Create your own awesome maps

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account?
Log In

COBIT®5 study guide mind map by Mind Map: COBIT®5 study guide mind map
5.0 stars - 57 reviews range from 0 to 5

COBIT®5 study guide mind map

ISACA® is a registered trademark of Information Systems Audit and Control Association. COBIT® is a trademark of ISACA® registered in the United States and other countries. CISA®, Certified Information Systems Auditor®, CISM®, CGEIT®, Certified in the Governance of Enterprise IT/CGEIT® (and design)®, COBIT® are registered trademarks of ISACA®. CRISC™, Certified in Risk and Information Systems Control™, Certified Information Security Manager™, Risk IT™, Val IT™ are trademarks of ISACA®. Trademarks are properties of the holders, who are not affiliated with mind map author.

Download: COBIT® 5 Reference Cards (PDFs)

Official COBIT® 5 - Publications

COBIT® 5: A Business Framework for the Governance and Management of Enterprise IT

COBIT® 5 Enabler Guides

COBIT® 5: Enabling Processes, http://www.isaca.org/COBIT/Pages/COBIT-5-Enabling-Processes-product-page.aspx

COBIT® 5: Enabling Information, http://www.isaca.org/COBIT/Pages/COBIT-5-Enabling-Information-product-page.aspx

...

COBIT® 5 Professional Guides

COBIT® 5: Implementation, http://www.isaca.org/COBIT/Pages/COBIT-5-Implementation-product-page.aspx

COBIT® 5: for Information Security, http://www.isaca.org/COBIT/Pages/Information-Security-Product-Page.aspx

COBIT® 5: for Assurance, http://www.isaca.org/COBIT/Pages/Assurance-product-page.aspx

COBIT® 5: for Risk, http://www.isaca.org/COBIT/Pages/Risk-product-page.aspx

...

COBIT® 5 Assessment Programme

COBIT® 5 Process Assessment Programme, http://www.isaca.org/Knowledge-Center/cobit/Pages/COBIT-Assessment-Programme.aspx

COBIT® 5 Process Assessment Model (PAM), Serves as a base reference document for the performance of a capability assessment of an organisation’s current IT processes against COBIT®., http://www.isaca.org/COBIT/Pages/COBIT-5-PAM.aspx

COBIT® 5 Self-assessment Guide, Provides guidance on how to perform a basic self-assessment of an organisation’s current IT process capability levels against COBIT® processes., http://www.isaca.org/COBIT/Pages/Self-Assessment-Guide.aspx

COBIT® 5 Assessor Guide, Provides details on how to undertake a full ISO-compliant assessment., http://www.isaca.org/COBIT/Pages/Assessor-Guide.aspx

COBIT® 5 - Principles (5)

Watch: COBIT® 5 - Principles (by Orbus Software)

https://www.youtube.com/watch?v=1cAslMQu2kE

1. Meeting stakeholder needs

Watch: COBIT® 5 - Principle One (by Orbus Software), https://www.youtube.com/watch?v=MOPGlbqAngU

Enterprises have many stakeholders

Governance is about, Negotiating., Deciding amongst different stakeholders’ value interests., Considering all stakeholders when making benefit, resource and risk assessment decisions.

Enterprises exist to create value for their stakeholders, Value creation: realizing benefits at an optimal resource cost while optimizing risk.

The COBIT® 5 goals cascade allows the definition of priorities for:, Implementation., Improvement., Assurance of enterprise governance of IT., In practice, the goals cascade:, Defines relevant and tangible goals and objectives at various levels of responsibility., Filters the knowledge base of COBIT 5, based on enterprise goals to extract relevant guidance for inclusion in specific implementation, improvement or assurance projects., Clearly identifies and communicates how enablers are used to achieve enterprise goals., Cascade Step #1 - Identify the influence of Key stakeholder drivers on stakeholder needs, e.g., Strategy changes, Changing business environment, Changing regulatory environment new technologies, Cascade Step #2 - Stakeholders needs cascade to Enterprise Goals, There are 17 generic enterprise goals as shown in figure of the Framework guide, which have been translated into Balance Score Card dimensions (BSC) and the relationship to the 3 main governance objectives of benefits realisation, risk and resource optimisation, Cascade Step #3 - Enterprise Goals cascade to IT related Goals, There are also 17 generic IT related goals as shown in Figure 6 (shown below) that are also categorised into the Balanced Score Card (BSC) categories., Cascade Step #4 - IT related Goals Cascade to Enabler Goals, Processes are one of the key enablers which is expanded on in the Enabler Learning Area module, but it is important to know that Enabler Goals are represented in the Process Reference module in all 37 processes

