COBIT 5 Product Family

Source: COBIT 5, figure 11

COBIT® 5

COBIT 5 Online Collaborative Environment

COBIT 5 Enabler Guides

COBIT 5 Professional Guides

COBIT® 5 Implementation

COBIT® 5:Enabling Information

COBIT® 5:Enabling Processes

Other EnablerGuides

COBIT® 5for Assurance

COBIT® 5for Information

Security

COBIT® 5for Risk

Other ProfessionalGuides

COBIT 5 Principles

Source: COBIT 5, figure 2

1. MeetingStakeholder

Needs

5. SeparatingGovernance

FromManagement

4. Enabling aHolistic

Approach

3. Applying aSingle

IntegratedFramework

2. Covering theEnterpriseEnd-to-end

COBIT 5Principles

3701 Algonquin Road, Suite 1010 • Rolling Meadows, IL 60008 USA

Phone: +1.847.253.1545 • Fax: +1.847.253.1443 • Email: info@isaca.org

Web site: www.isaca.org

© 2 0 1 2 I S A C A . A l l r I g h t S r e S e r v e d . F o r u S A g e g u I d e l I n e S , S e e w w w . i s a c a . o r g / c o B i T u s e .

COBIT 5 Goals Cascade Overview

Source: COBIT 5, figure 4

BenefitsRealisation

Stakeholder Drivers(Environment, Technology Evolution, …)

Enterprise Goals

IT-related Goals

Enabler Goals

Influence

Cascade to

Cascade to

Appendix B

Appendix C

Figure 5

Figure 6

ResourceOptimisation

RiskOptimisation

Stakeholder Needs

Cascade to Appendix D

© 2 0 1 2 I S A C A . A l l r I g h t S r e S e r v e d . F o r u S A g e g u I d e l I n e S , S e e w w w . i s a c a . o r g / c o B i T u s e .

Governance and Management in COBIT 5

Source: COBIT 5, figure 8

Key Roles, Activities and Relationships

Source: COBIT 5, figure 9

Roles, Activities and Relationships

Owners andStakeholders

GoverningBody Management

Operationsand

Execution

Instruct andAlign

Report

Set Direction

Monitor

Delegate

Accountable

BenefitsRealisation

GovernanceEnablers

Roles, Activities and Relationships

GovernanceScope

ResourceOptimisation

RiskOptimisation

Governance Objective: Value Creation

COBIT 5 Governance and Management Key Areas

Source: COBIT 5, figure 15

Governance

Management

Evaluate

Direct Monitor

Plan(APO)

Build(BAI)

Run(DSS)

Monitor(MEA)

Management Feedback

Business Needs

© 2 0 1 2 I S A C A . A l l r I g h t S r e S e r v e d . F o r u S A g e g u I d e l I n e S , S e e w w w . i s a c a . o r g / c o B i T u s e .

The Seven Phases of the Implementation Life Cycle

Source: COBIT 5, figure 17 and COBIT 5 Implementation, figure 6

7 H

ow do

we keep

the momentum going?

6 Di

d we

get

ther

e?

5 How do we get there?

4 What needs to be done?

3 Where

do w

e wan

t to

be?

2 Where are we now?

1 What are the drivers?

• Programme management (outer ring)

• Change enablement (middle ring)

• Continual improvement life cycle (inner ring)

Initiate programme

Define problems and

opportunities

Define r

oad

map

Plan programme

Execute plan

Real

ise

bene

fits

Review

effectiveness

Operate

Identify roleCommun

icat

e

team

to change

and use

players

outcom

e

Form im

plementation

Establish desire

Embe

d ne

w

Sustain

appr

oach

es

Implem

ent

improvements

state

Assess

RecogniseMonitor

Oper

ate

improvements Build

target

current

need toand

and

Defin

e

state

acteva

luate

mea

sure

Summary of the COBIT 5 Process Capability Model

Source: COBIT 5, figure 19

Generic Process Capability Attributes

COBIT 5 Process AssessmentModel–Capability Indicators

COBIT 5 Process AssessmentModel—Performance Indicators

Base Practices(Management/

GovernancePractices)

Process Outcomes

WorkProducts(Inputs/Outputs)

Generic Practices Generic Resources Generic Work Products

IncompleteProcess

PerformedProcess

ManagedProcess

EstablishedProcess

PredictableProcess

OptimisingProcess

PerformanceAttribute (PA) 1.1

ProcessPerformance

PA 2.1PerformanceManagement

PA 2.2Work

ProductManagement

PA 3.1Process

Definition

PA 3.2Process

Deployment

PA 4.1Process

Management

PA 4.2ProcessControl

PA 5.1Process

Innovation

PA 5.2Process

Optimisation

0 1 2 3 4 5

© 2 0 1 2 I S A C A . A l l r I g h t S r e S e r v e d . F o r u S A g e g u I d e l I n e S , S e e w w w . i s a c a . o r g / c o B i T u s e .

