© ISACA 2016. All Rights Reserved.•ん.pdf · © ISACA 2016. All Rights Reserved. Tichaona Zororo CIA, CISA, CISM, CRISC, CRMA, CGEIT, COBIT 5 Certified Assessor B.Sc. Honours

© ISACA 2016.

All Rights Reserved.

© ISACA 2016.


Tichaona Zororo

CIA, CISA, CISM, CRISC, CRMA, CGEIT, COBIT 5 Certified Assessor

B.Sc. Honours Information Systems, PGD Computer Auditing

Accredited COBIT 5 Trainer

© ISACA 2016.


© ISACA 2016.


© ISACA 2016.


© ISACA 2016.


© ISACA 2016.


© ISACA 2016.


© ISACA 2016.


© ISACA 2016.


© ISACA 2016.


Business Value

© ISACA 2016.


© ISACA 2016.


© ISACA 2016.


© ISACA 2016.


© ISACA 2016.


Benefits RealisationEDM02

Risk OptimizationEDM03

Resource OptimizationEDM04

Value Creation Governance Objectives

© ISACA 2016.


© ISACA 2016.


COBIT 5

Principles

1Meeting

Stakeholder

Needs

2Covering

the Enterprise

End-to-End

3Applying a

single

integrated

Framework

4Enabling a

Hollistic

Approach

© ISACA 2016.


© ISACA 2016.


Meeting Stakeholder Needs:

Enterprises exist to create value for their stakeholders by

maintaining a balance between the realisation of benefits and the optimisation of risk and use of resources.

COBIT®5 provides all of the required processes and other enablers to support business value creation through the use of

IT.

An enterprise can customise COBIT®5 to suit its own context through the goals cascade, translating high-level enterprise goals into manageable, specific, IT-related goals and mapping

these to specific processes and practices.

© ISACA 2016.


© ISACA 2016.


Covering the Enterprise End to end:

COBIT®5 integrates governance of enterprise IT into enterprise governance:

It covers all functions and processes within the enterprise; COBIT®5 does not focus only on the ‘IT function’, but treats information and related technologies as assets that need to be dealt with just like any other asset by everyone in the enterprise.

It considers all IT-related governance and management enablers to be enterprise-wide and end-to-end, i.e., inclusive of everything and everyone—internal and external—that is relevant to governance and management of enterprise information and related IT.

© ISACA 2016.


© ISACA 2016.


Applying a Single Integrated Framework :

There are many IT-related standards and best

practices, each providing guidance on a subset of IT

activities. COBIT 5 aligns with other relevant standards

and frameworks at a high level, and thus can serve as

the overarching framework for governance and

management of enterprise IT.

© ISACA 2016.


© ISACA 2016.


Enabling a Holistic Approach:

Efficient and effective governance and management of enterprise IT require a holistic approach, taking into account several interacting components. COBIT 5 defines a set of enablers to support the implementation of a comprehensive

governance and management system for enterprise IT.

Enablers are broadly defined as anything that can help to achieve the objectives of the enterprise.

© ISACA 2016.


© ISACA 2016.


Resources

1.

2.

3.

4.

5.

6.

7.

© ISACA 2016.


Metrics for

Achievement

of Goal

(Lag

Indicators)

Metrics for

Application of

Practice

(Lead

Indicators)

Enabler

Performance

Management

The 7 Enabler

Dimensions

Enabler

Dimensions

© ISACA 2016.


SIA

Culture

Ethics

&

Behaviour

Information

People,

Skills

& Competencies

Principles,

Processes

Framework

Organisational

Structures

Processes

Metrics for

Achievement

of Goals

(Lag

Indicators)

Metrics for

Application of

Practice

(Lead

Indicators)

© ISACA 2016.


© ISACA 2016.


Separating Governance from Management:

The COBIT 5 framework makes a clear distinction between governance and management.

These two disciplines encompass different types of activities, require different organisational structures and serve different purposes.

© ISACA 2016.


© ISACA 2016.


