2.COBIT5 Assessment Scoping Tool

COBIT Process Assessment Took Kit Scoping

Scoping PurposeDocument PurposeThe purpose of this document is to bring together various existing mappings related to COBIT 5 in a hierarchical tree format, including:1. Mapping of COBIT 5 Processes to IT Goals to Business Goals to IT Balanced Scorecard2. Mapping COBIT 5 Processes to IT Goals (subset of information contained in item above)3. Self-diagnostic ToolThe intent for the mappings of the COBIT 5 processes is that they will be incorporated into IT process assessment guidance documents, which will enable practitioners to efficiently identify and focus on those COBIT processes that may be higher priorities for their enterprises. ISACA 2013 All rights reserved.

Scoping Process & NotesScoping Process Steps

1.Identify relevant business drivers for the assessment of IT processes. On the basis of these business drivers, define the objective of the assessment. The prioritisation and selection of one or more COBIT 5 processes for inclusion in the process assessment should be based on the business drivers for the assessment. The following table provides some examples of possible business drivers for completing an assessment of IT processes.2.Identify and prioritise the enterprises IT processes that should be included within the scope of the assessment. Utilise the business drivers and assessment objectives identified previously, along with, as appropriate, the COBIT 5 process mappings contained in the scoping tool kit. For example, if the objective of the assessment is to assist IT management in identifying and prioritising improvement initiatives related to one or more specified goals identified, the COBIT process mappings may be useful to identify the processes most closely related to those IT goals.3.Perform a preliminary scoping selection of target processes for inclusion in the assessment, based on the previous prioritisation. Ensure that they will satisfy the identified business drivers and meet the objectives of the assessment.4.Confirm the preliminary selection of target COBIT 5 processes with the project sponsor and key stakeholders of the process assessment.5.Finalise the COBIT 5 processes to be included in the assessment.6. Document the scoping methodology in the assessment records.

NOTES ON USING THE TOOLSThere are three selection tool sets provided on separate worksheet tabs. - Self-diagnostic tool to help an assessor and the sponsor manually decide, based on the criteria shown, which processes should be assessed. - IT-related Goals Hierarchy that links or maps the processes to the IT-related goals. This is a quick way to select in-scope processes based on the specific IT-related goal(s) required. Click on the + sign to expand the goals and it brings you the related IT processes analysed into Primary and Secondary categories. - Enterprise Goals Hierarchy has been provided in the balanced scorecard format; the balanced scorecard domains are linked to enterprise goals and enterprise goals are linked to the IT-related goals. The IT-related goals are colour-coded to show Primary (dark blue) and Secondary (light blue). Each IT-related goal contains a hyperlink, which takes you to tab 2 in the IT-related goals hierarchy when you click on the selected goal.

1. Enterprise Goals HierarchyHierarchy of COBIT Processes to Achieve IT and Business GoalsBased on mapping in ISACA's COBIT process cabability assessment model