Internal stakeholder concerns include:, How do I get value from the use of IT?, How do I manage performance of IT?, How can I best exploit new technology for new strategic opportunities?, How do I know whether I’m compliant with all applicable laws and regulations?, Am I running an efficient and resilient IT operation?, How do I control cost of IT?, Is the information I am processing adequately and appropriately secured?, How critical is IT to sustaining the enterprise?, What do I do if IT is not available?

COBIT® 5 addresses the governance and management of information and related technology from an enterprise-wide, end-to-end perspective.

External stakeholders, Business partners, suppliers, shareholders, regulators/ government, external users, customers, standardisation organisations, external auditors, consultants, etc., External stakeholder needs, How do I know my business partner’s operations are secure and reliable?, How do I know the organisation is compliant with applicable rules and regulations?, How do I know the enterprise is maintaining an effective system of internal control?

Internal stakeholders, Internal stakeholder needs, How do I get value from the use of IT?, How do I manage performance of IT?, How can I best exploit new technology for new strategic opportunities?, How do I know whether I’m compliant with all applicable laws and regulations?, Am I running an efficient and resilient IT operation?, How do I control cost of IT?, Is the information I am processing adequately and appropriately secured?, How critical is IT to sustaining the enterprise?, What do I do if IT is not available?, What are (control) requirements for Information?, Did I address major IT-related risks?, Do I have enough people for IT? How do I develop and maintain their skills, and how do I manage their performance?

2. Covering the enterprise end–to–end

Watch: COBIT® 5 - Principle Two (by Orbus Software), https://www.youtube.com/watch?v=aAY5r2NqTxc

Integrates the governance of enterprise IT into enterprise governance and covers all functions and processes required to govern and manage enterprise information and related technologies wherever that information is processed.

COBIT® 5 addresses all relevant internal and external IT services as well as external and internal business processes.

Main elements of the governance approach:, Governance Enablers comprising:, The organizational resources for governance., The enterprise’s resources., A lack of resources or enablers may affect the ability of the enterprise to create value., Governance Scope comprising:, The whole enterprise., An entity, a tangible or intangible asset, etc.

Governance roles, activities and relationships:, Define Who is involved in governance., How they are involved., What they do., How they interact.

COBIT® 5 defines the difference between governance and management activities in principle 5.

3. Applying a single integrated framework

Watch: COBIT® 5 - Principle Three (by Orbus Software), https://www.youtube.com/watch?v=DiEDYII5sDo

COBIT® 5 and Legacy ISACA Frameworks

COBIT® 5 Product Family

Aligns with the latest relevant standards and frameworks.

Is complete in enterprise coverage.

Provides a basis to integrate effectively other frameworks, standards and practices used.

Integrates all knowledge previously dispersed over different ISACA frameworks.

Provides a simple architecture for structuring guidance materials and producing a consistent product set.

The COBIT® 5 product family is the connection:, COBIT 5: A Business Framework for the Governance and Management of Enterprise IT., COBIT 5: Enabling Processes., COBIT 5 Implementation Guide., COBIT 5 for Information Security., COBIT 5 for Assurance., COBIT 5 for Risk., A series of other products is planned; they will be tailored for specific audiences or topics., COBIT 5 Online.

4. Enabling a holistic approach of 7 enterprise enables

Watch: COBIT® 5 - Principle Four (by Orbus Software), https://www.youtube.com/watch?v=uxWPx_uuFrk

COBIT® 5 defines a set of enablers to support the implementation of a comprehensive governance and management system for enterprise IT.