Evaluate, Direct and Monitor

EDM01 Ensure Governance Framework Setting & Maintenance EDM02 Ensure Benefits Delivery

EDM03 Ensure Risk Optimization EDM04 Ensure Resource Optimization

EDM05 Stakeholder Transparency

Processes for Governance of Enterprise IT

Align, Plan and OrganiseAPO01 Manage the IT Management Framework APO08 Manage Relationships

APO02 Manage Strategy APO09 Manage Service Agreements

APO03 Manage Enterprise Architecture APO10 Manage Suppliers

APO04 Manage Innovation APO11 Manage Quality

APO05 Manage Portfolio APO12 Manage Risk

APO06 Manage Budget and Costs APO13 Manage Security

APO07 Manage Human Resources

Processes for Management of Enterprise IT

Build, Acquire and Implement BAI01 Manage Programmes and Projects BAI07 Manage Change Acceptance

BAI02 Manage Requirements Definition and Transitioning

BAI03 Manage Solutions Identification and Build BAI08 Manage Knowledge

BAI04 Manage Availability and Capacity BAI09 Manage Assets

BAI05 Manage Organisational Change Enablement BAI010 Manage Configuration

BAI06 Manage Changes

Deliver, Service and SupportDSS01 Manage Operations DSS04 Manage Continuity

DSS02 Manage Service Requests and Incidents DSS05 Manage Security Services

DSS03 Manage Problems DSS06 Manage Business Process

Controls

MEA01 Monitor,

Evaluate and Assess

Performance and

Conformance

MEA02 Monitor,

Evaluate and Assess

the System of Internal

Control

MEA03 Monitor,

Evaluate and Assess

Compliance With

External Requirements

Monitor Evaluate &

Assess

© ISACA 2016.


© ISACA 2016.


Grab the Low Hanging Fruit

“Focusing on quick wins and the prioritisation of

the most beneficial improvements that are

easiest to implement to demonstrate benefit and

build confidence for further improvements”

Unlocking Your World to a Sea Opportunities

© ISACA 2016.


The 7 phases of the

implementation life cycle –

Creating the Appropriate

Environment

Programme

management

Change enablement Continual Improvement Life

Cycle

What are the drivers? Initiate programme Establish desire to change Recognise need to act

Where are we now? Define problems and

opportunities

Form implementation

team

Assess current state

Where do we want to be? Define road map Communicate outcome Define target state

What needs to be done? Plan programme Identify role players Build improvements

How do we get there? Execute Operate and use Implement improvements

Did we get there? Realise benefits Embedded new

approaches

Operate & Measure

How do we keep the momentum going?

Review effectiveness Sustain Monitor & Evaluate

© ISACA 2016.


GEIT Ideation Phase?


© ISACA 2016.


What Are The Drivers?


Phase 1

© ISACA 2016.


The Business Case for GEIT


Phase 1

© ISACA 2016.


Pain Points


Phase 1

© ISACA 2016.


© ISACA 2016.


Trigger Events


Phase 1

© ISACA 2016.


© ISACA 2016.


The 7 phases of the

implementation life

cycle

Programme

management

Change

enablement

Continual

Improvement Life

Cycle

Initiate the Programme

What are the drivers? Initiate programme Establish desire to

change

Recognise need to

act

© ISACA 2016.


Phase 1

© ISACA 2016.


© ISACA 2016.


Process Assessment Phases?


© ISACA 2016.


Where Are We Now?


Phase 2

© ISACA 2016.


The 7 phases of

the

implementation

life cycle

Programme

management

Change

enablement

Continual Improvement Life

Cycle

Define problems & opportunities

Where are we now?

Define problems and

opportunities

Form

implementation

team


❖ Understand the pain

points that have

been identified as

governance

problems

❖ Take advantage of

trigger events that

provide opportunity

for improvement

❖ Knowledge of the business environment

❖ Insight into influencing factors

❖ Identify the IT goals in respect to enterprise goals

❖ Identify the most important processes

❖ Understand management risk appetite

❖ Understand the maturity of existing governance

❖ Related processes

© ISACA 2016.


Phase 2

© ISACA 2016.


© ISACA 2016.


Where Do We Want to Be?


Phase 3

© ISACA 2016.


The 7 phases of the

implementation life

cycle

Programme

management

Change enablement Continual

Improvement Life

Cycle

Define road map

Where do we want to be?

Define road map Communicate outcome Define target

state

❖ Describe the high

level change

enablement plan

and objectives

❖ Develop a

communication

strategy

❖Communicate the

vision

❖ Articulate the rationale

and benefits of the

change

❖ Set the tone at the top

❖ Define the

target for

improvement

❖ Analyze the

gaps

❖ Identify

potential

improvements

© ISACA 2016.


Phase 3

© ISACA 2016.


© ISACA 2016.


GEIT Solution Design Phase?


© ISACA 2016.


What Needs to Be Done?


Phase 4

© ISACA 2016.


The 7 phases of the implementation

life cycle

Programme management


Improvement Life

Cycle

Plan the Programme

What needs to be done?

