Student Handbook For Cobit5 Implementation Training PDF

COBIT5: Implementation
A Business Framework for the Governance
and Management of Enterprise IT
COBIT5® is a registered trademark of ISACA.
No part of this document may be reproduced in any form without the explicit written permission of both the 4P Advisory Services and ISACA®. Trademarks, acknowledged.
Corporate Training, Consulting, Examinations, Process
Improvements, Assessments
Module 0:
Introduction
No part of this document may be reproduced in any form without the explicit written permission of both the 4P Advisory Services and ISACA®. Trademarks, acknowledged. 2
0 Introduction COBIT5 Implementation
4P Advisory Services
Module 0: Agenda
• Administration
• Copyright and Acknowledgement
• “Do’”s and “Don’t”s
• Administration
• Course Information
• Participant Introduction
• Learning Objectives
• Course Topics
• Examination Information, Procedures and Tips
Copyright & Acknowledgements
• COBIT5® is a registered trademark of AXELOS® Limited

• This document is exclusively created for and by 4P Advisory Services, an ISACA
Partner through Peoplecert. No part of this documents can be directly
/indirectly copied in any form.
• Any one doing so is legally liable for financial damages to be paid to and the
Author of this document.
• Anyone informing the breach may suitably be rewarded.
• Feedback & Inquiries: info@4pa.in
Do’s and Don’ts
DO DON’T
Get involved Use Laptops, Tablets, Smart phones,
Smart Watches
Ask questions Talk to the colleagues in the class
Share experiences Lead to irrelevant out of scope
discussions
Keep an open mind Be disruptive
Take calls outside the room Not do homework
Agree to disagree!
Administration
 Fire safety
 Planned fire alarm tests
 Evacuation procedures and fire exits
 Toilets/ Washrooms
 Security of belongings
 Course timings and breaks
 Mobiles/blackberries
 Photo ID and pencils for examinations
 Lots of questions/discussion please!
Course Information
 Course Structure and Approach
 Presentation sessions
 Group exercises
 Case Studies
 Exam preparation
 Course Materials @ (www.isaca.org)
– COBIT5® Kit can be downloaded.
– COBIT5® Implementation Guide can be downloaded.
Course Syllabus Information
The syllabus is presented by syllabus areas. This is the unit of learning which may
relate to a chapter from the manual/guidance or several concepts commonly
grouped together in a training course module. The following syllabus areas are
identified.
• IP Initiate the program (What are the drivers? ‐Phase 1)
• DP Define Problems & Opportunities (Where are we now and where do we
want to be? ‐Phases 2 & 3)
• PE Plan & Execute the program (What needs to be done & How do we get
there? ‐Phases 4 & 5)
• RB Realize Benefits and Review effectiveness (Did we get there and how do we
keep the momentum going? ‐Phases 6 & 7)
Course Reference Information
Reference Material:
• COBIT 5 Implementation Guide
• COBIT 5 Enabling Processes Guide
• The COBIT 5 Toolkit (contains tools that will be referenced and used in the
training)
COBIT5 Publications
COBIT 5 Publications:
 COBIT 5*
 COBIT 5 Implementation
 COBIT 5: Enabling Processes
 COBIT 5: Enabling Information
COBIT 5 Professional Guides
 COBIT 5 for Information Security
 COBIT 5 for Assurance
 COBIT 5 for Risk
COBIT5 Assessment Programme Publications
 Process Assessment Model
 Self‐Assessment Guide
 Assessor Guide
*The COBIT5 Framework
Exam Information
• COBIT 5 Implementation:
Delivery Computer (web) or Paper based
Type 4 Multiple choice questions (20 items each)
Single response, one of four possible answers
Multiple response, X of Y possible answers
Matching response
Assertion response
Each question is awarded one (1) mark
Duration 150 minutes
Pass Mark 50% (40 or more marks)
Open Book : ‘COBIT 5 Implementation’ book only
Prerequisites COBIT 5 Foundation Certificate
Participant Introductions
• Trainer’s Introduction
• Participant’s Introduction
• Name
• Role & experience in the IT Governance domain
• Professional experience
• Current role & corresponding responsibilities
• What you know about the topics under coverage?
• What you expect from the session?
Learning Objective
• Analyse the enterprise drivers
• Apply the implementation challenges, their root causes and success factors
• Assess current process capability
• Determine target process capability
• Scope and plan improvements
• Consider practical implementation factors
• Identify and avoid potential pitfalls
• Leverage the latest good practices
Course Modules :1 of 2
Module 1 Module 3
Introduction to COBIT  IP Initiate the program (What are the
drivers? ‐ Phase 1)
Module 2 Module 4
Introduction to COBIT5 and  DP: DP Define Problems &
Implementation Practices Opportunities
 IC Introduction to COBIT‐ Principles,  Module 3.1 DP Define Problems &
Enablers, Processes and PRM Opportunities (Where are we now
(Process Reference Model) Phase 2)
 CS Case Study and Discussions  Module 3.2 DP Define Problems &
 PM CSI Model and Program Opportunities (Where do we want to
Management for COBIT be? ‐ Phases 3)
Implementation
Course Modules: 2 of 2
Module 5 Module 6
 PE: PE Plan & Execute the  RB: Realize Benefits and Review
program effectiveness
 4.1 PE Plan & Execute the  5.1 RB Realize Benefits and Review
program (What needs to be effectiveness (Did we get there? ‐
done? – Phase 4) – Change Phase 6)
Enablement?  5.2 RB Realize Benefits and Review
effectiveness (How do we keep the
 4.2 PE Plan & Execute the momentum going? – Phase 7)
program (How do we get there? Module 7
– Phase 5)  CE&CI Change Enablement and
Continuous Improvement
Module 8
 COBIT 5 Assessment Steps
About ISACA
ISACA (www.isaca.org) is a leading global provider of knowledge, certifications,

community, advocacy and education on information systems (IS) assurance and
security, enterprise governance and management of IT, and IT‐related risk and
compliance. Founded in 1969, the non‐profit, independent, ISACA hosts
international conferences, publishes the ISACA® Journal, and develops
international IS auditing and control standards, which help its constituents ensure
trust in, and value from, information systems.
It also advances and attests IT skills and knowledge through the globally
respected Certified Information Systems Auditor® (CISA®), Certified Information
Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®)
and Certified in Risk and Information Systems Control™ (CRISCTM) designations.
ISACA continually updates COBIT®, which helps IT professionals and enterprise
leaders fulfil their IT governance and management responsibilities, particularly in
the areas of assurance, security, risk and control, and deliver value to the
business.
Module 1:
Introduction to Governance
and COBIT5
1 Introduction to COBIT
Introduction COBIT5 Implementation
Corporate Governance vs. IT Governance
Corporate governance is the set of processes, customs, policies, laws,

management practices and institutions affecting the way an entity is
controlled and managed. It incorporates all the relationships among the many
stakeholders involved and aims to organise them to meet the goals of the
organisation in the most effective and efficient manner possible. An effective
corporate governance strategy allows an organisation to manage all aspects
of its business in order to meet its objectives.
Information technology governance, however, is a subset discipline of