Balanced ScorecardEnterprises GoalIT-related Goal (ITRG)COBIT ProcessNumber of Enterprise GoalsNumber of IT-related GoalsFinancial5441. Stakeholder value of business investments113ITRG 01 Alignment of IT and business strategy1ITRG 03 Commitment of executive management for making IT-related decisions1ITRG 05 Realised benefits from IT-enabled investments and services portfolio1ITRG 06 Transparency of IT costs, benefits and risk1ITRG 07 Delivery of IT services in line with business requirements1ITRG 08 Adequate use of applications, information and technology solutions1ITRG 09 IT agility1ITRG 11 Optimisation of IT assets, resources and capabilities1ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes1ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards1ITRG 14 Availability of reliable and useful information for decision making1ITRG 16 Competent and motivated business and IT personnel1ITRG 17 Knowledge, expertise and initiatives for business innovation12. Portfolio of competitive products and services112ITRG 01 Alignment of IT and business strategy1ITRG 03 Commitment of executive management for making IT-related decisions1ITRG 05 Realised benefits from IT-enabled investments and services portfolio1ITRG 07 Delivery of IT services in line with business requirements1ITRG 08 Adequate use of applications, information and technology solutions1ITRG 09 IT agility1ITRG 11 Optimisation of IT assets, resources and capabilities1ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes1ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards1ITRG 14 Availability of reliable and useful information for decision making1ITRG 16 Competent and motivated business and IT personnel1ITRG 17 Knowledge, expertise and initiatives for business innovation13. Managed business risk (safeguarding of assets)112ITRG 01 Alignment of IT and business strategy1ITRG 04 Managed IT-related business risk1ITRG 06 Transparency of IT costs, benefits and risk1ITRG 07 Delivery of IT services in line with business requirements1ITRG 08 Adequate use of applications, information and technology solutions1ITRG 09 IT agility1ITRG 10 Security of information, processing infrastructure and applications1ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes1ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards1ITRG 14 Availability of reliable and useful information for decision making1ITRG 15 IT compliance with internal policies1ITRG 16 Competent and motivated business and IT personnel14. Compliance with external laws and regulations16ITRG 02 IT compliance and support for business compliance with external laws and regulations1ITRG 04 Managed IT-related business risk1ITRG 07 Delivery of IT services in line with business requirements1ITRG 10 Security of information, processing infrastructure and applications1ITRG 14 Availability of reliable and useful information for decision making1ITRG 15 IT compliance with internal policies15. Financial transparency11ITRG 06 Transparency of IT costs, benefits and risk1Customer5376. Customer-oriented service culture19ITRG 01 Alignment of IT and business strategy1ITRG 05 Realised benefits from IT-enabled investments and services portfolio1ITRG 07 Delivery of IT services in line with business requirements1ITRG 08 Adequate use of applications, information and technology solutions1ITRG 09 IT agility1ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes1ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards1ITRG 16 Competent and motivated business and IT personnel1ITRG 17 Knowledge, expertise and initiatives for business innovation17. Business service continuity and availability14ITRG 01 Alignment of IT and business strategy1ITRG 04 Managed IT-related business risk1ITRG 07 Delivery of IT services in line with business requirements1ITRG 08 Adequate use of applications, information and technology solutions1ITRG 10 Security of information, processing infrastructure and applications1ITRG 14 Availability of reliable and useful