5. COBIT 5 Online Collaborative Environment

COBIT 5. COBIT 5 Online Collaborative Environment

COBIT 5. COBIT 5 Online Collaborative Environment

Portfolio, Program and Project Management Using COBIT 5

If It s not a Business Initiative, It s not COBIT 5

Selftestengine COBIT5 36q

COBIT 5. COBIT 5 Online Collaborative Environment

Changes Reviewed by Date. JO Technology Manager - Samer Huwwari JO Manager, Risk & Control Technology: Issa Laty. CIO, Jordan- Mohammad Aburoub

Braindumps COBIT5 50q

COBIT 5 Foundation Exam

COBIT Conference. 30 April 01 May, 2016 Marriott Hotel New Orleans, Louisiana

Evidence Management for the COBIT 5 Assessment Programme By Jorge E. Barrera N., CISA, CGEIT, CRISC, COBIT (F), ITIL V3F, PMP

IT Management & Governance Tool Assess the importance and effectiveness of your core IT processes

COBIT 5: IT is complicated. IT governance does not have to be

Call for Articles. By Sudarsan Jayaraman, CISA, CISM, BS LA, COBIT (F), ITIL V3 Expert, ISO LA, ISO LA, ISO 9001 LA

Governance and Management of Information and Related Technologies Guide. Prepared for Jordan Ahli Bank

ISO/IEC Process Mapping to COBIT 4.1 to Derive a Balanced Scorecard for IT Governance

CGEIT Certification Job Practice

Our Corporate Strategy Information & Intelligence

Asset Management Maturity

Log of Changes Implemented to the COBIT 5 Product Family

IT Audit Process. Prof. Mike Romeu. February 13, IT Audit Process. Prof. Mike Romeu

Contents. viii. List of figures. List of tables. OGC s foreword. 6 Organizing for Service Transition 177. Chief Architect s foreword.

Business Context of ISO conform Internal Financial Control Assessment

Asset Management Policy

BT Identity and Access Management Quick Start Service

Digital Industries Apprenticeship: Occupational Brief. Software Development Technician. September 2016

ECQA Certified Profession. Governance SPICE Model. Internal Financial Control Assessor Training Programme

Passit4Sure.OG Questions. TOGAF 9 Combined Part 1 and Part 2

IT Assurance Services And Role Of CA In BPO-KPO. IT Enabled Services And Emerging Technologies

COBIT 5 for Business Benefits Realization: A Preview. Sushil Chatterji, CGEIT

Governance SPICE. Using COSO and COBIT Process Assessment Models BPM GOSPEL

ASSURANCE FRAMEWORK. A framework to assure the Board that it is delivering the best possible service for its citizens SEPTEMBER 2010.

Delivering Governed Self-Service BI across the Enterprise

Cultivating a Risk Intelligent Culture A fresh perspective

Process Management Framework

An IT Governance Journey April Disclaimer: opinion being those of presenter(s) and not necessarily State Farm

Implementation of ITIL within Royal London Group. Stephanie Addison

Asset Risk Management Journey Plan

Quality Management System Guidance. ISO 9001:2015 Clause-by-clause Interpretation

Risk Management Update ISO Overview and Implications for Managers

Governance in a Multi-Supplier Environment

Methodology for evaluating usage and comparison of risk assessment and risk management items

NSW DIGITAL GOVERNMENT STRATEGY. digital nsw DRIVING WHOLE OF GOVERNMENT DIGITAL TRANSFORMATION DESIGNING IN OUR NSW DIGITAL FUTURE

ISACA. The recognized global leader in IT governance, control, security and assurance

Risk Management Strategy

World Class EA. Global Trends: Multinational architecture deployments

Improving the Test Process with TMMi

Expert Reference Series of White Papers. ITIL Implementation: Where to Begin

Welcome! ITSM Academy

Data Governance Implementation

The standard for extraordinary project professionals...