Corporate Governance. Although it is sometimes mistaken as a field of study
on its own, IT Governance is actually a part of the overall Corporate
Governance Strategy of an organisation.
Learning Outcomes
 Understand the concepts relating to the structure and format of the
framework, the drivers and business benefits of using the COBIT 5
framework, Specifically to identify:
o The drivers for the development of COBIT 5, specifically the needs for
the next generation of ISACA’s guidance on the enterprise governance
and management of IT.
o The benefits to the enterprise stakeholders by using the COBIT 5
framework
Defining Governance
Governance ensures that enterprise objectives are achieved by evaluating

stakeholder needs, conditions and options; setting direction through
Prioritisation and decision making; and monitoring performance, compliance
and progress a against agreed direction and objectives
Governance is about Negotiating and deciding amongst different stakeholders’
value interests.
Wikipedia: Governance refers to "all processes of governing, whether
undertaken by a government, market or network, whether over a family,
tribe, formal or informal organization or territory and whether through laws,
norms, power or language.“
ISACA: Governance—Exercise of authority; control; government; arrangement
Defining Management
• Management plans, builds, runs and monitors activities in alignment with

the direction set by the governance body to achieve the enterprise
objectives
Purpose of Governance & Management
Exercising governance and management effectively in practice requires

appropriately using all enablers. The COBIT5 process reference model allows
us to focus easily on the relevant enterprise activities.
Purpose of a Governance Framework like COBIT5: To help enterprises create
optimal value from IT by maintaining a balance between realizing benefits
and optimizing risk levels
 Key Activities of Governance :
• Set principles and policies.
• Sets direction and is responsible to the Owners and stakeholders
 Key component of a Governance System: Setting up the Governance
Framework
Governance—In most enterprises, governance is the responsibility of the board of
directors under the leadership of the chairperson.
Management—In most enterprises, management is the responsibility of the executive
management under the leadership of the CEO.
Why COBIT 5 Developed?
COBIT 5:
 ISACA Board of Directors directive: “Tie together and reinforce all ISACA
knowledge assets with COBIT.”
 Provide a renewed and authoritative governance and management

framework for enterprise information and related technology
 Integrate all other major ISACA frameworks and guidance
 Align with other major frameworks and standards
The Evolution of COBIT 5
Governance of Enterprise IT
IT Governance
BMIS
(2010)
Evolution
Management
Val IT 2.0
(2008)
Control
Audit Risk IT
(2009)
COBIT1 COBIT2 COBIT3 COBIT4.0/4.1 COBIT 5
1996 1998 2000 2005/7 2012
COBIT 5 Scope
 Not simply IT; not only for big business!

 COBIT 5 is about governing and managing information
 Whatever medium is used
 End to end throughout the enterprise
 Information is equally important to:
 Global, multinational business
 National and local government
 Charities and not for profit enterprises
 Small to medium enterprises and
 Clubs and associations
Benefits
 Information is the business currency of the 21st Century

 Information has a life cycle: it is created, used, retained, disclosed and
destroyed
 Technology plays a key role in these actions.
 Technology is becoming pervasive in all aspects of business and personal
life
 Every form of enterprise needs to be able to rely on quality information
to support quality executive decisions!
Enterprise Benefits
Enterprises and their executives strive to:

 Maintain quality information to support business decisions.
 Generate business value from IT‐enabled investments, i.e., achieve strategic
goals and realise business benefits through effective and innovative use of IT.
 Achieve operational excellence through reliable and efficient application of
technology.
 Maintain IT‐related risk at an acceptable level.
 Optimise the cost of IT services and technology.
How can these benefits be realised to create enterprise stakeholder value?
Stakeholder Value
 Delivering enterprise stakeholder value requires good governance and

management of information and technology (IT) assets.
 Enterprise boards, executives and management have to embrace IT like any
other significant part of the business.
 External legal, regulatory and contractual compliance requirements related
to enterprise use of information and technology are increasing, threatening
value if breached.
 COBIT 5 provides a comprehensive framework that assists enterprises to
achieve their goals and deliver value through effective governance and
management of enterprise IT.
Benefits . . .
 COBIT 5 :
 Defines the starting point of governance and management activities with the
stakeholder needs related to enterprise IT
 Creates a more holistic, integrated and complete view of enterprise
governance and management of IT that is consistent, provides an end‐to‐end
view on all IT‐related matters and provides a holistic view
 Creates a common language between IT and business for the enterprise
governance and management of IT
 Is consistent with generally accepted corporate governance standards, and
thus helps to meet regulatory requirements
Examples: Factors, which may indicate a need for the improved
governance of enterprise IT:
 Significant incidents related to IT risk, such as data loss or project failure,
have been experienced.
 Lack of confidence in IT management
 IT investments and risks were being managed by various IT departments in
isolation, resulting in duplicated efforts in some areas and gaps in others.
 Lack of information consistency and accountability across all IT groups.
 IT goals and perspectives not clearly aligned to the organizational goals.
The COBIT 5 Format
 Simplified
 COBIT 5 directly addresses the needs of the viewer from different
perspectives
 Development continues with specific practitioner guides
 COBIT 5 is initially in 3 volumes:
1. The Framework
2. Process Reference Guide
3. Implementation Guide
 COBIT 5 is based on:
 5 principles and
 7 enablers
COBIT5: Principles
Principle 1: Meeting Stakeholder Needs
 The COBIT 5 goals cascade allows the definition of priorities for

