Enterprise = organisation = commercial (corporate) OR public sector OR not for profit Governance Objective: Value Creation from Benefits Realisation + Risk Optimisation+ Resource Optimisation Governance Scope = where governance applies: usually the enterprise, but can be just some assets GOALS CASCADE: Stakeholder Needs Enterprise Goals IT-related Goals Enabler Goals 5 Principles of COBIT 5 7 Enablers of COBIT 5 (i.e. Governance Enablers) 1. Meeting stakeholder needs 1. Principles, policies and frameworks 2. Covering the Enterprise end-to-end 2. Processes 3. Single integrated Framework 3. Organisational structures Memory aid: 4. Holistic approach of 7 enterprise Enablers 4. Culture, ethics and behaviours POP PICS 5. Separating governance from management 5. Information 6. Service infrastructure and applications Memory aid: Stakeholder FEES 7. People skills and competencies Generic Governance Enablers Enabler Dimensions Enabler Performance Management Stakeholders Questions to be answered: Internal & External Outcomes (Lag indicators) Goals = expected outcome of enabler Are stakeholders needs addressed? Intrinsic Quality (work well & provide results) Are enabler goals achieved? Contextual Quality (Relevance, effectiveness) Functioning of enabler itself (Lead indicator) Accessibility & Security (of enablers + outcomes) Is the enabler lifecycle managed? Life Cycle Are good practices applied? Plan, Design, Information Enabler (Enabler 5) Build/Acquire/Create/Implement Use/Operate Intrinsic quality: Evaluate/Monitor Accuracy, Objectivity, Believability, Reputation Update/Dispose Information layers Good Practices Physical world (carrier/media), Empiric (User interface) Practices Syntactic (code/language), Semantic (meaning) Work Products (Inputs & Outputs) Pragmatic (use) Social world (e.g. contracts, law, culture) COBIT 5 Processes COBIT 5 Process Capability Assessment Model (PAM) 5 Domains = 37 processes Performance 0 Incomplete Governance Attribute (PA) Evaluate, Direct & Monitor (EDM) PA1.1 Process Performance 1 Performed Management Align, Plan & Organise (APO) strategic Build, Acquire & Implement (BAI) tactical PA2.1 Performance Management Deliver, Service & Support (DSS) - operational 2 Managed Monitor, Evaluate & Assess (MEA) PA2.2 Work Product Management EDM(5) APO(13) BAI(10) DSS(6) PA3.1 Process Definition MEA(3) 3 Established PA3.2 Process Deployment Memory aid: PA4.1 Process Measurement Management domains are in alphabetic 4 Predictable order. PA4.2 Process Control E is 5th letter in alphabet and EDM has 5 processes. PA5.1 Process Innovation In alphabetic order, Management 5 Optimising PA5.2 Process Optimisation processes get less by 3 or 4 COBIT 5 Implementation Lifecycle Phase 1 2 3 4 5 6 7 What are the Where are we Where do we What needs to How do we get Did we get How do we keep drivers? now? want to be? be done? there? there? the momentum going? Programme Initiate Define problems Define road Plan Execute plan Realise Review Management program & opportunities map programme benefits Effectiveness Change Establish Form Communicate Identify role Operate and Embed new Sustain Enablement desire to implementation outcome players use approaches change team Continual Recognise Assess current Define target Build Implement Operate and Monitor and Improvement need to act state state improvements improvements measure evaluate Lifecycle
2012-15 Maat Consulting Ltd www.maatconsulting.com
COBIT is a registered trade mark of ISACA and the IT Governance Institute (ITGI) V1.4 July 2015 This is not an official COBIT publication and is not endorsed, sponsored, or otherwise affiliated with ISACA or ITGI.