ASSET MANAGEMENT SERVICES

Solving the riddle of integrated assurance Rod Sowden - P3M3 & MSP Lead Author

Guideline Asset Management

What, Why and how? Transition to TickITplus... Welcome and Introduction

Enterprise Asset Management. Enterprise Asset Management 1

The Value of IT Frameworks

Practice Advisory : Quality Assurance and Improvement Program

Core Skills: Contributing Skills: Role Title: Senior Project Manager EXAMPLE. Reference: SFIA level 5

Introduction to the Balanced Scorecard for the Public Sector

Overview of Technical Skills and Competencies (TSC)

Using COBIT 4.1. Overview Process Dimension Process Performance Indicators Process Capability Indicators

EVALUATION OF INFRASTRUCTURE INFORMATION TECHNOLOGY GOVERNANCE USING COBIT 4.1 FRAMEWORK

ITIL: Planning, Protection & Optimization Course 02 Planning, Protection & Optimization

STRATEGIC PLAN ACCESSIBLE RELEVANT RIGHT NOW

CONNECTED ASSET LIFECYCLE MANAGEMENT. ABB Ability Ellipse Performance orchestration for the power industry.

KING III IT GOVERNANCE ALIGNED TO. Simon Liell-Cock Julio Graham Peter Hill CISA CISM CGEIT

Finance Effectiveness How to free up your time to do more interesting things

ISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices

PART 1: INTRODUCTION. Purpose of the BIZBOK Guide. What is Business Architecture?

Role of Internal Audit in Transformational Change

Assistant Accountant

Seven Ways Metals, Mining, & Materials Companies Turn Data into a Sustainable, Competitive Advantage

PART THREE: Work Plan and IV&V Methodology (RFP 5.3.3)

CSR / Sustainability Governance and Management Assessment By Coro Strandberg President, Strandberg Consulting

CONTENTS MANAGEMENT STANDARDS ANGLO OCCUPATIONAL HEALTH WAY MANAGEMENT SYSTEM STANDARDS INTRODUCTION 1 3 LEGAL AND OTHER REQUIREMENTS 10

Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali

Risk culture. Building great organisations and growing your foundation for success CAPABILITY STATEMENT 2016

IS STRATEGY & ICT GOVERNANCE PLAN FOR VICROADS

Collaborative Planning Methodology (CPM) Overview

Quality and Empowerment Framework

STREAM Integrated Risk Manager. ISO Application. How STREAM supports compliance with ISO 27001

Digital Industries Apprenticeship: Occupational Brief. Software Tester. March 2016

Internal Audit of ICT Governance in WFP. Office of the Inspector General Internal Audit Report AR/15/11

Information and Communication Technologies Strategic Plan 2016/ /20

Prioritising Capital Infrastructure Projects

CORROSION MANAGEMENT MATURITY MODEL

The SAM Optimization Model. Control. Optimize. Grow SAM SOFTWARE ASSET MANAGEMENT

Released under NSW GIPA Act GIPA Application TRA Page 1

PRM - IT IBM Process Reference Model for IT

Key Elements of a BI/DW Strategy. Michael Gibson Data Warehouse Manager Deakin University

ITIL CSI Intermediate. How to pass the exam

Purchase to Pay One process, one solution

Analytics: The Widening Divide

Code of Corporate Governance

Taking ERM to a. 6 GRC Today / October 2015

Transcription:

Tichaona Zororo CIA, CISA, CISM, CRISC, CRMA, CGEIT, COBIT 5 Certified Assessor B.Sc. Honours Information Systems, PGD Computer Auditing Accredited COBIT 5 Trainer ISACA 2016.

Business Value

Value Creation Governance Objectives Benefits Realisation EDM02 Risk Optimization EDM03 Resource Optimization EDM04 ISACA 2016.

1 Meeting Stakeholder Needs COBIT 5 2 Covering the Enterprise End-to-End Principles ISACA 2016. 4 Enabling a Hollistic Approach 3 Applying a single integrated Framework

Meeting Stakeholder Needs: Enterprises exist to create value for their stakeholders by maintaining a balance between the realisation of benefits and the optimisation of risk and use of resources. COBIT 5 provides all of the required processes and other enablers to support business value creation through the use of IT. An enterprise can customise COBIT 5 to suit its own context through the goals cascade, translating high-level enterprise goals into manageable, specific, IT-related goals and mapping these to specific processes and practices. ISACA 2016.

Covering the Enterprise End to end: COBIT 5 integrates governance of enterprise IT into enterprise governance: It covers all functions and processes within the enterprise; COBIT 5 does not focus only on the IT function, but treats information and related technologies as assets that need to be dealt with just like any other asset by everyone in the enterprise. It considers all IT-related governance and management enablers to be enterprise-wide and end-to-end, i.e., inclusive of everything and everyone internal and external that is relevant to governance and management of enterprise information and related IT. ISACA 2016.

