Introduction to COBIT 5 and IT management

COBIT and IT Management
- Introduction
Christian F. Nissen, CFN Consult
RESILIATM, ITIL®, PRINCE2® MSP®, MoP® and MoV® are Registered Trade Marks of AXELOS in the United Kingdom and other countries
COBIT® is a registered trademark of the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI)
TOGAFTM and IT4ITTM are trademarks of The Open Group
SIAM® is a registered trademark of EXIN
© 2018 of CFN Consult unless otherwise stated

2
Agenda
1. Governance of IT
2. COBIT 5 Background
3. COBIT 5 Other frameworks
4. COBIT 5 Principles
5. COBIT 5 Processes
6. COBIT 5 Control Objectives
7. COBIT 5 Process capability assessment
8. COBIT 5 Implementation guidance
Agenda
© 2018

3
Assignment
 What is the difference between “IT Governance” and
“IT Management”?
 What are the differences and similarities between
“Corporate governance”, “IT Governance”, “Project
governance”, “Process governance”, “Service
governance”, “Information governance” and
“application governance”?
 Time: 10 minutes
Governance
© 2018

Governance – an introduction
Definition? MANAGEMENT of MANAGEMENT
Object?
4
Asset
System
(Architecture/configuration of
resources)
Value
Lifecycle
Governance
© 2018

Who?
Why?
5
Delegate
Accountable
Owner
Evaluate &
direct
Monitor
Gover-
nance
body
Plan-do-
check-act
Report
Operation
&
execution
Manage-
ment
Asset
Optimize
resources
Maximize return on investment
Optimize
risk
Meet preference
Governance
© 2018

How?
What?
❍ Principles, policies and plans (Boundaries, principles,
policies, decision models, strategies, plans, etc.)
❍ Goals (Performance and outcome goals)
❍ Controls (Control objectives, requirements, agreements, etc.)
❍ Maturity (Capability maturity, benchmarks, etc.)
❍ Resources (Money, etc. etc.)
6
Evaluate
Direct Monitor
Governance
© 2018

When?
7
Asset value
Complexity of asset
(system/lifecycle)
Need for governance
Governance
© 2018

8
IT governance balances:
Conformance
 Adhering to legislation, internal
policies, audit requirements, etc.
Performance
 Improving profitability, efficiency,
effectiveness, growth, etc.
Performance
Conformance
A delicate balance
Governance
© 2018

9
Agenda
1. Governance of IT
Agenda
© 2018

COBIT
 The Control Objectives for Information and related
Technology (COBIT)
 COBIT consists of a number of general governance and
management practices (controls), goals, measures, maturity
indicators and processes for IT Management and
Governance
 Are references, sets of best practices, not an ‘off-the-shelf’
cure (descriptive – not prescriptive)
 COBIT is produced and owned by Information Systems
Audit and Control Association (ISACA) and the IT
Governance Institute (ITGI)
www.isaca.org/cobit
COBIT
10 © 2018

11
Why COBIT?
To address:
 Insufficient value creation
 Unclear goals and measurements
 Neglected stakeholders
 Dependency on external businesses and IT parties
 Information overload
 Pervasive IT
 Fragmented management of IT
 Regulatory requirements, compliance requirements etc.
 Lack of control and security
 Audit findings
 Mixing management and governance
COBIT
© 2018

COBIT History
 In 1996, the first edition of COBIT was released.
 In 1998, the second edition added "Management Guidelines".
 In 2000, the third edition was released.
 In 2003, the on-line version became available.
 In December 2005, the fourth edition was initially released
 In May 2009, the 4.1 revision was released.
 In February 2012, COBIT 5 was released
12
COBIT
© 2018

Governance
2012
13
For latest updates on COBIT, log on to www.isaca.org/cobit.
Management
Practices
2000
Control
1998
Audit
1996
EvolutionCOBIT History
2005
COBIT 1 COBIT 2 COBIT 3 COBIT 4 COBIT 5
COBIT
© 2018

COBIT 5 – product family
14
COBIT
COBIT® 5
COBIT 5 Enabler Guides
COBIT® 5 – Enabling Processes
COBIT® 5 – Enabling Information
COBIT® 5 – Enabling . . .
COBIT 5 Professional Guides
COBIT® 5 for Information Security
COBIT® 5 for Assurance
COBIT® 5 for Risk
COBIT® 5 for . . .
COBIT® 5 Implementation
COBIT® 5 Online
© 2018