COBIT® 5 enablers are:, Factors that, individually and collectively, influence whether something will work., Driven by the goals cascade., Described by the COBIT®5 framework in seven categories.

Enablers:, 1. Principles, policies and frameworks, 2. Processes, 3. Organizational structures, 4. Culture, ethics and behaviour, 5. Information, 6. Services, infrastructure and applications, 7. People, skills and competencies

5. Separate governance from management

Watch: COBIT® 5 - Principle Five (by Orbus Software, https://www.youtube.com/watch?v=accatUbftxg

The COBIT® 5 framework makes a clear distinction between governance and management.

Governance and management:, Governance system, A governance system refers to all the methods and techniques that enable multiple stakeholders in an enterprise to have an organized say in evaluating conditions and options; setting direction; and monitoring compliance, performance, and progress against plans, to satisfy specific enterprise objectives., Methods and techniques include frameworks, principles, policies, sponsorship, structures and decision tools, roles and responsibilities, processes and practices, to set direction and monitor compliance and performance aligned with the overall objectives., Management, Entails the considered use of means (resources, people, processes, practices, etc.) to achieve an identified end., It is through management that the governance body achieves a result or objective., Management is responsible for the execution of the direction set by the guiding body or unit., Management is about planning, building, organizing and controlling operational activities to align with the direction set by the governance body., Encompass different types of activities., Require different organizational structures., Serve different purposes.

COBIT® 5: Enabling Processes differentiates the activities associated with each.

Governance ensures that stakeholder needs, conditions and options are:, Evaluated to determine balanced, agreed-on enterprise objectives to be achieved., Setting direction through prioritization and decision making., Monitoring performance, compliance and progress against agreed direction and objectives (EDM).

Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM) (see Process Reference Model (PRM))

COBIT® 5 - Enterprise Enablers (7)

Watch: COBIT® 5 - Enablers (by Orbus Software)

https://www.youtube.com/watch?v=_FtKV4CQ60k

These are the tangible and intangible elements that make something work - in this case, governance, and management of the enterprise over IT.

Enablers are driven by the goals cascade: the higher-level IT-related goals define what the different enablers should achieve.

All enablers have a set of common dimensions that:

Provide a common, simple and structured way to deal with enablers

Allow an entity to manage its complex interactions

Facilitate successful outcomes of the enablers

1. Principles, policies and frameworks

Principles, policies and frameworks are the vehicle to translate the desired behaviour into practical guidance for day- to-day management.

The purpose of this enabler is to convey the governing body’s and management’s direction and instructions

They are instruments to communicate the rules of the enterprise, in support of the governance objectives and enterprise values as defined by the board and executive management:, Differences between principles and policies:, Principles need to be limited in number, Put in simple language, expressing as clearly as possible the core values of the enterprise, Policies are more detailed guidance on how to put principles into practice

The characteristics of good policies; they should:, Be effective, Achieve their purpose, Be efficient, Especially when implementing them, Non-intrusive, Should make sense and be logical to those who have to comply with them

Policies should have a mechanism (framework) in place where they can be effectively managed and users know where to go, Specifically they should be:, Comprehensive, covering all required areas, Open and flexible allowing for easy adaptation and change, Current and up to date

2. Processes

Processes describe an organised set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals.

COBIT 5 Enablers: Processes complements COBIT 5 and contains a detailed reference guide to the processes that are defined in the COBIT 5 Process Reference Model (PRM):, The COBIT 5 goals cascade is recapitulated and complemented with a set of example metrics for the enterprise goals and the IT-related goals, The COBIT 5 process model is explained and its components defined, The Enabler process guide which is referenced in this module contains the detailed process information for all 37 COBIT 5 processes shown in the Process Reference Model (PRM)

The COBIT 5 process reference model subdivides the IT-related practices and activities of the enterprise into two main areas - governance and management - with management further divided into domains of processes:, The 1 GOVERNANCE domain, Contains 5 governance processes; within each process, evaluate, direct and monitor (EDM) practices are defined, The 4 MANAGEMENT domains, Are in line with the responsibility areas of plan, build, run and monitor (PBRM)