Applying a Single Integrated Framework : There are many IT-related standards and best practices, each providing guidance on a subset of IT activities. COBIT 5 aligns with other relevant standards and frameworks at a high level, and thus can serve as the overarching framework for governance and management of enterprise IT. ISACA 2016.

Enabling a Holistic Approach: Efficient and effective governance and management of enterprise IT require a holistic approach, taking into account several interacting components. COBIT 5 defines a set of enablers to support the implementation of a comprehensive governance and management system for enterprise IT. Enablers are broadly defined as anything that can help to achieve the objectives of the enterprise. ISACA 2016.

1. 5. 2. 6. 3. 7. 4. Resources ISACA 2016.

Metrics for Achievement of Goal (Lag Indicators) The 7 Enabler Dimensions Enabler Dimensions Enabler Performance Management Metrics for Application of Practice (Lead Indicators) ISACA 2016.

People, Skills & Competencies Principles, Processes Framework Processes Metrics for Achievement of Goals (Lag Indicators) SIA Information Culture Ethics & Behaviour Organisational Structures Metrics for Application of Practice (Lead Indicators) ISACA 2016.

Separating Governance from Management: The COBIT 5 framework makes a clear distinction between governance and management. These two disciplines encompass different types of activities, require different organisational structures and serve different purposes. ISACA 2016.

Processes for Governance of Enterprise IT Evaluate, Direct and Monitor EDM01 Ensure Governance Framework Setting & Maintenance EDM02 Ensure Benefits Delivery EDM03 Ensure Risk Optimization EDM04 Ensure Resource Optimization EDM05 Stakeholder Transparency Processes for Management of Enterprise IT Align, Plan and Organise APO01 Manage the IT Management Framework APO02 Manage Strategy APO03 Manage Enterprise Architecture APO04 Manage Innovation APO05 Manage Portfolio APO06 Manage Budget and Costs APO07 Manage Human Resources Build, Acquire and Implement BAI01 Manage Programmes and Projects BAI02 Manage Requirements Definition BAI03 Manage Solutions Identification and Build BAI04 Manage Availability and Capacity BAI05 Manage Organisational Change Enablement BAI06 Manage Changes Deliver, Service and Support DSS01 Manage Operations DSS02 Manage Service Requests and Incidents DSS03 Manage Problems Controls APO08 Manage Relationships APO09 Manage Service Agreements APO10 Manage Suppliers APO11 Manage Quality APO12 Manage Risk APO13 Manage Security BAI07 Manage Change Acceptance and Transitioning BAI08 Manage Knowledge BAI09 Manage Assets BAI010 Manage Configuration DSS04 Manage Continuity DSS05 Manage Security Services DSS06 Manage Business Process Monitor Evaluate & Assess MEA01 Monitor, Evaluate and Assess Performance and Conformance MEA02 Monitor, Evaluate and Assess the System of Internal Control MEA03 Monitor, Evaluate and Assess Compliance With External Requirements ISACA 2016.

Grab the Low Hanging Fruit Focusing on quick wins and the prioritisation of the most beneficial improvements that are easiest to implement to demonstrate benefit and build confidence for further improvements Unlocking Your World to a Sea Opportunities ISACA 2016.

The 7 phases of the implementation life cycle Creating the Appropriate Environment Programme management Change enablement Continual Improvement Life Cycle What are the drivers? Initiate programme Establish desire to change Recognise need to act Where are we now? Define problems and opportunities Form implementation team Assess current state Where do we want to be? Define road map Communicate outcome Define target state What needs to be done? Plan programme Identify role players Build improvements How do we get there? Execute Operate and use Implement improvements Did we get there? Realise benefits Embedded new approaches Operate & Measure How do we keep the momentum going? Review effectiveness Sustain Monitor & Evaluate ISACA 2016.

GEIT Ideation Phase? Unlocking Your World to a Sea Opportunities ISACA 2016.

Phase 1 What Are The Drivers? Unlocking Your World to a Sea Opportunities ISACA 2016.

Phase 1 The Business Case for GEIT Unlocking Your World to a Sea Opportunities ISACA 2016.

Phase 1 Pain Points Unlocking Your World to a Sea Opportunities ISACA 2016.