15
Agenda
1. Governance of IT
Agenda
© 2018

Some relevant best practices and standards
Best practices Standards Regulations
Corporate
Governance
God Selskabsledelse
COSO
Sarbanes-Oxley
(SoX)
IT Governance COBIT, MoV, MoP ISO/IEC 38500
IT Management COBIT / MoR
Enterprise
Architecture
TOGAF ISO/IEC 42016
IT Service
Management
ITIL, eTOM, VeriSM ISO/IEC 20000
Information Security ISF ISO/IEC 27000
DS 484
Data protection acts
Quality Management LEAN, EFQM, Six
Sigma, Test
ISO 9000
Process Maturity CMMi, TIPA ISO/IEC 33000
Project & Program
Management
PRINCE2, MSP,
PMBOK
Industry specific GAMP, Basel II,
Solvency II
FDA requirements
16
COBITandrelatedframeworks
© 2018

COBIT 5 and related frameworks (COBIT 5, Appendix E)
17

Governance related best practices and standards
 IT Governance Institute (ISACA)
 Board Briefing on IT Governance
 COBIT
 Peter Weill and Jeanne W. Ross
 IT Governance
 Cabinet Office
 ITIL
 PRINCE2
 MoR
 MSP
 MoV, MoP, P3O, P3M3
 ISO/IEC
 ISO/IEC 38500 Corporate governance of IT
18
© 2018

19
ISO/IEC 38500
 Formal standard for IT Governance
 ISO/IEC 38500 is produced and owned by Standards
Organization (ISO)
 ISO/IEC 38500 covers six principles for IT
Governance:
 Responsibility
 Strategy
 Acquisition
 Performance
 Conformance
 Human behavior
 www.iso.org
© 2018

ISO/IEC 38500 History and ownership
 ISO/IEC 38500 was originally developed by the
Australian standardization organization and was
named AS8015:2005.
 In 2009 it was fast tracked through ISO and officially
re-named to ISO/IEC 38500:2008 in April 2008.
 In 2016 it was revised to ISO/IEC 38500:2016
20
© 2018

ISO/IEC 38500 The six principles
 Principle 1: Responsibility
Individuals and groups within the organization understand
and accept their responsibilities in respect of both supply of,
and demand for IT. Those with responsibility for actions also
have the authority to perform those actions.
 Principle 2: Strategy
The organization’s business strategy takes into account the
current and future capabilities of IT; the strategic plans for IT
satisfy the current and ongoing needs of the organization’s
business strategy.
 Principle 3: Acquisition
IT acquisitions are made for valid reasons, on the basis of
appropriate and ongoing analysis, with clear and
transparent decision making. There is appropriate balance
between benefits, opportunities, costs, and risks, in both the
short term and the long term.
21
© 2018

ISO/IEC 38500 The six principles
 Principle 4: Performance
IT is fit for purpose in supporting the organization, providing
the services, levels of service and service quality required to
meet current and future business requirements.
 Principle 5: Conformance
The use of IT complies with all mandatory legislation and
regulations. Policies and practices are clearly defined,
implemented and enforced.
 Principle 6: Human Behavior
IT policies, practices and decisions demonstrate respect for
Human Behavior, including the current and evolving needs
of all the ‘people in the process’.
22
© 2018

Governance activities according to ISO/IEC 38500
23
 Evaluate (Current and future use of IT)
 Direct (Preparation and implementation)
 Monitor (Conformance and performance)
© 2018

24
Agenda
1. Governance of IT
Agenda
© 2018

Principle: Expresses the core values of the enterprise. Comprises
the values and fundamental assumptions held by the enterprise,
the beliefs that guide and put boundaries around the caring for
assets owned by another.
Policy: Overall intention and direction as formally expressed by
management. Policies provide more detailed guidance on how to
put principles into practice and they influence how decision
making aligns with the principles.
COBIT 5 – principles and policies
25
COBITPrinciples
© 2018

COBIT 5 – principles
26
COBITPrinciples
COBIT 5
Principles
2. Covering the
Enterprise End-
to-End
1. Meeting
Stakeholder
Needs
5. Separating
Governance
from
Management
3. Applying a
Single
Integrated
Framework
4. Enabling a
Holistic
Approach
© 2018

1. Meeting stakeholder needs – from drivers to enablers
27
COBITPrinciples
© 2018

1. Meeting stakeholder needs – value creation
28
Governance Objective: Value Creation
Benefits
Realization
Resource
Optimization
Risk
Optimization
Stakeholder
Needs
Drive
COBITPrinciples
© 2018

