Upload
vudan
View
219
Download
0
Embed Size (px)
Citation preview
© ISACA 2016.
All Rights Reserved.
Tichaona Zororo
CIA, CISA, CISM, CRISC, CRMA, CGEIT, COBIT 5 Certified Assessor
B.Sc. Honours Information Systems, PGD Computer Auditing
Accredited COBIT 5 Trainer
© ISACA 2016.
All Rights Reserved.
Benefits RealisationEDM02
Risk OptimizationEDM03
Resource OptimizationEDM04
Value Creation Governance Objectives
© ISACA 2016.
All Rights Reserved.
COBIT 5
Principles
1Meeting
Stakeholder
Needs
2Covering
the Enterprise
End-to-End
3Applying a
single
integrated
Framework
4Enabling a
Hollistic
Approach
© ISACA 2016.
All Rights Reserved.
Meeting Stakeholder Needs:
Enterprises exist to create value for their stakeholders by
maintaining a balance between the realisation of benefits and the optimisation of risk and use of resources.
COBIT®5 provides all of the required processes and other enablers to support business value creation through the use of
IT.
An enterprise can customise COBIT®5 to suit its own context through the goals cascade, translating high-level enterprise goals into manageable, specific, IT-related goals and mapping
these to specific processes and practices.
© ISACA 2016.
All Rights Reserved.
Covering the Enterprise End to end:
COBIT®5 integrates governance of enterprise IT into enterprise governance:
It covers all functions and processes within the enterprise; COBIT®5 does not focus only on the ‘IT function’, but treats information and related technologies as assets that need to be dealt with just like any other asset by everyone in the enterprise.
It considers all IT-related governance and management enablers to be enterprise-wide and end-to-end, i.e., inclusive of everything and everyone—internal and external—that is relevant to governance and management of enterprise information and related IT.
© ISACA 2016.
All Rights Reserved.
Applying a Single Integrated Framework :
There are many IT-related standards and best
practices, each providing guidance on a subset of IT
activities. COBIT 5 aligns with other relevant standards
and frameworks at a high level, and thus can serve as
the overarching framework for governance and
management of enterprise IT.
© ISACA 2016.
All Rights Reserved.
Enabling a Holistic Approach:
Efficient and effective governance and management of enterprise IT require a holistic approach, taking into account several interacting components. COBIT 5 defines a set of enablers to support the implementation of a comprehensive
governance and management system for enterprise IT.
Enablers are broadly defined as anything that can help to achieve the objectives of the enterprise.
© ISACA 2016.
All Rights Reserved.
Metrics for
Achievement
of Goal
(Lag
Indicators)
Metrics for
Application of
Practice
(Lead
Indicators)
Enabler
Performance
Management
The 7 Enabler
Dimensions
Enabler
Dimensions
© ISACA 2016.
All Rights Reserved.
SIA
Culture
Ethics
&
Behaviour
Information
People,
Skills
& Competencies
Principles,
Processes
Framework
Organisational
Structures
Processes
Metrics for
Achievement
of Goals
(Lag
Indicators)
Metrics for
Application of
Practice
(Lead
Indicators)
© ISACA 2016.
All Rights Reserved.
Separating Governance from Management:
The COBIT 5 framework makes a clear distinction between governance and management.
These two disciplines encompass different types of activities, require different organisational structures and serve different purposes.
© ISACA 2016.
All Rights Reserved.
Evaluate, Direct and Monitor
EDM01 Ensure Governance Framework Setting & Maintenance EDM02 Ensure Benefits Delivery
EDM03 Ensure Risk Optimization EDM04 Ensure Resource Optimization
EDM05 Stakeholder Transparency
Processes for Governance of Enterprise IT
Align, Plan and OrganiseAPO01 Manage the IT Management Framework APO08 Manage Relationships
APO02 Manage Strategy APO09 Manage Service Agreements
APO03 Manage Enterprise Architecture APO10 Manage Suppliers
APO04 Manage Innovation APO11 Manage Quality
APO05 Manage Portfolio APO12 Manage Risk
APO06 Manage Budget and Costs APO13 Manage Security
APO07 Manage Human Resources
Processes for Management of Enterprise IT
Build, Acquire and Implement BAI01 Manage Programmes and Projects BAI07 Manage Change Acceptance
BAI02 Manage Requirements Definition and Transitioning
BAI03 Manage Solutions Identification and Build BAI08 Manage Knowledge
BAI04 Manage Availability and Capacity BAI09 Manage Assets
BAI05 Manage Organisational Change Enablement BAI010 Manage Configuration
BAI06 Manage Changes
Deliver, Service and SupportDSS01 Manage Operations DSS04 Manage Continuity
DSS02 Manage Service Requests and Incidents DSS05 Manage Security Services
DSS03 Manage Problems DSS06 Manage Business Process
Controls
MEA01 Monitor,
Evaluate and Assess
Performance and
Conformance
MEA02 Monitor,
Evaluate and Assess
the System of Internal
Control
MEA03 Monitor,
Evaluate and Assess
Compliance With
External Requirements
Monitor Evaluate &
Assess
© ISACA 2016.