information for decision making18. Agile responses to a changing business environment19ITRG 01 Alignment of IT and business strategy1ITRG 03 Commitment of executive management for making IT-related decisions1ITRG 04 Managed IT-related business risk1ITRG 05 Realised benefits from IT-enabled investments and services portfolio1ITRG 07 Delivery of IT services in line with business requirements1ITRG 09 IT agility1ITRG 11 Optimisation of IT assets, resources and capabilities1ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes1ITRG 16 Competent and motivated business and IT personnel19. Information-based strategic decision making17ITRG 01 Alignment of IT and business strategy1ITRG 03 Commitment of executive management for making IT-related decisions1ITRG 06 Transparency of IT costs, benefits and risk1ITRG 07 Delivery of IT services in line with business requirements1ITRG 08 Adequate use of applications, information and technology solutions1ITRG 14 Availability of reliable and useful information for decision making1ITRG 17 Knowledge, expertise and initiatives for business innovation110. Optimisation of service delivery costs17ITRG 01 Alignment of IT and business strategy1ITRG 05 Realised benefits from IT-enabled investments and services portfolio1ITRG 06 Transparency of IT costs, benefits and risk1ITRG 08 Adequate use of applications, information and technology solutions1ITRG 11 Optimisation of IT assets, resources and capabilities1ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes1ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards1Internal53011. Optimisation of business process functionality19ITRG 01 Alignment of IT and business strategy1ITRG 03 Commitment of executive management for making IT-related decisions1ITRG 07 Delivery of IT services in line with business requirements1ITRG 08 Adequate use of applications, information and technology solutions1ITRG 09 IT agility1ITRG 11 Optimisation of IT assets, resources and capabilities1ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes1ITRG 14 Availability of reliable and useful information for decision making1ITRG 17 Knowledge, expertise and initiatives for business innovation112. Optimisation of business process costs13ITRG 01 Alignment of IT and business strategy1ITRG 05 Realised benefits from IT-enabled investments and services portfolio1ITRG 06 Transparency of IT costs, benefits and risk1ITRG 07 Delivery of IT services in line with business requirements1ITRG 08 Adequate use of applications, information and technology solutions1ITRG 11 Optimisation of IT assets, resources and capabilities1ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes1ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards113. Managed business change programmes15ITRG 01 Alignment of IT and business strategy1ITRG 03 Commitment of executive management for making IT-related decisions1ITRG 04 Managed IT-related business risk1ITRG 07 Delivery of IT services in line with business requirements1ITRG 09 IT agility1ITRG 11 Optimisation of IT assets, resources and capabilities1ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes1ITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards1ITRG 17 Knowledge, expertise and initiatives for business innovation114. Operational and staff productivity14ITRG 05 Realised benefits from IT-enabled investments and services portfolio1ITRG 08 Adequate use of applications, information and technology solutions1ITRG 09 IT agility1ITRG 11 Optimisation of IT assets, resources and capabilities1ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes1ITRG 16 Competent and motivated business and IT personnel115. Compliance with internal policies12ITRG 02 IT compliance and support for business compliance