Plan programme Identify role players Build improvements

❖ Prioritize potential initiatives

❖ Develop formal and justifiable projects

❖ Use plans that include contribution and program objectives

Empower role players and identify quick wins [Low Hanging Fruit – visible issues that can be addressed relatively

quickly and help establish the credibility of the overall initiative by demonstrating benefits ]❖ High benefit, easy implementations

should come first❖ Obtain buy-in by key stakeholders

affected by the change❖ Identify strengths in existing

processes and leverage accordingly

❖ Plot improvements

onto a grid to

assist with

prioritization

❖Consider

approach,

deliverables,

resources needed,

costs, estimated

time scales,

project

dependencies

and risks

© ISACA 2016.


Phase 4

© ISACA 2016.


© ISACA 2016.


GEIT Solution Implementation Phase?


© ISACA 2016.


How Do We Get There?


Phase 5

© ISACA 2016.


The 7 phases of the

implementation life

cycle

Programme

management

Change

enablement

Continual

Improvement Life

Cycle

Execute the Programme

How do we get

there?

Execute Operate and use Implement

improvements

❖ Execute projects

according to an

integrated program

plan

❖ Provide regular

update reports to

stakeholders

❖ Document and

monitor the

contribution of

projects while

managing risks

identified

❖ Build on the

momentum and

credibility of quick

wins

❖ Plan cultural and

behavioral

aspects of the

broader transition

❖ Define measures

of success

❖ Adopt and adapt

best practices to

suit the

enterprise’s

approach to

policies and

process changes

© ISACA 2016.


Phase 5

© ISACA 2016.


© ISACA 2016.


Post Implementation Phases?


© ISACA 2016.


Did We Get There?


Phase 6

© ISACA 2016.


The 7 phases of

GEIT

implementation

life cycle

Programme

management


Improvement Life

Cycle

Realise Benefits

Did we get there? Realise benefits Embedded new approaches Operate &

Measure

❖Monitor the

overall

performance of

the program

against

business case

objectives

❖Monitor and

measure the

investment

performance

❖ Provide transition from project

mode to business as usual

mode

❖Monitor whether new roles

and responsibilities have

been taken on

❖ Track and assess objectives of

the change response plans

❖Maintain communication and

ensure communication

between appropriate

stakeholders continues

❖ Set targets for

each metric

❖ Measure

metrics

against targets

❖ Communicate

results and

adjust targets

as necessary

© ISACA 2016.


Phase 6

© ISACA 2016.


© ISACA 2016.


How Do We Keep the Momentum Going?


Phase 7

© ISACA 2016.


The 7 phases of the

implementation life

cycle

Programme

management

Change enablement Continual Improvement

Life Cycle

Review Effectiveness

How do we keep

the momentum

going?

Review effectiveness Sustain Monitor & Evaluate

keeping the

momentum is critical to

sustainment of the

lifecycle.

❖ Review program

effectiveness

through a program

review gate

❖ Review the program

benefits

❖Conscious

reinforcement

(reward achievers)

❖Ongoing

communication

campaign

(feedback on

performance)

❖Continuous top

management

commitment

❖ Identify new

governance

objectives based on

program experience

❖Communicate

lessons learned and

further improvement

requirements for the

next iteration of the

cycle

© ISACA 2016.


Phase 7

© ISACA 2016.


© ISACA 2016.


© ISACA 2016.


© ISACA 2016.


Provides a means to

measure the

performance of any of

the 5 Governance

(EDM-based) or 32

Management (PBRM-

based) processes

thereby allowing areas

for improvement to be

identified.

Is a standard

based approach

to process

assessment that

produces results

that support

process

improvement

criteria and

planning. Provides

enterprises with a

repeatable,

reliable and

robust

methodology for

assessing the

capability of IT

processes. Simplified

content

through

elimination

of

duplication.ISO 15504

compliance.

Improved

reliability and

repeatability

reducing debates

and

disagreements

between

stakeholders on

assessment results.

© ISACA 2016.


© ISACA 2016.


ISO 15504 – 4

Assessment

Process

ISO 15504

ISO 15504 – 2

Measurement

Framework

ISO 15504 – 3Guidance on Performing an

Assessment

ISO 15504 – 5An Exemplar

Process Assessment

Model

ISO 15504 -1

Concepts and

Vocabulary

Process Assessment

Terminology

Process Assessment

Process

Process Capability Levels

& Attributes

Assessment Indicators

Generic Work Products

&

Generic Practices

Process Attribute Rating

Scale

Process Capability Level

Ratings

© ISACA 2016.


