Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
1. Cobit Goals Cascade 3. Cobit Areas and Processes • APO5 Manage Portfolio
• APO6 Manage Budget and Cost
1. Stakeholder Drivers Influence Stakeholder Needs;
• APO7 Manage Human Resources
2. Stakeholder Needs Cascade to Enterprise Goals;
• APO8 Manage Relationships
3. Enterprise Goals Cascade to IT-related Goals;
• APO9 Manage Service Agreements
4. IT-related Goals Cascade to Enabler Goals.
• APO10 Manage Suppliers
• APO11 Manage Quality
• APO12 Manage Risk
• APO13 Manage Security
1. Stakeholders
1. Principles, policies and frameworks are the vehicle to
2. Goals (Intrinsic quality [results, process according
translate the desired behavior into practical guidance
best practices, information is actual and true],
for day-to-day management. Internal and External
contextual quality [fit for purpose, relevant, easy to
Stakeholders.
apply, effectiveness], Access and security The capability of processes is measured using process
2. Processes describe an organised set of practices and
3. Life cycle (Plan, Design, Build/Acquire/Create/ attributes. The international standard defines nine
activities. Life cycle of a process; Governance and
Implement, Use/Operate, Evaluate/Monitor, process attributes:
Management Processes.
Update/Dispose)
3. Organisational structures describe RACI and roles. 1.1 Process Performance
4. Good practices
4. Culture, ethics and behavior of individuals and of the 2.1 Performance Management
enterprise are very often underestimated as a success 6. Process Capability Model and Levels 2.2 Work Product Management
factor in governance and management activities. Capability Model is now based on ISO/IEC 15504 (SPICE). 3.1 Process Definition
5. Information define its attributes: Physical (Carrier, • Level 0: Incomplete. The process is not implemented 3.2 Process Deployment
Media); Empirical (User Interface); Syntactic or fails to achieve its purpose; 4.1 Process Measurement
(Language, Format); Semantic (Meaning); Type, • Level 1: Performed (Informed). The process is 4.2 Process Control
Currency; Pragmatic (Use) Includes Retention, Status, implemented and achieves its purpose; 5.1 Process Innovation
Contingency, Novelty; and Social (Context) • Level 2: Managed (Planned and monitored).The 5.2 Process Optimization.
6. Services, infrastructure and applications. Includes: process is managed and results are specified,
Each process attribute is assessed on a four-point
reuse, buy-vs-build, agility, simplicity and openness. controlled and maintained;
(N-P-L-F) rating scale:
Definition of Architecture Principles, Architecture • Level 3: Established (Well defined).
• Not achieved (0 - 15%)
Viewpoints, and Service Levels. A standard process is defined and used throughout
• Partially achieved (>15% - 50%)
7. People, skills and competencies are linked to people. the organization;
• Largely achieved (>50%- 85%)
Define Role Skill, Requirements, Skill Levels, Skill • Level 4: Predictable (Quantitatively managed). The
• Fully achieved (>85% - 100%)
Categories and Skill Definitions. process is executed consistently within defined limits
• Level 5: Optimizing (Continuous improvement). The
process is continuously improved to meet relevant
current and projected business goals.
Cobit is a registered trademark by ISACA (http://www.isaca.org/) - Copyright 2013 - Minimarisk® Gmbh/Sàrl – www.minimarisk.com – Tel +41 44 586 45 00
COBIT 5 Foundation Exam Revision on a page!
Governance of Enterprise IT (GEIT)
Enterprise = organisation = commercial (corporate) OR public sector OR not for profit
Governance Objective: Value Creation from Benefits Realisation + Risk Optimisation+ Resource Optimisation
Governance Scope = where governance applies: usually the enterprise, but can be just some assets
GOALS CASCADE: Stakeholder Needs Enterprise Goals IT-related Goals Enabler Goals
5 Principles of COBIT 5 7 Enablers of COBIT 5 (i.e. Governance Enablers)
1. Meeting stakeholder needs 1. Principles, policies and frameworks
2. Covering the Enterprise end-to-end 2. Processes
3. Single integrated Framework 3. Organisational structures Memory aid:
4. Holistic approach of 7 enterprise Enablers 4. Culture, ethics and behaviours POP PICS
5. Separating governance from management 5. Information
6. Service infrastructure and applications
Memory aid: “Stakeholder FEES” 7. People skills and competencies
Generic Governance Enablers
Enabler Dimensions Enabler Performance Management
Stakeholders Questions to be answered:
Internal & External Outcomes (Lag indicators)
Goals = expected outcome of enabler Are stakeholders’ needs addressed?
Intrinsic Quality (work well & provide results) Are enabler goals achieved?
Contextual Quality (Relevance, effectiveness) Functioning of enabler itself (Lead indicator)
Accessibility & Security (of enablers + outcomes) Is the enabler lifecycle managed?