All Rights Reserved.
Grab the Low Hanging Fruit
“Focusing on quick wins and the prioritisation of
the most beneficial improvements that are
easiest to implement to demonstrate benefit and
build confidence for further improvements”
Unlocking Your World to a Sea Opportunities
© ISACA 2016.
All Rights Reserved.
The 7 phases of the
implementation life cycle –
Creating the Appropriate
Environment
Programme
management
Change enablement Continual Improvement Life
Cycle
What are the drivers? Initiate programme Establish desire to change Recognise need to act
Where are we now? Define problems and
opportunities
Form implementation
team
Assess current state
Where do we want to be? Define road map Communicate outcome Define target state
What needs to be done? Plan programme Identify role players Build improvements
How do we get there? Execute Operate and use Implement improvements
Did we get there? Realise benefits Embedded new
approaches
Operate & Measure
How do we keep the momentum going?
Review effectiveness Sustain Monitor & Evaluate
© ISACA 2016.
All Rights Reserved.
What Are The Drivers?
Unlocking Your World to a Sea Opportunities
Phase 1
© ISACA 2016.
All Rights Reserved.
The Business Case for GEIT
Unlocking Your World to a Sea Opportunities
Phase 1
© ISACA 2016.
All Rights Reserved.
Trigger Events
Unlocking Your World to a Sea Opportunities
Phase 1
© ISACA 2016.
All Rights Reserved.
The 7 phases of the
implementation life
cycle
Programme
management
Change
enablement
Continual
Improvement Life
Cycle
Initiate the Programme
What are the drivers? Initiate programme Establish desire to
change
Recognise need to
act
© ISACA 2016.
All Rights Reserved.
Process Assessment Phases?
Unlocking Your World to a Sea Opportunities
© ISACA 2016.
All Rights Reserved.
Where Are We Now?
Unlocking Your World to a Sea Opportunities
Phase 2
© ISACA 2016.
All Rights Reserved.
The 7 phases of
the
implementation
life cycle
Programme
management
Change
enablement
Continual Improvement Life
Cycle
Define problems & opportunities
Where are we now?
Define problems and
opportunities
Form
implementation
team
Assess current state
❖ Understand the pain
points that have
been identified as
governance
problems
❖ Take advantage of
trigger events that
provide opportunity
for improvement
❖ Knowledge of the business environment
❖ Insight into influencing factors
❖ Identify the IT goals in respect to enterprise goals
❖ Identify the most important processes
❖ Understand management risk appetite
❖ Understand the maturity of existing governance
❖ Related processes
© ISACA 2016.
All Rights Reserved.
Where Do We Want to Be?
Unlocking Your World to a Sea Opportunities
Phase 3
© ISACA 2016.
All Rights Reserved.
The 7 phases of the
implementation life
cycle
Programme
management
Change enablement Continual
Improvement Life
Cycle
Define road map
Where do we want to be?
Define road map Communicate outcome Define target
state
❖ Describe the high
level change
enablement plan
and objectives
❖ Develop a
communication
strategy
❖Communicate the
vision
❖ Articulate the rationale
and benefits of the
change
❖ Set the tone at the top
❖ Define the
target for
improvement
❖ Analyze the
gaps
❖ Identify
potential
improvements
© ISACA 2016.
All Rights Reserved.
GEIT Solution Design Phase?
Unlocking Your World to a Sea Opportunities
© ISACA 2016.
All Rights Reserved.
What Needs to Be Done?
Unlocking Your World to a Sea Opportunities
Phase 4
© ISACA 2016.
All Rights Reserved.
The 7 phases of the implementation
life cycle
Programme management
Change enablement Continual
Improvement Life
Cycle
Plan the Programme
What needs to be done?