1. Meeting stakeholder needs – goals cascade
29
Enterprise Goals
IT-related Goals
Enabler Goals
Cascade to
Cascade to
COBITPrinciples
© 2018

30
RELATION TO GOVERNANCE OBJECTIVES
BSC
DIMENSION
ENTERPRISE GOALS
BENEFITS
REALIZATION
RISK
OPTIMIZATION
RESOURCE
OPTIMIZATION
FINANCIAL
1. Stakeholder value of business investments P S
2. Portfolio of competitive products and services P P S
3. Managed business risks (safeguarding of assets) P S
4. Compliance with external laws and regulations P
5. Financial transparency P S S
CUSTOMER
6. Customer-oriented service culture P S
7. Business service continuity and availability P
8. Agile responses to a changing business environment P S
9. Information-based strategic decision-making P P P
10. Optimization of service delivery costs P P
INTERNAL
11. Optimization of business process functionality P P
12. Optimization of business process costs P P
13. Managed business change programs P P S
14. Operational and staff productivity P P
15. Compliance with internal policies P
LEARNING AND
GROWTH
16. Skilled and motivated people S P P
17. Product and business innovation culture P
COBITPrinciples
© 2018

31
IT - BSC
DIMENSION
INFORMATION TECHNOLOGY RELATED GOALS
FINANCIAL
1. Alignment of IT and business strategy
2. IT compliance and support for business compliance with external laws and regulations
3. Commitment of executive management for making IT-related decisions
4. Managed IT-related business risks
5. Realized benefits from IT-enabled investments and services portfolio
6. Transparency of IT costs, benefits and risk
CUSTOMER
7. Delivery of IT services in line with business requirements
8. Adequate use of applications, information and technology solutions
INTERNAL
9. IT agility
10. Security of information, processing infrastructure and applications
11. Optimization of IT assets, resources and capabilities
12. Enablement and support of business processes by Integrating applications and technology into
business processes
13. Delivery of programmes on time, on budget, and meeting requirements and quality standards
14. Availability of reliable and useful information for decision making
15. IT compliance with internal policies
LEARNING AND
GROWTH
16. Competent and motivated IT personnel
17. Knowledge, expertise and initiatives for business innovation
COBITPrinciples
© 2018

32
IT-related Goal Related Process Metrics
01 Alignment of
IT and business
strategy
• Percent enterprise strategic goals and requirements supported by IT
strategic goals
• Stakeholder satisfaction with scope of the planned portfolio of
programmes and services
• Percent IT value drivers mapped to business value drivers
03 Commitment
of executive
management for
making IT-
related decisions
• Percent executive management roles with clearly defined
accountabilities for IT decisions - Metrics
• Number of times IT is on the board agenda in a proactive manner
• Frequency of IT strategy (executive) committee meetings
• Rate of execution of executive IT-related decisions
07 Delivery of IT
services in line
with business
requirements
• Number of business disruptions due to IT service incidents - Metrics
• Percent business stakeholders satisfied that IT service delivery
meets agreed-upon service levels
• Percent users satisfied with quality of IT service delivery
COBITPrinciples
© 2018

33
COBITPrinciples
© 2018

34
COBITPrinciples
© 2018

35
COBITPrinciples
© 2018

2. Covering the Enterprise end-to-end
36
Roles, Activities and Relationships
Delegate
Accountable
Owners and
Stake-
holders
Set
Direction
Monitor
Governing
Body
Instruct and
Align
Report
Operations
and
Execution
Manage-
ment
COBITPrinciples
© 2018

37
2. Covering the Enterprise end-to-end
 Asset owner (e.g. Change Management process
owner or project sponsor)
 Asset governor (e.g. Change Management process
coordinator or project steering committee)
 Asset manager (e.g. Change Manager or project
manager)
Roles, Activities and Relationships
Delegate
Accountable
Owners and
Stake-
holders
Set
Direction
Monitor
Governing
Body
Instruct and
Align
Report
Operations
and
Execution
Manage-
ment
COBITPrinciples
© 2018

3. Applying a single integrated framework - COBIT architecture
38
Existing ISACA
Guidance
(COBIT, Val IT,
Risk IT, BMIS, …)
New ISACA
Guidance
Materials
Other
Standard
and Frameworks
COBIT 5 Knowledge Base
• Current guidance and contents
• Structure for future contents
Content Filter for Knowledge Base
COBIT 5 Product Family
COBIT 5
COBIT 5 Enabler Guides
COBIT 5 Professional Guides
COBIT 5 Online Collaborative Environment
COBIT 5
Enablers
COBITPrinciples
© 2018