Life Cycle Are good practices applied?
Plan, Design, Information Enabler (Enabler 5)
Build/Acquire/Create/Implement
Use/Operate Intrinsic quality:
Evaluate/Monitor Accuracy, Objectivity, Believability, Reputation
Update/Dispose Information layers
Good Practices Physical world (carrier/media), Empiric (User interface)
Practices Syntactic (code/language), Semantic (meaning)
Work Products (Inputs & Outputs) Pragmatic (use)
Social world (e.g. contracts, law, culture)
COBIT 5 Processes COBIT 5 Process Capability Assessment Model (PAM)
5 Domains = 37 processes Performance
0 Incomplete
Governance Attribute (PA)
Evaluate, Direct & Monitor (EDM) PA1.1 Process Performance
1 Performed
Management
Align, Plan & Organise (APO) – strategic
Build, Acquire & Implement (BAI) – tactical PA2.1 Performance Management
Deliver, Service & Support (DSS) - operational 2 Managed
Monitor, Evaluate & Assess (MEA) PA2.2 Work Product Management
EDM(5) APO(13) BAI(10) DSS(6) PA3.1 Process Definition
MEA(3) 3 Established
PA3.2 Process Deployment
Memory aid: PA4.1 Process Measurement
Management domains are in alphabetic 4 Predictable
order. PA4.2 Process Control
E is 5th letter in alphabet and EDM has
5 processes. PA5.1 Process Innovation
In alphabetic order, Management 5 Optimising PA5.2 Process Optimisation
processes get less by 3 or 4
COBIT 5 Implementation Lifecycle
Phase 1 2 3 4 5 6 7
What are the Where are we Where do we What needs to How do we get Did we get How do we keep
drivers? now? want to be? be done? there? there? the momentum
going?
Programme Initiate Define problems Define road Plan Execute plan Realise Review
Management program & opportunities map programme benefits Effectiveness
Change Establish Form Communicate Identify role Operate and Embed new Sustain
Enablement desire to implementation outcome players use approaches
change team
Continual Recognise Assess current Define target Build Implement Operate Monitor and
Improvement need to act state state improvements improvements improvements evaluate
Lifecycle
Capability Dimension
Optimi ation ransparenc PA4.2 Process control GP : Generic Practice (Levels 2 to 5 only)
and aintenance Level 4
PA4.1 Process measurement GR : Generic Resource (Not defined)
Drive
Level 3 PA3.2 Process deployment GWP : Generic Work Product (Levels 2 to 5 only) Influence
PA3.1 Process definition
r se o or Level 2 PA2.2 Performance management
Stakeholder Needs
u e PA2.1 Work product management Governance Objectives:Value Creation
Level 1 Process Performance Indicators
ana e ana e PA1.1 Process performance Benefits Risk Resource
the ana ement
ana e
nterprise ana e ana e ana e ana e ssess BP : Base practices (Level 1) Benefits Resource Risk
Strate nnovation ortfolio Bud et and Costs uman Resources Level 0 Realisation Optimisation Optimisation
rame ork rchitecture WP : Work products (Level 1) Realisation Optimisation Optimisation
onitor
valuate and ssess Cascade to
ana e erformance and
ana e ana e ana e ana e ana e Conformance
Service
Relationships Suppliers ualit Risk Securit Process Dimension
reements Enterprise Goals
EDM Evaluate, Direct,
Monitor
APO Align Plan and Organize
COBIT 5
Cascade to
u c u re e e Principles 1. Meeting
BAI - Build, Acquire and Implement Stakeholder
ana e ana e ana e
ana e ana e ana e Needs IT-related Goals
Solutions Or ani ational ana e Chan e onitor DSS Deliver, Service and
ro rammes and Re uirements vailabilit COBIT 5 Processes
dentification Chan e Chan es cceptance and valuate and ssess Support
rojects Definition and Capacit
and Build nablement ransitionin the S stem of nternal
Control MEA Monitor, Evaluate & Assess Cascade to
ana e
ana e
ana e ana e
ana e ana e valuate and ssess u e Governance & Management
Service Re uests Securit Business Compliance ith
Operations roblems Continuit ternal Re uirements
and ncidents Services rocess Controls o er ce ec e ue re o
rec ana ement eedback o or
Benefits Risk Resource
3. Applying a Reali ation Optimi ation Optimi ation
rocesses or e e o er r se 4. Enabling a
Single
Holistic
Integrated
e e Approach
Framework
A process describes an Enablers Culture, ethics and
u Ru o or
organized set of practices and behaviour of individuals
activities to achieve certain Organizational structures and of the enterprise are Governance Governance
objectives and produce a set of are the key decision-making very often underestimated nablers Scope
outputs in support of achieving entities in an enterprise. as a success factor
overall IT-related goals. in governance and
management activities.
