COBIT®5 - Assessor

COBI

T® is

a tr

adem

ark o

f ISA

CA®

regi

ster

ed in

the

Uni

ted

Stat

es a

nd o

ther

coun

trie

s.

Start and finish Course style

LunchCoffee and breaks

M00 - Course introduction 2/12 | 2/249

Perform a process capability assessment using the Assessor Guide: using COBIT 5

Apply the Process Assessment Model (The PAM) in performing a process capability assessment Use the Process Reference Model, in particular to be

able to apply the 37 processes outlined in the PRM

Apply and analyse the measurement model in assessing process capability levels

Apply and analyse the capability dimension using generic criteria outlined in the PAM

Identify and assess the roles and responsibilities in the process capability assessment process

Perform and assess the 7 steps outlined in the Assessor Guide

Main goal:

Attempt Assessor exam with confidence

Secondary goal:

Benefits and value of IT Governance and COBIT 5 audit process


Please share with the class: Your name and surname Your organization Your profession (title, function, job

responsibilities) Your familiarity with:

Project management

IT management

IT service management (ITSM)

Enterprise architecture Your experience with IT Governance Your personal session expectations



Foundation Exam

Paper based and closed book exam Only pencil and eraser are allowed Simple multiple (ABCD) choice exam Only one answer is correct 50 questions, pass mark is 25 (50%) No negative points, no “Tricky Questions”

No pre-requisite for Foundation exam

Sample, one (official) mock exam is provided to you

Candidates completing an examination in a language that is not their mother tongue, will receive additional time


Target Audience

Consultants, IT practitioners, Business managers

Apply the COBIT 5 good practice continual improvement lifecycle approach to GEIT, tailored to suit the needs of a specific enterprise. In particular



Target Audience

Internal and external (Lead) Auditors

Perform a process capability assessment using the Assessor Guide: using COBIT 5

Apply the Process Assessment Model

Identify and assess the roles and responsibilities



COBIT5 main publication is COBIT 5 - A Business Framework for the Governance and Management of Enterprise IT:• ISBN-13: 978-1604202373

COBIT5 syllabus section code and title

OV Overview and Key Features of COBIT 5

PR The COBIT 5 Principles

EN The COBIT 5 Enablers

IM Introduction to COBIT 5 Implementation

PC Process Capability Assessment Model

Syllabus Handbook Page

Module slide number / total module slides

Slide number / total slides

Module number and name

COBIT5handbook page

COBIT5 syllabus section code



quizlet.com/67599656/


twitter.com/mirodabrowski

linkedin.com/in/miroslawdabrowskigoogle.com/+miroslawdabrowski

miroslaw_dabrowski

www.miroslawdabrowski.com

Mirosław DąbrowskiAgile Coach, Trainer, Consultant(former JEE/PHP developer, UX/UI designer, BA/SA)

Creator Writer / Translator Trainer / Coach

• Creator of 50+ mind maps from PPM and related topics (2mln views): miroslawdabrowski.com

• Lead author of more than 50+ accredited materials from PRINCE2, PRINCE2 Agile, MSP, MoP, P3O, ITIL, M_o_R, MoV, PMP, Scrum, AgilePM, DSDM, CISSP, CISA, CISM, CRISC, CGEIT, TOGAF, COBIT5 etc.

• Creator of 50+ interactive mind maps from PPM topics: mindmeister.com/users/channel/2757050

• Product Owner of biggest Polish project management portal: 4PM: 4pm.pl (15.000+ views each month)

• Editorial Board Member of Official PMI Poland Chapter magazine: “Strefa PMI”: strefapmi.pl

• Official PRINCE2 Agile, AgilePM, ASL2, BiSL methods translator for Polish language

• English speaking, international, independenttrainer and coach from multiple domains.

