The COBIT 5 processes are split into governance and management “areas”.

These 2
areas contain a total of 5 domains and 37 processes:

 Governance of Enterprise IT
o Evaluate, Direct and Monitor (EDM) – 5 processes
 Management of Enterprise IT
o Align, Plan and Organise (APO) – 13 processes
o Build, Acquire and Implement (BAI) – 10 processes
o Deliver, Service and Support (DSS) – 6 processes
o Monitor, Evaluate and Assess (MEA) - 3 processes

Discover hereunder the COBIT 5 processes:

Evaluate, Direct and Monitor (EDM) • COBIT 5

Governance ensures that enterprise objectives are achieved

by evaluating stakeholder needs, conditions and options; setting direction through
prioritisation and decision making; and monitoring performance, compliance and
progress against agreed-on direction and objectives (EDM).

The following table lists the high-level IT processes for the EDM domain.

HIGH LEVEL CONTROL OBJECTIVES

 Evaluate, Direct and Monitor (EDM)
EDM01 Ensure Governance Framework Setting and Maintenance
EDM02 Ensure Benefits Delivery
EDM03 Ensure Risk Optimisation
EDM04 Ensure Resource Optimisation
EDM05 Ensure Stakeholder Transparency

Management plans, builds, runs and monitors activities in alignment with the direction
set by the governance body to achieve the entreprise objectives. The management of
enterprise IT covers the 4 following domains:

Align, Plan and Organize (APO) • COBIT 5

The Align, Planning and Organization domain covers the use of information &
technology and how best it can be used in a company to help achieve the
company’s goals and objectives. It also highlights the organizational and
infrastructural form IT is to take in order to achieve the optimal results and to
generate the most benefits from the use of IT. The following table lists the high-
level IT processes for the APO domain.

HIGH LEVEL CONTROL OBJECTIVES

Align, Plan and Organize (APO)
APO01 Manage the IT Management Framework
APO02 Manage Strategy
APO03 Manage Entreprise Architecture
APO04 Manage Innovation
APO05 Manage Portfolio
APO06 Manage Budget and Costs
APO07 Manage Human Relations
APO08 Manage Relationships
APO09 Manage Service Agreements
APO10 Manage Suppliers
APO11 Manage Quality
APO12 Manage Risk
APO13 Manage Security

Build, Acquire and Implement (BAI) • COBIT 5

The Build, Acquire and Implement domain covers identifying IT requirements,

acquiring the technology, and implementing it within the company’s current
business processes. The following table lists the high level control objectives for the
BAI domain.

HIGH LEVEL CONTROL OBJECTIVES

Build, Acquire and Implement (BAI)
BAI01 Manage Programs and Projects
 BAI02 Manage Requirements Definition
BAI03 Manage Solutions Identification and Build
BAI04 Manage Availability and Capacity
BAI05 Manage Organisational Change Enablement
BAI06 Manage Changes
BAI07 Manage Changes Acceptance and Transitioning
BAI08 Manage Knowledge
BAI09 Manage Assets
BAI10 Manage Configuration

Deliver, Service and Support (DSS) • COBIT 5

The Deliver, Service and Support domain focuses on the delivery aspects of the
information technology. It covers areas such as the execution of the applications
within the IT system and its results, as well as, the support processes that enable
the effective and efficient execution of these IT systems. The following table lists
the high level control objectives for the DSS domain.

HIGH LEVEL CONTROL OBJECTIVES

Deliver, Service and Support (DSS)
DSS01 Manage Operations
DSS02 Manage Service Requests and Incidents
DSS03 Manage Problems
DSS04 Manage Continuity
DSS05 Manage Security Services
DSS06 Manage Business Process Controls

Monitor, Evaluate and Assess (MEA) • COBIT 5

The Monitor, Evaluate and Assess domain deals with a company’s strategy in
assessing the needs of the company and whether or not the current IT system still
meets the objectives for which it was designed and the controls necessary to
comply with regulatory requirements. Monitoring also covers the issue of an
independent assessment of the effectiveness of IT system in its ability to meet
business objectives and the company’s control processes by internal and external
auditors. The following table lists the high level control objectives for the MEA
domain

HIGH LEVEL CONTROL OBJECTIVES

Monitor, Evaluate and Assess (MEA
MEA01 Monitor, Evaluate and Assess Performance and Conformance
MEA02 Monitor, Evaluate and Asses the System of Internal Control
 MEA03 Evaluate and Assess Compliance with External Requirements

CobiT 4.1
CobiT, the Control Objectives for Information and related
Technology version 4.1, cover four domains:

 Plan and Organise (PO)

 Acquire and Implement (AI);
 Deliver and Support (DS);
 Monitor and Evaluate (ME);

Please find below the overview of the 34 CobiT processes per domain.

Discover hereunder the CobiT 4.1 processes:

Plan and Organize (PO) • CobiT 4.1

The Planning and Organization domain covers the use of information & technology
and how best it can be used in a company to help achieve the company’s goals and
objectives. It also highlights the organizational and infrastructural form IT is to take
in order to achieve the optimal results and to generate the most benefits from the
use of IT. The following table lists the high-level IT processes for the Planning and
Organization domain.

HIGH LEVEL CONTROL OBJECTIVES

Plan and Organize
PO1 Define a Strategic IT Plan
PO2 Define the Information Architecture
PO3 Determine Technological Direction
PO4 Define the IT Processes, Organization and Relationships
PO5 Manage the IT Investment
PO6 Communicate Management Aims and Direction
PO7 Manage IT Human Resources
PO8 Manage Quality
PO9 Assess and Manage IT Risks
PO10 Manage Projects

Acquire and Implement (AI) • CobiT 4.1

The Acquire and Implement domain covers identifying IT requirements, acquiring

the technology, and implementing it within the company’s current business
processes. This domain also addresses the development of a maintenance plan that
a company should adopt in order to prolong the life of an IT system and its
components. The following table lists the high level control objectives for the
Acquisition and Implementation domain.