Plan programme Identify role players Build improvements
❖ Prioritize potential initiatives
❖ Develop formal and justifiable projects
❖ Use plans that include contribution and program objectives
Empower role players and identify quick wins [Low Hanging Fruit – visible issues that can be addressed relatively
quickly and help establish the credibility of the overall initiative by demonstrating benefits ]❖ High benefit, easy implementations
should come first❖ Obtain buy-in by key stakeholders
affected by the change❖ Identify strengths in existing
processes and leverage accordingly
❖ Plot improvements
onto a grid to
assist with
prioritization
❖Consider
approach,
deliverables,
resources needed,
costs, estimated
time scales,
project
dependencies
and risks
© ISACA 2016.
All Rights Reserved.
GEIT Solution Implementation Phase?
Unlocking Your World to a Sea Opportunities
© ISACA 2016.
All Rights Reserved.
How Do We Get There?
Unlocking Your World to a Sea Opportunities
Phase 5
© ISACA 2016.
All Rights Reserved.
The 7 phases of the
implementation life
cycle
Programme
management
Change
enablement
Continual
Improvement Life
Cycle
Execute the Programme
How do we get
there?
Execute Operate and use Implement
improvements
❖ Execute projects
according to an
integrated program
plan
❖ Provide regular
update reports to
stakeholders
❖ Document and
monitor the
contribution of
projects while
managing risks
identified
❖ Build on the
momentum and
credibility of quick
wins
❖ Plan cultural and
behavioral
aspects of the
broader transition
❖ Define measures
of success
❖ Adopt and adapt
best practices to
suit the
enterprise’s
approach to
policies and
process changes
© ISACA 2016.
All Rights Reserved.
Post Implementation Phases?
Unlocking Your World to a Sea Opportunities
© ISACA 2016.
All Rights Reserved.
Did We Get There?
Unlocking Your World to a Sea Opportunities
Phase 6
© ISACA 2016.
All Rights Reserved.
The 7 phases of
GEIT
implementation
life cycle
Programme
management
Change enablement Continual
Improvement Life
Cycle
Realise Benefits
Did we get there? Realise benefits Embedded new approaches Operate &
Measure
❖Monitor the
overall
performance of
the program
against
business case
objectives
❖Monitor and
measure the
investment
performance
❖ Provide transition from project
mode to business as usual
mode
❖Monitor whether new roles
and responsibilities have
been taken on
❖ Track and assess objectives of
the change response plans
❖Maintain communication and
ensure communication
between appropriate
stakeholders continues
❖ Set targets for
each metric
❖ Measure
metrics
against targets
❖ Communicate
results and
adjust targets
as necessary
© ISACA 2016.
All Rights Reserved.
How Do We Keep the Momentum Going?
Unlocking Your World to a Sea Opportunities
Phase 7
© ISACA 2016.
All Rights Reserved.
The 7 phases of the
implementation life
cycle
Programme
management
Change enablement Continual Improvement
Life Cycle
Review Effectiveness
How do we keep
the momentum
going?
Review effectiveness Sustain Monitor & Evaluate
keeping the
momentum is critical to
sustainment of the
lifecycle.
❖ Review program
effectiveness
through a program
review gate
❖ Review the program
benefits
❖Conscious
reinforcement
(reward achievers)
❖Ongoing
communication
campaign
(feedback on
performance)
❖Continuous top
management
commitment
❖ Identify new
governance
objectives based on
program experience
❖Communicate
lessons learned and
further improvement
requirements for the
next iteration of the
cycle
© ISACA 2016.
All Rights Reserved.
Provides a means to
measure the
performance of any of
the 5 Governance
(EDM-based) or 32
Management (PBRM-
based) processes
thereby allowing areas
for improvement to be
identified.
Is a standard
based approach
to process
assessment that
produces results
that support
process
improvement
criteria and
planning. Provides
enterprises with a
repeatable,
reliable and
robust
methodology for
assessing the
capability of IT
processes. Simplified
content
through
elimination
of
duplication.ISO 15504
compliance.
Improved
reliability and
repeatability
reducing debates
and
disagreements
between
stakeholders on
assessment results.
© ISACA 2016.
All Rights Reserved.
ISO 15504 – 4
Assessment
Process
ISO 15504
ISO 15504 – 2
Measurement
Framework
ISO 15504 – 3Guidance on Performing an
Assessment
ISO 15504 – 5An Exemplar
Process Assessment
Model
ISO 15504 -1
Concepts and
Vocabulary
Process Assessment
Terminology
Process Assessment
Process
Process Capability Levels
& Attributes
Assessment Indicators
Generic Work Products
&
Generic Practices
Process Attribute Rating
Scale
Process Capability Level
Ratings
© ISACA 2016.