Enabling Processes

Process Description

Process Purpose Statement

IT Related Goals & Metrics

Process Related Goals & Metrics

210 Practices

Practice Description

37 Processes

30 Outputs

1111 Activities

2 Areas 5 Domains

© ISACA 2016.


© ISACA 2016.


© ISACA 2016.


© ISACA 2016.


Report internally to an enterprise’s executive

management or board of directors on the

capability of IT processes and establish a target for improvement based on business requirements

Provide Gap Analysis and improvement

planning information to support definition

of justifiable improvement projects

Enable those in governance &

management to benchmark process

capabilities & support investment

decision making with regard

to process improvement

Assessing Capability of IT

Processes

Provide the governance body and

management with process assessment

ratings to measure and monitor current IT

processes capabilities

© ISACA 2016.


Process Assessment

Process Capability Determination

Process Improvement

Can invlove

Leads to

© ISACA 2016.


© ISACA 2016.


GEIT

Implementation

Phase – Creating

the Appropriate

Environment

Programme

management

Change

enablement

Continual

Improvement Life

Cycle

Phase 2

Where are we

now?

Define problems

and

opportunities

Form

implementati

on team


Phase 3

Where do we want

to be?

Define road

map

Communicat

e outcome

Define target state

© ISACA 2016.


© ISACA 2016.


Principles, Policies &

Frameworks

Assessor Guide: Using COBIT® 5

Provides details on how to undertake a full ISO 15504 - compliant

assessment (Guidance on how to perform an assessment)

Principles, Policies

&

Frameworks

Process Assessment Model: Using COBIT® 5

Forms the basis for the assessment of an enterprise's IT processes

Self Assessment Guide: Using COBIT® 5

Provides guidance on how to perform a basic/less rigorous self-

assessment of an organisation’s current IT process capability levels

against COBIT processes

Principles, Policies &

Frameworks

Assessment Programme Tool Kit: Using COBIT® 5

Support assessment activities, including scoping templates and

mapping to business and IT goals

© ISACA 2016.


© ISACA 2016.


ISO/IEC 15504 ProcessCOBIT 4.1 Process Maturity Level

5 Optimised

4 Managed and measurable

3 Defined

2 Repeatable but intuitive

1 Initial/ad hoc

0 Non-existent

Capability Level

5 Optimizing

4 Predictable

3 Established

2 Managed

1 Performed

0 Incomplete

Attribute

PA 5.1 Process innovation

PA 5.2 Process optimization

PA 4.1 Process measurement

PA 4.2 Process control

PA 3.1 Process definition

PA 3.2 Process deployment

PA 2.1 Performance management

PA 2.2 Work product

management

PA 1.1 Process performance

© ISACA 2016.


© ISACA 2016.


Class 1:

Used for Comparison with other enterprises

Assessor Independent of the unit being Assessed

A minimum of 4 process instances for each process assessed

Class 2:

Used to provide a basis for an initial assessment at the commencement

of a process improvement programme

To enable assessment conclusion to be drawn about the opportunities

for improvement

Can be performed internally or by an independent assessor

A minimum of 2 process instances for each process assessed

Class 3:

Used for testing and understanding the IT process and potential benefits

from improvement.

Suitable for monitoring the ongoing progress of an improvement

programme or to identify key issues for a later class 1 or 2

Can be performed internally or by an independent assessor

No minimum number of process instances required for each process

assessed

© ISACA 2016.


© ISACA 2016.


Level 0 Incomplete processIncompleteThe process is not implemented or fails to achieve its purpose. No process Attribute

Level 1 Performed process

PA.1.1 Process Performance attributePerformedThe process is implemented and achieves its process purpose

6 Process Capability

Levels

9 Process

Attributes

Level 2 Managed Process

PA.2.1 Performance Management attribute

PA.2.2 Work Product Management attribute

ManagedThe process is managed and work products are established, controlled and maintained.

Level 3 Established Process

PA.3.1 Process Definition attribute

PA.3.2 Process Deployment attribute

EstablishedA defined process is used based on a standard process.

Level 4 Predictable Process

PA.4.1 Process Measurement attribute

PA.4.2 Process Control attribute

PredictableThe process is enacted consistently within defined limits

Level 5 Optimizing process

PA.5.1 Process Innovation attribute

PA.5.2 Process Optimization attribute

OptimizingThe process is continuously improved to meet relevant

current and projected business goals

© ISACA 2016.


© ISACA 2016.