Enablers: Generic
Or ani ational Culture thics s e
er Ro es c es Re o s s
rocesses u ce r s
Structures and Behaviour COB Val
u ce
er s
People, skills and Risk B S r e or s
Principles, policies and competencies are Stakeholders Goals Life Cycle Good Practices
COB
Enabler Dimension
nablers
linked to people
rocesses
frameworks are the rinciples olicies and rame orks • Internal • Intrinsic Quality • Plan • Practices nablers provide
Service
Capabilities
Culture
thics
Ro es c es Re o s s
and are required for
Behaviour
o e e se
vehicle to translate the Stakeholders • Contextual Quality • Design • Work Products structure to the
COB
(Relevance,
Or ani ational
successful completion
Skills and
Current Guidance and Contents
desired behaviour into • External • Build/Acquire/ (Inputs/Outputs) kno led e base
Competencies Structures
nstruct and
Structure for uture Contents Dele ate Set Direction Operations
Stakeholders Effectiveness) O ners and Governin li n
practical guidance for of all activities and Create/Implement rinciples
and olicies
nformation
Stakeholders
ana ement and
• Accessibility and • Use/Operate ccountable Bod
onitor Report ecution
day-to-day management. Services eople for making correct Security Content ilter
nformation nfrastructure Skills and • Evaluate/Monitor
and pplications Competencies
decisions and taking • Update/Dispose
for no led e Base
Information is pervasive throughout any organization Are Stakeholders Are Enabler Is Life Cycle Are Good Practices COB rofessional Guides
Framework
Management
and includes all information produced and used by Needs Addressed? Goals Achieved? Managed? Applied?
Services, infrastructure and applications include COB Online
Collaborative Init Implementation
iate
the enterprise. Information is required for keeping the infrastructure, technology and applications nvironment iew s
Rev enes
pro
the organization running and well governed, but at the ctiv
gram
me Life Cycle
that provide the enterprise with information effe
operational level, information is very often the key Metrics for Achievement of Goals Metrics for Application of Practice
technology processes and services. (Lag Indicators) (Lead Indicators) Esta
blis
product of the enterprise itself. Sus
tain to c h desir
han e
Defi
ge
nefits
ne p tunities
oppo
r Reco
nito
imple team
gn
need ise
roble
Mo nd
appro new
se be
r
aches
a to
Form tation
luate act Programme management
eva
men
ms a
Embed
us ess rocess
Reali
ate
Product Family (outer ring)
Assess
curren
sure
Oper
and
Generate and rocess Drive
state
nd
Contextual Goals
mea
t
Change enablement
rocesses (middle ring)
COB
tar fine
sta get
De
Governance ensures that stakeholder needs, conditions and options are evaluated to
te
Relevancy
me te
Continual improvement life cycle
tco ica
Op d us
COB nabler Guides (inner ring)
determine balanced, agreed-on enterprise objectives to be achieved; setting direction
an
ou mun
era e
Completeness
te
m
through prioritization and decision making; monitoring performance, compliance and
ap
COB : COB : Other nabler
Co
Appropriateness
Ex
dm
nablin rocesses nablin nformation Guides
Information
ec
Identify role
progress against agreed direction and objectives.
a
u
ue
ro
Conciseness
te
players
ne
Cycle
pla
fi
COB rofessional Guides
Consistency
De
Understandability Management plans, builds, runs and monitors activities in alignment with the direction set COB mplementation
COB
for nformation
COB COB Other rofessional
for ssurance
Ease of Manipulation by the governance body to achieve the enterprise objectives Securit
for Risk Guides
Plan programme
External Requirements
Manage Configuration
Financial transparency
Manage Relationships
Manage Operations
Manage Knowledge
Manage Continuity
Manage Innovation
Process Goals
Manage Suppliers
Manage Portfolio
Manage Changes
Mange Problems
Manage Strategy
Manage Security
Manage Quality
Manage Assets
Conformance
Maintenance
Manage Risk
Controls
P Primary
Relationship
Secondary
EDM01
EDM02
EDM03
EDM04
EDM05
APO01
APO02
APO03
APO04
APO05
APO06
APO07
APO08
APO09
APO10
APO11
APO12
APO13
MEA01
MEA02
MEA03
S
DSS01
DSS02
DSS03
DSS04
DSS05
DSS06
BAI01
BAI02
BAI03
BAI04
BAI05
BAI06
BAI07
BAI08
BAI09
BAI10
Relationship 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
Commitment of executive
03 management for making IT-related P S S S S S P S S ð P S S S P S S S S S S S S S S S S
Financial
decisions
07 business requirements
09 IT agility S P S S P P S S S P ð S P P S P P S S S P S S S S S S S P S S S S S S
Optimization of IT assets,
11 resources and capabilities P S S P S P S S S ð S S P P S P P S S P S S S S S S S P S S S P P P P S S S P
16 business and
IT personnel
S S P S S P P S ð S S S P P S P S S S S S S S S S
Growth
The COBIT 5 goals cascade is the mechanism to translate stakeholder needs into specific, actionable and customized enterprise goals, IT-related goals and
enabler goals. This translation allows setting specific goals at every level and in every area of the enterprise in support of the overall goals and stakeholder
requirements, and thus effectively supports alignment between enterprise needs and IT solutions and services.
