COBIT 5 Foundation

Overview:
This course provides an overview the main concepts of IT Governance according to COBIT 5, ISACA s latest
governance framework, and how they can be applied.
Who Should Attend:
Business Management, IT /IS Auditors, Internal Auditors, Information Security and IT Practitioners; Consultants, IT/IS
Management looking to gain an insight into the Enterprise Governance of IT and looking to be certified as a COBIT
Implementer or Assessor.
Duration:
Classroom Learning - 3 Day(s)

Lesson 1: The key features of COBIT 5

The Reasons for the Development of COBIT 5

The History of COBIT

The Drivers for developing a Framework

The Benefits of using COBIT 5

The COBIT 5 Format & product Architecture

COBIT 5 and Other Frameworks

Lesson 2: The COBIT 5 principles

Enabler Focus

Control Objectives to Management Practices

From COBIT4.1 Management Guidelines to COBIT5: Enabling Processes Guidelines

Lesson 3: The COBIT 5 enablers

Enabler 1 Principles, Policies and frameworks

Enabler 2 Processes

Enabler 3 Organisational Structures

Enabler 4 Culture, Ethics, and Behaviour

Enabler 5 Information

Enabler 6 Services, Infrastructure and Applications

Enabler 7 People, Skills and Competencies

Walk Through on using Goals cascade to scope Processes

Lesson 4: Introduction to COBIT 5 implementation

The Life cycle Approach

Inter related components of the life cycle

Understanding the enterprise internal and external factors

Key success factors for implementation

The seven phases of the Life Cycle model explained

The seven Change Enablement characteristics used in the life cycle.

Change Enablement relationships to the Continual Improvement Life Cycle

Making the Business case

The differences between COBIT 4.1 and COBIT 5

Lesson 5: Process capability assessment model

What is a process assessment

What is the COBIT Assessment Programme

The differences between a capability and maturity assessment

Differences to the COBIT 4.1 CMM

Overview of the COBIT Capability Model & Assessments

The Process Reference Model (PRM)

The Process Assessment Model (PAM)

The Measurement Framework

Introduction to the Assessor Training Steps

Lesson 6: Exam

preparation for the exam

taking the exam

COBIT 5 Qualifications
COBIT 5 is ideal for assurance, security, risk, privacy and compliance professionals or business leaders and stakeholders
who are involved in or affected by governance and management of information and information systems.
For additional COBIT resources or to learn more about how ISACAs new evolutionary framework can help your enterprise
establish a renewed trust in and value from your information systems, visit the COBIT 5 website.
APMG-International will be responsible for the accreditation of training providers and the development of the qualification
scheme. There will be three separate qualifications:

Foundation

Implementation level

Assessment level.

Benefits for Individuals

Understand levels of IT-related risk and make informed decisions to reduce information
security incidents. Deliver this understanding and risk awareness to improve prevention, detection
and recovery within an organization.

Provide tools for organizations to maintain high quality information to support business
decisions.
Help an organization to meet with regulatory and statutory or government requirements.
Understand COBIT approach to governance and its relationship with other IT best practices.

Benefits for Organizations

Achieve strategic goals and realise business benefits through the effective and innovative
use of IT.
Support compliance with relevant laws, regulations, contractual agreements and policies and
gain competitive edge over other organizations.
Reduce complexity and increase cost-effectiveness due to improved and easier integration
of information security standards, good practices and/or sector-specific guidelines resulting in
operational excellence through reliable, efficient application of technology.
Improved integration of information security in the enterprise, resulting in increased user
satisfaction with information security arrangements and outcomes.

Foundation Level
Obtaining the Foundation qualification will show that you have sufficient knowledge and understanding of
the COBIT 5 guidance to be able to:

Understand the governance and management of enterprise IT

Create awareness with your business executives and senior IT management
Assess the current state of enterprise IT in your department or organization
Scope which aspects of COBIT 5 would be appropriate to implement.
Exam Format

Multiple Choice format

50 questions per paper
25 mark or more required to pass (out of 50 available) - 50%
40 minute duration
Closed book.

Implementation Level
Get a practical understanding of how to apply COBIT 5 to specific business problems, pain points, trigger
events and risk scenarios within the organization. Learn how to effectively implement and apply COBIT 5
into your enterprise or how you can integrate components into client initiatives. Attendees will walk away
with an appreciation of how to effectively use COBIT 5 for different organizational and or client scenarios.
Following completion of the COBIT 5 Implementation course and examination, you will understand:

How to analyze enterprise drivers

Implementation challenges, root causes and success factors
How to determine and assess current process capability
How to scope and plan improvements
Potential implementation pitfalls
The latest good practices.
Exam Format

Objective testing
4 questions per paper with 20 marks available per question
40 marks or more required to pass (out of 80 available) - 50%
2 hours duration
Open book (COBIT 5 Implementation book only).