N Not achieved > 0 to 15 % achievement

There is little or no evidence of achievement of the defined attribute in the assessed process

NP Partially achieved > 15 % to 50 % achievement

There is some evidence of an approach to, and some achievement of, the defined attribute in the assessed process. Some aspects of achievement of the attribute may be unpredictable

L Largely achieved > 50 % to 85% achievement

There is evidence of a systematic approach to, and significant achievement of, the defined attribute in the assessed process. Some weakness related to this attribute may exist in the assessed process

F Fully achieved > 85 % to 100 % achievementThere is evidence of a complete and systematic approach to, and full achievement of, the defined attribute in the assessed process. No significant weaknesses related to this attribute exist in the assessed process

4 Rating Scales

❖ 00% – 15% Not Achieved N

❖ 16% - 50% Partially Achieved NP❖ 51% - 85% Largely Achieved L

❖ 86% - 100% Fully Achieved F

© ISACA 2016.


© ISACA 2016.


Level 5 - Optimised

Level 4 - Predictable

Level 0 - Incomplete

Level 1 - Performed

Level 2 - Managed

Level 3 - Established

Incomplete process

PA.1.1 Process Performance

PA.2.1 Performance Management

PA.2.2 Work Product Management

PA.4.1 Process Measurement

PA.4.2 Process Control

PA.5.1 Process Innovation

PA.5.2 Process Optimization

PA.3.1 Process Definition

PA.3.2 Process Deployment

1 2 543

L

/

F

L

/

F

L

/

F

L

/

F

L

/

F

F F F F

F F F

F

F F

© ISACA 2016.


© ISACA 2016.


© ISACA 2016.


© ISACA 2016.


Level 5

Level 4

Level 3

Level 2

Level 1

Level 0/

Ca

pa

bili

ty D

ime

nsi

on

Additional performance indicators Level 1 based on :BP : Base practicesWP : Work products

Based on (Level 1 to 5) Process Attribute Indicators (PAI):GP : Generic PracticeGWP : Generic Work Product

PA5.2 Continuous optimisation

PA5.1 Process innovation

PA4.2 Process control

PA4.1 Process measurement

PA3.2 Process deployment

PA3.1 Process definition

PA2.2 Performance management

PA2.1 Work product management

PA1.1 Process performance

EDM 5 Processes

APO 13 Processes

BAI 10 Processes

MEA 3 Processes

DSS 6 Processes

© ISACA 2016.


© ISACA 2016.


40 Generic Practices

9 Generic Work Products

ISO 15504 – 2

Measurement

Framework

Capability LevelsProcess AttributesRating Scale

© ISACA 2016.


© ISACA 2016.


Level 0 Incomplete process

Level 1 Performed process

PA.1.1 Process Performance attribute

Level 2 Managed Process

PA.2.1 Performance Management attribute

PA.2.2 Work Product Management attribute

Level 4 Predictable Process

PA.4.1 Process Measurement attribute

PA.4.2 Process Control attribute

Level 5 Optimizing process

PA.5.1 Process Innovation attribute

PA.5.2 Process Optimization attribute

Level 3 Established Process

PA.3.1 Process Definition attribute

PA.3.2 Process Deployment attribute

210 Base Practices




8 Generic Practices40 Generic Practices

© ISACA 2016.


PA 1.1 Process Performance

BP 1.1.1 Achieve the process outcomes

PA 2.1 Performance Management

GP 2.1.1 Identify the objectives

GP 2.1.2 Plan & monitor the performance

GP 2.1.3 Adjust the performance

GP 2.1.4 Define responsibilities and authorities

GP 2.1.5 Identify and make available

GP 2.1.6 Manage the interfaces

PA 2.2 Work Product Management

GP 2.2.1 Define the requirements for the work products

GP 2.2.2 Define the requirements for documentation and control

GP 2.2.3 Identify document and control

GP 2.2.4 Review and adjust work products

© ISACA 2016.


PA 3.1 Process Definition

GP 3.1.1 Define the standard

GP 3.1.2 Determine the sequence and interaction between processes

GP 3.1.3 Identify the roles and competencies

GP 3.1.4 Identify the required infrastructure and work environment

GP 3.1.5 Determine suitable methods

PA 3.2 Process Deployment

GP 3.2.1 Deploy a defined process

GP 3.2.2 Assign and communicate roles and responsibilities and authorities

GP 3.2.3 Ensure necessary competencies

GP 3.2.4 Provide resources and information

GP 3.2.5 Provide adequate processes infrastructure

GP 3.2.6 Collect and analyse data

© ISACA 2016.


