You are on page 1of 7

COBIT 5 Foundation

Overview: This course provides an overview the main concepts of IT Governance according to COBIT 5, ISACA s latest governance framework, and how they can be applied. Who Should Attend: Business Management, IT /IS Auditors, Internal Auditors, Information Security and IT Practitioners; Consultants, IT/IS Management looking to gain an insight into the Enterprise Governance of IT and looking to be certified as a COBIT Implementer or Assessor. Duration:
Classroom Learning - 3 Day(s)

Lesson 1: The key features of COBIT 5

The Reasons for the Development of COBIT 5 The History of COBIT The Drivers for developing a Framework The Benefits of using COBIT 5 The COBIT 5 Format & product Architecture COBIT 5 and Other Frameworks

Lesson 2: The COBIT 5 principles

Enabler Focus Control Objectives to Management Practices From COBIT4.1 Management Guidelines to COBIT5: Enabling Processes Guidelines

Lesson 3: The COBIT 5 enablers

Enabler 1 Principles, Policies and frameworks Enabler 2 Processes Enabler 3 Organisational Structures Enabler 4 Culture, Ethics, and Behaviour Enabler 5 Information Enabler 6 Services, Infrastructure and Applications Enabler 7 People, Skills and Competencies Walk Through on using Goals cascade to scope Processes

Lesson 4: Introduction to COBIT 5 implementation

The Life cycle Approach Inter related components of the life cycle

Understanding the enterprise internal and external factors Key success factors for implementation The seven phases of the Life Cycle model explained The seven Change Enablement characteristics used in the life cycle. Change Enablement relationships to the Continual Improvement Life Cycle Making the Business case The differences between COBIT 4.1 and COBIT 5

Lesson 5: Process capability assessment model

What is a process assessment What is the COBIT Assessment Programme The differences between a capability and maturity assessment Differences to the COBIT 4.1 CMM Overview of the COBIT Capability Model & Assessments The Process Reference Model (PRM) The Process Assessment Model (PAM) The Measurement Framework Introduction to the Assessor Training Steps

Lesson 6: Exam

preparation for the exam taking the exam

COBIT 5 Qualifications COBIT 5 is ideal for assurance, security, risk, privacy and compliance professionals or business leaders and stakeholders who are involved in or affected by governance and management of information and information systems. For additional COBIT resources or to learn more about how ISACAs new evolutionary framework can help your enterprise establish a renewed trust in and value from your information systems, visit the COBIT 5 website. APMG-International will be responsible for the accreditation of training providers and the development of the qualification scheme. There will be three separate qualifications:

Foundation Implementation level Assessment level.

Benefits for Individuals

Understand levels of IT-related risk and make informed decisions to reduce information security incidents. Deliver this understanding and risk awareness to improve prevention, detection and recovery within an organization. Provide tools for organizations to maintain high quality information to support business decisions. Help an organization to meet with regulatory and statutory or government requirements. Understand COBIT approach to governance and its relationship with other IT best practices.

Benefits for Organizations


Achieve strategic goals and realise business benefits through the effective and innovative use of IT. Support compliance with relevant laws, regulations, contractual agreements and policies and gain competitive edge over other organizations. Reduce complexity and increase cost-effectiveness due to improved and easier integration of information security standards, good practices and/or sector-specific guidelines resulting in operational excellence through reliable, efficient application of technology. Improved integration of information security in the enterprise, resulting in increased user satisfaction with information security arrangements and outcomes.

Foundation Level
Obtaining the Foundation qualification will show that you have sufficient knowledge and understanding of the COBIT 5 guidance to be able to:

Understand the governance and management of enterprise IT Create awareness with your business executives and senior IT management Assess the current state of enterprise IT in your department or organization Scope which aspects of COBIT 5 would be appropriate to implement.
Exam Format

Multiple Choice format 50 questions per paper 25 mark or more required to pass (out of 50 available) - 50% 40 minute duration Closed book.

Implementation Level
Get a practical understanding of how to apply COBIT 5 to specific business problems, pain points, trigger events and risk scenarios within the organization. Learn how to effectively implement and apply COBIT 5 into your enterprise or how you can integrate components into client initiatives. Attendees will walk away with an appreciation of how to effectively use COBIT 5 for different organizational and or client scenarios. Following completion of the COBIT 5 Implementation course and examination, you will understand:

How to analyze enterprise drivers Implementation challenges, root causes and success factors How to determine and assess current process capability How to scope and plan improvements Potential implementation pitfalls The latest good practices.
Exam Format

Objective testing 4 questions per paper with 20 marks available per question 40 marks or more required to pass (out of 80 available) - 50% 2 hours duration Open book (COBIT 5 Implementation book only).

