Cobit 5 Checklist

1. Cobit Goals Cascade 3. Cobit Areas and Processes APO5 Manage Portfolio
APO6 Manage Budget and Cost
1. Stakeholder Drivers Influence Stakeholder Needs;
APO7 Manage Human Resources
2. Stakeholder Needs Cascade to Enterprise Goals;
APO8 Manage Relationships
3. Enterprise Goals Cascade to IT-related Goals;
APO9 Manage Service Agreements
4. IT-related Goals Cascade to Enabler Goals.
APO10 Manage Suppliers
APO11 Manage Quality
APO12 Manage Risk
APO13 Manage Security

Build, Acquire & Implement (BAI)

Cobit splits the processes into governance and BAI1 Manage Programmes and Projects
management areas. These two areas contain a total of BAI2 Define Requirements
5 domains with 3 letter names, and a total of 37 BAI3 Identify and Build Solutions
processes organized as follows: BAI4 Manage Availability and Capacity
BAI5 Manage Organisational Change Enablement
Governance of Enterprise IT Deliver, Service and Support
Evaluate, Direct and Monitor (EDM) 5 processes BAI6 Manage Changes
Management of Enterprise IT BAI7 Manage Change Acceptance and Transitioning
Align, Plan and Organise (APO) 13 processes BAI8 Manage Knowledge
Build, Acquire and Implement (BAI) 10 processes BAI9 Manage Assets
Deliver, Service and Support (DSS) 6 processes BAI10 Manage Configuration
Monitor, Evaluate and Assess (MEA) - 3 processes
Deliver, Service & Support (DSS)
17 Generic and IT-related goals, distributed according DSS1 Manage Operations
Balance Score Card four dimensions (Financial, Customer, Evaluate, Direct & Monitor (EDM) DSS2 Manage Service Requests and Incidents
Internal, Learning/Growth). EDM1 Set and Maintain the Governance Framework DSS3 Manage Problems
EDM2 Ensure Value Optimisation DSS6 Manage Continuity
EDM3 Ensure Risk Optimisation DSS5 Manage Security Services
2. Principles of Cobit
EDM4 Ensure Resource Optimisation DSS6 Manage Business Process Controls
Cobit is based on 5 key principles for governance and
EDM5 Ensure Stakeholder Transparency
management of enterprise Information Technology. Monitor, evaluate & Assess (MEA)
Principle 1 - Meeting Stakeholder Needs Align, Plan & Organise (APO) MEA1 MEA Performance and Conformance
Principle 2 - Covering the Enterprise End-to-End APO1 Define the Management Framework for IT MEA2 MEA the System of Internal Control
Principle 3 - Applying a Single Integrated Framework APO2 Manage Strategy MEA3 MEA Compliance with External Requirements
Principle 4 - Enabling a Holistic Approach APO3 Manage Enterprise Architecture
Principle 5 - Separating Governance from Management APO4 Manage Innovation
Cobit is a registered trademark by ISACA (http://www.isaca.org/) - Copyright 2013 - Minimarisk Gmbh/Srl www.minimarisk.com Tel +41 44 586 45 00

4. Cobit Seven Enterprise Enablers
1. Principles, policies and frameworks are the vehicle to
translate the desired behavior into practical guidance
for day-to-day management. Internal and External
Stakeholders.
2. Processes describe an organised set of practices and
activities. Life cycle of a process; Governance and
Management Processes.
3. Organisational structures describe RACI and roles.
4. Culture, ethics and behavior of individuals and of the
enterprise are very often underestimated as a success
factor in governance and management activities.
5. Information define its attributes: Physical (Carrier,
Media); Empirical (User Interface); Syntactic
(Language, Format); Semantic (Meaning); Type,
Currency; Pragmatic (Use) Includes Retention, Status,
Contingency, Novelty; and Social (Context)
6. Services, infrastructure and applications. Includes:
reuse, buy-vs-build, agility, simplicity and openness.
Definition of Architecture Principles, Architecture
Viewpoints, and Service Levels.
7. People, skills and competencies are linked to people.
Define Role Skill, Requirements, Skill Levels, Skill
Categories and Skill Definitions.
Cobit is a registered trademark by ISACA (http://www.isaca.org/) - Copyright 2013 - Minimarisk Gmbh/Srl www.minimarisk.com Tel +41 44 586 45 00
Cobit 5 Checklist
5. Cobit Enabler dimensions 7. Process attributes
1. Stakeholders
2. Goals (Intrinsic quality [results, process according
best practices, information is actual and true],
contextual quality [fit for purpose, relevant, easy to
apply, effectiveness], Access and security The capability of processes is measured using process
3. Life cycle (Plan, Design, Build/Acquire/Create/ attributes. The international standard defines nine
Implement, Use/Operate, Evaluate/Monitor, process attributes:
Update/Dispose)
1.1 Process Performance
4. Good practices
2.1 Performance Management
6. Process Capability Model and Levels 2.2 Work Product Management
Capability Model is now based on ISO/IEC 15504 (SPICE). 3.1 Process Definition
Level 0: Incomplete. The process is not implemented 3.2 Process Deployment
or fails to achieve its purpose; 4.1 Process Measurement
Level 1: Performed (Informed). The process is 4.2 Process Control
implemented and achieves its purpose; 5.1 Process Innovation
Level 2: Managed (Planned and monitored).The 5.2 Process Optimization.
process is managed and results are specified,
Each process attribute is assessed on a four-point
controlled and maintained;
(N-P-L-F) rating scale:
Level 3: Established (Well defined).
Not achieved (0 - 15%)
A standard process is defined and used throughout
Partially achieved (>15% - 50%)
the organization;
Largely achieved (>50%- 85%)
Level 4: Predictable (Quantitatively managed). The
Fully achieved (>85% - 100%)
process is executed consistently within defined limits
Level 5: Optimizing (Continuous improvement). The
process is continuously improved to meet relevant
current and projected business goals.