 Implementation
 Improvement
 Assurance of enterprise governance of IT
 In practice, the goals cascade:
 Defines relevant and tangible goals and objectives at various levels of
responsibility
 Filters the knowledge base of COBIT 5, based on enterprise goals to
extract relevant guidance for inclusion in specific implementation,
improvement or assurance projects
 Clearly identifies and communicates how enablers are used to achieve
enterprise goals
Principle 2: Covering the Enterprise End–to–End
Principle 3 ‐ Single Integrated Framework.
One Simple
Architecture
Integration of
Completeness in Knowledge across
Enterprise domains
Coverage Single
Integrated
Framework
Alignment with
other relevant ISO/ IEC 15504 for
framework s & Assessment
Standards
Principle 4: Enabling a Holistic Approach
Principle 5 ‐ Governance and Management Defined
COBIT 5 Product Family
The COBIT5 Integrator Model links COBIT 5 to existing
COBIT and Other IT Governance Frameworks
COSO
COBIT
ISO 27002
ISO 9000
ISACA guidance publications.
WHAT ITIL 2011 HOW
SCOPE OF COVERAGE
Source ISACA
COBIT 5 Mapping Specifics ..1
 ISO/IEC 38500
o ISO’s 6 principles map to COBIT 5
 The following areas and domains are covered by ITIL 2011:
o A subset of process in the DSS domain
o A subset of processes in the BAI domain
o Some processes in the APO domain
 ISO/IEC 27000 (currently 27001:2013)
o Security and IT‐related processes in domains EDM, APO and DSS
o Some monitoring of security monitoring activities in MEA
 ISO/IEC 31000
o Risk management related activities in EDM and APO
COBIT 5 Mapping Specifics ..2
 TOGAF (The Open Group Architecture Framework)

o Resource‐related processes in EDM
o TOGAF components of the architecture board and governance areas
o Enterprise architecture processes of APO
 PRINCE2
o Programme and project management processes in the BAI domain
o Portfolio related processes in the APO domain
 CMMI
o Some Organizational and quality‐related processes in the APO domain
o Application –building and acquisition related processes in BAI
Module 2:
An Introduction to COBIT5
Implementation
2 An Introduction to COBIT5 COBIT5 Implementation
Implementation Practices 4P Advisory Services
COBIT 5 Implementation
 ISACA has developed the COBIT5 framework to help enterprises implement

sound governance enablers. Indeed, implementing good GEIT is almost
impossible without engaging an effective governance framework. Best
practices and standards are also available to underpin COBIT5.
 However, frameworks, best practices and standards are useful only if they are
adopted and adapted effectively. There are challenges that need to be
overcome and issues that need to be addressed if GEIT is to be implemented
successfully.
 COBIT 5 Implementation Guide provides the guidance on how to do this.
COBIT5‐Ver2‐Implementation.pdf
COBIT 5 Implementation cont.
 The COBIT 5 Implementation Guide was released at the same time as the
COBIT 5 Framework and COBIT 5 Enabling Processes
 Information and information technology are increasingly part of every
aspect of business.
 The need to drive more value from IT investments and manage an increasing
array of IT‐related risk has never been greater
 Increasing regulation and legislation is also raising awareness of the
importance of good governance
Challenges to Success
 What are the drivers?
 Where are we now and where do we want to be?
 What needs to be done?
 How do we get there?
 Did we get there and how do we keep the momentum going?
© 2012 ISACA. All Rights Reserved.
Roles in Creating an Appropriate Environment
RACI chart for Creating an Appropriate Environment
Components of the Lifecycle
Program Management
1. Initiate program
2. Define problems and
opportunities
3. Define roadmap
4. Develop program plan
5. Execute plan
6. Realize benefits
7. Review program
effectiveness
8. Sustain
COBIT 5 Implementation
Enterprise Internal and External factors
 Understanding the Enterprise Internal and external factors as they apply to
change management such as:
o Ethics and culture
o Applicable laws, regulations and policies
o Mission, vision and values
o Governance policies and practices
o Business plans and strategic intentions
o Operating Model
o Management style
o Risk appetite
o Capabilities and available resources
o Industry practices
Key Success Factors
 Top Management providing the direction and mandate for the initiative as
well as on‐going commitment
 All parties supporting the governance and management processes to
understand the business and IT objectives.
 Ensuring effective communication and enablement of the necessary changes
 Tailoring COBIT and other supporting good practices and standards to fit the
unique context of the enterprise and
 Focusing on quick wins and prioritising the most beneficial improvements
that are easiest to implement.
Continuous Improvement through 7 enablers
Case Study Scenario: IT Governance Initiative
A major financial services organization has recently been purchased by a large

overseas competitor and is now subject to new overseas compliance regulations.
Following the takeover the local organization is now known as the ‘local office’ and the
purchaser is known as the ‘Overseas Head Office’.
Case Study Scenario: Background and Current Issues
The organization currently is experiencing issues with change management. As a
result of the takeover, further changes are being introduced which the existing processes
cannot handle. The problems are being exacerbated by the size and the volume of the
required changes.
Although the takeover from the overseas company is recent, Overseas Regulators
are already seeking visibility of compliance.
Prior to being taken over the current Board had on‐going concerns with IT security.
These concerns are expected to increase given the demands of passing information overseas
to the new Overseas Head Office.
Also prior to the takeover, relationships between IT and the Enterprise were not
good due to previous IT project failures and lack of visibility of project benefits.
Staff morale has been very low with an above average staff turnover. Due to the
recent takeover, there have been senior management changes and a further increase in staff
turnover due to the job uncertainty.
The organization has a new and inexperienced team in IT Governance.
Case Study Scenario: Current projects in place
There are two existing projects underway:
HR Project ‐ There is currently a HR project in progress to address the high level of staff
turnover. Its objective is to reduce the current turnover levels.
IT Security – The local office has recently engaged a team of external security specialists to
review the current level of IT security and to recommend appropriate solutions.
Case Study Scenario: Roles and Responsibilities
An extract of the organizational structure of the Financial Services Organisation (not including
the Overseas Head Office) is given below.
IT Management consists of the CIO and his direct reports.
The Audit Manager is from the Overseas Head Office and is responsible for the local Audit team
The IT Governance, Risk and Compliance (IT GRC) Manager is newly appointed and has recently attended a
COBIT 5 course.
The Technical Support Manager has been with the enterprise for over 20 years and takes a very ‘hands on’
approach. This role is responsible for ensuring the ongoing availability of the network infrastructure.
Case Study Scenario: IT Governance Initiative Start‐up
As a result of the overseas compliance regulations the IT Governance, Risk and
Compliance (IT GRC) Manager has decided to launch a major IT Governance Initiative.
The initiative will incorporate the compliance requirements mandated by the
Overseas Head Office in addition to improvements in governance and change management.
The existing projects will be included within the scope.
The Overseas Head Office will sponsor the programme and the IT GRC Manager has
been appointed as the Programme Manager. However, some problems have already been
experienced:
• Although the IT GRC Manager has launched an initiative it is not clear who is
supporting the initiative and which processes are required to be targeted.
• Current attempts by the IT GRC Manager to get the initiative off the ground have
currently been unsuccessful.
Case Study Scenario: Mapping of Processes to Issues
The IT GRC Manager completed a small assessment of the issues facing the new organisation
including the two existing projects on HR and Security and a report summarising their security
issues. He discovered more issues related to the existing change management and HR and
Security problems. He has mapped these to risks and recommended the following COBIT
processes to be included in the improvement programme in order to assist and leverage best
practice for the following Issues and Problem areas:
PROBLEMS & ISSUES RISKS COBIT PROCESSES