• Master Lead Trainer• 11+ years in training and coaching / 15.000+ hours• 100+ certifications• 5000+ people trained and coached• 25+ trainers trained and coached

linkedin.com/in/miroslawdabrowski

Agile Coach / Scrum Master PM / IT architect Notable clients

• 8+ years of experience with Agile projects as a Scrum Master, Product Owner and Agile Coach

• Coached 25+ teams from Agile and Scrum• Agile Coach coaching C-level executives • Scrum Master facilitating multiple teams

experienced with UX/UI + Dev teams• Experience multiple Agile methods• Author of AgilePM/DSDM Project Health Check

Questionnaire (PHCQ) audit tool

• Dozens of mobile and ecommerce projects• IT architect experienced in IT projects with budget

above 10mln PLN and timeline of 3+ years• Experienced with (“traditional”) projects under high

security, audit and compliance requirements based on ISO/EIC 27001

• 25+ web portal design and development and mobile application projects with iterative,incremental and adaptive approach

ABB, AGH, Aiton Caldwell, Asseco, Capgemini, Deutsche Bank, Descom, Ericsson, Ericpol, Euler Hermes, General Electric, Glencore, HP Global Business Center, Ideo, Infovide-Matrix, Interia, Kemira, Lufthansa Systems, Media-Satrun Group, Ministry of Defense (Poland), Ministry of Justice (Poland), Nokia Siemens Networks, Oracle, Orange, Polish Air Force, Proama, Roche, Sabre Holdings, Samsung Electronics, Sescom, Scania, Sopra Steria, Sun Microsystems, Tauron Polish Energy, Tieto, University of Wroclaw, UBS Service Centre, Volvo IT…miroslawdabrowski.com/about-me/clients-and-references/

Accreditations/certifications (selected): CISA, CISM, CRISC, CASP, Security+, Project+, Network+, Server+, Approved Trainer: (MoP, MSP, PRINCE2, PRINCE2 Agile, M_o_R, MoV, P3O, ITIL Expert, RESILIA), ASL2, BiSL, Change Management, Facilitation, Managing Benefits, COBIT5, TOGAF 8/9L2, OBASHI, CAPM, PSM I, SDC, SMC, ESMC, SPOC, AEC, DSDM Atern,DSDM Agile Professional, DSDM Agile Trainer-Coach, AgilePM, OCUP Advanced, SCWCD, SCBCD, SCDJWS, SCMAD, ZCE 5.0, ZCE 5.3, MCT, MCP, MCITP, MCSE-S, MCSA-S, MCS, MCSA, ISTQB, IQBBA, REQB, CIW Web Design / Web Development / Web Security Professional, Playing Lean Facilitator, DISC D3 Consultant, SDI Facilitator, Certified Trainer Apollo 13 ITSM Simulation …


1. Introduction to COBIT 5 Assessor

2. Introduction to the COBIT 5 Process Assessment Model (PAM)

3. Overview of the COBIT 5 Process Assessment Model (PAM)

4. Process Dimension and Process Performance Indicators

5. Process Capability Indicators

6. Generic Work Products (GWPs)

7. Roles, Responsibilities and Competencies

8. Initiate an Assessment

9. Scope an Assessment

10. Plan an Assessment and Brief the teams and management

11. Data Collection

12. Data Validation

13. Analyse and rate the process attributes and capability levels

14. Prepare and present assessment reports

M01 - Introduction to COBIT 5 Assessor 2/33 | 14/249


The Syllabus is based on these two guides. The Assessor training and certification is a ‘Practitioner-Level training and certification course’ that

focuses on ‘how’ to apply the PAM and ‘how’ to analyse the results.

It is a mandatory requirement for all candidates to have passed the Foundation Exam before applying for and attending to Assessor level training and certification exam

“The Assessor Guide: Using COBIT 5” provides the main guidance on performing a

process capability assessment, the roles,

responsibilities and competences required and

the key steps required, from assessment initiation

to reporting of the assessment results.

“The Process Assessment Model (PAM): using COBIT 5” which is the model used by

assessor to perform an assessment is used by

candidate to reference the process content to be used

in the assessment.


The target audience for this training certificate is:

Internal and external Auditors who want to add process capability assessments to the scope of their audits.

IT auditors who want to add process capability assessments to the scope of their audits.

Consultants who want to be allowed to perform independent process assessments on behalf of their clients.


“There are few things as useless, if not as dangerous, as the right answer to the wrong question.”

“There are no such things as the one right organization. There are only organisations,

each of which has distinct strengths, distinct limitations and specific applications.