4. Enabling a holistic approach – enabler based
39
COBIT 5 ENABLERS
Resources
2. Processes
3. Organizational
Structures
4. Culture,
Ethics, and
Behavior
7. People,
Skills, and
Competencies
6. Services,
Infrastructure,
and Applications
5. Information
1. Principles, Policies, & Frameworks
COBITPrinciples
© 2018

4. Enabling a holistic approach – enabler based
40
STAKEHOLDERS
• Internal
Stakeholders
• External
Stakeholders
ARE
STAKEHOLDER
NEEDS
ADDRESSED?
GOALS
• Intrinsic Quality
• Contextual Quality
(Relevance,
Effectiveness)
• Accessibility &
Security
ARE ENABLER
GOALS ACHIEVED?
LIFE CYCLE
• Plan
• Design
• Build/Acquire/Create
/Implement
• Use/Operate
• Evaluate/Monitor
• Update/Dispose
IS LIFE CYCLE
MANAGED?
GOOD
PRACTICES
• Practices
• Work Products
(Inputs/Outputs)
ARE GOOD
PRACTICES
APPLIED?
METRICS FOR ACHIEVEMENT OF
GOALS
(LAG INDICATORS)
METRICS FOR ACHIEVEMENT OF GOOD
PRACTICE
(LEAD INDICATORS)
COBIT 5 ENABLER DIMENSIONS
ENABLER
DIMENSION
ENABLER
PERFORMANCE
MANAGEMENT
COBITPrinciples
© 2018

5. Separating governance from management
41
COBITPrinciples
© 2018

42
Did we get it?
What is the purpose of the Goals Cascade?
A. Consider the Inputs and the Outputs of an IT
process in the enterprise
B. Define and implement the Enterprise Architecture
of an enterprise
C. Support alignment between enterprise needs and
IT solutions and services
D. Support the definition of clear roles and
responsibilities in an enterprise
COBITPrinciples
© 2018

43
Agenda
1. Governance of IT
Agenda
© 2018

COBIT 5 process reference model
 COBIT 5 includes 32 management processes and 5
governance processes covering 208 management
and governance practices in five domains:
 Evaluate, Direct and Monitor (Governance)
 Align, Plan and Organize (Management)
 Build, Acquire and Implement (Management)
 Deliver, Service and Support (Management)
 Monitor, Evaluate and Assess (Management)
44
COBITProcesses
© 2018

COBIT 5 process reference model (37 processes)
45
COBITProcesses
© 2018

46
EDM01 Ensure governance framework setting and maintenance.
EDM02 Ensure benefits delivery.
EDM03 Ensure risk optimisation.
EDM04 Ensure resource optimisation.
EDM05 Ensure stakeholder transparency.
APM01 Manage the IT management framework.
APM02 Manage strategy.
APM03 Manage enterprise architecture.
APM04 Manage innovation.
APM05 Manage portfolio.
APM06 Manage budget and costs.
APM07 Manage human resources.
APM08 Manage relationships.
APM09 Manage service agreements.
APM10 Manage suppliers.
APM11 Manage quality.
APM12 Manage risk.
APM13 Manage security.
COBITProcesses
© 2018

47
BAI01 Manage programs and projects
BAI02 Manage requirements definition.
BAI03 Manage solutions identification and build.
BAI04 Manage availability and capacity.
BAI05 Manage organisational change enablement.
BAI06 Manage changes.
BAI07 Manage change acceptance and transitioning.
BAI08 Manage knowledge.
BAI09 Manage assets.
BAI10 Manage configuration.
DSS01 Manage operations.
DSS02 Manage service requests and incidents.
DSS03 Manage problems.
DSS04 Manage continuity.
DSS05 Manage security services.
DSS06 Manage business process controls.
MEA01 Monitor, evaluate and assess performance and conformance.
MEA02 Monitor, evaluate and assess the system of internal control.
MEA03 Monitor, evaluate and assess compliance with external requirements.
COBITProcesses
© 2018

 Process elements:
 Process description
 Process purpose statement
 IT-related goals and metrics
 Process goals and metrics
 RACI chart
 Management practices, input and output
 Activities
 Related standards and best practices (ISO, ITIL etc.)
48
COBITProcesses
© 2018

