COBIT 5 Enabling Processes Laminate Res Eng 0812

: Enabling ProcessesEnabler Dimension COBIT 5 Enabler: Processes Stakeholders Goals Life Cycle Good Practices • Internal Stakeholders • External Stakeholders • Intrinsic Quality • Contextual Quality (Relevance, Effectiveness) • Accessibility and Security • Plan • Design • Build/Acquire/ Create/Implement • Use/Operate • Evaluate/Monitor • Update/Dispose • Process Practices, Activities, Detailed Activities • Work Products (Inputs/Outputs) Enabler Performance Management Generic Practices for Processes Are Stakeholder Needs Addressed? Is Life Cycle Managed? Are Enabler Goals Achieved? Are Good Practices Applied? Metrics for Application of Practice (Lead Indicators) Metrics for Achievement of Goals (Lag Indicators) Source: COBIT 5: Enabling Processes, figure 8 COBIT 5 Governance and Management Key Areas Business Needs Governance Evaluate Direct Monitor Management Feedback Management Plan (APO) Build (BAI) Run (DSS) Monitor (MEA) Source: COBIT 5: Enabling Processes, figure 9 ©2013 ISACA. A l l r i g h t s r e s e r v e d . Direct and Monitor Processes for Governance of Enterprise IT COBIT 5 Process Reference Model BAI07 Manage Change Acceptance and Transitioning APO07 Manage Human Resources EDM05 Ensure Stakeholder Transparency MEA03 Monitor. Acquire and Implement APO03 Manage Enterprise Architecture APO02 Manage Strategy EDM02 Ensure Benefits Delivery APO01 Manage the IT Management Framework Align.©2013 ISACA. Evaluate and Assess Performance and Conformance Monitor. Plan and Organise EDM01 Ensure Governance Framework Setting and Maintenance Evaluate. DSS02 Manage Service Requests and Incidents Source: COBIT 5: Enabling Processes. Evaluate and Assess Compliance With External Requirements MEA02 Monitor. figure 10 DSS01 Manage Operations Deliver. Evaluate and Assess the System of Internal Control MEA01 Monitor. Evaluate and Assess : Enabling Processes . Service and Support BAI08 Manage Knowledge BAI01 Manage Programmes and Projects DSS04 Manage Continuity BAI04 Manage Availability and Capacity APO11 Manage Quality APO04 Manage Innovation EDM03 Ensure Risk Optimisation DSS05 Manage Security Services BAI05 Manage Organisational Change Enablement APO12 Manage Risk APO05 Manage Portfolio DSS06 Manage Business Process Controls BAI06 Manage Changes APO13 Manage Security APO06 Manage Budget and Costs EDM04 Ensure Resource Optimisation Processes for Management of Enterprise IT DSS03 Manage Problems BAI10 Manage Configuration BAI03 Manage Solutions Identification and Build APO10 Manage Suppliers APO09 Manage Service Agreements APO08 Manage Relationships Build. A l l r i g h t s r e s e r v e d BAI09 Manage Assets BAI02 Manage Requirements Definition . All MEA MEA03. All DSS.07 Process improvement opportunities All APO. figure 11 ©2013 ISACA. All BAI. All BAI. All DSS.02 Quality management standards All APO. All DSS. All DSS.06 Communications package All APO. All DSS. All MEA APO01. All BAI.02 Monitoring targets All APO. All BAI.04 Control deficiencies All APO. All APO. All DSS.03 Feedback on governance effectiveness and performance All EDM Outputs to all Management Processes From Key Practice Output Description Destination APO01.01 Authority levels All EDM EDM01. All MEA MEA01. All DSS.06 Communications on continual improvement and good practices All APO. All DSS. All MEA MEA01. All MEA APO11.02 Communications of changed compliance requirements All APO.04 Performance reports All APO. All MEA MEA02. All BAI. All BAI.06 Quality review benchmark results All APO.03 Self-assessment plans and criteria All APO. All BAI. All MEA APO11. All BAI. All BAI. All BAI. All MEA APO11. All BAI. All MEA MEA02. All DSS.08 Assurance review report All APO. All DSS.02 Output Description Destination Information security risk treatment plan All EDM. All BAI. All DSS. All DSS. All MEA APO11.01 Enterprise governance guiding principles All EDM EDM01.01 Decision-making model All EDM EDM01.01 Communication ground rules All APO. All BAI. All BAI. All MEA MEA02.03 Results of reviews of self-assessments All APO. All BAI. All DSS.05 Remedial actions and assignments All APO. All BAI. All MEA MEA02. All MEA MEA02. All MEA APO01. All MEA MEA02. All BAI. All MEA Outputs to all Governance Processes From Key Practice Output Description Destination EDM01. All BAI. All MEA APO02. All BAI. All BAI. .01 Results of internal control monitoring and reviews All APO.01 Results of benchmarking and other evaluations All APO. All DSS. All MEA MEA02.06 Assurance plans All APO. All DSS. All DSS. All MEA MEA01. All MEA Source: COBIT 5: Enabling Processes.02 Enterprise governance communications All EDM EDM01. All DSS. All DSS. All MEA APO11. All MEA MEA02.03 IT-related policies All APO. All BAI. All DSS. All DSS. A l l r i g h t s r e s e r v e d .04 Communications on IT objectives All APO. All BAI. All MEA MEA02.06 Examples of good practice to be shared All APO. All MEA APO01. All MEA MEA02.04 Process quality of service goals and metrics All APO. All DSS.04 Remedial actions All APO. All BAI.08 Assurance review results All APO. All DSS.08 Refined scope All APO. All DSS. All DSS. All BAI. All BAI.: Enabling Processes Outputs Outputs to all Processes From Key Practice APO13. All DSS. 847.253.847.ISACA Frameworks Included in COBIT 5 COBIT 4.1443 • Email: info@isaca. figure 13 Note: COBIT 5: Enabling Processes Appendix A.0 Key Management Practices Map to Risk IT Management Practices Map to COBIT 5 Governance and Management Practices Source: COBIT 5: Enabling Processes.253. IL 60008 USA Phone: +1. A l l r i g h t s r e s e r v e d . Mapping Between COBIT 5 and Legacy ISACA Frameworks.org Web site: www.1 Control Objectives Map to Val IT 2.isaca. 15 and 16. contain the mapping of COBIT 4. 3701 Algonquin Road.1. . Suite 1010 • Rolling Meadows. figures 14.org ©2013 ISACA. Val IT and Risk IT components to COBIT 5.1545 • Fax: +1.