All Rights Reserved.
Enabling Processes
Process Description
Process Purpose Statement
IT Related Goals & Metrics
Process Related Goals & Metrics
210 Practices
Practice Description
37 Processes
30 Outputs
1111 Activities
2 Areas 5 Domains
© ISACA 2016.
All Rights Reserved.
Report internally to an enterprise’s executive
management or board of directors on the
capability of IT processes and establish a target for improvement based on business requirements
Provide Gap Analysis and improvement
planning information to support definition
of justifiable improvement projects
Enable those in governance &
management to benchmark process
capabilities & support investment
decision making with regard
to process improvement
Assessing Capability of IT
Processes
Provide the governance body and
management with process assessment
ratings to measure and monitor current IT
processes capabilities
© ISACA 2016.
All Rights Reserved.
Process Assessment
Process Capability Determination
Process Improvement
Can invlove
Leads to
© ISACA 2016.
All Rights Reserved.
GEIT
Implementation
Phase – Creating
the Appropriate
Environment
Programme
management
Change
enablement
Continual
Improvement Life
Cycle
Phase 2
Where are we
now?
Define problems
and
opportunities
Form
implementati
on team
Assess current state
Phase 3
Where do we want
to be?
Define road
map
Communicat
e outcome
Define target state
© ISACA 2016.
All Rights Reserved.
Principles, Policies &
Frameworks
Assessor Guide: Using COBIT® 5
Provides details on how to undertake a full ISO 15504 - compliant
assessment (Guidance on how to perform an assessment)
Principles, Policies
&
Frameworks
Process Assessment Model: Using COBIT® 5
Forms the basis for the assessment of an enterprise's IT processes
Self Assessment Guide: Using COBIT® 5
Provides guidance on how to perform a basic/less rigorous self-
assessment of an organisation’s current IT process capability levels
against COBIT processes
Principles, Policies &
Frameworks
Assessment Programme Tool Kit: Using COBIT® 5
Support assessment activities, including scoping templates and
mapping to business and IT goals
© ISACA 2016.
All Rights Reserved.
ISO/IEC 15504 ProcessCOBIT 4.1 Process Maturity Level
5 Optimised
4 Managed and measurable
3 Defined
2 Repeatable but intuitive
1 Initial/ad hoc
0 Non-existent
Capability Level
5 Optimizing
4 Predictable
3 Established
2 Managed
1 Performed
0 Incomplete
Attribute
PA 5.1 Process innovation
PA 5.2 Process optimization
PA 4.1 Process measurement
PA 4.2 Process control
PA 3.1 Process definition
PA 3.2 Process deployment
PA 2.1 Performance management
PA 2.2 Work product
management
PA 1.1 Process performance
© ISACA 2016.
All Rights Reserved.
Class 1:
Used for Comparison with other enterprises
Assessor Independent of the unit being Assessed
A minimum of 4 process instances for each process assessed
Class 2:
Used to provide a basis for an initial assessment at the commencement
of a process improvement programme
To enable assessment conclusion to be drawn about the opportunities
for improvement
Can be performed internally or by an independent assessor
A minimum of 2 process instances for each process assessed
Class 3:
Used for testing and understanding the IT process and potential benefits
from improvement.
Suitable for monitoring the ongoing progress of an improvement
programme or to identify key issues for a later class 1 or 2
Can be performed internally or by an independent assessor
No minimum number of process instances required for each process
assessed
© ISACA 2016.
All Rights Reserved.
Level 0 Incomplete processIncompleteThe process is not implemented or fails to achieve its purpose. No process Attribute
Level 1 Performed process
PA.1.1 Process Performance attributePerformedThe process is implemented and achieves its process purpose
6 Process Capability
Levels
9 Process
Attributes
Level 2 Managed Process
PA.2.1 Performance Management attribute
PA.2.2 Work Product Management attribute
ManagedThe process is managed and work products are established, controlled and maintained.
Level 3 Established Process
PA.3.1 Process Definition attribute
PA.3.2 Process Deployment attribute
EstablishedA defined process is used based on a standard process.
Level 4 Predictable Process
PA.4.1 Process Measurement attribute
PA.4.2 Process Control attribute
PredictableThe process is enacted consistently within defined limits
Level 5 Optimizing process
PA.5.1 Process Innovation attribute
PA.5.2 Process Optimization attribute
OptimizingThe process is continuously improved to meet relevant
current and projected business goals
© ISACA 2016.