1. HR ISSUES APO07 APO07
‐ High turnover. Departure or unavailability of key IT APO07
staff.
‐ Skills & competences not ‐ Lack of business understanding by APO07
matched to business IT staff
requirements. ‐ Lack of or mismatch of IT‐related
skills.
‐ No process for contract staff. Contractual obligations by APO07
contractors not met.
2. Security Issues
‐ Access by external Users circumventing logical access rights ‐ DSS05; DSS04
contractors poorly controlled Users obtaining access to unauthorized
information.
‐No policy and process for End ‐Loss/disclosure of portable media, lap DSS05
Point security including mobile tops mobile devices etc.
devices. ‐ Accidental disclosure of sensitive
information.
3. Change Management Issues BAI05
‐ New organisation cannot cope Business managers not involved in important BAI05
with change requests for It investment decision making regarding new
processes. applications, prioritisations or new
technology opportunities
4. Project Delivery Issues BAI01/ BAI02

‐ Poor project delivery in terms ‐ Projects failing due to cost delays, scope BAI01
of on time and to budget. creep or changed business priorities
‐ Insufficient quality of project deliverables
due to software, documentation or
compliance with functional requirements.
‐Failure to understand business ‐ Business not assuming accountability over IT BAI02
requirements. areas such as functional requirements.
Case Study Scenario: Plan and Execute the Program
Awareness of the business’ frustration about the lack of visibility of the compliance
program has reached the Overseas Head Office. As a result of this, the Overseas Head Office
has instructed the Financial Services Organization to quickly solve this issue relating to the
poor relationships between IT and the business. The instruction has come down for IT to
solve this as part of the Governance Initiative.
The IT GRC Manager is already overloaded with work and hence has asked one of
his junior members of his team to take ownership of the task.
He has told the junior member that the solution to this issue will be to include
information relating to the compliance program on the Financial Services Organization’s
existing Intranet. Access to this Intranet is already available to the business. Due to budget
constraints, there will be a limit on the amount of information that can be added to the
Intranet. This work must be done in‐house.
Module 3:
IP Initiate the program
3 IP: Initiate the program (What are the COBIT5 Implementation
drivers? ‐ Phase 1) 4P Advisory Services
Continual Improvement Life cycle Phase‐1
Ref .”Figure 15
Roles in Phase 1
Ref .”Figure 16
Phase 1 Description (1/4)
Ref .”Figure 17
Ref .”Figure 17
Ref .”Figure 17
Ref .”Figure 17
Phase‐1 RACI Chart
Ref .”Figure 18
Phase 1 – What Are the Drivers?
The Basics
Initiate the Programme
 Establish desire to change:
 Recognise need to act
Phase 1 – What Are the Drivers?
 Need for new or improved IT governance organization is usually

recognized by pain points and/or trigger events
 Board and executive management should:
 Analyze pain points to identify root cause
 Look for opportunities during trigger events
 The goal of this phase of the lifecycle includes:
 Outlining the business case
 Identification of stakeholders and roles & responsibilities
 IT governance program “wake‐up call” and kick‐off communications
Phase 1 – SWOT?
Phase 1 ‐ Typical Pain Points
 Failed IT initiatives  Resource waste through
 Rising costs duplication or overlap in IT
 Perception of low business value initiatives
for IT investments  Insufficient IT resources
 Significant incidents related to IT  IT staff burnout / dissatisfaction
risk (e.g. data loss)  IT enabled changes frequently
 Service delivery problems failing to meet business needs
 Failure to meet regulatory or (late deliveries or budget
contractual requirements overruns)
 Audit findings for poor IT  Multiple and complex IT assurance
performance or low service efforts
levels  Board members or senior
 Hidden and/or rogue IT spending managers that are reluctant to
engage with IT
Phase 1 ‐ Relevant Trigger Events
 Merger, acquisition or divestiture  An enterprise‐wide governance
 Shift in the market, economy or focus or project
competitive position  A new CIO, CFO, COO or CEO
 External audit or consultant
 Change in business operating
assessments
model or sourcing arrangements
 A new business strategy or
 New regulatory or compliance priority
requirements
 Significant technology change or
paradigm shift
By using pain points or trigger events as the launching point
for IT governance initiatives, the business case for GEIT
improvement can be related to issues being experienced,
which will improve buy‐in to the business case.
Case Study Scenario: Additional Phase 1 Information
In trying to understand where the Financial Services Organization currently stands in
respect to Governance, the IT GRC Manager has identified a number of issues:
The local office management is confused about what the Initiative is trying to achieve and
doesn’t appear to be fully engaged
Concerns have also been expressed as to the potential cost of the proposed
Initiative for what appears to be very little benefit. Suggestions have even been made that if
the Overseas Head Office wants the work completing then it should pay for it
Additionally, the long standing relationship issue between IT and Business
Management caused by previous project failures is still very much in existence
Exercise 001
1. Which reason is a root cause for a lack of Senior Management buy‐in to an improvement initiative
according to the COBIT 5 Implementation Guide?
A. Lack of dedicated resources.
B. Poor perception of the credibility of the IT function.
C. Best practices are copied and are NOT adopted.
D. Continual improvement is NOT part of the culture.
2. Which reason is a root cause of why IT could have difficulty in getting the required business
participation according to the COBIT 5 Implementation Guide?
A. Barriers between IT and the business inhibit participation.
B. IT budget committed to infrastructure.
C. Priorities incorrectly allocated.
D. Fear of revealing inadequate practices.
3. Which reason is a root cause for the lack of current enterprise policy and direction within an
organization according to the COBIT 5 Implementation Guide?
A. IT budget committed to infrastructure.
B. Best practices are copied and are NOT adopted.
C. Overly optimistic goals.
D. Weak enterprise risk management.
Exercise 001
4. Which 2 documents are Inputs to Phase 1?
A. Outline Business Case for the Governance Initiative.
B. Reports showing the volume of changes since the takeover.
C. A report from HR on staff turnover.
D. A list of stakeholders at the local office and Overseas Head Office.
E. Documented approval from the CEO to proceed.
5. Which 2 documents are Outputs from Phase 1?
A. A process for engaging local Management about the Governance Initiative.
B. A report showing the local office’s capability to cope with the required amount of process change as a result of
the Governance Initiative.
C. An agreed list of the local office’s Roles and Responsibilities for the Governance Initiative.
D. Reports showing the volume of changes since the takeover.
E. Report on the Security issues.
6. Which 2 activities are Programme Management tasks performed during Phase 1?
A. Understand full impact of the Governance Initiative.
B. Raise awareness of compliance issues with the local office.
C. Obtain buy‐in and approval from the CEO to proceed.
D. Produce outline Governance Initiative business case.
E. Identify other project dependencies such as the Security and HR projects.
Exercise 001
7. Which 2 activities are Change Enablement tasks performed during Phase 1?
A. Obtain approval from the CEO to proceed.
B. Produce outline Governance Initiative business case.
C. Understand full impact of the Governance Initiative.
D. Raise awareness of compliance issues with the local office.
Issue the change plan based on the overseas compliance requirements.
8. Which 2 activities are Continual Improvement tasks performed during Phase 1?
A. Ensure the understanding of the Overseas Head Office’s compliance requirements for the local office is
correct.
B. Understand full impact of the Governance Initiative.
C. Raise awareness of compliance issues with the local office.
D. Identify other project dependencies such as the Security and HR projects.
E. Raise local Management’s awareness of the importance of the Initiative.
Module 4:
DP Define Problems &
Opportunities
Module 4.1: Phase 2