Phase 1 Trigger Events Unlocking Your World to a Sea Opportunities ISACA 2016.

The 7 phases of the implementation life cycle Programme management Change enablement Continual Improvement Life Cycle Initiate the Programme What are the drivers? Initiate programme Establish desire to change Recognise need to act ISACA 2016.

Phase 1

Process Assessment Phases? Unlocking Your World to a Sea Opportunities ISACA 2016.

Phase 2 Where Are We Now? Unlocking Your World to a Sea Opportunities ISACA 2016.

The 7 phases of the implementation life cycle Programme management Change enablement Continual Improvement Life Cycle Define problems & opportunities Where are we now? Define problems and opportunities Form implementation team Assess current state Understand the pain points that have been identified as governance problems Take advantage of trigger events that provide opportunity for improvement Knowledge of the business environment Insight into influencing factors Identify the IT goals in respect to enterprise goals Identify the most important processes Understand management risk appetite Understand the maturity of existing governance Related processes ISACA 2016.

Phase 2

Phase 3 Where Do We Want to Be? Unlocking Your World to a Sea Opportunities ISACA 2016.

The 7 phases of the implementation life cycle Programme management Change enablement Continual Improvement Life Cycle Define road map Where do we want to be? Define road map Communicate outcome Define target state Describe the high level change enablement plan and objectives Develop a communication strategy Communicate the vision Articulate the rationale and benefits of the change Set the tone at the top Define the target for improvement Analyze the gaps Identify potential improvements ISACA 2016.

Phase 3

GEIT Solution Design Phase? Unlocking Your World to a Sea Opportunities ISACA 2016.

Phase 4 What Needs to Be Done? Unlocking Your World to a Sea Opportunities ISACA 2016.

The 7 phases of the implementation life cycle Programme management Change enablement Continual Improvement Life Cycle Plan the Programme What needs to be done? Plan programme Identify role players Build improvements Prioritize potential initiatives Develop formal and justifiable projects Use plans that include contribution and program objectives Empower role players and identify quick wins [Low Hanging Fruit visible issues that can be addressed relatively quickly and help establish the credibility of the overall initiative by demonstrating benefits ] High benefit, easy implementations should come first Obtain buy-in by key stakeholders affected by the change Identify strengths in existing processes and leverage accordingly Plot improvements onto a grid to assist with prioritization Consider approach, deliverables, resources needed, costs, estimated time scales, project dependencies and risks ISACA 2016.

Phase 4

GEIT Solution Implementation Phase? Unlocking Your World to a Sea Opportunities ISACA 2016.

Phase 5 How Do We Get There? Unlocking Your World to a Sea Opportunities ISACA 2016.

The 7 phases of the implementation life cycle Programme management Change enablement Continual Improvement Life Cycle Execute the Programme How do we get there? Execute Operate and use Implement improvements Execute projects according to an integrated program plan Provide regular update reports to stakeholders Document and monitor the contribution of projects while managing risks identified Build on the momentum and credibility of quick wins Plan cultural and behavioral aspects of the broader transition Define measures of success Adopt and adapt best practices to suit the enterprise s approach to policies and process changes ISACA 2016.

Phase 5

Post Implementation Phases? Unlocking Your World to a Sea Opportunities ISACA 2016.

Phase 6 Did We Get There? Unlocking Your World to a Sea Opportunities ISACA 2016.

The 7 phases of GEIT implementation life cycle Programme management Change enablement Continual Improvement Life Cycle Realise Benefits Did we get there? Realise benefits Embedded new approaches Operate & Measure Monitor the overall performance of the program against business case objectives Monitor and measure the investment performance Provide transition from project mode to business as usual mode Monitor whether new roles and responsibilities have been taken on Track and assess objectives of the change response plans Maintain communication and ensure communication between appropriate stakeholders continues Set targets for each metric Measure metrics against targets Communicate results and adjust targets as necessary ISACA 2016.

Phase 6

Phase 7 How Do We Keep the Momentum Going? Unlocking Your World to a Sea Opportunities ISACA 2016.

The 7 phases of the implementation life cycle Programme management Change enablement Continual Improvement Life Cycle Review Effectiveness How do we keep the momentum going? Review effectiveness Sustain Monitor & Evaluate keeping the momentum is critical to sustainment of the lifecycle. Review program effectiveness through a program review gate Review the program benefits Conscious reinforcement (reward achievers) Ongoing communication campaign (feedback on performance) Continuous top management commitment Identify new governance objectives based on program experience Communicate lessons learned and further improvement requirements for the next iteration of the cycle ISACA 2016.