Infuence
Value creation means realizing benefits at an
optimal resource cost while optimizing risk.
COBIT 5 defines all goals according to Enterprise goals and IT-related goals
Realize
Realize
Governance, as defined in the scope of COBIT 5, is driven by enablers. Enablers are factors that individually and collectively
influence whether something will work. In the case of COBIT 5 this refers to governance and management over enterprise IT.
COBIT 5 Framework describes seven categories of enablers that are listed bellow. Some of the enablers are also enterprise
resources that need to be managed and governed as well.
Enablers are driven by the goals cascade, To achieve the main objectives of the
that are high level IT-related goals that enterprise, it must always consider an
define what the different enablers should interconnected set of enablers. That is,
achieve. GOALS CASCADE that each enabler:
These enterprise goals for IT are used to • Needs the input of other enablers
formalise and structure the stakeholder to be fully effective
needs. Enterprise goals can be linked
• Delivers output to the benefit of
to IT-related goals, and these can be
other enablers
achieved through the optimal use and
execution of all enablers.
ENABLERS
RESOURCES
PEOPLE,
5 INFORMATION 6 SERVICES,
INFRASTRUC- 7 SKILL AND
• Pervasive throughout
any organisation. TURE AND COMPETENCIES
• Includes all information APPLICATION Linked to people and
produced and used by required to:
the enterprise. INFRA-
TECHNOLOGY APPLICATION
STRUCTURE
• Successful completion
• Required for keeping the
of all activities
organisation running ENTERPRISE
• Making correct
and well governed.
Provide with information decisions
• Key product of the
technology processing • Taking corrective
enterprise.
and services actions
© Good e-Learning 2015. COBIT® is a Registered Trademark of ISACA registered in United States of America and other countries, www.isaca.org
Good e-Learning Resources :: www.goodelearning.com/downloads
In the scope of COBIT 5 there is a clear distinction between governance and management. Although they comprise different types of activities with
different responsibilities, a set of interactions is required between governance and management to result in an efficient and effective governance
system. To achieve that, COBIT 5 also advocates that enterprises implement governance and management processes such that key areas are covered.
Information used for evaluating, directing and monitoring enterprise IT is exchanged between governance and management as
INFORMATION
described in the process model inputs and outputs.
ORGANISATIONAL In the scope of organisational structures the interaction takes place between the decisions taken by the governance structures
STRUCTURES and the decisions and operations implementing the former.
PRINCIPLES, POLICIES Principles, policies and frameworks are the vehicle by which governance decisions are institutionalized within the enterprise,
ANDFRAMEWORKS and for that reason are an interaction between governance decisions and management.
CULTURE, ETHICS
Behaviour is a key enabler of good governance and management of the enterprise
AND BEHAVIOUR
PEOPLE, SKILLS Governance and management activities require different skill sets, but an essential skill for both governance body memebers
AND COMPETENCIES and management is to understand both tasks and how they are different.
SERVICES, INFRASTRUCTURE Services are required, supported by applications and infrastructure to provide the governance body with adequate information
AND APPLICATIONS and to support governance activities of evaluating, setting direction and monitoring.
GOVERNANCE
Ensure Governance
Framework Setting
And Maintenance Ensure Resources
EVALUATE
Optimisation
Ensure Benefits
Delivery
Ensure Stakeholder
DIRECT MANAGEMENT MONITOR
Transparency
Ensure Risk FEEDBACK
Optimisation
Manage Manage Manage Budget Manage Manage Manage Manage Security Monitor, Evaluate and
Innovation Portfolio and Costs Availability Manage Assets Changes Problems Services Assess the System
and Capacity of Internal
Manage Manage Manage Service Manage Manage Manage Business Monitor, Evaluate and
Human Relationships Agreements Configuration Manage Continuity Process Controls Assess Compliance
Resources Manage Change Organisational With External
Acceptance and Change Requirements
Manage Manage Man. Solutions Transitioning
Manage Risk Identification Enablement
Suppliers Quality and Builds
Manage
Security
MANAGEMENT
© Good e-Learning 2015. COBIT® is a Registered Trademark of ISACA registered in United States of America and other countries, www.isaca.org
ISACA COBIT® 5 - Glossary (EN)
63 terms by miroslawdabrowski