A given organisation structure fits certain tasks, in certain conditions and at certain times.”

Peter Drucker


Route maps or plans reflect the choices we make to guide our

organisations to our selected and defined destination

Models – Frameworks – Good Practices help us make sense of the context and the challenges we face … they provide Roadmaps

One generation’s Good Practice soon becomes the status quo

for the next generation …


Governance of Enterprise IT

COBIT 5

IT Governance

COBIT4.0/4.1

Management

COBIT3

Control

COBIT2

Audit

COBIT1

2005/720001998

Evo

lutio

n

1996 2012

Val IT 2.0(2008)

Risk IT(2009)

BMIS(2010)

© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.

COBIT 5 ties together all ISACA knowledge assets, i.e.• COBIT 4.1• Val IT™• Risk IT• Business Model for

Information Security™ (BMIS™)

• ITAssuranceFramework™ (ITAF™);

• Taking Governance orward (TGF),

• Board Briefing on IT Governance, 2nd Edition.


Owners and Stakeholders

Accountable Delegate

Governing Body

Monitor Set Direction

Management

Operations and Execution

Instruct and AlignReport

Stakeholder Drivers(Environment, Technology

Evolution, ...)

BenefitsRealisation

Resource Optimisation

Risk Optimisation

Stakeholder Needs

Enabler Goals

IT-related Goals

Enterprise Goals

C4.1 Mapping Appendix A

Roles & Descriptions for

RACIs (pages 76-77)

RACI

© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.


COBIT 5 Enterprise Goals

BSC Dimension

Relation to Governance Objectives

Financial

Enterprise GoalBenefits

RealisationRisk

OptimisationResource

Optimisation

Customer

Internal

Learning and Growth

1. Stakeholder value of business investments

2. Portfolio of competitive products and services

15. Compliance with internal policies

4. Compliance with external laws and regulations

5. Financial transparency

6. Customer-oriented service culture

7. Business service continuity and availability

8. Agile responses to a changing business environment

9. Information-based strategic decision making

10. Optimisation of service delivery costs

11. Optimisation of business process functionality

12. Optimisation of business process costs

13. Managed business change programmes

14. Operational and staff productivity

3. Managed business risk (safeguarding of assets)

16. Skilled and motivated people

17. Product and business innovation culture

P

P

P

P

P S

P P

P P

P P

P P

P P S

P P

S P P

P

P

P S

P S

P

S S

S

P

P

S

© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.


COBIT 5 Enterprise Goals

ITBSC Dimension

Financial

Information and Related Technology Goal

Customer

Internal

Learning and Growth

Alignment of IT and business strategy

Transparency of IT costs, benefits and risk

Optimisation of IT assets, resources and capabilities

IT compliance and support for business compliance with external laws and regulations

IT compliance with internal policies

Managed IT-related business risk

Realised benefits from IT-enabled investments and services portfolio

Delivery of IT services in line with business requirements

Adequate use of applications, information and technology solutions

IT agility

Security of information, processing infrastructure and applications

Enablement and support of business processes by integrating applications and technology into business processes Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards Availability of reliable and useful information for decision making

Commitment of executive management for making IT-related decisions

Competent and motivated business and IT personnel

Knowledge, expertise and initiatives for business innovation

10

11

12

13

14

16

15

17

02

03

04

05

06

07

09

08

01

© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.


Evaluate, Direct and Monitor EDM01 Ensure Governance Framework Setting EDM03 Ensure Risk Optimisation

and Maintenance EDM04 Ensure Resource Optimisation EDM02 Ensure Benefits Delivery EDM05 Ensure Stakeholder Transparency

Processes for Governance of Enterprise IT

Align, Plan and OrganiseAPO01 Manage the IT Management Framework APO08 Manage Relationships APO02 Manage Strategy APO09 Manage Service AgreementsAPO03 Manage Enterprise Architecture APO10 Manage Suppliers APO04 Manage Innovation APO11 Manage Quality APO05 Manage Portfolio APO12 Manage Risk APO06 Manage Budget and Costs APO13 Manage SecurityAPO07 Manage Human Resources