Each process is divided into:, Process Description, Process Purpose statement, IT-related Goals (from the Goals cascade see example in the Appendix), Each IT-related goal is associated with a set of generic related metrics, Process Goals (Also from the Goals cascade mechanism and is referred to as Enabler Goals, Each Process Goal is associated or related with a set of generic metrics, Each Process contains a set of Management Practices, These are associated with a generic RACI, Each management practices contains a set of inputs and outputs (called work products in module PC), Each management Practice is associated with a set of activities

Key Characteristics of Process Goals:, Process Goals are defined as a statement describing the desired outcome of a process. An outcome can be an artefact, a significant change of state or a significant capability improvement of other processes. (SEE learning area PC) They are part of the goals cascade in which process goals link to IT-related goals which link to Enterprise goals. (See PR) There are also 3 categories:, Intrinsic Goals, Contextual Goals, Accessibility and Security goals

Relationship between Process and other enablers:, Processes need information as one form of input, Processes need Organizational structure, Processes produce and require services, infrastructure and applications, Processes are dependent on other processes, Processes need policies and procedures to ensure consistent implementation

3. Organizational structures

Organisational structures are the key decision-making entities in an enterprise.

A number of Good Practices of organisational structure can be distinguished such as:, Operating principles, The practical arrangements regarding how the structure will operate, such as meeting frequency documentation and other rules, Span of control, The boundaries of the organisation structure’s decision rights, Level of authority, The decisions that the structure is authorised to take, Delegation of responsibility, The structure can delegate a subset of its decision rights to other structures reporting to it, Escalation procedures, The escalation path for a structure describes the required actions in case of problems in making decisions

4. Culture, ethics and behaviour

Culture, ethics and behaviour of individuals and of the enterprise are very often underestimated as a success factor in governance and management activities.

Good practices for creating, encouraging and maintaining desired behaviour throughout the enterprise include:, Communication throughout the enterprise of desired behaviours and corporate values. (This can be done via a code of ethics), Awareness of desired behaviour, strengthened by senior management example:, This is one of the keys to a good governance environment when senior management and the executives ‘walk the talk’ so to speak., It is sometimes a difficult area and one that causes many enterprises to fail because it leads to poor governance. (Typically this will be part of a training and awareness sessions based around a code of ethics), Incentives to encourage and deterrents to enforce desired behaviour, There is a clear link to HR payment and reward schemes, Rules and norms which provide more guidance and will typically be found in a Code of Ethics

Relationship of Goals for culture, ethics and behaviour:, Organisational Ethics determine the values by which the enterprise want to live (its code), Individual ethics determined by each person’s personal values and dependent to some extent on external factors not always under the enterprise’s control, Individual behaviours which collectively determine the culture of the enterprise and is dependent on both organisational and individual ethics

The relationship of this enabler to other enablers:, Links to processes for execution process activities, Links to organisational structures for the implementation of decisions, Links to principles and policies to be able to communicate the corporate values

5. Information

Information is pervasive throughout any organisation and includes all information produced and used by the enterprise., Information is required for keeping the organisation running and well governed, but at the operational level, information is very often the key product of the enterprise itself.

COBIT 4.1 introduced the concept of 7 Key Information criteria to meet Business requirements. This concept has been retained but translated differently in Figure 9 below: Figure 26 Appendix F

To satisfy business objectives, information needs to conform to certain control criteria, which COBIT refers to as business requirements for information

Based on broader quality, fiduciary, and security requirements, seven distinct information criteria are defined, These are:, Effectiveness, Deals with information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent, and usable manner., Efficiency, Concerns the provision of information through the optimal - most productive and economical - use of resources., Confidentiality, Concerns the protection of sensitive information from unauthorized disclosure., Integrity, Relates to the accuracy and completeness of information as well as to its validity in accordance with business values and expectations., Availability, Relates to information being available, when required by the business process, at present and in the future., It also concerns the safeguarding of necessary resources and associated capabilities., Compliance, Deals with complying with those laws, regulations, and contractual arrangements to which the business process is subject, that is, externally imposed business criteria as well as internal policies., Reliability, Relates to the provision of appropriate information for the management to operate the entity and to exercise its fiduciary and governance responsibilities.

