Slide Heading

Introducing COBIT 5

Bob Frelinger, CGEIT

May 18, 2012

Learning Objectives
Appreciate the Background Behind COBIT 5
Understand the Five COBIT 5 Principles
Understand the Seven COBIT 5 Enablers
Know How to Navigate the COBIT 5 framework document
Know How to Navigate COBIT 5: Enabling Processes

Whats Behind COBIT 5

Some History

Whats Behind COBIT 5

References and Influencers
OGC (UK) Best Management Practice Portfolio
Managing Successful Programmes (MSP)
PRINCE2
Information Technology Infrastructure Library (ITIL),

Federal Enterprise
Architecture (FEA) (USA)
TOGAF 9
Leading Change
by John Kotter

The [European] Commission

Enterprise IT Architecture
Framework (CEAF) (Belgium)

British Standards:
Business Continuity Management

ISO Standards:
IT Service Management
Quality Management
Risk Management
Information Security Risk Management
Corporate Governance of Information Technology
Process Assessment

COBIT 5 Product Family

Existing ISACA/ITGI Material:
COBIT 4.1
Val IT
Risk IT
BMIS
IT Assurance Framework
Board Briefing on IT Governance

Combined Code on
Corporate Governance (UK)

COSO

APM Introduction to
Programme Management (UK)
PMBOK2
OECD Principles of
Corporate Governance
(France)

Balanced
Scorecard

BABOK Guide
King Code of
Governance Principles
(King III) (South Africa)

Whats Behind COBIT 5

Global Expertise and Collaboration
Overseen by the ISACA/ITGI Framework Committee (FC)
Research results were quality-controlled throughout the
development process.
Preliminary research involved several COBIT development groups
based around the world.
Before being issued, the draft documents were distributed to more
than 100 subject matter experts around the world to obtain their
professional review comments.
Once ready, draft versions of COBIT 5 and COBIT 5: Enabling
Processes were made available to the general public. Thousands
of comments were received.

Importance of IT
Importance of IT
to the Delivery
of Business
Strategy and Vision

Source: Global Status Report on the

Governance of Enterprise IT (GEIT) 2011.
Rolling Meadows, IL: ISACA & ITGI, 2011.

Why & What is COBIT 5

The Business Case
Enterprises, large and small, commercial, not-for-profit or public
sector, must create optimal value from IT by maintaining a
balance between realizing benefits and optimizing risk levels and
resource use.
Information and related technology needs to:
Be governed and managed in a holistic manner for the entire
enterprise,
Take in the full end-to-end business and IT functional areas of
responsibility,
Consider the IT-related interests of internal and external
stakeholders
A
A BUSINESS
BUSINESS FRAMEWORK
FRAMEWORK FOR
FOR THE
THE
GOVERNANCE
GOVERNANCE AND
AND MANAGEMENT
MANAGEMENT OF
OF ENTERPRISE
ENTERPRISE IT
IT

IT-Related Issues

Source: Global Status Report on the Governance of Enterprise IT (GEIT) 2011. Rolling
Meadows, IL: ISACA & ITGI, 2011.

Drivers for GEIT Activities

Source: Global Status Report on the Governance of Enterprise IT (GEIT) 2011. Rolling
Meadows, IL: ISACA & ITGI, 2011.

Enterprise Readiness for GEIT

Source: Global Status Report on the Governance of Enterprise IT (GEIT) 2011. Rolling
Meadows, IL: ISACA & ITGI, 2011.

What is COBIT 5
The Product Family

Source: COBIT 5, figure 1. 2012 ISACA All rights reserved.

Making It Real Just Try It

Embrace the Concepts Embedded in COBIT 5
Integrate best, good and common industry practices
Cascade goals and objectives
Measure both performance toward, and achievement of,
goals
Take the holistic approach; end-to-end view
Link inputs and outputs of key management practices
Enable success through integration and alignment of
seemingly disconnected governance and management
activities

COBIT 5 Principles
Based on five
key principles
for governance
and management
of enterprise IT

Source: COBIT 5, figure 2. 2012 ISACA All rights reserved.

COBIT 5 Principle 1
Principle 1. Meeting Stakeholder Needs
Enterprises exist to
create value for
their stakeholders.

Source: COBIT 5, figure 3. 2012 ISACA All rights reserved.