Phase 7

Is a standard based approach to process assessment that produces results that support process improvement criteria and planning. Improved reliability and repeatability reducing debates and disagreements between stakeholders on assessment results. Provides enterprises with a repeatable, reliable and robust methodology for assessing the capability of IT processes. ISO 15504 compliance. Provides a means to measure the performance of any of the 5 Governance (EDM-based) or 32 Management (PBRMbased) processes thereby allowing areas for improvement to be identified. Simplified content through elimination of duplication.

ISO 15504 Process Attribute Rating Scale ISO 15504-1 Concepts and Vocabulary Process Assessment Terminology ISO 15504 2 Measurement Framework ISO 15504 3 Guidance on Performing an Assessment Process Assessment Process Process Capability Levels & Attributes ISO 15504 4 Assessment Process Assessment Indicators Process Capability Level Ratings ISO 15504 5 An Exemplar Process Assessment Model Generic Work Products & Generic Practices ISACA 2016.

37 Processes Process Description Process Purpose Statement IT Related Goals & Metrics Enabling Processes 2 Areas 5 Domains Process Related Goals & Metrics 210 Practices Practice Description 30 Outputs 1111 Activities ISACA 2016.

Provide Gap Analysis and improvement planning information to support definition of justifiable improvement projects Assessing Capability of IT Processes Report internally to an enterprise s executive management or board of directors on the capability of IT processes and establish a target for improvement based on business requirements ISACA 2016. Provide the governance body and management with process assessment ratings to measure and monitor current IT processes capabilities Enable those in governance & management to benchmark process capabilities & support investment decision making with regard to process improvement

Process Assessment Can invlove Process Improvement Leads to Process Capability Determination ISACA 2016.

GEIT Implementation Phase Creating the Appropriate Environment Programme management Change enablement Continual Improvement Life Cycle Phase 2 Where are we now? Define problems and opportunities Form implementati on team Assess current state Phase 3 Where do we want to be? Define road map Communicat e outcome Define target state ISACA 2016.

Assessor Guide: Using COBIT 5 Provides details on how to undertake a full ISO 15504 - compliant assessment (Guidance on how to perform an assessment) Principles, Policies & Frameworks Process Assessment Model: Using COBIT 5 Principles, Policies & Frameworks Forms the basis for the assessment of an enterprise's IT processes Self Assessment Guide: Using COBIT 5 Provides guidance on how to perform a basic/less rigorous selfassessment of an organisation s current IT process capability levels against COBIT processes Assessment Programme Tool Kit: Using COBIT 5 Support assessment activities, including scoping templates and mapping to business and IT goals Principles, Policies & Frameworks ISACA 2016.

COBIT 4.1 Process Maturity Level ISO/IEC 15504 Process Capability Level Attribute 5 Optimised 4 Managed and measurable 3 Defined 2 Repeatable but intuitive 1 Initial/ad hoc 0 Non-existent 5 Optimizing 4 Predictable 3 Established 2 Managed 1 Performed 0 Incomplete PA 5.1 Process innovation PA 5.2 Process optimization PA 4.1 Process measurement PA 4.2 Process control PA 3.1 Process definition PA 3.2 Process deployment PA 2.1 Performance management PA 2.2 Work product management PA 1.1 Process performance ISACA 2016.

Class 1: Used for Comparison with other enterprises Assessor Independent of the unit being Assessed A minimum of 4 process instances for each process assessed Class 2: Used to provide a basis for an initial assessment at the commencement of a process improvement programme To enable assessment conclusion to be drawn about the opportunities for improvement Can be performed internally or by an independent assessor A minimum of 2 process instances for each process assessed Class 3: Used for testing and understanding the IT process and potential benefits from improvement. Suitable for monitoring the ongoing progress of an improvement programme or to identify key issues for a later class 1 or 2 Can be performed internally or by an independent assessor No minimum number of process instances required for each process assessed ISACA 2016.

