study notes - cobit 5 foundation certification

Copyright@Wajahat Iqbal (2015) This is not an official COBIT publication and is not endorsed, sponsored, or otherwise affiliated with ISACA or ITGI.

(Study Notes) - COBIT 5 Exam (ISACA Enterprise Governance Framework)

1) Governance Objective:

Value Creation from Benefits Realisation + Risk Optimisation+ Resource Optimisation

2) Cobit 5 initially available in 3 Volumes:

- The Framework

- Process Reference Guides

- Implementation Guide

3) Five Principles of Cobit 5:

- Meeting the Stakeholders needs

- Covering the Enterprise end-to-end

- Single integrated Framework

- Holistic approach of 7 enterprise enablers

- Separating governance from management

4) Stakeholder Needs Enterprise Goals IT-related Goals Enabler Goals

5) Seven Enablers of Cobit 5 (i.e. Governance enablers)

- Principles, policies and frameworks

- Processes

-Organisational structures

- Culture, ethics and behaviours

- Information

- Service infrastructure and applications

- People skills and competencies

6) Important Drivers for Cobit 5

- Performance (Business Goals)

- Conformance (SOX, HIPAA)

- Creating value for Enterprise Stakeholders through efficient use of Technology & Information

- Complete Enterprise Governance

- Covers all Functions and Processes

- Address all Internal & External Services

- Address all Internal & External Business Processes

- Address End to end Business and IT responsibilities

- Enterprise Architecture

- Asset and Service management

7) Cobit 5 Triggers

- Pains

- Risks

- Goals Cascade


8) Mapping of Governance & Management Domain

a) Governance Domain (EDM – Evaluate, Direct & Monitor)

b) Management Domain:

(APO – Align, Plan & Organise)

(BAI – Build, Acquire & Implement)

(DSS – Deliver, Service & Support)

(MEA – Monitor, Evaluate & Asses)

9) Cobit 5 Product Guides:

- Level 1 (Cobit Enabling Processes, Cobit 5 Enabling Information, Other Enabling Guides)

- Level 2 (Cobit 5 Implementation, Cobit 5 for Information Security, Cobit 5 for Assurance, Cobit 5 for

Risk, Other Professional Guides)

- Level 3 (Cobit 5 Online Collaborative Environment)

10) Key Governance Objective VALUE CREATION

11) Enabler Characteristics

- Stakeholders (Internal & External)

- Goals (expected outcome of enabler)

Intrinsic Quality (work well & provide results)

Contextual Quality (Relevance, effectiveness)

Accessibility & Security (of enablers + outcomes)

- Lifecycle

Plan, Design,

Build/Acquire/Create/Implement

Use/Operate

Evaluate/Monitor

Update/Dispose

- Good Practice

Practices

Work Products (Inputs & Outputs)

12) Cobit 5 Enterprise 17 Goals (Balanced Score Card 5 Dimensions):

- Financial

- Customer

- Internal

- Learning Growth

13) Cobit 5 Implementation Lifecycle


COBIT 5 IMPLEMENTATION CYCLE

Phase

1 2 3 4 5 6 7

What are the

Drivers?

Where are we

Now?

Where do we

Want to be?

What needs to

Be done?

How do we get

there?

Did we get

There?

How do we keep

the momentum

Going?

Programme

Management

Initiate program

Define problems

& opportunities

Define road map

Plan programme

Execute plan Realise benefits

Review Effectiveness

Change

Enablement

Establish desire to change

Form implementation

team

Communicate outcome

Identify role players

Operate and use

Embed new approaches

Sustain

Continual

Improvement

Lifecycle

Recognise need to act

Assess current state

Define target state

Build improvements

Implement improvements

Operate improvements

Monitor and evaluate

14) Charteristics of a Good Business Case:

- Address Business Benefits

- Address Investment needed

- Address Constraints & Dependencies

- Address Investment Monitoring

- Address business changes required

- Address ongoing IT Operating Costs

- Address Roles, Responsibilities & Accountability

15) Cobit 5 Process Capability Model (PAM)

Cobit 5 Process Capability Model (PAM)

0 Incomplete Performance Attribute (PA)

1 Performed PA1.1 Process Performance

2

Managed PA2.1 Performance Management

PA2.2 Work Product Management

3

Established PA3.1 Process Definition

PA3.2 Process Deployment

4

Predictable PA4.1 Process Measurement

PA4.2 Process Control

5 Optimising PA5.1 Process Innovation

PA5.2 Process Optimisation

Rating Levels:

a) F- Fully achieved (>85%) b) P - Partially achieved (15-50%)

c) L-Largely achieved (50-85%) d) N- Non achieved (<15%)


16) Enterprise = Organisation = Commercial (Corporate) OR Public Sector OR Not for Profit

17) Information Enabler (Enabler 5)

1) Intrinsic Quality Accuracy,Objectivity,Believability,Reputation

2) Contextual Relevancy, Completeness, Currency, Appropriate amount of

information, Concise representation, Consistent representation

Interpretability, Understandability, Ease of manipulation

3) Security/Accessibility Availability/timeliness, Restricted Access

4) Information Layers Physical World(Carrier/Media)

Empiric(User Interface)

Syntactic (Code/Language)

Semantic (Meaning)

Pragmatic (Use)

Social Use (e.g. Contracts,Law,Culture)

18) Cobit 5 Stakeholders:

- Internal (Board,CFO,CIO,CTO,CEO,Business Executives,Managers,Internal Auditors,Users ..)

- External (Business Partners,Suppliers,Shareholders,Regulators,Govt,External

Users,Customers,Standardisation organizations,External Auditors,Consultants..)

19) Good Policy Effective, Efficient, Non-Intrusive

20) DIKW - [Data – Information-Knowledge-Wisdom (Value)]

21) Information for Business (COBIT 4.1)

1 Quality Effectiveness

Efficiency

2 Security Confidentiality

Integrity

Availability

3 Fiduciary Compliance

Reliability


22) PBRM -> Plan, Build, Run, Monitor Levels (Total 37 Processes)

Governance EDM (5 Processes)

Evaluate, Direct & Monitor

Management APO (13 Processes)

Align, Plan & Organise

BAI (10 Processes)

Build, Acquire & Implement

DSS (6 Processes)

Deliver, Service & Support

MEA (3 Processes)

Monitor, Evaluate & Asses

study notes - cobit 5 foundation certification

Internet