PA 4.1 Process Measurement

GP 4.1.1 Identify process information needs

GP 4.1.2 Define process measurement objectives

GP 4.1.3 Establish quantitative objectives

GP 4.1.4 Identify product and process

GP 4.1.5 Collect product and process measurement results

GP 4.1.6 Use results of the defined measurement

PA 4.2 Process Control

GP 4.2.1 Determine analysis

GP 4.2.2 Define parameters

GP 4.2.3 Analyse process and product measurement results

GP 4.2.4 Identify and implement corrective actions

GP 4.2.5 Re-establish control

© ISACA 2016.


PA 5.1 Process Innovation

GP

5.1.1

Define the process improvement objective for the process

GP

5.1.2

Analyse measurement data of the process

GP

5.1.3

Identify improvement opportunities of the process

GP

5.1.4

Derive improvement opportunities of the process from new technologies and

process concepts

GP

5.1.5

Define an implementation strategy

PA 5.2 Process Optimisation

GP

5.2.1

Assess the impact of each proposed change

GP

5.2.2

Manage the implementation of agreed changes

GP

5.2.3

Based on actual performance, evaluate the effectiveness of process change

© ISACA 2016.


© ISACA 2016.


GWP ID GWP

1.0 Process Documentation

2.0 Process Plan

3.0 Quality Plan

4.0 Quality Records

5.0 Policies and Standards

6.0 Performance Improvement Plan

7.0 Process Measurement Plan

8.0 Process Control Plan

9.0 Process Performance Records

© ISACA 2016.


© ISACA 2016.


© ISACA 2016.


Evaluate, Direct and Monitor

EDM01 Ensure Governance Framework Setting & Maintenance EDM02 Ensure Benefits Delivery

EDM03 Ensure Risk Optimization EDM04 Ensure Resource Optimization

EDM05 Stakeholder Transparency

Processes for Governance of Enterprise IT

Align, Plan and OrganiseAPO01 Manage the IT Management Framework APO08 Manage Relationships

APO02 Manage Strategy APO09 Manage Service Agreements

APO03 Manage Enterprise Architecture APO10 Manage Suppliers

APO04 Manage Innovation APO11 Manage Quality

APO05 Manage Portfolio APO12 Manage Risk

APO06 Manage Budget and Costs APO13 Manage Security

APO07 Manage Human Resources

Processes for Management of Enterprise IT

Build, Acquire and Implement BAI01 Manage Programmes and Projects BAI07 Manage Change Acceptance

BAI02 Manage Requirements Definition and Transitioning

BAI03 Manage Solutions Identification and Build BAI08 Manage Knowledge

BAI04 Manage Availability and Capacity BAI09 Manage Assets

BAI05 Manage Organisational Change Enablement BAI010 Manage Configuration

BAI06 Manage Changes

Deliver, Service and SupportDSS01 Manage Operations DSS04 Manage Continuity

DSS02 Manage Service Requests and Incidents DSS05 Manage Security Services

DSS03 Manage Problems DSS06 Manage Business Process Controls

MEA01 Monitor,

Evaluate and Assess

Performance and

Conformance

MEA02 Monitor,

Evaluate and Assess

the System of Internal

Control

MEA03 Monitor,

Evaluate and Assess

Compliance With

External Requirements

Monitor Evaluate &

Assess

© ISACA 2016.


BAI - 10 Processes

MEA - 3 Processes

DSS - 6 Processes

EDM 5 - Process

APO -13 Processes

© ISACA 2016.


COBIT® 5 Enablers –

Enabling Processes –

230 pages

❖ 210 Practices

❖ 30 Outputs

❖ 210 Base Practices

❖ 434 Base Work

Products

BAI 68 Practices

MEA 17 Practices

DSS 38 Practices

EDM 15 Practices

APO 72 Practices

© ISACA 2016.


© ISACA 2016.


@TichaonaZororo

Tichaona Zororo

+27 (0) 73 298 9606

[email protected]

EGIT | Enterprise Governance of IT (Pty) Ltd

+27 (0) 11 234 2597

tichaona.zororo

tichaonazororo

Tichaona Zororo

Tichaona Zororo

© ISACA 2016.


Documents

© ISACA 2016. All Rights Reserved.•ん.pdf · © ISACA 2016. All Rights Reserved. Tichaona Zororo CIA, CISA, CISM, CRISC, CRMA, CGEIT, COBIT 5 Certified Assessor B.Sc. Honours