Processes for Management of Enterprise IT

Build, Acquire and Implement BAI01 Manage Programmes and Projects BAI07 Manage Change Acceptance BAI02 Manage Requirements Definition and Transitioning BAI03 Manage Solutions Identification and Build BAI08 Manage KnowledgeBAI04 Manage Availability and Capacity BAI09 Manage AssetsBAI05 Manage Organisational Change Enablement BAI010 Manage Configuration BAI06 Manage Changes

Deliver, Service and SupportDSS01 Manage Operations DSS04 Manage ContinuityDSS02 Manage Service Requests and Incidents DSS05 Manage Security Services DSS03 Manage Problems DSS06 Manage Business Process

Controls

Monitor, Evaluateand Assess

MEA01 Monitor,Evaluate and Assess

Performance andConformance


the System of InternalControl


Compliance WithExternal

Requirements


© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.


Process Name Area:Domain:

Process Purpose Statement

Process Description

© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.


Management Practices

Activities

Inputs Outputs

From Description DescriptionFrom

RACI Chart:

The process supports the achievement of a set of primary IT-related goals:

IT-related Goal Related Metrics

Process Goals and Metrics

Process Goal Related Metrics

Process Name Area:Domain:


Process Description

Related Guidance

Related Standard Detailed Reference

© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.


Activities


Activities

RACI Chart:

The process supports the ...

IT-related Goal

Process Goals and Metrics

Process Goal

Process Name


Process Description

Related Guidance

Related Standard & Reference

Process Name:DSS04 Manage Continuity

Process DescriptionEstablish and maintain a plan to enable the business and IT to respond to incidents and disruptions in order to continue operation of critical businessprocesses and required IT services and maintain availability of information at a level acceptable to the enterprise..

Process Purpose StatementContinue critical business operations and maintain availability of information at a level acceptable to the enterprise in the event of a significant disruption.


Inputs OutputsDSS04.01 Define the business continuity policy, objectives and

scope. 4DSS04.02 Maintain a continuity strategy. 9DSS04.03 Develop and implement a business continuity

response. 8DSS04.04 Exercise, test and review the BCP. 6DSS04.05 Review, maintain and improve the continuity plan. 4DSS04.06 Conduct continuity plan training. 3DSS04.07 Manage backup arrangements. 5DSS04.08 Conduct post-resumption review. 4

© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.


From Key Practices

Information security risk treatment plan

Outputs to all Processes

Output Description

APO13.02

COBIT 5 Outputs

Destination

All EDM; All APO; All BAI; All DSS; All MEA

Outputs to all Governance Processes

From Key Practices DestinationOutput Description

Outputs to all Management Processes

From Key Practices Output Description Destination

All EDM

Decision-making model

Enterprise governance guiding principles

Feedback on governance effectiveness and performance

EDM01.01

EDM01.01

EDM01.01

EDM01.02

EDM01.03

Authority levels

Enterprise governance communications

All EDM

All EDM

All EDM

All EDM

All APO; All BAI; All DSS; All MEACommunication ground rulesAPO01.01

APO01.03

APO01.04

APO01.07

APO02.06

IT-related policies

Communications on IT objectives

Process improvement opportunities

Communications package

All APO; All BAI; All DSS; All MEA




© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.



Chie

f Exe

cutiv

e O

ffice

rBo

ard

Stee

ring

(Pro

gram

mes

/Pro

ject

s) C

omm

ittee

Valu

e M

anag

emen

t Offi

ce

Chie

f Ope

ratin

g O

ffice

rBu

sine

ss E

xecu

tives

Busi

ness

Pro

cess

Ow

ners

Stra

tegy

Exe

cutiv

e Co

mm

ittee

Proj

ect M

anag

emen

t Offi

ce

Chie

f Fin

anci

al O

ffice

r

Chie

f Ris

k O

ffice

rCh

ief I

nfor

mat

ion

Secu

rity

Offi

cer

Arch

itect

ure

Boar

dEn

terp

rise

Risk

Com

mitt

eeH

ead

Hum

an R

esou

rces

Com

plia

nce

Audi

tCh

ief I

nfor

mat

ion

Offi

cer

Hea

d Ar

chite

ctH

ead

Deve

lopm

ent

Hea

d IT

Ope

ratio

nsH

ead

IT A

dmin

istr

atio

nSe

rvic

e M

anag

erIn

form

atio

n Se

curit

y M

anag

erBu

sine

ss C

ontin

uity

Man

ager

Priv

acy

Offi

cer

Generic Process RACI Chart:

Management Practice 1



Management Practice … n

The Roles and Organisational Structures used in the process RACI charts for each Key Management Practice are defined/described on pages 75-77 of the COBIT 5 Framework

© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.