Assessor Level
The Assessor course provides methods to help guide implementation activities and is supported by several case studies. You will learn how to perform a process assessment and how to analyze the results to provide a clear determination of process capability. You will also learn how these results can be used for process improvement, measuring the achievement of current or projected business goals, benchmarking, consistent reporting and organizational compliance ultimately driving value to the business. Following completion of the COBIT 5 Assessor course and examination, you will understand: o o o o o o o o o

How to perform a process capability assessment using the Assessor Guide: using COBIT 5. How to apply the Process Assessment Model (the PAM) in performing a process capability assessment. Specifically: To use the Process Reference Model, in particular to be able to use the 37 processes outlined in the PRM. To apply and analyse the measurement model in assessing process capability levels. To apply and analyse the capability dimension using generic criteria outlined in the PAM. How to identify and assess the roles and responsibilities in the process capability assessment process. How to perform and assess the 7 steps outlined in the Assessor Guide. Specifically: Initiate a process assessment Scope an assessment, using the tools provided and the PAM for the selection of the appropriate processes Plan & Brief the teams Collect & Validate the data Do a process attribute rating Report the findings of the assessment. How to use the self-assessment guide.

Exam Format

Objective testing 8 questions per paper with 10 marks available per question 40 marks or more required to pass (out of 80 available) - 50% 2 hours duration Open book (COBIT 5 Assessor Guide: Using COBIT 5 and COBIT Process Assessment Model (PAM): Using COBIT 5 books only).
Please Note: The availability of the Implementation and Assessor courses will be announced soon.

The COBIT framework allows enterprises to achieve their governance and management objectives, i.e., to create optimal value from information and technology by maintaining a balance amongst realizing benefits, managing risk and balancing resources. Further benefits include but are not limited to: Maintain high-quality information to support business decisions Achieve strategic goals and realize business benefits through the effective and innovative use of IT Achieve operational excellence through reliable, efficient application of technology Maintain IT-related risk at an acceptable level Optimize the cost of IT services and technology Support compliance with relevant laws, regulations, contractual agreements and policies

COBIT 5 provides an end-to-end business view of the governance of enterprise IT that reflects the central role of information and technology in creating value for enterprises.

five areas of focus: 1. Strategic alignment This covers the alignment of the enterprises and ITs perspective, position, plans, and patterns. 2. Value delivery From a customer perspective, value is expressed in terms of the desired business outcomes, their preferences, and their perceptions in regards to the product or service. 3. Resource management It is important to include the following elements as resources: funding, applications/software, infrastructure/hardware, information/data, and of course people. In order to properly manage their resources, enterprises must develop and maintain the following capabilities: management, enterprise, processes, knowledge, and people. 4. Risk management A risk may be defined as the uncertainty of an outcome whether positive or

negative. The management of the risk includes the identification of the tangible and intangible items to be protected, the various (real or potential) threats facing those items and the level of vulnerability of the items in regards to a specific threat. The enterprise must then decide an appropriate means of mitigating the risk; this may range from doing nothing to attempting to fully protect the item from the threat. 5. Performance measures Before establishing any measure an enterprise needs to identify the reason for the measure. There are four basic reasons for measuring: they are to direct, to validate, to justify, and to intervene. The enterprise needs to identify many other criteria for the measures. These criteria include, but are not limited to, compliance, performance, quality, and value. Furthermore, the measures can be quantitative (objective) or qualitative (subjective). All the measures must also adhere to the SMART principle where S = Specific M = Measurable A = Achievable R = Realistic T = Timely or time bounded

It is a set of guidelines and supporting toolset for governance of enterprise IT that is accepted worldwide. Auditors and enterprises use it as a mechanism to integrate technology in implementing controls and meet specific business objectives. COBIT is well suited to enterprises focused on risk management and mitigation.

The framework integrates all knowledge previously dispersed over different ISACA frameworks13 such as COBIT, Val IT, Risk IT, and the Business Model for Information Security (BMIS) and the IT Assurance Framework (ITAF).