Assessor Level
The Assessor course provides methods to help guide implementation activities and is supported by
several case studies. You will learn how to perform a process assessment and how to analyze the results
to provide a clear determination of process capability. You will also learn how these results can be used
for process improvement, measuring the achievement of current or projected business goals,
benchmarking, consistent reporting and organizational compliance ultimately driving value to the
business.
Following completion of the COBIT 5 Assessor course and examination, you will understand:

o
o
o

o
o
o
o
o
o

How to perform a process capability assessment using the Assessor Guide: using COBIT 5.
How to apply the Process Assessment Model (the PAM) in performing a process capability
assessment. Specifically:
To use the Process Reference Model, in particular to be able to use the 37 processes
outlined in the PRM.
To apply and analyse the measurement model in assessing process capability levels.
To apply and analyse the capability dimension using generic criteria outlined in the
PAM.
How to identify and assess the roles and responsibilities in the process capability
assessment process.
How to perform and assess the 7 steps outlined in the Assessor Guide. Specifically:
Initiate a process assessment
Scope an assessment, using the tools provided and the PAM for the selection of
the appropriate processes
Plan & Brief the teams
Collect & Validate the data
Do a process attribute rating
Report the findings of the assessment.

How to use the self-assessment guide.

Exam Format

Objective testing
8 questions per paper with 10 marks available per question
40 marks or more required to pass (out of 80 available) - 50%
2 hours duration
Open book (COBIT 5 Assessor Guide: Using COBIT 5 and COBIT Process Assessment
Model (PAM): Using COBIT 5 books only).
Please Note: The availability of the Implementation and Assessor courses will be announced soon.

The COBIT framework allows enterprises to achieve their governance and

management objectives, i.e., to create optimal value from information and
technology by maintaining a balance amongst realizing benefits, managing risk
and balancing resources. Further benefits include but are not limited to:
Maintain high-quality information to support business decisions
Achieve strategic goals and realize business benefits through the effective and
innovative use of IT
Achieve operational excellence through reliable, efficient application of
technology
Maintain IT-related risk at an acceptable level
Optimize the cost of IT services and technology
Support compliance with relevant laws, regulations, contractual agreements
and policies

COBIT 5 provides an end-to-end business view of the governance of enterprise

IT that reflects the central role of information and technology in creating value
for enterprises.

five areas of focus:

1. Strategic alignment
This covers the alignment of the enterprises and ITs perspective, position,
plans, and patterns.
2. Value delivery
From a customer perspective, value is expressed in terms of the desired business
outcomes, their preferences, and their perceptions in regards to the product or
service.
3. Resource management
It is important to include the following elements as resources: funding,
applications/software, infrastructure/hardware, information/data, and of
course people. In order to properly manage their resources, enterprises must
develop and maintain the following capabilities: management, enterprise,

processes, knowledge, and people.

4. Risk management
A risk may be defined as the uncertainty of an outcome whether positive or
negative. The management of the risk includes the identification of the tangible
and intangible items to be protected, the various (real or potential) threats
facing those items and the level of vulnerability of the items in regards to a
specific threat. The enterprise must then decide an appropriate means of
mitigating the risk; this may range from doing nothing to attempting to fully
protect the item from the threat.
5. Performance measures
Before establishing any measure an enterprise needs to identify the reason for
the measure. There are four basic reasons for measuring: they are to direct,
to validate, to justify, and to intervene. The enterprise needs to identify many other criteria for
the measures. These criteria include, but are not limited to,
compliance, performance, quality, and value. Furthermore, the measures can
be quantitative (objective) or qualitative (subjective). All the measures must
also adhere to the SMART principle where
S = Specific
M = Measurable
A = Achievable
R = Realistic
T = Timely or time bounded

It is a set of guidelines and supporting toolset for

governance of enterprise IT that is accepted worldwide. Auditors and enterprises use
it as a mechanism to integrate technology in implementing controls and meet specific
business objectives. COBIT is well suited to enterprises focused on risk management and
mitigation.

The framework integrates all knowledge previously dispersed over different

ISACA frameworks13 such as COBIT, Val IT, Risk IT, and the Business Model for
Information Security (BMIS) and the IT Assurance Framework (ITAF).