Meta Data Information Cycle

Information Attributes Applied to the following layers:, Physical World Layer, The world where all phenomena that can be empirically observed takes place., Where will information be stored?, Empirical layer, The empirical observation of the signs used to encode information and their distinction from each other., How can the information be accessed? What are the access channels to the information?, Syntactical Layer, The rules and principles for constructing sentences in natural or artificial languages. Syntax refers to the form of information., How will the information be structured and coded?, Semantic Layer, The rules and principles for constructing meaning out of the syntax structures., What sort of information is it? What is the information level? What type of information is it? Is the information current or relating to the past or to the future?, Pragmatic Layer, The rules and structures for constructing larger language structures that fulfil specific purposes in human communication, Pragmatics refers to the use of information, What are the retention requirements? What other information is required for this information to be useful and usable? What are the retention requirements? Is information historic or operational?, Social World Layer, The world that is socially constructed through the use of language structures at the pragmatic level of semiotics, e.g. contracts, laws. Culture

The contextual and representational quality of information requirements to the user which includes:, Relevancy, The extent to which information is applicable and helpful for the task at hand, Completeness, The extent to which information is not missing and is of sufficient depth and breath for the task at hand, Appropriateness, The extent to which the volume of information is appropriate for the task at hand, Conciseness, The extent to which the information is compactly represented, Consistency, The extent to which the information is presented in the same format, Understandability, The extent to which the information is easily understandable, Ease of Manipulation, The extent to which information is easy to manipulate and apply to different tasks

6. Services, infrastructure and applications

Services, infrastructure and applications include the infrastructure, technology and applications that provide the enterprise with information technology processing and services.

The 5 architecture principles that govern the implementation and use of IT-Related resources:, This is part of the Good Practices of this enabler, Architecture Principles are overall guidelines that govern the implementation and use of IT-related resources within the enterprise, Examples of such principles:, Reuse, Common components of the architecture should be used when designing and implementing solutions as part of the target or transition architectures, Buy vs. build, Solutions should be purchased unless there is an approved rationale for developing them internally, Simplicity, The enterprise architecture should be designed and maintained to be simple as possible while still meeting enterprise requirements, Agility, The enterprise architecture should incorporate agility to meet changing business needs in an effective and efficient manner, Openness, The enterprise architecture should leverage open industry standards

Relationship To other Enablers:, Information:, Is a service capability that is leveraged through processes to deliver internal and external services., Cultural and behavioural aspects:, Relevant when a service-oriented culture needs to be built.

7. People, skills and competencies

People, skills and competencies are linked to people and are required for successful completion of all activities and for making correct decisions and taking corrective actions.

Identify the good practices of people, Skills and Competencies, specifically:, Described by different skill levels for different roles., Defining Skill requirements for each role., Mapping skill categories to COBIT 5 process domains (APO; BAI etc.)., These correspond to the IT-related activities undertaken, e.g. business analysis, information management etc., Using external sources for good practices such as:

COBIT® 5 Processes (37) - Process Reference Model (PRM)

Structure of the PRM Template is based on the ISO 15504 process definitions and structure.

PRM is divided into 5 domains

1 Governance Domain, EDM (Evaluate, Direct, and Monitor), 5 processes

4 Management domains (a.k.a. PBRM, Plan, Build, Run, Monitor), APO (Align, Plan and Organise) - strategic, 13 processes, BAI (Build, Acquire and Implement) - tactical, 10 processes, DSS (Deliver, Service and Support) - operational, 6 processes, MEA (Monitor, Evaluate and Assess), 3 processes

This makes a total of 37 processes, 32 for Management and 5 for Governance.

COBIT® 5 Implementation Phases / Lifecycle (7)

Phase 1 - What Are the Drivers?

Initiate the Programme

Establish desire to change

This phase starts with recognizing and agreeing to the need for an implementation. It identifies the current pain points and triggers and creates a desire to change at executive management levels.

Phase 2 - Where are We Now?