COBIT 5 Enterprise Enablers

Source: COBIT 5, figure 12

2. Processes3. Organisational

Structures

1. Principles, Policies and Frameworks

6. Services,Infrastructure

and Applications

7. People,Skills and

Competencies

Resources

5. Information

4. Culture, Ethicsand Behaviour

COBIT 5 Enablers: Generic

Source: COBIT 5, figure 13

Enab

ler D

imen

sion Stakeholders Goals Life Cycle Good Practices

• Internal Stakeholders• External Stakeholders

• Practices• Work Products (Inputs/Outputs)

• Intrinsic Quality• Contextual Quality (Relevance, Effectiveness)• Accessibility and Security

• Plan• Design• Build/Acquire/ Create/Implement• Use/Operate• Evaluate/Monitor• Update/Dispose

Enab

ler P

erfo

rman

ceM

anag

emen

t Are StakeholdersNeeds Addressed?

Are EnablerGoals Achieved?

Metrics for Achievement of Goals(Lag Indicators)

Metrics for Application of Practice(Lead Indicators)

Is Life CycleManaged?

Are Good PracticesApplied?

© 2 0 1 2 I S A C A . A l l r I g h t S r e S e r v e d . F o r u S A g e g u I d e l I n e S , S e e w w w . i s a c a . o r g / c o B i T u s e .

Proc

esse

s fo

r Man

agem

ent o

f Ent

erpr

ise

IT

Eval

uate

, Dire

ct a

nd M

onito

r

Proc

esse

s fo

r Gov

erna

nce

of E

nter

pris

e IT

Alig

n, P

lan

and

Orga

nise

Mon

itor,

Eval

uate

and

Asse

ss

Build

, Acq

uire

and

Impl

emen

t

Deliv

er, S

ervi

ce a

nd S

uppo

rt

EDM

01 E

nsur

eGo

vern

ance

Fram

ewor

k Se

tting

and

Mai

nten

ance

APO0

1 M

anag

eth

e IT

Man

agem

ent

Fram

ewor

k

APO0

8 M

anag

eRe

latio

nshi

ps

APO0

2 M

anag

eSt

rate

gy

APO0

9 M

anag

eSe

rvic

eAg

reem

ents

APO0

3 M

anag

eEn

terp

rise

Arch

itect

ure

APO1

0 M

anag

eSu

pplie

rs

APO0

4 M

anag

eIn

nova

tion

APO1

1 M

anag

eQu

ality

APO0

5 M

anag

ePo

rtfol

io

APO1

2 M

anag

eRi

sk

APO0

6 M

anag

eBu

dget

and

Cos

tsAP

O07

Man

age

Hum

an R

esou

rces

MEA

01 M

onito

r,Ev

alua

te a

nd A

sses

sPe

rform

ance

and

Conf

orm

ance

MEA

02 M

onito

r,Ev

alua

te a

nd A

sses

sth

e Sy

stem

of I

nter

nal

Cont

rol

MEA

03 M

onito

r,Ev

alua

te a

nd A

sses

sCo

mpl

ianc

e W

ithEx

tern

al R

equi

rem

ents

APO1

3 M

anag

eSe

curit

y

DSS0

1 M

anag

eOp

erat

ions

DSS0

2 M

anag

eSe

rvic

e Re

ques

tsan

d In

cide

nts

DSS0

3 M

anag

ePr

oble

ms

DSS0

4 M

anag

eCo

ntin

uity

DSS0

5 M

anag

eSe

curit

ySe

rvic

es

DSS0

6 M

anag

eBu

sine

ssPr

oces

s Co

ntro

ls

BAI0

1 M

anag

ePr

ogra

mm

es a

ndPr

ojec

ts

BAI0

8 M

anag

eKn

owle

dge

BAI0

2 M

anag

eRe

quire

men

tsDe

finiti

on

BAI0

9 M

anag

eAs

sets

BAI0

3 M

anag

eSo

lutio

nsId

entif

icat

ion

and

Build

BAI0

10 M

anag

eCo

nfig

urat

ion

BAI0

4 M

anag

eAv

aila

bilit

y an

d Ca

paci

ty

BAI0

5 M

anag

eOr

gani

satio

nal

Chan

geEn

able

men

t

BAI0

6 M

anag

eCh

ange

s

BAI0

7 M

anag

eCh

ange

Acce

ptan

ce a

ndTr

ansi

tioni

ng

EDM

02 E

nsur

eBe

nefit

s De

liver

yED

M03

Ens

ure

Risk

Opt

imis

atio

n

EDM

04 E

nsur

eRe

sour

ceOp

timis

atio

n

EDM

05 E

nsur

eSt

akeh

olde

rTr

ansp

aren

cy

CO

BIT

5 Pr

oces

s Re

fere

nce

Mod

el

Sour

ce:

COBI

T 5,

figu

re 1

6

© 2 0 1 2 I S A C A . A l l r I g h t S r e S e r v e d . F o r u S A g e g u I d e l I n e S , S e e w w w . i s a c a . o r g / c o B i T u s e .