49
COBITProcesses
© 2018

© 201650
COBITProcesses

51
COBITProcesses
© 2018

52
COBITProcesses
© 2018

53
COBITProcesses
© 2018

54
COBITProcesses
© 2018

55
COBITProcesses
© 2018

58
Did we get it?
What is the MOST suitable process domain for skills
such as Portfolio Management?
A. Monitor, Evaluate and Assess (MEA)
B. Deliver, Service and Support (DSS)
C. Build, Acquire and Implement (BAI)
D. Align, Plan and Organize (APO)
COBITProcesses
© 2018

Compliance requirements
 Security standards
 Privacy legislation
 Spam legislation
 Trade practices legislation
 Intellectual property rights, including software
licensing agreements
 Record keeping requirements
 Environmental legislation and regulations
 Health and safety legislation
 Accessibility legislation
 Social responsibility standards
 . . .
60
COBITControlObjectives
© 2018

61
Control types
 Directive controls
 Preventive controls
 Compensating
 Detective controls
 Corrective controls
© 2018

Control objectives
 Are statements of managerial actions to increase
value or reduce risk
 Consist of policies, procedures, practices and
organizational structures
 Are designed to provide reasonable assurance that
business objectives will be achieved and undesired
events will be prevented or detected and corrected
 In COBIT, now called “Governance Practices” and
“Management Practices”
62
© 2018

COBIT – Process specific control objectives
BAI06.01 Evaluate, prioritise and authorise change requests
 Evaluate all requests for change to determine the impact on business processes and
IT services, and to assess whether change will adversely affect the operational
environment and introduce unacceptable risk. Ensure that changes are logged,
prioritised, categorised, assessed, authorised, planned and scheduled.
BAI06.02 Manage emergency changes
 Carefully manage emergency changes to minimise further incidents and make sure
the change is controlled are appropriately assessed and authorised after
the change.
BAI06.03 Track and report change status
 Maintain a tracking and reporting system to document and in-process changes, and
complete changes. Make certain that approved changes are implemented as
planned.
BAI06.04 Close and document the changes
 Whenever changes are implemented, update accordingly the solution and user
documentation and the procedures affected by the change.
63
© 2018

ISO/IEC 20000-1:2011 – Requirements
9.2 Change management
A change management policy shall be established that defines:
a) CIs which are under the control of change management;
b) criteria to determine changes with potential to have a major impact
on services or the customer.
Removal of a service shall be classified as a change to a service with
the potential to have a major impact. Transfer of a service from the
service provider to the customer or a different party shall be classified
as a change with potential to have a major impact.
There shall be a documented procedure to record, classify, assess
and approve requests for change.
The service provider shall document and agree with the customer the
definition of an emergency change. There shall be a documented
procedure for managing emergency changes.
All changes to a service or service component shall be raised using a
request for change. Requests for change shall have a defined scope.
. . .
64
© 2018

ISO/IEC 27002:2005 – Requirements
10.1.2 Change Management
Control
Changes to information processing facilities and systems should be controlled.
Implementation guidance
Operational systems and application software should be subject to strict change
management control.
In particular, the following items should be considered:
a) identification and recording of significant changes;
b) planning and testing of changes;
c) assessment of the potential impacts, including security impacts, of such changes;
d) formal approval procedure for proposed changes;
e) communication of change details to all relevant persons;
f) fallback procedures, including procedures and responsibilities for aborting and recovering from
unsuccessful changes and unforeseen events.
Formal management responsibilities and procedures should be in place to ensure
satisfactory control of all changes to equipment, software or procedures. When
changes are made, an audit log containing all relevant information should be
retained.
65
© 2018

COBIT
ISO/IEC
20000
ISO/IEC
27000
Control
Objective
Database
Policy
Process
Procedure
Work
instructions
Roles
66
7.1 Owners should be
identified for all assets
and the responsibility for
the maintenance of
appropriate controls
should be assigned . . .
9.1 Configuration
management shall
provide information to
the change management
process on the impact of
a requested change on
the service and
infrastructure
configurations . . .
BAI10.03 Maintain an up-
to-date repository of
configuration items
by populating with
changes. . . .
Mapping compliance requirements
© 2018

67
Did we get it?
Which is an important vehicle for executing policies?
A. Organizational structures
B. Process practices
C. Governance framework
D. Rules and norms
© 2018

69
COBIT process capability assessment
The COBIT Assessment Programme includes:
❍ COBIT Process Assessment Model (PAM): Using COBIT 5
❍ COBIT Assessor Guide: Using COBIT 5
❍ COBIT Self-assessment Guide: Using COBIT 5
COBITProcessAssessment
© 2018