We have just looked at the layout of a COBIT 5 RACI chart. We have all experienced situations where job titles have proved misleading.

We will give each of you a list of the job role descriptions / definitions for you to reflect upon where responsibility lies within your organisation for these activities.

After 15mins we will provide each of you with a copy of the COBIT 5 RACI roles and their descriptions / definitions to compare with your input

After a further 10 mins we will spend 10 mins discussing the exercise and your experience in comparing / contrasting and challenging your organisation and COBIT 5.

© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.


© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.


COBIT 5 Roles and Organisation Structures

Role/Structure

Board

Definition/Description

The group of the most senior executives and/or non-executive directors of the enterprise who are accountable for the governance of the enterprise and have overall control of its resources

CEO The highest-ranking officer who is in charge of the total management of the enterprise

CFO The most senior official of the enterprise who is accountable for all aspects of financial management, including financial risk and controls and reliable and accurate accounts

Chief Operating Officer (COO)

The most senior official of the enterprise who is accountable for the operation of the enterprise

CRO The most senior official of the enterprise who is accountable for all aspects of risk management across the enterprise. An IT risk officer function may be established to oversee IT-related risk.

CIO The most senior official of the enterprise who is responsible for aligning IT and business strategies and accountable for planning, resourcing and managing the delivery of IT services and solutions to support enterprise objectives

Chief Information SecurityOfficer (CISO))

The most senior official of the enterprise who is accountable for the security of enterprise information in all its forms

Business Executive

A senior management individual accountable for the operation of a specific business unit or subsidiary

Business Process Owner

An individual accountable for the performance of a process in realising its objectives, driving process improvement and approving process changes

© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.



Role/Structure Definition/Description

Strategy (IT Executive)Committee

A group of senior executives appointed by the board to ensure that the board is involved in, and kept informed of, major IT-related matters and decisions. The committee is accountable for managing the portfolios of IT-enabled investments, IT services and IT assets, ensuring that value is delivered and risk is managed. The committee is normally chaired by a board member, not by the CIO.

(Project and Programme)Steering Committees

A group of stakeholders and experts who are accountable for guidance of programmes and projects, including management and monitoring of plans, allocation of resources, delivery of benefits and value, and management of programme and project risk

Architecture Board

A group of stakeholders and experts who are accountable for guidance on enterprise architecture-related matters and decisions, and for setting architectural policies and standards

Enterprise Risk Committee

The group of executives of the enterprise who are accountable for the enterprise-level collaboration and consensus required to support enterprise risk management (ERM) activities and decisions. An IT risk council may be established to consider IT risk in more detail and advise the enterprise risk committee.

Head of HR The most senior official of an enterprise who is accountable for planning and policies with respect to all human resources in that enterprises

Compliancee The function in the enterprise responsible for guidance on legal, regulatory and contractual compliance

Audit The function in the enterprise responsible for provision of internal audits

Head of Architecture

A senior individual accountable for the enterprise architecture process

© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.




Information SecurityManager

The function responsible for supporting programme and project managers, and gathering, assessing and reporting information about the conduct of their programmes and constituent projects

Head of Development

A senior individual accountable for IT-related solution development processes

Head of IT Operations

A senior individual accountable for the IT operational environments and infrastructure

Head of IT Administration

A senior individual accountable for IT-related records and responsible for supporting IT-related administrative matters

Programme and ProjectManagement Office (PMO)

The function that acts as the secretariat for managing investment and service portfolios, including assessing and advising on investment opportunities and business cases, recommending value governance/management methods and controls, and reporting on progress on sustaining and creating value from investments and services

Value Management Office(VMO)

An individual who manages, designs, oversees and/or assesses an enterprise’s information security

Service Manager An individual who manages the development, implementation, evaluation and ongoing management of new and existing products and services for a specific customer (user) or group of customers (users)

© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.