Where are we now?
4.1 DP Define Problems & Opportunities COBIT5 Implementation
(Where are we now Phase 2) 4P Advisory Services
Continual Improvement Life Cycle Phase‐2
Ref .”Figure 19
Roles in Phase 2
Ref .”Figure 20
Ref .”Figure 21
Ref .”Figure 21
Ref .”Figure 21
Ref .”Figure 21
Ref .”Figure 21
Phase‐2 RACI Chart
Ref .”Figure 22
Phase 2 – Where are We Now?
 Define the problems and opportunities [Programme Management]

o Understand the pain points that have been identified as governance
problems
o Take advantage of trigger events that provide opportunity for
improvement
 Form a powerful guiding team [Change Enablement]
o Knowledge of the business environment
o Insight into influencing factors
 Assess the current state [Continual Improvement Life cycle attribute]
o Identify the IT goals in respect to enterprise goals
o Identify the most important processes
o Understand management risk appetite
o Understand the maturity of existing governance
o Related processes
Module 4.2: Phase 3

Where do we want to be?
(Where do we want to be? ‐ Phase 3) 4P Advisory Services
Continual Improvement Life Cycle Phase‐3
Ref .”Figure 23
Roles in Phase 3
Ref .”Figure 24
Ref .”Figure 25
Ref .”Figure 25
Ref .”Figure 25
Ref .”Figure 25
Ref .”Figure 25
Phase 3 RACI Chart
Ref .”Figure 26
Phase 3 – Where Do We Want to Be?
 Define the roadmap
o Describe the high level change enablement plan and objectives
 Communicate desired vision
o Develop a communication strategy
o Communicate the vision
o Articulate the rationale and benefits of the change
o Set the tone at the top
 Define target state and perform gap analysis
o Define the target for improvement
o Analyze the gaps
o Identify potential improvements
9
99
4 DP Define Problems & Opportunities COBIT5 Implementation
Case Study Scenario: Additional Phase 2 & 3 Information
The CIO approached the IT GRC manager and is not convinced that he has captured all of the
COBIT processes needed to mitigate the risks associated with their issues.
Exercise 002
1. Which 2 reasons are root causes of the inability to gain the backing of local business management, according to
the COBIT 5 Implementation Guide?
A. The recent takeover has left uncertainty and the threat of further changes.
B. The priorities of the Initiative are NOT in line with the objectives of the local office.
C. There is poor communication about the expected successes of the Initiative.
D. More change is being enforced and the current processes are unable to cope with the existing amount of
change.
E. The implementation solution appears to have too many manual workarounds.
2. Which 2 reasons are root causes of why the cost of the IT Governance Initiative appears to exceed any benefit at
the local office, according to the COBIT 5 Implementation Guide?
A. There is a perception that there is a lack of required compliance skills at the local office.
B. Structure of the IT Governance Initiative does NOT demonstrate what the benefits will be at this stage of the
programme.
C. The recent takeover has left uncertainty and the threat of further changes.
D. Budget funds have already been spent on the takeover and this is seen as a further drain on resources.
E. There is poor communication about the expected successes of the Initiative.
Exercise 002
3. Which 2 actions are success factors which should help resolve the current lack of trust between the local office IT
function and Business Management, according to the COBIT 5 Implementation Guide?
A. Produce a RACI matrix for Governance related roles for the local office.
B. Educate the business by running a COBIT 5 training course.
C. Produce a plan of expected changes for the year ahead which take account of the compliance requirements.
D. Only implement improvements that add value to the local office.
E. Ensure all resources are full time and dedicated to the Governance Initiative.
4. Which 2 actions are success factors should help resolve the inability to gain support from the local office’s
business management, according to the COBIT 5 Implementation Guide?
B. Only implement improvements that add value to the local office.
C. Express the Governance Initiative in terms that are relevant to business management.
D. Set up a regular Compliance forum which includes members of both local and Overseas Business Management
and local IT Management.
E. Ensure all resources are full time and dedicated to the Governance Initiative
Exercise 002
5. Which 2 actions are success factors should help resolve the concerns that the local office has regarding the cost
of improvements outweighing any potential benefits, according to the COBIT 5 Implementation Guide?
A. Liaise with Business Management to identify initiatives that can be resolved quickly.
B. Secure secondments* of compliance staff from the overseas office.
C. Ensure all resources are full time and dedicated to the Governance Initiative.
D. Only implement improvements that add value to the local office.
E. Focus on the change process as an area to be tackled by the Initiative.
6. There is a current lack of ownership for both the business and IT in respect of who has a role to play in this
Governance Initiative. Which CE task is executed to address the concern of lack of ownership for the Governance
Initiative at the local office during Phase 2?
A. Engage with HR about producing a communications plan about the future benefits of the Initiative.
B. Develop an escalation process.
C. Elect key representatives from the local office and the Overseas Head Office.
D. Create steering committees for relevant parts of the Initiative.
*Secondment : A temporary transfer of an official or worker to another position or employment.
Module 5: PE Plan &