All Rights Reserved.
N Not achieved > 0 to 15 % achievement
There is little or no evidence of achievement of the defined attribute in the assessed process
NP Partially achieved > 15 % to 50 % achievement
There is some evidence of an approach to, and some achievement of, the defined attribute in the assessed process. Some aspects of achievement of the attribute may be unpredictable
L Largely achieved > 50 % to 85% achievement
There is evidence of a systematic approach to, and significant achievement of, the defined attribute in the assessed process. Some weakness related to this attribute may exist in the assessed process
F Fully achieved > 85 % to 100 % achievementThere is evidence of a complete and systematic approach to, and full achievement of, the defined attribute in the assessed process. No significant weaknesses related to this attribute exist in the assessed process
4 Rating Scales
❖ 00% – 15% Not Achieved N
❖ 16% - 50% Partially Achieved NP❖ 51% - 85% Largely Achieved L
❖ 86% - 100% Fully Achieved F
© ISACA 2016.
All Rights Reserved.
Level 5 - Optimised
Level 4 - Predictable
Level 0 - Incomplete
Level 1 - Performed
Level 2 - Managed
Level 3 - Established
Incomplete process
PA.1.1 Process Performance
PA.2.1 Performance Management
PA.2.2 Work Product Management
PA.4.1 Process Measurement
PA.4.2 Process Control
PA.5.1 Process Innovation
PA.5.2 Process Optimization
PA.3.1 Process Definition
PA.3.2 Process Deployment
1 2 543
L
/
F
L
/
F
L
/
F
L
/
F
L
/
F
F F F F
F F F
F
F F
© ISACA 2016.
All Rights Reserved.
Level 5
Level 4
Level 3
Level 2
Level 1
Level 0/
Ca
pa
bili
ty D
ime
nsi
on
Additional performance indicators Level 1 based on :BP : Base practicesWP : Work products
Based on (Level 1 to 5) Process Attribute Indicators (PAI):GP : Generic PracticeGWP : Generic Work Product
PA5.2 Continuous optimisation
PA5.1 Process innovation
PA4.2 Process control
PA4.1 Process measurement
PA3.2 Process deployment
PA3.1 Process definition
PA2.2 Performance management
PA2.1 Work product management
PA1.1 Process performance
EDM 5 Processes
APO 13 Processes
BAI 10 Processes
MEA 3 Processes
DSS 6 Processes
© ISACA 2016.
All Rights Reserved.
40 Generic Practices
9 Generic Work Products
ISO 15504 – 2
Measurement
Framework
Capability LevelsProcess AttributesRating Scale
© ISACA 2016.
All Rights Reserved.
Level 0 Incomplete process
Level 1 Performed process
PA.1.1 Process Performance attribute
Level 2 Managed Process
PA.2.1 Performance Management attribute
PA.2.2 Work Product Management attribute
Level 4 Predictable Process
PA.4.1 Process Measurement attribute
PA.4.2 Process Control attribute
Level 5 Optimizing process
PA.5.1 Process Innovation attribute
PA.5.2 Process Optimization attribute
Level 3 Established Process
PA.3.1 Process Definition attribute
PA.3.2 Process Deployment attribute
210 Base Practices
10 Generic Practices
11 Generic Practices
11 Generic Practices
8 Generic Practices40 Generic Practices
© ISACA 2016.
All Rights Reserved.
PA 1.1 Process Performance
BP 1.1.1 Achieve the process outcomes
PA 2.1 Performance Management
GP 2.1.1 Identify the objectives
GP 2.1.2 Plan & monitor the performance
GP 2.1.3 Adjust the performance
GP 2.1.4 Define responsibilities and authorities
GP 2.1.5 Identify and make available
GP 2.1.6 Manage the interfaces
PA 2.2 Work Product Management
GP 2.2.1 Define the requirements for the work products
GP 2.2.2 Define the requirements for documentation and control
GP 2.2.3 Identify document and control
GP 2.2.4 Review and adjust work products
© ISACA 2016.
All Rights Reserved.
PA 3.1 Process Definition
GP 3.1.1 Define the standard
GP 3.1.2 Determine the sequence and interaction between processes
GP 3.1.3 Identify the roles and competencies
GP 3.1.4 Identify the required infrastructure and work environment
GP 3.1.5 Determine suitable methods
PA 3.2 Process Deployment
GP 3.2.1 Deploy a defined process
GP 3.2.2 Assign and communicate roles and responsibilities and authorities
GP 3.2.3 Ensure necessary competencies
GP 3.2.4 Provide resources and information
GP 3.2.5 Provide adequate processes infrastructure
GP 3.2.6 Collect and analyse data
© ISACA 2016.