with external laws and regulations1ITRG 04 Managed IT-related business risk1ITRG 10 Security of information, processing infrastructure and applications1ITRG 15 IT compliance with internal policies1Learning21316. Skilled and motivated people16ITRG 01 Alignment of IT and business strategy1ITRG 03 Commitment of executive management for making IT-related decisions1ITRG 04 Managed IT-related business risk1ITRG 07 Delivery of IT services in line with business requirements1ITRG 08 Adequate use of applications, information and technology solutions1ITRG 09 IT agility1ITRG 16 Competent and motivated business and IT personnel1ITRG 17 Knowledge, expertise and initiatives for business innovation117. Product and business innovation culture16ITRG 05 Realised benefits from IT-enabled investments and services portfolio1ITRG 07 Delivery of IT services in line with business requirements1ITRG 08 Adequate use of applications, information and technology solutions1ITRG 09 IT agility1ITRG 11 Optimisation of IT assets, resources and capabilities1ITRG 12 Enablement and support of business processes by integrating applications and technology into business processes1ITRG 16 Competent and motivated business and IT personnel1ITRG 17 Knowledge, expertise and initiatives for business innovation1

2. IT-related Goals HierarchyHierarchy of COBIT Processes to Achieve IT-related and Enterprise GoalsBased on mapping in ISACA's COBIT 5: Enabling Processes, Appendix C

IT-related GoalsCOBIT ProcessesPrimary and SecondaryNumber of Related COBIT ProcessesITRG 01 Alignment of IT and business strategy 23EDM01 Ensure Governance Framework Setting and MaintenancePEDM02 Ensure Benefits DeliveryPEDM03 Ensure Risk OptimisationSEDM04 Ensure Resource OptimisationSEDM05 Ensure Stakeholder TransparencySAPO01 Manage the IT Management FrameworkPAPO02 Manage StrategyPAPO03 Manage Enterprise ArchitecturePAPO04 Manage InnovationSAPO05 Manage PortfolioPAPO06 Manage Budget and CostsSAPO07 Manage Human ResourcesPAPO08 Manage RelationshipsPAPO09 Manage Service AgreementsSAPO11 Manage QualitySBAI01 Manage Programmes and ProjectsPBAI02 Manage Requirements DefinitionPBAI03 Manage Solutions Identification and BuildSBAI05 Manage Organisational Change EnablementSBAI08 Manage KnowledgeSDSS04 Manage ContinuitySDSS05 Manage Security ServicesSMEA01 Monitor, Evaluate and Assess Performance and ConformanceSITRG 02 IT compliance and support for business compliance with external laws and regulations 20EDM01 Ensure Governance Framework setting and MaintenanceSEDM03 Ensure Risk OptimisationSEDM05 Ensure Stakeholder TransparencySAPO01 Manage the IT Management FrameworkPAPO07 Manage Human ResourcesSAPO10 Manage SuppliesSAPO11 Manage QualitySAPO12 Manage RiskPAPO13 Manage SecurityPBAI02 Manage Requirements DefinitionSBAI09 Manage AssetsSBAI10 Manage ConfigurationPDSS01 Manage OperationsSDSS03 Manage ProblemsSDSS04 Manage ContinuitySDSS05 Manage Security ServicesPDSS06 Manage Business Process ControlsSMEA01 Monitor, Evaluate and Assess Performance and ConformanceSMEA02 Monitor, Evaluate and Assess the System of Internal ControlPMEA03 Monitor, Evaluate and Assess Compliance with External RequirementsPITRG 03 Commitment of executive management for making IT-related decisions17EDM01 Ensure Governance Framework Setting and MaintenancePEDM02 Ensure Benefits DeliverySEDM03 Ensure Risk OptimisationSEDM04 Ensure Resource OptimisationSEDM05 Ensure Stakeholder TransparencyPAPO01 Manage the IT Management FrameworkSAPO02 Manage StrategySAPO03 Manage Enterprise ArchitectureSAPO05 Manage PortfolioSAPO06 Manage Budget and CostsSAPO07 Manage Human ResourcesSAPO08 Manage RelationshipsSBAI01 Manage Programmes and ProjectsSBAI02 Manage Requirements