Execute the program
Module 5.1: Phase 4

What needs to be done?
5.1 PE Plan & Execute the program COBIT5 Implementation
(What needs to be done? – Phase 4) 4P Advisory Services
Continual Improvement Life Cycle Phase 4
Ref .”Figure 27
Roles In Phase 4
Ref .”Figure 28
Ref .”Figure 29
Ref .”Figure 29
Ref .”Figure 29
Ref .”Figure 29
Ref .”Figure 29
Phase 4 RACI Chart
Ref .”Figure 30
Phase 4 – What Needs to Be Done?
 Develop program plan
 Prioritize potential initiatives
 Develop formal and justifiable projects
 Use plans that include contribution and program objectives
 Empower role players and identify quick wins
 High benefit, easy implementations should come first
 Obtain buy‐in by key stakeholders affected by the change
 Identify strengths in existing processes and leverage accordingly
 Design and build improvements
 Plot improvements onto a grid to assist with prioritization
 Consider approach, deliverables, resources needed, costs, estimated
time scales, project dependencies and risks
Module 5.2: Phase 5

How do we get there?
(How do we get there? – Phase 5) 4P Advisory Services
Ref .”Figure 31
Roles in Phase 5
Ref .”Figure 32
Phase 5 Description
Ref .”Figure 33
Phase 5 Description
Ref .”Figure 33
Phase 5 Description
Ref .”Figure 33
Phase 5 Description
Ref .”Figure 33
Phase 5 RACI Chart
Ref .”Figure 34
Phase 5 – How Do We Get There?
 Execute the plan
 Execute projects according to an integrated program plan
 Provide regular update reports to stakeholders
 Document and monitor the contribution of projects while managing
risks identified
 Enable operation and use
 Build on the momentum and credibility of quick wins
 Plan cultural and behavioral aspects of the broader transition
 Define measures of success
 Implement improvements
 Adopt and adapt best practices to suit the enterprise’s approach to
policies and process changes
5 PE Plan & Execute the program COBIT5 Implementation
The CIO approached the IT GRC manager and is not convinced that he has captured all of the
COBIT processes needed to mitigate the risks associated with their issues
Exercise 003
1. Which 2 additional processes should be selected to help mitigate all of the risks associated
with the security issues (issue 2)?
A. APO07
B. DSS01
C. BAI06
D. APO01
E. APO08
2. Which 2 additional processes should be selected to help mitigate the risks of projects failing
due to cost, delays, scope creep or changed business priorities associated with the project delivery issues
(issue 4)?
A. BAI03
B. APO03
C. EDM04
D. MEA01
E. APO06
Using the Scenario, answer the following questions about change enablement tasks. The
project is now at Phase 4 ‘What needs to be done?’ The IT GRC Manager called a Project
planning meeting and decided on some Change Enablement objectives in order to ‘get things
moving’. Decide whether the action taken by the IT GRC Manager to address each objective is
an appropriate Phase 4 Change Enablement (CE) task and select the response that supports
your decision.
Exercise 003
3. Objective 1:‐ Obtain buy‐in from the local office. Action: The IT GRC Manager has held a workshop
with key members of business and IT to review and confirm the proposed change management process? Is this
action an appropriate Phase 4 CE task for Objective No 1?
A. No, because any required changes will be enforced through local management or the Overseas Head Office.
B. No, because the commitment to make the change should have been obtained in Phase 3.
C. Yes, because consulting affected stakeholders will help make them responsible to accept results.
D. Yes, because this will ensure the change management process is implemented as a quick win.
4. Objective 2:‐ Speed up the implementation for a new Change process which will apply to both the
business and IT. Action: The IT GRC Manager has decided to implement an IT version of the change response plans.
Is this action an appropriate Phase 4 CE task to address Objective No 2?
A. No, because engagement should have been made with all affected areas prior to the implementation e.g. the
business management.
B. No, because the implementation of the change response plan should have been performed at Phase 3.
C. Yes, because a Phase 4 CE task is about understanding what IT solutions will be needed to support the Overseas
Head Office compliance requirements.
D. Yes, because a Phase 4 CE task is to prioritize and select improvements.
Exercise 003
5. Objective 3:‐ Build on Phase 2 ‘Where are we now’ and identify tasks that don’t take long to
implement. Action: The IT GRC Manager has decided to go ahead and implement quick wins in as short as time as
possible without immediate consultation with the business. Is this action an appropriate Phase 4 CE task to address
Objective No 3?
A. No, because changes to existing processes at the local office should be designed during Phase 1.
B. No, because visibility of the changes by methods such as a workshop is needed.
C. Yes, because providing the concept of the change has been proven.
D. Yes, because a Phase 4 activity is to perform a gap analysis to identify the improvements needed to the change
management process.
6. Objective 4:‐ Leverage existing processes (from the Overseas Head Office). Action: The IT GRC
Manager has obtained details of a number of compliance related processes from the Overseas Head Office which
are used successfully to manage Compliance. The plan is to adapt these processes for use at the local office. Is this
action an appropriate Phase 4 CE task to address Objectives No 4?
A. No, because changes to existing processes at the local office should have been designed during Phase 1.
B. No, because the processes should be implemented ‘as is’ if they have been used successfully at the Overseas
Head Office.
C. Yes, because a Phase 4 CE task is to identify existing strengths.
D. Yes, because identifying work already performed in the organisation prevents duplication of effort and
encourages re‐use.
Module 6: RB: Realize

benefits and review
effectiveness
Module 6.1: Phase 6

Did we get there?
6.1 RB: Realize Benefits and Review
effectiveness (Did we get there? ‐ Phase 6)
COBIT5 Implementation
Ref .”Figure 35
Roles in Phase 6
Ref .”Figure 36
Ref .”Figure 37
Ref .”Figure 37
Ref .”Figure 37
Phase 6 RACI Chart
Ref .”Figure 38
Phase 6 – Did We Get There?
 Realize benefits
o Monitor the overall performance of the program against business case
objectives
o Monitor and measure the investment performance
 Embed new approaches
o Provide transition from project mode to business as usual mode
o Monitor whether new roles and responsibilities have been taken on
o Track and assess objectives of the change response plans
o Maintain communication and ensure communication between
appropriate stakeholders continues
 Operate and measure
o Set targets for each metric
o Measure metrics against targets
o Communicate results and adjust targets as necessary
Module 6.2: Phase 7