All Rights Reserved.
PA 4.1 Process Measurement
GP 4.1.1 Identify process information needs
GP 4.1.2 Define process measurement objectives
GP 4.1.3 Establish quantitative objectives
GP 4.1.4 Identify product and process
GP 4.1.5 Collect product and process measurement results
GP 4.1.6 Use results of the defined measurement
PA 4.2 Process Control
GP 4.2.1 Determine analysis
GP 4.2.2 Define parameters
GP 4.2.3 Analyse process and product measurement results
GP 4.2.4 Identify and implement corrective actions
GP 4.2.5 Re-establish control
© ISACA 2016.
All Rights Reserved.
PA 5.1 Process Innovation
GP
5.1.1
Define the process improvement objective for the process
GP
5.1.2
Analyse measurement data of the process
GP
5.1.3
Identify improvement opportunities of the process
GP
5.1.4
Derive improvement opportunities of the process from new technologies and
process concepts
GP
5.1.5
Define an implementation strategy
PA 5.2 Process Optimisation
GP
5.2.1
Assess the impact of each proposed change
GP
5.2.2
Manage the implementation of agreed changes
GP
5.2.3
Based on actual performance, evaluate the effectiveness of process change
© ISACA 2016.
All Rights Reserved.
GWP ID GWP
1.0 Process Documentation
2.0 Process Plan
3.0 Quality Plan
4.0 Quality Records
5.0 Policies and Standards
6.0 Performance Improvement Plan
7.0 Process Measurement Plan
8.0 Process Control Plan
9.0 Process Performance Records
© ISACA 2016.
All Rights Reserved.
Evaluate, Direct and Monitor
EDM01 Ensure Governance Framework Setting & Maintenance EDM02 Ensure Benefits Delivery
EDM03 Ensure Risk Optimization EDM04 Ensure Resource Optimization
EDM05 Stakeholder Transparency
Processes for Governance of Enterprise IT
Align, Plan and OrganiseAPO01 Manage the IT Management Framework APO08 Manage Relationships
APO02 Manage Strategy APO09 Manage Service Agreements
APO03 Manage Enterprise Architecture APO10 Manage Suppliers
APO04 Manage Innovation APO11 Manage Quality
APO05 Manage Portfolio APO12 Manage Risk
APO06 Manage Budget and Costs APO13 Manage Security
APO07 Manage Human Resources
Processes for Management of Enterprise IT
Build, Acquire and Implement BAI01 Manage Programmes and Projects BAI07 Manage Change Acceptance
BAI02 Manage Requirements Definition and Transitioning
BAI03 Manage Solutions Identification and Build BAI08 Manage Knowledge
BAI04 Manage Availability and Capacity BAI09 Manage Assets
BAI05 Manage Organisational Change Enablement BAI010 Manage Configuration
BAI06 Manage Changes
Deliver, Service and SupportDSS01 Manage Operations DSS04 Manage Continuity
DSS02 Manage Service Requests and Incidents DSS05 Manage Security Services
DSS03 Manage Problems DSS06 Manage Business Process Controls
MEA01 Monitor,
Evaluate and Assess
Performance and
Conformance
MEA02 Monitor,
Evaluate and Assess
the System of Internal
Control
MEA03 Monitor,
Evaluate and Assess
Compliance With
External Requirements
Monitor Evaluate &
Assess
© ISACA 2016.
All Rights Reserved.
BAI - 10 Processes
MEA - 3 Processes
DSS - 6 Processes
EDM 5 - Process
APO -13 Processes
© ISACA 2016.
All Rights Reserved.
COBIT® 5 Enablers –
Enabling Processes –
230 pages
❖ 210 Practices
❖ 30 Outputs
❖ 210 Base Practices
❖ 434 Base Work
Products
BAI 68 Practices
MEA 17 Practices
DSS 38 Practices
EDM 15 Practices
APO 72 Practices
© ISACA 2016.
All Rights Reserved.
@TichaonaZororo
Tichaona Zororo
+27 (0) 73 298 9606
EGIT | Enterprise Governance of IT (Pty) Ltd
+27 (0) 11 234 2597
tichaona.zororo
tichaonazororo
Tichaona Zororo
Tichaona Zororo