DefinitionSBAI05 Manage Organisational Change EnablementSBAI06 Manage ChangesSMEA01 Monitor, Evaluate and Assess Performance and ConformanceSITRG 04 Managed IT-related business risk33EDM01 Ensure Governance Framework Setting and MaintenanceSEDM03 Ensure Risk OptimisationPEDM04 Ensure Resource OptimisationSAPO01 Manage the IT Management FrameworkSAPO02 Manage StrategySAPO03 Manage Enterprise ArchitectureSAPO04 Manage InnovationSAPO05 Manage PortfolioSAPO06 Manage Budget and CostsSAPO07 Manage Human ResourcesSAPO08 Manage RelationshipsSAPO09 Manage Service AgreementsSAPO10 Manage SuppliesPAPO11 Manage QualitySAPO12 Manage RiskPAPO13 Manage SecurityPBAI01 Manage Programmes and ProjectsPBAI02 Manage Requirements DefinitionSBAI03 Manage Solutions Identification and BuildSBAI04 Manage Availability and CapacitySBAI06 Manage ChangesPBAI07 Manage Change Acceptance and TransitioningSBAI09 Manage AssetsSBAI10 Manage ConfigurationSDSS01 Manage OperationsPDSS02 Manage Service Requests and IncidentsPDSS03 Manage ProblemsPDSS04 Manage ContinuityPDSS05 Manage Security ServicesPDSS06 Manage Business Process ControlsPMEA01 Monitor, Evaluate and Assess Performance and ConformancePMEA02 Monitor, Evaluate and Assess the System of Internal ControlPMEA03 Monitor, Evaluate and Assess Compliance with External RequirementsPITRG 05 Realised benefits from IT-enabled investments and services portfolio24EDM01 Ensure Governance Framework Setting and MaintenanceSEDM02 Ensure Benefits DeliveryPEDM04 Ensure Resource OptimisationSAPO02 Manage StrategySAPO03 Manage Enterprise ArchitectureSAPO04 Manage InnovationPAPO05 Manage PortfolioPAPO06 Manage Budget and CostsPAPO08 Manage RelationshipsSAPO09 Manage Service AgreementsSAPO10 Manage SuppliesSAPO11 Manage QualityPBAI01 Manage Programmes and ProjectsPBAI02 Manage Requirements DefinitionSBAI03 Manage Solutions Identification and BuildSBAI04 Manage Availability and CapacitySBAI06 Manage ChangesSBAI07 Manage Change Acceptance and TransitioningSBAI08 Manage KnowledgeSDSS01 Manage OperationsSDSS03 Manage ProblemsSDSS04 Manage ContinuitySMEA01 Monitor, Evaluate and Assess Performance and ConformanceSMEA03 Monitor, Evaluate and Assess Compliance with External RequirementsPITRG 06 Transparency of IT costs, benefits and risk18EDM01 Ensure Governance Framework Setting and MaintenanceSEDM02 Ensure Benefits DeliveryPEDM03 Ensure Risk OptimisationPEDM04 Ensure Resource OptimisationSEDM05 Ensure Stakeholder TransparencyPAPO03 Manage Enterprise ArchitectureSAPO05 Manage PortfolioSAPO06 Manage Budget and CostsPAPO08 Manage RelationshipsSAPO09 Manage Service AgreementsSAPO10 Manage SuppliesSAPO12 Manage RiskPAPO13 Manage SecurityPBAI01 Manage Programmes and ProjectsSBAI09 Manage AssetsPBAI10 Manage ConfigurationSMEA01 Monitor, Evaluate and Assess Performance and ConformanceSMEA02 Monitor, Evaluate and Assess the System of Internal ControlSITRG 07 Delivery of IT services in line with business requirements34EDM01 Ensure Governance Framework Setting and MaintenancePEDM02 Ensure Benefits DeliveryPEDM03 Ensure Risk OptimisationSEDM04 Ensure Resource OptimisationSEDM05 Ensure Stakeholder TransparencyPAPO01 Manage the IT Management FrameworkSAPO02 Manage StrategyPAPO03 Manage Enterprise ArchitectureSAPO05 Manage PortfolioSAPO06 Manage Budget and CostsSAPO07 Manage Human ResourcesSAPO08 Manage RelationshipsPAPO09 Manage Service AgreementsPAPO10 Manage SuppliesPAPO11 Manage QualityPAPO12 Manage RiskSAPO13 Manage SecuritySBAI01 Manage Programmes and ProjectsSBAI02 Manage Requirements DefinitionPBAI03 Manage Solutions Identification and BuildPBAI04 Manage Availability and CapacityPBAI06 Manage ChangesPBAI07 Manage Change Acceptance and TransitioningSBAI08 Manage KnowledgeSBAI09 Manage AssetsSDSS01 Manage OperationsPDSS02 Manage Service Requests and IncidentsPDSS03 Manage ProblemsPDSS04 Manage ContinuityPDSS05 Manage Security ServicesSDSS06 Manage Business Process ControlsPMEA01 Monitor, Evaluate and Assess Performance and ConformancePMEA02 Monitor, Evaluate and Assess the System of Internal ControlSMEA03 Monitor, Evaluate and Assess Compliance with External RequirementsSITRG 08 Adequate use of applications, information and technology solutions31EDM02 Ensure Benefits DeliverySEDM03 Ensure Risk OptimisationSEDM04 Ensure Resource OptimisationSAPO02 Manage StrategySAPO03 Manage Enterprise ArchitectureSAPO04 Manage InnovationPAPO05 Manage PortfolioSAPO06 Manage Budget and CostsSAPO08 Manage RelationshipsSAPO09 Manage Service AgreementsSAPO10 Manage SuppliesSAPO11 Manage QualitySAPO12 Manage RiskSAPO13 Manage SecuritySBAI01 Manage Programmes and ProjectsSBAI02 Manage Requirements DefinitionSBAI03 Manage Solutions Identification and BuildSBAI04 Manage Availability and CapacitySBAI05 Manage Organisational Change EnablementPBAI06 Manage ChangesSBAI07 Manage Change Acceptance and TransitioningPBAI08 Manage KnowledgeSBAI10 Manage ConfigurationSDSS01 Manage OperationsSDSS02 Manage Service Requests and IncidentsSDSS03 Manage ProblemsSDSS04 Manage ContinuitySDSS05 Manage Security ServicesSDSS06 Manage Business Process ControlsSMEA01 Monitor, Evaluate and Assess Performance and conformanceSMEA02 Monitor, Evaluate and Assess the System of Internal ControlSITRG 09 IT agility24EDM01 Ensure Governance Framework Setting and MaintenanceSEDM04 Ensure Resource OptimisationPAPO01 Manage the IT Management FrameworkSAPO02 Manage StrategySAPO03 Manage Enterprise ArchitecturePAPO04 Manage InnovationPAPO05 Manage PortfolioSAPO07 Manage Human ResourcesSAPO09 Manage Service AgreementsSAPO10 Manage SuppliesPAPO11 Manage QualitySAPO12 Manage RiskSBAI02 Manage Requirements DefinitionSBAI04 Manage Availability and CapacitySBAI05 Manage Organisational Change EnablementSBAI06 Manage ChangesSBAI07 Manage Change Acceptance and TransitioningSBAI08 Manage KnowledgePBAI09 Manage AssetsSBAI10 Manage ConfigurationSDSS01 Manage OperationsSDSS03 Manage ProblemsSDSS04 Manage ContinuitySMEA01 Monitor, Evaluate and Assess Performance and ConformanceSITRG 10 Security of information, processing infrastructure and applications21EDM01 Ensure Governance Framework Setting and MaintenanceSEDM03 Ensure Risk OptimisationPAPO01 Manage the IT Management FrameworkSAPO03 Manage Enterprise ArchitectureSAPO07 Manage Human ResourcesSAPO09 Manage Service AgreementsSAPO10 Manage SuppliesSAPO12 Manage RiskPAPO13 Manage SecurityPBAI02 Manage Requirements DefinitionSBAI06 Manage ChangesPBAI08 Manage KnowledgeSBAI09 Manage AssetsSBAI10 Manage ConfigurationSDSS01 Manage OperationsSDSS02 Manage Service Requests and IncidentsSDSS04 Manage ContinuitySDSS06 Manage Business Process ControlsSMEA01 Monitor, Evaluate and Assess Performance and ConformanceSMEA02 Monitor, Evaluate and Assess the System of Internal ControlSMEA03 Monitor, Evaluate and Assess Compliance with External RequirementsSITRG 11 Optimisation of IT assets, resources and capabilities29EDM01 Ensure Governance Framework setting and MaintenanceSEDM02 Ensure Benefits DeliverySEDM04 Ensure Resource OptimisationPAPO01 Manage the IT Management FrameworkPAPO02 Manage StrategySAPO03 Manage Enterprise ArchitecturePAPO04 Manage InnovationPAPO05 Manage PortfolioSAPO06 Manage Budget and CostsSAPO07 Manage Human ResourcesPAPO08 Manage RelationshipsSAPO09 Manage Service AgreementsSAPO10 Manage SuppliesSAPO11 Manage QualitySBAI01 Manage Programmes and ProjectsSBAI02 Manage Requirements DefinitionSBAI03 Manage Solutions Identification and BuildSBAI04 Manage Availability and CapacityPBAI05 Manage Organisational Change EnablementSBAI06 Manage ChangesSBAI08 Manage KnowledgeSBAI09 Manage AssetsPBAI10 Manage ConfigurationPDSS01 Manage OperationsPDSS03 Manage ProblemsPDSS04 Manage ContinuitySDSS05 Manage Security ServicesSDSS06 Manage Business Process ControlsSMEA01 Monitor, Evaluate and Assess Performance and ConformancePITRG 12 Enablement and support of business processes by integrating applications and technology into business processes16EDM01 Ensure Governance Framework Setting and MaintenanceSEDM02 Ensure Benefits DeliverySAPO01 Manage the IT Management FrameworkSAPO02 Manage StrategySAPO03 Manage Enterprise ArchitectureSAPO04 Manage InnovationSAPO08 Manage RelationshipsPBAI02 Manage Requirements DefinitionPBAI03 Manage Solutions Identification and BuildSBAI05 Manage Organisational Change EnablementSBAI06 Manage ChangesPBAI07 Manage Change Acceptance and TransitioningPDSS03 Manage ProblemsSDSS04 Manage ContinuitySDSS05 Manage Security ServicesSDSS06 Manage Business Process ControlsSITRG 13 Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards23EDM01 Ensure Governance Framework setting and MaintenanceSEDM02 Ensure Benefits DeliverySEDM03 Ensure Risk OptimisationSEDM04 Ensure Resource OptimisationSEDM05 Ensure Stakeholder TransparencySAPO01 Manage the IT Management FrameworkSAPO02 Manage StrategySAPO05 Manage PortfolioPAPO06 Manage Budget and CostsSAPO07 Manage Human ResourcesPAPO08 Manage RelationshipsSAPO09 Manage Service AgreementsSAPO10 Manage SuppliesSAPO11 Manage QualityPAPO12 Manage RiskPBAI01 Manage Programmes and ProjectsPBAI02 Manage Requirements DefinitionSBAI03 Manage Solutions Identification and BuildSBAI04 Manage Availability and CapacitySBAI05 Manage Organisational Change EnablementPBAI06 Manage ChangesSBAI07 Manage Change Acceptance and TransitioningSMEA01 Monitor, Evaluate and Assess Performance and ConformanceSITRG 14 Availability of reliable and useful information for decision making29EDM01 Ensure Governance Framework Setting and MaintenanceSEDM02 Ensure Benefits DeliverySEDM03 Ensure Risk OptimisationSEDM05 Ensure Stakeholder TransparencySAPO01 Manage the IT Management FrameworkSAPO02 Manage StrategySAPO03 Manage Enterprise ArchitectureSAPO04 Manage InnovationSAPO09 Manage Service AgreementsPAPO10 Manage SuppliesSAPO11 Manage QualitySAPO12 Manage RiskSAPO13 Manage SecurityPBAI02 Manage Requirements DefinitionSBAI03 Manage Solutions Identification and BuildSBAI04 Manage Availability and CapacityPBAI06 Manage ChangesSBAI07 Manage Change Acceptance and TransitioningSBAI08 Manage KnowledgePBAI09 Manage AssetsSBAI10 Manage ConfigurationPDSS01 Manage OperationsSDSS02 Manage Service Requests and IncidentsSDSS03 Manage ProblemsPDSS04 Manage ContinuityPDSS05 Manage Security ServicesSDSS06 Manage Business Process ControlsSMEA01 Monitor, Evaluate and Assess Performance and ConformanceSMEA02 Monitor, Evaluate and Assess the System of Internal ControlSITRG 15 IT compliance with internal policies24EDM01 Ensure Governance Framework Setting and MaintenanceSEDM03 Ensure Risk OptimisationPEDM05 Ensure Stakeholder TransparencySAPO01 Manage the IT Management FrameworkPAPO02 Manage StrategySAPO07 Manage Human ResourcesSAPO08 Manage RelationshipsSAPO09 Manage Service AgreementsSAPO10 Manage SuppliesSAPO11 Manage QualitySAPO12 Manage RiskSBAI06 Manage ChangesSBAI07 Manage Change Acceptance and TransitioningSBAI09 Manage AssetsSBAI10 Manage ConfigurationSDSS01 Manage OperationsSDSS02 Manage Service Requests and IncidentsSDSS03 Manage ProblemsSDSS04 Manage ContinuitySDSS05 Manage Security ServicesSDSS06 Manage Business Process ControlsSMEA01 Monitor, Evaluate and Assess Performance and ConformancePMEA02 Monitor, Evaluate and Assess the System of Internal ControlPMEA03 Monitor, Evaluate and Assess Compliance with External RequirementsSITRG 16 Competent and motivated business and IT personnel16EDM01 Ensure Governance Framework Setting and MaintenanceSEDM02 Ensure Benefits DeliverySEDM03 Ensure Risk OptimisationSEDM04 Ensure Resource OptimisationPAPO01 Manage the IT Management FrameworkPAPO02 Manage StrategySAPO07 Manage Human ResourcesPAPO08 Manage RelationshipsSAPO11 Manage QualitySAPO12 Manage RiskSBAI01 Manage Programmes and ProjectsSBAI08 Manage KnowledgeSDSS01 Manage OperationsSDSS04 Manage ContinuitySDSS06 Manage Business Process ControlsSMEA01 Monitor, Evaluate and Assess Performance and ConformanceSITRG 17 Knowledge, expertise and initiatives for business innovation31EDM01 Ensure Governance Framework Setting and MaintenanceSEDM02 Ensure Benefits DeliveryPEDM03 Ensure Risk OptimisationSEDM04 Ensure Resource OptimisationSEDM05 Ensure Stakeholder TransparencySAPO01 Manage the IT Management FrameworkPAPO02 Manage StrategyPAPO03 Manage Enterprise ArchitectureSAPO04 Manage InnovationPAPO05 Manage PortfolioSAPO07 Manage Human ResourcesPAPO08 Manage RelationshipsPAPO10 Manage SuppliesSAPO11 Manage QualitySAPO12 Manage RiskSBAI01 Manage Programmes and ProjectsSBAI02 Manage Requirements DefinitionSBAI03 Manage Solutions Identification and BuildSBAI04 Manage Availability and CapacitySBAI05 Manage Organisational Change EnablementPBAI06 Manage ChangesSBAI07 Manage Change Acceptance and TransitioningSBAI08 Manage KnowledgePDSS01 Manage OperationsSDSS02 Manage Service Requests and IncidentsSDSS03 Manage ProblemsSDSS04 Manage ContinuitySDSS06 Manage Business Process ControlsSMEA01 Monitor, Evaluate and Assess Performance and ConformanceSMEA02 Monitor, Evaluate and Assess the System of Internal ControlSMEA03 Monitor, Evaluate and Assess Compliance with External RequirementsS

3. Self-Diagnostic

COBIT 5 ProcessesImportance = How important it is for the enterprise on a scale from 1 (not at all) to 5 (very)Performance = How well it is done from 1 (do not know or badly) to 5 (very well)Formality = Existence of a contract, an SLA or a clearly documented procedure (Yes, No or ?)Audited = Yes, No or ?Accountable = Name or do not know

Process IDProcesses for Governance of Enterprise IT ImportancePerformanceFormalityAudited Who is accountable?Evaluate, Direct and MonitorEDM01Ensure Governance Framework Setting and MaintenanceEDM02 Ensure Benefits DeliveryEDM03Ensure Risk OptimisationEDM04Ensure Resource OptimisationEDM05Ensure Stakeholder Transparency Align, Plan and OrganiseAPO01Manage the IT Management FrameworkAPO02 Manage StrategyAPO03Manage Enterprise ArchitectureAPO04Manage InnovationAPO05Manage PortfolioAPO06Manage Budget and CostsAPO07Manage Human ResourcesAPO08Manage RelationshipsAPO09Manage Service AgreementsAPO10Manage SuppliersAPO11Manage QualityAPO12Manage RiskAPO13Manage Security Build, Acquire and ImplementBAI01Manage Programmes and ProjectsBAI02Manage Requirements DefinitionBAI03Manage Solutions Identification and BuildBAI04Manage Availability and CapacityBAI05Manage Organisational Change EnablementBAI06Manage ChangesBAI07Manage Change Acceptance and TransitioningBAI08Manage KnowledgeBAI09Manage AssetsBAI10Manage Configuration Deliver, Service and SupportDSS01Manage OperationsDSS02Manage Service Requests and IncidentsDSS03Manage ProblemsDSS04Manage ContinuityDSS05Manage Security ServicesDSS06Manage Business Process Controls Monitor, Evaluate and AssessMEA01Monitor, Evaluate and Assess Performance and ConformanceMEA02Monitor, Evaluate and Assess the System of Internal ControlMEA03Monitor, Evaluate and Assess Compliance with External Requirements