Business Continuity Manager

An individual who manages, designs, oversees and/or assesses an enterprise’s business continuity capability, to ensure that the enterprise’s critical functions continue to operate following disruptive events

Privacy Officer An individual who is responsible for monitoring the risk and business impacts of privacy laws and for guiding and co-ordinating the implementation of policies and activities that will ensure that the privacy directives are met. Also called data protection officer.

© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.


Owners and Stakeholders

Accountable Delegate

Governing Body

Monitor Set Direction

Management

Operations and Execution

Instruct and AlignReport

Stakeholder Drivers(Environment, Technology

Evolution, ...)

BenefitsRealisation

Resource Optimisation

Risk Optimisation

Stakeholder Needs

Process and Enabler Goals

IT-related Goals

Enterprise Goals

C4.1 Mapping Appendix A

Roles & Descriptions for

RACIs (pages 76-77)

RACI

Governance & Management

Questions on IT (page 22)

Mapping to Goals (Appendix D)

© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.


Governance and Management Questions on IT

Internal Stakeholders

• Board• Chief executive officer (CEO)• Chief financial officer (CFO)• Chief information officer

(CIO)• Chief risk officer (CRO)• Business executives• Business process owners• Business managers• Risk managers• Security managers• Service managers• Human resource (HR)• managers• Internal audit• Privacy officers• IT users• IT managers• Etc.

Internal Stakeholder Questions

• How do I get value from the use of IT? Are end users satisfied with the quality of the IT service?

• How do I manage performance of IT?• How can I best exploit new technology for new strategic opportunities?• How do I best build and structure my IT department?• How dependent am I on external providers? How well are IT outsourcing

agreements being managed? How do I obtain assurance over external providers?

• What are the (control) requirements for information?• Did I address all IT-related risk?• Am I running an efficient and resilient IT operation?• How do I control the cost of IT? How do I use IT resources in the most

effective and efficient manner?• What are the most effective and efficient sourcing options?• Do I have enough people for IT? How do I develop and maintain their skills,

and how do I manage their performance?• How do I improve business agility through a more flexible IT environment?

External Stakeholders External Stakeholder Questions

© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.


Governance &

© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.


1. Principles, Policies and Frameworks

3. Organisational Structures

4. Culture, Ethics and Behaviour2. Processes

5. Information

Resources

6. Services, Infrastructure and

Applications

7. People, Skills and Competencies

© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.


Enab

ler P

erfo

rman

ceM

anag

emen

t Are Stakeholder Needs Addressed?

Goals

• Intrinsic Quality• Contextual Quality

(Relevance,Effectiveness)

• Accessibility andSecurity

Stakeholders

• InternalStakeholders

• ExternalStakeholders

Enab

ler D

imen

sion

Are Enabler Goals Achieved?

Life Cycle• Plan• Design• Build/Acquire/

Create/Implement• Use/Operate• Evaluate/Monitor• Update/Dispose

Is life Cycle Managed?

Good Practices

• Practices• Work products

(Inputs/Outputs)

Are Good Practices Applied?

Metrics for Achievement of Goals(Lag Indicators)

Metrics for Application of Practice(Lead Indicators)

© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.


“Enterprises should follow existing internal business case and investment justification

approaches, if they exist, and use this example and the guidance in the COBIT 5 Implementation Guide

to help focus on all of the issues that should be addressed. Further guidance on developing

business cases can be found in COBIT 5 process APO05 and in the The Business Case Guide: Using

Val ITTM 2.0.”

Governance and En

able

rs

© 2

013

ISAC

A. A

ll Ri

ghts

Res

erve

d.



I hope you enjoyed this presentation. If so, please like, share and

leave a commentbelow.

Endorsements on LinkedIn are also

highly appreciated! (your feedback = more free stuff)

MIROSLAWDABROWSKI.COM/downloads

Education

COBIT®5 - Assessor