HIGH LEVEL CONTROL OBJECTIVES

Acquire and Implement
 AI1 Identify Automated Solutions
AI2 Acquire and Maintain Application Software
AI3 Acquire and Maintain Technology Infrastructure
AI4 Enable Operation and Use
AI5 Procure IT Resources
AI6 Manage Changes
AI7 Install and Accredit Solutions and Changes

Delivery and Support (DS) • CobiT 4.1

The Delivery and Support domain focuses on the delivery aspects of the information
technology. It covers areas such as the execution of the applications within the IT
system and its results, as well as, the support processes that enable the effective
and efficient execution of these IT systems. These support processes include
security issues and training. The following table lists the high level control
objectives for the Delivery and Support domain.

HIGH LEVEL CONTROL OBJECTIVES

Deliver and Support
DS1 Define and Manage Service Levels
DS2 Manage Third-party Services
DS3 Manage Performance and Capacity
DS4 Ensure Continuous Service
DS5 Ensure Systems Security
DS6 Identify and Allocate Costs
DS7 Educate and Train Users
DS8 Manage Service Desk and Incidents
DS9 Manage the Configuration
DS10 Manage Problems
DS11 Manage Data
DS12 Manage the Physical Environment
DS13 Manage Operations

Monitor and Evaluate (ME) • CobiT 4.1

The Monitoring and Evaluation domain deals with a company’s strategy in assessing
the needs of the company and whether or not the current IT system still meets the
objectives for which it was designed and the controls necessary to comply with
regulatory requirements. Monitoring also covers the issue of an independent
assessment of the effectiveness of IT system in its ability to meet business
objectives and the company’s control processes by internal and external auditors.
The following table lists the high level control objectives for the Monitoring domain.

HIGH LEVEL CONTROL OBJECTIVES

Monitor and Evaluate
ME1 Monitor and Evaluate IT Performance
ME2 Monitor and Evaluate Internal Control
ME3 Ensure Compliance with External Requirements
ME4 Provide IT Governance

CobiT framework

Source: ISACA
Translation in French

Domain Control objectives Domaines Objectifs de contrôle

PO1 Define a Strategic PO1 Définir un Plan
IT Plan informatique stratégique
PO2 Define the PO2 Définir l’architecture de
Information Architecture l’Information
PO3 Determine PO3 Déterminer l’orientation
Technological Direction technologique
PO4 Define the IT PO4 Définir les processus,
Processes, Organization l’organisation et les relations
and Relationships de travail
PO5 Gérer les
Plan and PO5 Manage the IT Planifier et investissements
Organize Investment Organiser informatiques
PO6 Communicate PO6 Faire connaître les buts
Management Aims and et les orientations du
Direction management
PO7 Manage IT Human PO7 Gérer les Ressources
Resources Humaines de l’informatique
PO8 Manage Quality PO8 Gérer la qualité
PO9 Assess and Manage PO9 Évaluer et gérer les
IT Risks risques
PO10 Manage Projects PO10 Gérer les Projets
AI1 Identify Automated AI1 Trouver les solutions
Solutions informatiques
AI2 Acquire and AI2 Acquérir des
Maintain Application applications et en assurer la
Software maintenance
AI3 Acquire and AI3 Acquérir une
Maintain Technology infrastructure technique et
Infrastructure Acquérir et en assurer la maintenance
Acquire and
mettre en
Implement AI4 Faciliter le
AI4 Enable Operation place
fonctionnement et
and Use
l’utilisation
AI5 Procure IT AI5 Acquérir des ressources
Resources informatiques
AI6 Manage Changes AI6 Gérer les changements
AI7 Install and Accredit AI7 Installer et valider les
Solutions and Changes solutions et les modifications
DS1 Define and Manage DS1 Définir et gérer les
Deliver and Service Levels Délivrer et niveaux de service
support DS2 Manage Third-party supporter
DS2 Gérer les services tiers
Services
 DS3 Manage
DS3 Gérer la performance et
Performance and
la capacité
Capacity
DS4 Ensure Continuous DS4 Assurer un service
Service continu
DS5 Ensure Systems DS5 Assurer la sécurité des
Security systèmes
DS6 Identify and DS6 Identifier et imputer les
Allocate Costs coûts
DS7 Educate and Train DS7 Instruire et former les
Users utilisateurs
DS8 Gérer le service
DS8 Manage Service
d’assistance client et les
Desk and Incidents
incidents
DS9 Manage the
DS9 Gérer la configuration
Configuration
DS10 Manage Problems DS10 Gérer les problèmes
DS11 Manage Data DS11 Gérer les données
DS12 Manage the DS12 Gérer l’environnement
Physical Environment physique
DS13 Manage
DS13 Gérer l’exploitation
Operations
ME1 Monitor and SE1 Surveiller et évaluer la
Evaluate IT Performance performance des SI
ME2 Monitor and
SE2 Surveiller et évaluer le
Evaluate Internal
contrôle interne
Monitor and Control Surveiller et
Evaluate ME3 Ensure Compliance évaluer
SE3 S’assurer de la
with External
conformité réglementaire
Requirements
ME4 Provide IT SE4 Mettre en place la
Governance gouvernance des SI