COBIT 5 Principle 1
Principle 1. Meeting Stakeholder Needs
The COBIT 5 goals cascade
translates stakeholder needs
into specific, actionable and
customized goals within the
context of the:
Enterprise goals,
IT-related goals and
Enabler goals.

Source: COBIT 5, figure 4. 2012 ISACA All rights reserved.

COBIT 5 Goals Cascade

Generic Model Based on Sound Global Research
Mapping Stakeholder Needs to COBIT 5 Enterprise Goals
Appendix D

Mapping COBIT 5 Enterprise Goals to IT-related Goals

Appendix B

Mapping COBIT 5 IT-related Goals to Processes

Appendix C

Process Goals and Suggested Metrics

COBIT 5: Enabling Processes

COBIT 5 Principle 2
Principle 2. Covering the Enterprise End-to-end

Enterprisewide, end-toend perspective

Information and related

technology wherever
that information is being
processed

NOT just the IT function

Governance
System
Key
Components

Source: COBIT 5, figure 8 & 9 combined. 2012 ISACA All rights reserved.

COBIT 5 Principle 3
Principle 3. Applying a Single Integrated Framework

Aligns with other standards

and frameworks

Complete in enterprise
coverage

Simple architecture for:

structuring guidance
materials
producing a consistent
product set

Integrates all knowledge

previously dispersed over
different ISACA/ITGI
frameworks

Source: COBIT 5, figure 10.

2012 ISACA All rights reserved.

COBIT 5 Principle 4
Principle 4. Enabling a Holistic Approach

Driven by the goals

cascade goals define
what enablers should
achieve

To achieve enterprise
objectives consider an
interconnected set of
enablers

Some enablers are the

enterprise resources
Source: COBIT 5, figure 12. 2012 ISACA All rights reserved.

COBIT 5 Principle 4
Principle 4. Enabling a Holistic Approach
1. The vehicles to
translate the desired
behavior into practical
guidance for day-to-day
management

Source: COBIT 5, figure 12. 2012 ISACA All rights reserved.

COBIT 5 Principle 4
Principle 4. Enabling a Holistic Approach
2. Describe an organized
set of practices and
activities to achieve
certain objectives and
produce a set of outputs
in support of achieving
overall IT-related goals

Source: COBIT 5, figure 12. 2012 ISACA All rights reserved.

COBIT 5 Principle 4
Principle 4. Enabling a Holistic Approach
3. Are the key decisionmaking entities in an
enterprise. They can be
the traditional vertical
structures or horizontal
(or lateral structures).

Source: COBIT 5, figure 12. 2012 ISACA All rights reserved.

Organizational Structure
Formal org structure supported by cross-org structures

COBIT 5 Principle 4
Principle 4. Enabling a Holistic Approach
4. Applies to both
individuals and of the
enterprise; very often
underestimated as a
success factor in
governance and
management activities

Source: COBIT 5, figure 12. 2012 ISACA All rights reserved.

COBIT 5 Principle 4
Principle 4. Enabling a Holistic Approach
5. Pervasive throughout
any organization and
includes all the
information produced and
used by the enterprise.

Source: COBIT 5, figure 12. 2012 ISACA All rights reserved.

COBIT 5 Principle 4
Principle 4. Enabling a Holistic Approach
6. The infrastructure,
technology and
applications that provide
the enterprise with
information technology
processing and services

Source: COBIT 5, figure 12. 2012 ISACA All rights reserved.

COBIT 5 Principle 4
Principle 4. Enabling a Holistic Approach
7. People, and their skills
and competencies, are
required for:

successful completion
of all activities and

for making correct

decisions and

taking corrective
actions
Source: COBIT 5, figure 12. 2012 ISACA All rights reserved.

COBIT 5 Principle 4
Principle 4. Enabling a Holistic Approach
Enabler Dimensions
All enablers
have a set of
common
dimensions.
Source: COBIT 5, figure 13. 2012 ISACA All rights reserved.

This common set of dimensions:

Provides a common, simple and structured way to deal with enablers
Allows an entity to manage its complex interactions
Facilitates successful outcomes of the enablers

COBIT 5 Principle 4
Principle 4. Enabling a Holistic Approach
Enabler Performance Management

Actual Outcomes

Actual Functioning

Source: COBIT 5, figure 13. 2012 ISACA All rights reserved.