How do we keep the
momentum going?
RB: Realize Benefits and Review effectiveness
6.2 (How do we keep the momentum going? – Phase 7)
Ref .”Figure 39
Roles in Phase 7
Ref .”Figure 40
Ref .”Figure 41
Ref .”Figure 41
Ref .”Figure 41
Phase 7 RACI Chart
Ref .”Figure 42
Phase 7 – How Do We Keep Momentum?
 Continual improvements – keeping the momentum is critical to
sustainment of the lifecycle
 Review the program benefits
o Review program effectiveness through a program review gate
 Sustain
o Conscious reinforcement (reward achievers)
o Ongoing communication campaign (feedback on performance)
o Continuous top management commitment
 Monitor and evaluate
o Identify new governance objectives based on program experience
o Communicate lessons learned and further improvement requirements
for the next iteration of the cycle
6 RB: Realize Benefits and Review
effectiveness
The following questions about the root causes of the challenges encountered when
identifying whether the implementation has met its objectives. The IT GRC Manager decided
to speak to a number of key members of the local office Management to gauge feedback on
the Governance Initiative. The following issues were obtained from various members of local
office staff:‐
• The change management process is seen as too hard to understand and has resulted in
low usage of the process within the local office. Additionally there was feedback that the
solution looked like it was a direct copy of the Overseas Head Office process without
consideration of local factors.
• The IT staff working on the Initiative is de‐motivated as they felt they had been left to
manage the project with little or no assistance from the Business Management.
• A lot of feedback was asking the question ‘what have we achieved?’ as there was a belief
that very little had changed and concerns were raised as to the overall value of the
Initiative.
effectiveness
Exercise 004
1. Which 2 actions are success factors that should help to resolve the lack of take up of the change management
process?
A. Obtain compliance input from the Overseas Head Office auditors.
B. Involve the business process owners in the future refinement of the change process.
C. Ensure all resources are full time and dedicated to the Governance Initiative.
D. Arrange a training course for users of the change process.
E. Produce a RACI matrix for Governance related roles for the local office.
2. Which 2 actions are success factors that should help to resolve the de‐motivation of the IT staff working on the
Governance Initiative?
B. Seek to second a Compliance resource from the Overseas Head Office.
C. Organise a road show with the Business Management ‐ Revisiting stakeholders.
D. Ensure all resources are full time and dedicated to the Governance Initiative.
E. Arrange a training course for users of the change process.
effectiveness
Exercise 004
3. Which 2 actions are success factors that should help to resolve the concern raised over the overall value of the
Governance Initiative?
A. Issue a Compliance health check showing progress made.
B. Arrange a training course for users of the change process.
C. Seek to second a compliance resource from the Overseas Head Office.
D. Issue a compliance article on the Intranet site in business terms.
E. Produce a RACI matrix for Governance related roles for the local office.
4. Which 2 documents are Inputs to the Phase 6 review of the Change Management process?
A. Revised process documentation.
B. A signed‐off copy of the Change Management Procedure.
C. IT and business measures added into the ongoing monitoring of the change process, (post‐ project).
D. A copy of the Change Management process before the implementation.
E. A copy of the Benefits of the Change Process.
effectiveness
Exercise 004
5. Which 2 documents are Outputs of the Phase 6 review of the Change Management process?
A. A signed off copy of the Business Case.
B. Revised process documentation.
C. Business and IT agreed measures to monitor the change process.
D. A signed off copy of the Change Management Procedure.
E. Identification of the appropriate Change agents within the local office.
6. Which 2 activities are Programme Manager tasks to be performed during the Phase 6 review of the Change
Management process?
A. Review if the Change Management process is meeting its original intentions.
B. Understand what went well and what didn’t.
C. Develop an escalation procedure to Management.
D. Communicate the results of the Change Management procedure to relevant Business and IT parties.
E. Produce a report of the success factors required to be met for a successful implementation of the Change
Management process.
Module 7:
The Inner Layers:
Change Enablement and
Continuous Improvement
CE&CI Change Enablement and
7 Continuous Improvement
The Relationship: IMPL‐ Prg M‐ CE ‐ CI
Change enablement relationships to Programme management
Steps
The seven phases and shown as the program management steps they relate to. The below table outlines
the seven enablers (the second or red circle) and the relationship to the seven program management
steps (the outer ring or dark blue ring).:
PHASE & PROGRAMME STEP CHANGE ENABLER RELATED CONTINUAL IMPROVEMENT

TO THAT STEP LIFE CYCLE
Initiate Program Establish Desire to change Recognise need to act
Define Problems & Opportunities Form Implementation Team Assess current state
Define Road Map Communicate Outcome Define target state
Plan Programme Identify role players Build improvement
Execute Plan Operate and use Implement Improvements
Realise Benefits Embed new approaches Operate and Measure
Review Effectiveness Sustain Monitor and Evaluate
Making the Business Case
ie.: Justification to the Board
 The characteristics of a good business case:

o The importance of a business case cannot be over stated. An appropriate
level of urgency needs to be instilled and the key stakeholders should be
aware of the risk of not taking action. An initiative should be owned by a
sponsor (senior), involve all key stakeholders, and be based on a business
case.
o Initially this can be a high‐level business case dealing with the strategic
benefits and costs and then progress to a more detailed business case. It
is a valuable tool available to management in guiding the creation of
business value.
Characteristics of Good Business Case
 At a minimum a Business case should include:

o The business benefits that will be realized
o The business changes required
o The investments needed
o The on‐going IT operating costs
o Constraints and dependencies derived from the risk assessment
o Roles, responsibilities and accountabilities relative to other initiative
o How the investment and value creation will be monitored throughout the
economic life cycle
Exercise 005
Make a project Plan for the COBIT5 Implementation with
typical timelines.
Allocate teams the relevant roles
Decide and Highlight the “Target State” metrics, compared to
the current ones.
Module 8:
Process Assessment /
Verification
8 Process Assessment / Verification
Overview
COBIT 5 Process Reference Model
Components of ISO/IEC 15504 Process Assessment
Assessment Process Activities
1 – Initiation
2 – Planning the Assessment
3 – Briefing
4 – Data Collection
5 – Data Validation
6 – Process Attribute Rating
7 – Reporting the Results
1. Initiation
 Identify the sponsor and define the purpose of the assessment

 why it is being carried out
 Define the scope of the assessment
 which processes are being assessed
 what constraints, if any, apply to the assessment
 Identify any additional information that needs to be gathered,
 Select the assessment participants, the assessment team and define the roles
of team members,
 Define assessment inputs and outputs
 Have them approved by the sponsor
161
2. Planning the Assessment
 An assessment plan describing all activities performed in conducting the

assessment is
 developed and
 documented together with
 an assessment schedule
 Identify the project scope,
 Secure the necessary resources to perform the assessment
 Determine the method of collating, reviewing, validating and documenting
the information required for the assessment
 Co‐ordinate assessment activities with the Organizational Unit being
assessed
162
3. Briefing
 The Assessment Team Leader ensures that the assessment team

understands the assessment
 input,
 process and
 output
 Brief the Organizational Unit on the performance of the assessment
 PAM, assessment scope, scheduling, constraints, roles and
responsibilities, resource requirements, etc.
163
4. Data Collection
 The assessor obtains (and documents) an understanding of the process(es)
including process purpose, inputs, outputs and work products, sufficient to
enable and support the assessment
 Data required for evaluating the processes within the scope of the
assessment is collected in a systematic manner
 The strategy and techniques for the selection, collection, analysis of
data and justification of the ratings are explicitly identified and
demonstrable
 Each process identified in the assessment scope is assessed on the basis of
objective evidence
 The objective evidence gathered for each attribute of each process assessed must be
sufficient to meet the assessment purpose and scope
 Objective evidence that supports the assessors’ judgement of process attribute ratings is
recorded and maintained in the Assessment Record.
 This Record provides evidence to substantiate the ratings and to verify compliance
with the requirements.
164
5. Data Validation
 Actions are taken to ensure that the data is accurate and sufficiently covers
the assessment scope, including
 seeking information from first hand, independent sources;
 using past assessment results; and
 holding feedback sessions to validate the information collected.
 Some data validation may occur as the data is being collected
165
6. Process Attribute Rating
 For each process assessed, a rating is assigned for each process attribute up
to and including the highest capability level defined in the assessment scope
 The rating is based on data validated in the previous activity
 Traceability shall be maintained between the objective evidence
collected and the process attribute ratings assigned
 For each process attribute rated, the relationship between the indicators and
the objective evidence is recorded
166
7. Reporting the Results
 The results of the assessment are analysed and presented in a report
 The report also covers any key issues raised during the assessment such as:
• observed areas of strength and weakness
• findings of high risk
 i.e. magnitude of gap between assessed capability and
desired/required capability
167

Student Handbook For Cobit5 Implementation Training PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Student Handbook For Cobit5 Implementation Training PDF

Uploaded by

Copyright:

Available Formats

COBIT5: Implementation

• COBIT5® is a registered trademark of AXELOS® Limited

Ask questions Talk to the colleagues in the class

Take calls outside the room Not do homework

ISACA (www.isaca.org) is a leading global provider of knowledge, certifications,

Corporate governance is the set of processes, customs, policies, laws,

Information technology governance, however, is a subset discipline of

Governance ensures that enterprise objectives are achieved by evaluating

• Management plans, builds, runs and monitors activities in alignment with

Exercising governance and management effectively in practice requires

 Provide a renewed and authoritative governance and management

 Integrate all other major ISACA frameworks and guidance

 Align with other major frameworks and standards

COBIT1 COBIT2 COBIT3 COBIT4.0/4.1 COBIT 5

1996 1998 2000 2005/7 2012

 Not simply IT; not only for big business!

 Information is the business currency of the 21st Century

Enterprises and their executives strive to:

How can these benefits be realised to create enterprise stakeholder value?

 Delivering enterprise stakeholder value requires good governance and

 The COBIT 5 goals cascade allows the definition of priorities for

WHAT ITIL 2011 HOW

 TOGAF (The Open Group Architecture Framework)

 ISACA has developed the COBIT5 framework to help enterprises implement

A major financial services organization has recently been purchased by a large

PROBLEMS & ISSUES RISKS COBIT PROCESSES

4. Project Delivery Issues BAI01/ BAI02

drivers? ‐ Phase 1) 4P Advisory Services

drivers? ‐ Phase 1) 4P Advisory Services

drivers? ‐ Phase 1) 4P Advisory Services

drivers? ‐ Phase 1) 4P Advisory Services

drivers? ‐ Phase 1) 4P Advisory Services

drivers? ‐ Phase 1) 4P Advisory Services

drivers? ‐ Phase 1) 4P Advisory Services

drivers? ‐ Phase 1) 4P Advisory Services

drivers? ‐ Phase 1) 4P Advisory Services

 Need for new or improved IT governance organization is usually

drivers? ‐ Phase 1) 4P Advisory Services

drivers? ‐ Phase 1) 4P Advisory Services

drivers? ‐ Phase 1) 4P Advisory Services

drivers? ‐ Phase 1) 4P Advisory Services

drivers? ‐ Phase 1) 4P Advisory Services

drivers? ‐ Phase 1) 4P Advisory Services

drivers? ‐ Phase 1) 4P Advisory Services

Module 4.1: Phase 2

 Define the problems and opportunities [Programme Management]

Module 4.2: Phase 3

(Where do we want to be? ‐ Phase 3) 4P Advisory Services

(Where do we want to be? ‐ Phase 3) 4P Advisory Services

(Where do we want to be? ‐ Phase 3) 4P Advisory Services

(Where do we want to be? ‐ Phase 3) 4P Advisory Services

(Where do we want to be? ‐ Phase 3) 4P Advisory Services

(Where do we want to be? ‐ Phase 3) 4P Advisory Services

(Where do we want to be? ‐ Phase 3) 4P Advisory Services

(Where do we want to be? ‐ Phase 3) 4P Advisory Services

(Where do we want to be? ‐ Phase 3) 4P Advisory Services

Module 5: PE Plan &

Module 5.1: Phase 4

(What needs to be done? – Phase 4) 4P Advisory Services

(What needs to be done? – Phase 4) 4P Advisory Services

(What needs to be done? – Phase 4) 4P Advisory Services

(What needs to be done? – Phase 4) 4P Advisory Services

(What needs to be done? – Phase 4) 4P Advisory Services