Define the problems and opportunities [Programme Management]

Form a powerful guiding team [Change Enablement]

Assess the current state [Continual Improvement Life cycle attribute]

This phase is focused on defining the scope of the implementation using COBIT’s mapping of enterprise goals to IT-related goals to the associated IT processes, and considering how risk scenarios could also highlight key processes on which to focus.

Phase 3 - Where Do We Want to Be?

Define the roadmap

Communicate desired vision

Define target state and perform gap analysis

In this phase, an improvement target is set, followed by a more detailed analysis using COBIT’s guidance to identify gaps and potential solutions. Some solutions may offer quick wins and others might be more challenging.

Phase 4 - What Needs to Be Done?

Develop program plan

Empower role players and identify quick wins

Design and build improvements

This plans practical solutions by defining projects supported by justifiable business cases. A change plan for implementation is also developed.

Phase 5 - How Do We Get There?

Execute the plan

Enable operation and use

Implement improvements

The proposed solutions are implemented into day-to-day practices in this phase. Measures can be defined and established using COBIT’s goals and metrics to ensure that business alignment is achieved and maintained and performance can be measured.

Phase 6 - Did We Get There?

Realize benefits

Embed new approaches

Operate and measure

This phase focuses on the sustainable operation of the new or improved enablers and the monitoring of the achievement of expected benefits.

Phase 7 - How Do We Keep Momentum?

Continual improvements

Review the program benefits

Sustain

Monitor and evaluate

In this phase, the overall success of the initiative is reviewed, further requirements for the governance or management of enterprise are identified and the need for continual improvement is reinforced.

COBIT® 5 - Process Capability Assessment Model (PAM)

Process capability models are used to measure the ‘as-is’ maturity of an enterprise’s IT-related processes, to define a required ‘to-be’ state of maturity, and to determine the gap between them and how to improve the process to achieve the desired maturity level.

Serves as a base reference document for the performance of a capability assessment of an organisation’s current IT processes against COBIT®.

The COBIT® Process Assessment Model (PAM) brings together two proven heavyweights in the IT arena, ISO and ISACA®.

The new Process Capability Model based on ISO 15504 replaces the Process Capability Maturity Model used in earlier COBIT® versions.

Advantages of the ISO 15504 Approach, A robust assessment process based on ISO 15504, An alignment of COBIT’s maturity model scale with the international standard, A new capability-based assessment model which includes, Assessor qualifications and experiential requirements, Results in a more robust, objective and repeatable assessment

Process Capability Assessment differences COBIT 4.1 & 5.0

The naming and meaning of the ISO/IEC 15504-defined capability levels are quite different from the current COBIT 4.1 maturity levels for processes.

In ISO/IEC 15504, capability levels are defined by a set of nine process attributes

Maturity Assessment, Done at an enterprise or organizational level and uses a different measurement scale than a capability assessment and different criteria and attributes

Capability Assessment, Done at a process level and is done for purposes of process Improvement

9 Process Attributes (based on ISO/IEC 15504-2)

0, Incomplete (no attributes), The process is not implemented or fails to achieve its process purpose. Little or no evidence of any systematic achievement of the process purpose.

1, Performed (one attribute), The implemented process achieves its process purpose., PA1.1, Process Performance

2, Managed (two attributes), The process is implemented in a managed fashion (planned, monitored and adjusted) and its work products are appropriately established, controlled and maintained., PA2.1, Performance Management, PA2.2, Work Product Management

3, Established (two attributes), The process is implemented using a defined process that is capable of achieving its process outcomes., PA3.1, Process Definition, PA3.2, Process Deployment

4, Predictable (two attributes), The process operates within defined limits to achieve its process outcomes., PA4.1, Process Measurement, PA4.2, Process Control

5, Optimising (two attributes), The process is continuously improved to meet relevant current and projected business goals., PA5.1, Process Innovation, PA5.2, Continuous Optimization

Assessment Process Activities

1. Initiation, Identify the sponsor and define the purpose of the assessment, Define the scope of the assessment, Identify any additional information that needs to be gathered., Select the assessment participants, the assessment team and define the roles of team members., Define assessment inputs and outputs