COBIT 5 Principle 5
Principle 5. Separating Governance from Management

Different activities
and different
responsibilities

Interactions
between them are
facilitated through
the Enablers

(EDM)

(PBRM)

Source: COBIT 5, figure 15. 2012 ISACA All rights reserved.

Implementation Guidance

Source: COBIT 5, figure 17. 2012 ISACA All rights reserved.

Process Capability Model

Source: COBIT 5, figure 19. 2012 ISACA All rights reserved.

What is COBIT 5 TOC

The Framework documentbreaking it down
A Business Framework for the Governance and Management of
Enterprise IT
Executive Summary 2 pages
Overview of COBIT 5 2 pages
A chapter on each of the five principles 17 pages; 2 to 6 pages each
Implementation Guidance 5 pages intro to the Guide
The COBIT 5 Process Capability Model 5 pages intro to the Model
Appendices:

References 1 page
Goals Maps 5 pages
Stakeholder Needs and Enterprise Goals 2 pages
Mapping with the Most Relevant Related Standards and Frameworks 5 pages
COBIT 5 Information Model and COBIT 4.1 Information Criteria 1 page
Detailed Description of seven COBIT 5 Enablers 23 pages; 2 to 6 pages each
Glossary 5 pages

COBIT 5: Enabling Processes

Enabling Processes Enabler Guidebreaking it down
A detailed reference guide to the processes that are defined in the
COBIT 5 process reference model.
Introduction
Goals Cascade and Metrics
Process Model
Process Reference Model
Process Reference Guide Contents

Detailed process-related content structure

Inputs and Outputs
Generic Guidance for Processes
Detailed process content for each process

Appendices:
Mapping COBIT 5 with legacy ISACA Frameworks
Goals Maps

What is COBIT 5
Enabling Processes Enabler Guidebreaking it down
A detailed reference guide to the processes that are defined in the
COBIT 5 process reference model.
Introduction 1 page
Goals Cascade and Metrics 6 pages
repeats & extends
Process Model
3 pages
framework
2 pages
Process Reference Model
Process Reference Guide Contents 3 pages

Detailed process-related content structure See slide 36 for structure

Inputs and Outputs Broad or universal inputs and outputs
Generic Guidance for Processes one link to the Process Capability Model
Detailed process content for each process 186 pages; 3- 9 pages each

Appendices:
Mapping COBIT 5 with legacy ISACA Frameworks 8 pages
Goals Maps 5 pages; repeat of maps in the framework

Enabling Processes
Enabler Dimensions Processes
RACI charts

Goals driven by
goals cascade

Each process is defined,

created, operated, and
adjusted / updated or retired.

Process
Reference
Model

Process
Capability
Model

Limited
number of
example
metrics

Process
Capability
Assessments
Source: COBIT 5: Enabling Processes, figure 8. 2012 ISACA All rights reserved.

Process Reference Model

Process Content
Enabling Processes: Content Structure for All Processes

Process Identification
Process Description
Process Purpose Statement
Goal Cascade Information
Process Goals and Metrics
RACI Chart
Detailed Description of Process Practices
Practice title and description
Practice inputs and outputs w/indication of origin & destination
Process activities further detailing the practices

Related Guidance

but remember the

broad or universal
inputs

An Example Process
APO05 Manage Portfolio
Process Identification, Process Description, Process Purpose Statement

An Example Process
APO05 Manage Portfolio
Goal Cascade Information

An Example Process
APO05 Manage Portfolio
Process Goals and Metrics

An Example Process

An Example Process
APO05 Manage Portfolio

Detailed Description of Process Practices

An Example Process
APO05 Manage Portfolio

Detailed Description of Process Practices

An Example Process
APO05 Manage Portfolio
Related Guidance

Learning Objectives
Appreciate the Background Behind COBIT 5
Understand the Five COBIT 5 Principles
Understand the Seven COBIT 5 Enablers
Know How to Navigate the COBIT 5 framework document
Know How to Navigate COBIT 5: Enabling Processes

Implementation Challenges

Source: Global Status Report on the Governance of Enterprise IT (GEIT) 2011. Rolling
Meadows, IL: ISACA & ITGI, 2011.

Questions?
bob.frelinger@oracle.com or
bob.frelinger@itgovhelp.com