Professional Documents
Culture Documents
Business Needs
Governance
Evaluate
Management
2013 ISACA. A l l r i g h t s r e s e r v e d .
COBIT 5 Process Reference Model
EDM01 Ensure
Governance EDM02 Ensure EDM03 Ensure EDM04 Ensure EDM05 Ensure
Framework Setting Benefits Delivery Risk Optimisation Resource Stakeholder
and Maintenance Optimisation Transparency
MEA01 Monitor,
Evaluate and Assess
APO09 Manage Performance and
APO08 Manage APO10 Manage APO11 Manage APO12 Manage APO13 Manage Conformance
Service Risk Security
Relationships Agreements Suppliers Quality
: Enabling Processes
2013 ISACA. A
Build, Acquire and Implement
l l
BAI03 Manage BAI04 Manage BAI05 Manage BAI07 Manage
BAI01 Manage BAI02 Manage Solutions Organisational Change
Programmes and Requirements Availability BAI06 Manage
Identification and Capacity Change Changes Acceptance and MEA02 Monitor,
Projects Definition and Build Enablement Transitioning Evaluate and Assess
r i g h t s
the System of Internal
Control
r e s e r v e d
.
Deliver, Service and Support
MEA03 Monitor,
DSS02 Manage DSS05 Manage DSS06 Manage Evaluate and Assess
DSS01 Manage DSS03 Manage DSS04 Manage Compliance With
Operations Service Requests Security Business
and Incidents Problems Continuity Services Process Controls External Requirements
Outputs
Outputs to all Processes
From Key
Practice Output Description Destination
APO13.02 Information security risk treatment plan All EDM; All APO; All BAI; All DSS; All MEA
Outputs to all Governance Processes
From Key
Practice Output Description Destination
EDM01.01 Enterprise governance guiding principles All EDM
EDM01.01 Decision-making model All EDM
EDM01.01 Authority levels All EDM
EDM01.02 Enterprise governance communications All EDM
EDM01.03 Feedback on governance effectiveness and performance All EDM
Outputs to all Management Processes
From Key
Practice Output Description Destination
APO01.01 Communication ground rules All APO; All BAI; All DSS; All MEA
APO01.03 IT-related policies All APO; All BAI; All DSS; All MEA
APO01.04 Communications on IT objectives All APO; All BAI; All DSS; All MEA
APO01.07 Process improvement opportunities All APO; All BAI; All DSS; All MEA
APO02.06 Communications package All APO; All BAI; All DSS; All MEA
APO11.02 Quality management standards All APO; All BAI; All DSS; All MEA
APO11.04 Process quality of service goals and metrics All APO; All BAI; All DSS; All MEA
APO11.06 Communications on continual improvement and good practices All APO; All BAI; All DSS; All MEA
APO11.06 Examples of good practice to be shared All APO; All BAI; All DSS; All MEA
APO11.06 Quality review benchmark results All APO; All BAI; All DSS; All MEA
MEA01.02 Monitoring targets All APO; All BAI; All DSS; All MEA
MEA01.04 Performance reports All APO; All BAI; All DSS; All MEA
MEA01.05 Remedial actions and assignments All APO; All BAI; All DSS; All MEA
MEA02.01 Results of internal control monitoring and reviews All APO; All BAI; All DSS; All MEA
MEA02.01 Results of benchmarking and other evaluations All APO; All BAI; All DSS; All MEA
MEA02.03 Self-assessment plans and criteria All APO; All BAI; All DSS; All MEA
MEA02.03 Results of reviews of self-assessments All APO; All BAI; All DSS; All MEA
MEA02.04 Control deficiencies All APO; All BAI; All DSS; All MEA
MEA02.04 Remedial actions All APO; All BAI; All DSS; All MEA
MEA02.06 Assurance plans All APO; All BAI; All DSS; All MEA
MEA02.08 Refined scope All APO; All BAI; All DSS; All MEA
MEA02.08 Assurance review results All APO; All BAI; All DSS; All MEA
MEA02.08 Assurance review report All APO; All BAI; All DSS; All MEA
MEA03.02 Communications of changed compliance requirements All APO; All BAI; All DSS; All MEA
Source: COBIT 5: Enabling Processes, figure 11
2013 ISACA. A l l r i g h t s r e s e r v e d .
ISACA Frameworks Included in COBIT 5
COBIT 5
Val IT 2.0 Governance and
Key Management Map to
Management
Practices Practices
Risk IT
Management Map to
Practices
Source: COBIT 5: Enabling Processes, figure 13
Note: COBIT 5: Enabling Processes Appendix A. Mapping Between COBIT 5 and Legacy ISACA Frameworks,
figures 14, 15 and 16, contain the mapping of COBIT 4.1, Val IT and Risk IT components to COBIT 5.