2. Planning the assessment, An assessment plan describing all activities performed in conducting the assessment is, Identify the project scope., Secure the necessary resources to perform the assessment, Determine the method of collating, reviewing, validating and documenting the information required for the assessment, Co-ordinate assessment activities with the Organizational Unit being assessed

3. Briefing, The Assessment Team Leader ensures that the assessment team understands the assessment, Brief the Organizational Unit on the performance of the assessment

4. Data collection, The assessor obtains (and documents) an understanding of the process(es) including process purpose, inputs, outputs and work products, sufficient to enable and support the assessment, Data required for evaluating the processes within the scope of the assessment is collected in a systematic manner, The strategy and techniques for the selection, collection, analysis of data and justification of the ratings are explicitly identified and demonstrable, Each process identified in the assessment scope is assessed on the basis of objective evidence

5. Data validation, Actions are taken to ensure that the data is accurate and sufficiently covers the assessment scope, including, Some data validation may occur as the data is being collected

6. Process attributes rating, For each process assessed, a rating is assigned for each process attribute up to and including the highest capability level defined in the assessment scope, The rating is based on data validated in the previous activity, Traceability shall be maintained between the objective evidence collected and the process attribute ratings assigned, For each process attribute rated, the relationship between the indicators and the objective evidence is recorded

7. Reporting the results, The results of the assessment are analysed and presented in a report, The report also covers any key issues raised during the assessment

The COBIT® Assessment Program includes:

COBIT Process Assessment Model (PAM) - Using COBIT 4.1

COBIT Process Assessment Model (PAM) - Using COBIT 5

COBIT Assessor’s Guide - Using COBIT 4.1

COBIT Assessor’s Guide - Using COBIT 5.0

COBIT Self Assessment Guide - Using COBIT 4.1

COBIT Self Assessment Guide - Using COBIT 5.0

Basic definitions

Maturity Assessment

Is done at an enterprise or organizational level and uses a different measurement scale than a capability assessment and different criteria and attributes.

Capability Assessment

Is done at a process level and is done for purposes of process Improvement.

Lead assessor

A ‘competent’ assessor responsible for overseeing the assessment activities.

Assessor

An individual, developing assessor competencies, who performs the assessment activities.

COBIT®5 Exams

APMG

http://www.apmg-exams.com/index.aspx?subid=101&

3rd party

http://www.glenfis.ch/custom/Demos/COBIT5_FOUND_PRFG_EN/story_html5.html

Interactive COBIT® 5 Glossary

Interactive COBIT® 5 Glossary

COBIT5 training road map

This freeware, non-commercial mind map (aligned with the newest version of COBIT®) was carefully hand crafted with passion and love for learning and constant improvement as well for promotion the standard and framework COBIT® and as a learning tool for candidates wanting to gain COBIT® qualification. (please share, like and give feedback - your feedback and comments are my main motivation for further elaboration. THX!)

Questions / issues / errors? What do you think about my work? Your comments are highly appreciated. Please don't hesitate to contact me for :-) Mirosław Dąbrowski, Poland/Warsaw.

http://www.miroslawdabrowski.com

http://www.linkedin.com/in/miroslawdabrowski

https://www.google.com/+MiroslawDabrowski

https://play.spotify.com/user/miroslawdabrowski/

https://twitter.com/mirodabrowski

miroslaw_dabrowski

The Evolution of COBIT 5

COBIT® 5 has clarified management level processes and integrated COBIT® 4.1, Val IT and Risk IT content into one process reference model

Watch: Comparing COBIT® 4.1 to COBIT® 5 (by Orbus Software)

https://www.youtube.com/watch?v=_W8DuJNi-2M

The framework integrates all knowledge previously dispersed over different ISACA Irameworks!' such as CO BIT, Val IT, Risk IT, and the Business Model for Information Security (BMIS) and the IT Assurance Framework (ITAF).

COBIT® 5 consolidates COBIT 4.1, Val IT and Risk IT into one framework, and has been updated to align with current best practices

COBIT® 5 processes now cover end-to-end business and IT activities

This provides for a more holistic and complete coverage of practices reflecting the pervasive enterprise wide nature of IT use

It makes the involvement, responsibilities and accountabilities of business stakeholders in the use of IT more explicit and transparent