Optimizing The process is continuously improved to meet relevant current and projected business goals Level 5 Optimizing process PA.5.1 Process Innovation attribute PA.5.2 Process Optimization attribute Predictable The process is enacted consistently within defined limits Level 4 Predictable Process PA.4.1 Process Measurement attribute PA.4.2 Process Control attribute Established A defined process is used based on a standard process. Level 3 Established Process PA.3.1 Process Definition attribute PA.3.2 Process Deployment attribute 9 Process Attributes 6 Process Capability Levels Level 2 Managed Process PA.2.1 Performance Management attribute PA.2.2 Work Product Management attribute Managed The process is managed and work products are established, controlled and maintained. Level 1 Performed process PA.1.1 Process Performance attribute Performed The process is implemented and achieves its process purpose Level 0 Incomplete process Incomplete The process is not implemented or fails to achieve its purpose. No process Attribute ISACA 2016.

N Not achieved > 0 to 15 % achievement There is little or no evidence of achievement of the defined attribute in the assessed process 4 Rating Scales NP Partially achieved > 15 % to 50 % achievement 00% 15% Not Achieved N There is some evidence of an approach to, and some achievement of, the defined attribute in the assessed process. Some aspects of achievement of the attribute may be unpredictable L Largely achieved > 50 % to 85% achievement 16% - 50% Partially Achieved NP 51% - 85% Largely Achieved L 86% - 100% Fully Achieved F There is evidence of a systematic approach to, and significant achievement of, the defined attribute in the assessed process. Some weakness related to this attribute may exist in the assessed process F Fully achieved > 85 % to 100 % achievement There is evidence of a complete and systematic approach to, and full achievement of, the defined attribute in the assessed process. No significant weaknesses related to this attribute exist in the assessed process ISACA 2016.

1 2 3 4 5 Level 5 - Optimised PA.5.1 PA.5.2 Process Innovation Process Optimization L / F Level 4 - Predictable PA.4.1 PA.4.2 Process Measurement Process Control L / F F Level 3 - Established PA.3.1 PA.3.2 Process Definition Process Deployment L / F F F Level 2 - Managed PA.2.1 Performance Management PA.2.2 Work Product Management L / F F F F Level 1 - Performed PA.1.1 Process Performance L / F F F F F Level 0 - Incomplete Incomplete process ISACA 2016.

/ Capability Dimension Level 5 Level 4 Level 3 Level 2 Level 1 Level 0 PA5.2 Continuous optimisation PA5.1 Process innovation PA4.2 Process control PA4.1 Process measurement PA3.2 Process deployment PA3.1 Process definition PA2.2 Performance management PA2.1 Work product management PA1.1 Process performance Based on (Level 1 to 5) Process Attribute Indicators (PAI): GP : Generic Practice GWP : Generic Work Product Additional performance indicators Level 1 based on : BP : Base practices WP : Work products EDM 5 Processes APO 13 Processes BAI 10 Processes DSS 6 Processes MEA 3 Processes ISACA 2016.

ISO 15504 2 40 Generic Practices Measurement Framework Capability Levels Process Attributes Rating Scale 9 Generic Work Products ISACA 2016.

40 Generic Practices Level 5 Optimizing process PA.5.1 Process Innovation attribute PA.5.2 Process Optimization attribute 8 Generic Practices Level 4 Predictable Process PA.4.1 Process Measurement attribute PA.4.2 Process Control attribute 11 Generic Practices Level 3 Established Process PA.3.1 Process Definition attribute PA.3.2 Process Deployment attribute 11 Generic Practices Level 2 Managed Process PA.2.1 Performance Management attribute PA.2.2 Work Product Management attribute 10 Generic Practices Level 1 Performed process PA.1.1 Process Performance attribute 210 Base Practices Level 0 Incomplete process ISACA 2016.

PA 1.1 Process Performance BP 1.1.1 Achieve the process outcomes PA 2.1 Performance Management GP 2.1.1 GP 2.1.2 GP 2.1.3 GP 2.1.4 GP 2.1.5 GP 2.1.6 Identify the objectives Plan & monitor the performance Adjust the performance Define responsibilities and authorities Identify and make available Manage the interfaces PA 2.2 Work Product Management GP 2.2.1 GP 2.2.2 GP 2.2.3 GP 2.2.4 Define the requirements for the work products Define the requirements for documentation and control Identify document and control Review and adjust work products ISACA 2016.