70
COBIT process capability levels
5 OPTIMIZING (Continuous Improvement)
5.2 Process Optimization
5.1 Process Innovation
4 PREDICTABLE (Quantitatively Managed)
4.2 Process Control
4.1 Process Measurement
3 ESTABLISHED (Well Defined)
3.2 Process Deployment
3.1 Process Definition
2 MANAGED (Planned and Monitored)
2.2 Work Product Management
2.1 Performance Management
1 PERFORMED (Informal)
1.1 Process Performance
0 INCOMPLETE
Incomplete
The process is not implemented
or fails to achieve its purpose.
Performed
The process is implemented and
achieves its Process Purpose.
Managed
The process is managed and
Work Products are established,
controlled, and maintained.
Established
A defined process is
used and based on a
standard process.
Predictable
The process is enacted
consistently within defined limits.
Optimizing
The process is continuously
improved to meet relevant current
and projected business goals.
© 2018

71
Process capability assessment – ISO/IEC 33000*
Generic Process Capability Attributes
Incomplete
Process
Performed
Process
Managed
Process
Established
Process
Predictable
Process
Optimising
Process
Performance
Attribute (PA) 1.1
Process
Performance
PA 2.1
Performance
Management
PA 2.2
Work
Product
Management
PA 3.1
Process
Definition
PA 3.2
Process
Deployment
PA 4.1
Process
Measurement
PA 4.2
Process
Control
PA 5.1
Process
Innovation
PA 5.2
Process
Optimisation
0 1 2 3 4 5
COBIT 5 Process Assessment
Model–Performance Indicators
Process Outcomes
Base
Practices
(Management/
Governance
Practices)
Work
Products
(Inputs/
Outputs)
COBIT 5 Process Assessment
Model–Capability Indicators
Generic
Practices
Generic
Resources
Generic Work
Products
* Formerly known as ISO/IEC 15504
© 2018

72
Rating scale
The attribute rating scale, which is based on ISO/IEC 33000
uses four levels on the basis of percentages:
 N: Not achieved (0 – 15%)
 P: Partially achieved (16 – 50%)
 L: Largely achieved (51 – 85%)
 F: Fully achieved (86 – 100%)
 N/A: “Not Applicable”
0% 15% 16% 50% 51% 85% 86% 100%
Not
Achieved
Partially
Achieved
Largely
Achieved
Fully Achieved
N P L F
© 2018

73
Process profile
Level 1
Performed
Level 2
Managed
Level 3
Established
Level 4
Predictable
Level 5
Optimizing
Process
Performance
Performance
Management
Work
Product
Management
Process
Definition
Process
Deployment
Process
Measurement
Process
Control
Process
Innovation
Process
Optimization
Process 1 F F F L L
Process 2 F L F N P
Process 3 L P L L N
Legend Rates
“Fully” F Not assessed
“Largely” L Not applicable N.A.
“Partially” P
“Not” N
© 2018

74
Level achieved
Level 1
Performed
Level 2
Managed
Level 3
Established
Level 4
Predictable
Level 5
Optimizing
Process 1
Process 2
Process 3
Legend
Level achieved
Level not achieved
Not assessed
© 2018

75
Rating scale
Level 3
Level 1 Level 1 Level 1 Level 1
Level 2 Level 2 Level 2
Level 3 Level 3
Level 4
Reaching
Level 2
Reaching
Level 3
Reaching
Level 4
Reaching
Level 5
Fully
Reaching
Level 1
Level 2
Level 1
Level 4
Level 5
Largely
or Fully
© 2018

COBIT Framework implementation Guide
78
Seven phases in the life cycle:
1. What are the drivers?
2. Where are we now?
3. Where do we want to be?
4. What needs to be done?
5. How do we get there?
6. Did we get there?
7. How do we keep the
momentum going?
COBITImplementation
© 2018

Contact
80
Christian F. Nissen
cfn@cfnconsult.dk
+45 40 19 41 45
CFN Consult ApS
Linde Allé 1
DK-2600 Glostrup
CVR: 39 36 47 86
© 2018

Introduction to COBIT 5 and IT management

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Introduction to COBIT 5 and IT management

Similar to Introduction to COBIT 5 and IT management (20)

More from Christian F. Nissen

More from Christian F. Nissen (7)

Recently uploaded

Recently uploaded (20)

Introduction to COBIT 5 and IT management