FR | NL | EN
   About us     Contact     Glossary index     Sitemap   
 
   HOME     AUDIT     ADVISORY     REFERENCES     NEWS     KNOWLEDGE   





   Home > CobiT domains and processes (COBIT 5 / 4.1)

CobiT domains and processes (COBIT 5 / 4.1)     Print

COBIT 5

Governance, Control and Audit for Information and Related Technology

The COBIT 5 processes are split into governance and management “areas”. These 2 areas contain a total of 5 domains and 37 processes:

  • Governance of Enterprise IT
    • Evaluate, Direct and Monitor (EDM) – 5 processes
  • Management of Enterprise IT
    • Align, Plan and Organise (APO) – 13 processes
    • Build, Acquire and Implement (BAI) – 10 processes
    • Deliver, Service and Support (DSS) – 6 processes
    • Monitor, Evaluate and Assess (MEA) - 3 processes


Discover hereunder the COBIT 5 processes:

COBIT 5 processes

Evaluate, Direct and Monitor (EDM) • COBIT 5

Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed-on direction and objectives (EDM).

The following table lists the high-level IT processes for the EDM domain.

HIGH LEVEL CONTROL OBJECTIVES
Evaluate, Direct and Monitor (EDM)
EDM01 Ensure Governance Framework Setting and Maintenance
EDM02 Ensure Benefits Delivery
EDM03 Ensure Risk Optimisation
EDM04 Ensure Resource Optimisation
EDM05 Ensure Stakeholder Transparency

Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the entreprise objectives.  The management of enterprise IT covers the 4 following domains:

Align, Plan and Organize (APO) • COBIT 5

The Align, Planning and Organization domain covers the use of information & technology and how best it can be used in a company to help achieve the company’s goals and objectives. It also highlights the organizational and infrastructural form IT is to take in order to achieve the optimal results and to generate the most benefits from the use of IT. The following table lists the high-level IT processes for the APO domain.

HIGH LEVEL CONTROL OBJECTIVES
Align, Plan and Organize (APO)
APO01 Manage the IT Management Framework
APO02 Manage Strategy
APO03 Manage Entreprise Architecture
APO04 Manage Innovation
APO05 Manage Portfolio
APO06 Manage Budget and Costs
APO07 Manage Human Relations
APO08 Manage Relationships
APO09 Manage Service Agreements
APO10 Manage Suppliers
APO11 Manage Quality
APO12 Manage Risk
APO13 Manage Security

 

Build, Acquire and Implement (BAI) • COBIT 5

The Build, Acquire and Implement domain covers identifying IT requirements, acquiring the technology, and implementing it within the company’s current business processes. The following table lists the high level control objectives for the BAI domain.

HIGH LEVEL CONTROL OBJECTIVES
Build, Acquire and Implement (BAI)
BAI01 Manage Programs and Projects
BAI02 Manage Requirements Definition
BAI03 Manage Solutions Identification and Build
BAI04 Manage Availability and Capacity
BAI05 Manage Organisational Change Enablement
BAI06 Manage Changes
BAI07 Manage Changes Acceptance and Transitioning
BAI08 Manage Knowledge
BAI09 Manage Assets
BAI10 Manage Configuration

 

Deliver, Service and Support (DSS) • COBIT 5

The Deliver, Service and Support domain focuses on the delivery aspects of the information technology. It covers areas such as the execution of the applications within the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. The following table lists the high level control objectives for the DSS domain.

HIGH LEVEL CONTROL OBJECTIVES
Deliver, Service and Support (DSS)
DSS01 Manage Operations
DSS02 Manage Service Requests and Incidents
DSS03 Manage Problems
DSS04 Manage Continuity
DSS05 Manage Security Services
DSS06 Manage Business Process Controls

 

Monitor, Evaluate and Assess (MEA) • COBIT 5

The Monitor, Evaluate and Assess domain deals with a company’s strategy in assessing the needs of the company and whether or not the current IT system still meets the objectives for which it was designed and the controls necessary to comply with regulatory requirements. Monitoring also covers the issue of an independent assessment of the effectiveness of IT system in its ability to meet business objectives and the company’s control processes by internal and external auditors. The following table lists the high level control objectives for the MEA domain

HIGH LEVEL CONTROL OBJECTIVES
Monitor, Evaluate and Assess (MEA
MEA01 Monitor, Evaluate and Assess Performance and Conformance
MEA02 Monitor, Evaluate and Asses the System of Internal Control
MEA03 Evaluate and Assess Compliance with External Requirements


CobiT 4.1

Governance, Control and Audit for Information and Related Technology

CobiT, the Control Objectives for Information and related Technology version 4.1, cover four domains:

  • Plan and Organise (PO)
  • Acquire and Implement (AI);
  • Deliver and Support (DS);
  • Monitor and Evaluate (ME);

Please find below the overview of the 34 CobiT processes per domain.

Discover hereunder the CobiT 4.1 processes:

Plan and Organize (PO) • CobiT 4.1

The Planning and Organization domain covers the use of information & technology and how best it can be used in a company to help achieve the company’s goals and objectives. It also highlights the organizational and infrastructural form IT is to take in order to achieve the optimal results and to generate the most benefits from the use of IT. The following table lists the high-level IT processes for the Planning and Organization domain.

HIGH LEVEL CONTROL OBJECTIVES
Plan and Organize
PO1 Define a Strategic IT Plan
PO2 Define the Information Architecture
PO3 Determine Technological Direction
PO4 Define the IT Processes, Organization and Relationships
PO5 Manage the IT Investment
PO6 Communicate Management Aims and Direction
PO7 Manage IT Human Resources
PO8 Manage Quality
PO9 Assess and Manage IT Risks
PO10 Manage Projects

 

Acquire and Implement (AI) • CobiT 4.1

The Acquire and Implement domain covers identifying IT requirements, acquiring the technology, and implementing it within the company’s current business processes. This domain also addresses the development of a maintenance plan that a company should adopt in order to prolong the life of an IT system and its components. The following table lists the high level control objectives for the Acquisition and Implementation domain.

HIGH LEVEL CONTROL OBJECTIVES
Acquire and Implement
AI1 Identify Automated Solutions
AI2 Acquire and Maintain Application Software
AI3 Acquire and Maintain Technology Infrastructure
AI4 Enable Operation and Use
AI5 Procure IT Resources
AI6 Manage Changes
AI7 Install and Accredit Solutions and Changes

 

Delivery and Support (DS) • CobiT 4.1

The Delivery and Support domain focuses on the delivery aspects of the information technology. It covers areas such as the execution of the applications within the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. These support processes include security issues and training. The following table lists the high level control objectives for the Delivery and Support domain.

HIGH LEVEL CONTROL OBJECTIVES
Deliver and Support
DS1 Define and Manage Service Levels
DS2 Manage Third-party Services
DS3 Manage Performance and Capacity
DS4 Ensure Continuous Service
DS5 Ensure Systems Security
DS6 Identify and Allocate Costs
DS7 Educate and Train Users
DS8 Manage Service Desk and Incidents
DS9 Manage the Configuration
DS10 Manage Problems
DS11 Manage Data
DS12 Manage the Physical Environment
DS13 Manage Operations

 

Monitor and Evaluate (ME) • CobiT 4.1

The Monitoring and Evaluation domain deals with a company’s strategy in assessing the needs of the company and whether or not the current IT system still meets the objectives for which it was designed and the controls necessary to comply with regulatory requirements. Monitoring also covers the issue of an independent assessment of the effectiveness of IT system in its ability to meet business objectives and the company’s control processes by internal and external auditors. The following table lists the high level control objectives for the Monitoring domain.

HIGH LEVEL CONTROL OBJECTIVES
Monitor and Evaluate
ME1 Monitor and Evaluate IT Performance
ME2 Monitor and Evaluate Internal Control
ME3 Ensure Compliance with External Requirements
ME4 Provide IT Governance

CobiT framework

CobiT Framework

Source: ISACA

 

Translation in French

 
Domain Control objectives Domaines Objectifs de contrôle
Plan and Organize PO1 Define a Strategic IT Plan Planifier et Organiser PO1 Définir un Plan informatique stratégique
PO2 Define the Information Architecture PO2 Définir l’architecture de l’Information
PO3 Determine Technological Direction PO3 Déterminer l’orientation technologique
PO4 Define the IT Processes, Organization and Relationships PO4 Définir les processus, l’organisation et les relations de travail
PO5 Manage the IT Investment PO5 Gérer les investissements informatiques
PO6 Communicate Management Aims and Direction PO6 Faire connaître les buts et les orientations du management
PO7 Manage IT Human Resources PO7 Gérer les Ressources Humaines de l’informatique
PO8 Manage Quality PO8 Gérer la qualité
PO9 Assess and Manage IT Risks PO9 Évaluer et gérer les risques
PO10 Manage Projects PO10 Gérer les Projets
Acquire and Implement AI1 Identify Automated Solutions Acquérir et mettre en place AI1 Trouver les solutions informatiques
AI2 Acquire and Maintain Application Software AI2 Acquérir des applications et en assurer la maintenance
AI3 Acquire and Maintain Technology Infrastructure AI3 Acquérir une infrastructure technique et en assurer la maintenance
AI4 Enable Operation and Use AI4 Faciliter le fonctionnement et l’utilisation
AI5 Procure IT Resources AI5 Acquérir des ressources informatiques
AI6 Manage Changes AI6 Gérer les changements
AI7 Install and Accredit Solutions and Changes AI7 Installer et valider les solutions et les modifications
Deliver and support DS1 Define and Manage Service Levels Délivrer et supporter DS1 Définir et gérer les niveaux de service
DS2 Manage Third-party Services DS2 Gérer les services tiers
DS3 Manage Performance and Capacity DS3 Gérer la performance et la capacité
DS4 Ensure Continuous Service DS4 Assurer un service continu
DS5 Ensure Systems Security DS5 Assurer la sécurité des systèmes
DS6 Identify and Allocate Costs DS6 Identifier et imputer les coûts
DS7 Educate and Train Users DS7 Instruire et former les utilisateurs
DS8 Manage Service Desk and Incidents DS8 Gérer le service d’assistance client et les incidents
DS9 Manage the Configuration DS9 Gérer la configuration
DS10 Manage Problems DS10 Gérer les problèmes
DS11 Manage Data DS11 Gérer les données
DS12 Manage the Physical Environment DS12 Gérer l’environnement physique
DS13 Manage Operations DS13 Gérer l’exploitation
Monitor and Evaluate ME1 Monitor and Evaluate IT Performance Surveiller et évaluer SE1 Surveiller et évaluer la performance des SI
ME2 Monitor and Evaluate Internal Control SE2 Surveiller et évaluer le contrôle interne
ME3 Ensure Compliance with External Requirements SE3 S’assurer de la conformité réglementaire
ME4 Provide IT Governance SE4 Mettre en place la gouvernance des SI

<<<
QAP © 2010 | advice[at]qap.eu | audit[at]qap.eu
   Audit     Advisory     Training     Change     Disclaimer     Copyright   
pen4web