PA 3.1 Process Definition GP 3.1.1 GP 3.1.2 GP 3.1.3 GP 3.1.4 GP 3.1.5 Define the standard Determine the sequence and interaction between processes Identify the roles and competencies Identify the required infrastructure and work environment Determine suitable methods PA 3.2 Process Deployment GP 3.2.1 GP 3.2.2 GP 3.2.3 GP 3.2.4 GP 3.2.5 GP 3.2.6 Deploy a defined process Assign and communicate roles and responsibilities and authorities Ensure necessary competencies Provide resources and information Provide adequate processes infrastructure Collect and analyse data ISACA 2016.

PA 4.1 Process Measurement GP 4.1.1 GP 4.1.2 GP 4.1.3 GP 4.1.4 GP 4.1.5 GP 4.1.6 PA 4.2 Process Control GP 4.2.1 GP 4.2.2 GP 4.2.3 GP 4.2.4 GP 4.2.5 Identify process information needs Define process measurement objectives Establish quantitative objectives Identify product and process Collect product and process measurement results Use results of the defined measurement Determine analysis Define parameters Analyse process and product measurement results Identify and implement corrective actions Re-establish control ISACA 2016.

PA 5.1 Process Innovation GP 5.1.1 GP 5.1.2 GP 5.1.3 GP 5.1.4 Define the process improvement objective for the process Analyse measurement data of the process Identify improvement opportunities of the process Derive improvement opportunities of the process from new technologies and process concepts GP 5.1.5 Define an implementation strategy PA 5.2 Process Optimisation GP 5.2.1 GP 5.2.2 GP 5.2.3 Assess the impact of each proposed change Manage the implementation of agreed changes Based on actual performance, evaluate the effectiveness of process change ISACA 2016.

GWP ID GWP 1.0 Process Documentation 2.0 Process Plan 3.0 Quality Plan 4.0 Quality Records 5.0 Policies and Standards 6.0 Performance Improvement Plan 7.0 Process Measurement Plan 8.0 Process Control Plan 9.0 Process Performance Records ISACA 2016.

Processes for Governance of Enterprise IT Evaluate, Direct and Monitor EDM01 Ensure Governance Framework Setting & Maintenance EDM03 Ensure Risk Optimization EDM05 Stakeholder Transparency EDM02 Ensure Benefits Delivery EDM04 Ensure Resource Optimization Processes for Management of Enterprise IT Align, Plan and Organise APO01 Manage the IT Management Framework APO02 Manage Strategy APO03 Manage Enterprise Architecture APO04 Manage Innovation APO05 Manage Portfolio APO06 Manage Budget and Costs APO07 Manage Human Resources Build, Acquire and Implement BAI01 Manage Programmes and Projects BAI02 Manage Requirements Definition BAI03 Manage Solutions Identification and Build BAI04 Manage Availability and Capacity BAI05 Manage Organisational Change Enablement BAI06 Manage Changes Deliver, Service and Support DSS01 Manage Operations DSS02 Manage Service Requests and Incidents DSS03 Manage Problems APO08 Manage Relationships APO09 Manage Service Agreements APO10 Manage Suppliers APO11 Manage Quality APO12 Manage Risk APO13 Manage Security BAI07 Manage Change Acceptance and Transitioning BAI08 Manage Knowledge BAI09 Manage Assets BAI010 Manage Configuration DSS04 Manage Continuity DSS05 Manage Security Services DSS06 Manage Business Process Controls Monitor Evaluate & Assess MEA01 Monitor, Evaluate and Assess Performance and Conformance MEA02 Monitor, Evaluate and Assess the System of Internal Control MEA03 Monitor, Evaluate and Assess Compliance With External Requirements ISACA 2016.

EDM 5 - Process APO -13 Processes BAI - 10 Processes DSS - 6 Processes MEA - 3 Processes ISACA 2016.

COBIT 5 Enablers Enabling Processes 230 pages 210 Practices 30 Outputs 210 Base Practices 434 Base Work Products EDM 15 Practices APO 72 Practices BAI 68 Practices DSS 38 Practices MEA 17 Practices ISACA 2016.

+27 (0) 11 234 2597 tichaona.zororo Tichaona Zororo tichaonazororo Tichaona Zororo tichaona.zororo@egit.co.za @TichaonaZororo Tichaona Zororo +27 (0) 73 298 9606 EGIT Enterprise Governance of IT (Pty) Ltd

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback