You are on page 1of 4

CHAPTER 5

COBIT 5 PROCESS REFERENCE GUIDE CONTENTS

Area: Management
APO09 Manage Service Agreements Domain: Align, Plan and Organise
Process Description
Align IT-enabled services and service levels with enterprise needs and expectations, including identification, specification, design, publishing, agreement,
and monitoring of IT services, service levels and performance indicators.
Process Purpose Statement
Ensure that IT services and service levels meet current and future enterprise needs.
The process supports the achievement of a set of primary IT-related goals:
IT-related Goal Related Metrics
07 Delivery of IT services in line with business requirements s.UMBEROFBUSINESSDISRUPTIONSDUETO)4SERVICEINCIDENTS
s0ERCENTOFBUSINESSSTAKEHOLDERSSATISFIEDTHAT)4SERVICEDELIVERYMEETS
agreed-on service levels
s0ERCENTOFUSERSSATISFIEDWITHTHEQUALITYOF)4SERVICEDELIVERY

Align, Plan and Organise
14 Availability of reliable and useful information for decision making s,EVELOFBUSINESSUSERSATISFACTIONWITHQUALITYANDTIMELINESS
(or availability) of management information
s.UMBEROFBUSINESSPROCESSINCIDENTSCAUSEDBYNON AVAILABILITY
of information
s2ATIOANDEXTENTOFERRONEOUSBUSINESSDECISIONSWHEREERRONEOUSOR
unavailable information was a key factor
Process Goals and Metrics
Process Goal Related Metrics
1. The enterprise can effectively utilise IT services as defined in s.UMBEROFBUSINESSPROCESSESWITHUNDEFINEDSERVICEAGREEMENTS
a catalogue.

2. Service agreements reflect enterprise needs and the capabilities of IT. s0ERCENTOFLIVE)4SERVICESCOVEREDBYSERVICEAGREEMENTS
s0ERCENTOFCUSTOMERSSATISFIEDTHATSERVICEDELIVERYMEETS
agreed-on levels
3. IT services perform as stipulated in service agreements. s.UMBERANDSEVERITYOFSERVICEBREACHES
s0ERCENTOFSERVICESBEINGMONITOREDTOSERVICELEVELS
s0ERCENTOFSERVICETARGETSBEINGMET

APO09 RACI Chart
3TEERING0ROGRAMMES0ROJECTS #OMMITTEE

Chief Information Security Officer
Strategy Executive Committee

Information Security Manager
Business Continuity Manager
0ROJECT-ANAGEMENT/FFICE

Enterprise Risk Committee
Business Process Owners

6ALUE-ANAGEMENT/FFICE

Chief Information Officer
Head Human Resources
Chief Operating Officer

Head IT Administration
Chief Executive Officer
Chief Financial Officer

Business Executives

Head IT Operations
Head Development
Architecture Board
Chief Risk Officer

Service Manager
Head Architect

Privacy Officer
Compliance
Board

Audit

Key Management Practice
APO09.01
C R R R C I I I R I C C C A I I
Identify IT services.
APO09.02
I I I I I R I C C C A I I
Catalogue IT-enabled services.
APO09.03
Define and prepare service R C C C C C R C R R A C C
agreements.
APO09.04
Monitor and report service I I I R C I I I I A
levels.
APO09.05
Review service agreements A C C C C C R C R R R C C I
and contracts.

Personal Copy of: Dr. Sarwono Sutikno 93
: ENABLING PROCESSES

APO09 Process Practices, Inputs/Outputs and Activities
Management Practice Inputs Outputs
APO09.01 Identify IT services. From Description Description To
Analyse business requirements and the way in which
Identified gaps in IT APO02.02
IT-enabled services and service levels support business
services to the business APO05.03
processes. Discuss and agree on potential services and
APO08.02
service levels with the business, and compare them
with the current service portfolio to identify new or Definitions of standard APO05.01
changed services or service level options. services
Activities
1. Assess current IT services and service levels to identify gaps between existing services and the business activities they support. Identify areas for
improvement of existing services and service level options.
2. Analyse, study and estimate future demand and confirm capacity of existing IT-enabled services.
Align, Plan and Organise

3. Analyse business process activities to identify the need for new or redesigned IT services.
4. Compare identified requirements to existing service components in the portfolio. If possible, package existing service components (IT services, service
level options and service packages) into new service packages to meet identified business requirements.
5. Where possible, match demands to service packages and create standardised services to obtain overall efficiencies.
6. Regularly review the portfolio of IT services with portfolio management and business relationship management to identify obsolete services. Agree on
retirement and propose change.
Management Practice Inputs Outputs
APO09.02 Catalogue IT-enabled services. From Description Description To
Define and maintain one or more service catalogues for
EDM04.01 Approved resources plan Service catalogues APO08.05
relevant target groups. Publish and maintain live
IT-enabled services in the service catalogues. EDM04.02 Communication of
resourcing strategies
APO05.05 Updated portfolios of
programmes, services
and assets
Activities
1. Publish in catalogues relevant live IT-enabled services, service packages and service level options from the portfolio.
2. Continually ensure that the service components in the portfolio and the related service catalogues are complete and up to date.
3. Inform business relationship management of any updates to the service catalogues.
Management Practice Inputs Outputs
APO09.03 Define and prepare service agreements. From Description Description To
Define and prepare service agreements based on
APO11.03 Customer requirements for SLAs APO05.03
the options in the service catalogues. Include internal
quality management APO08.04
operational agreements.
DSS01.02
DSS02.01
DSS02.02
DSS04.01
DSS05.02
DSS05.03
Operational level DSS01.02
agreements (OLAs) DSS02.07
DSS04.03
DSS05.03
Activities
1. Analyse requirements for new or changed service agreements received from business relationship management to ensure that the requirements
can be matched. Consider aspects such as service times, availability, performance, capacity, security, continuity, compliance and regulatory issues,
usability, and demand constraints.
2. Draft customer service agreements based on the services, service packages and service level options in the relevant service catalogues.
3. Determine, agree on and document internal operational agreements to underpin the customer service agreements, if applicable.
4. Liaise with supplier management to ensure that appropriate commercial contracts with external service providers underpin the customer service
agreements, if applicable.
5. Finalise customer service agreements with business relationship management.

94 Personal Copy of: Dr. Sarwono Sutikno
CHAPTER 5
COBIT 5 PROCESS REFERENCE GUIDE CONTENTS

APO09 Process Practices, Inputs/Outputs and Activities (cont.)
Management Practice Inputs Outputs
APO09.04 Monitor and report service levels. From Description Description To
Monitor service levels, report on achievements and
EDM04.03 Remedial actions to Service level APO08.02
identify trends. Provide the appropriate management
address resource performance reports MEA01.03
information to aid performance management.
management deviations
APO05.04 Investment portfolio Improvement action plans APO02.02
performance reports and remediations APO08.02
APO05.06 s#ORRECTIVEACTIONS
to improve benefit
realisation
s"ENEFITRESULTSAND
related communications

Align, Plan and Organise
APO08.05 Satisfaction analyses
APO11.04 Results of quality reviews
and audits
APO11.05 s2OOTCAUSESOFQUALITY
delivery failures
s2ESULTSOFSOLUTION
and service delivery
quality monitoring
DSS02.02 Classified and prioritised
incidents and
service requests
DSS02.06 Closed service requests
and incidents
DSS02.07 s2EQUESTFULFILMENTSTATUS
and trends report
s)NCIDENTSTATUSAND
trends report
Activities
1. Establish and maintain measures to monitor and collect service level data.
2. Evaluate performance and provide regular and formal reporting of service agreement performance, including deviations from the agreed-on values.
Distribute this report to business relationship management.
3. Perform regular reviews to forecast and identify trends in service level performance.
4. Provide the appropriate management information to aid performance management.
5. Agree on action plans and remediations for any performance issues or negative trends.
Management Practice Inputs Outputs
APO09.05 Review service agreements From Description Description To
and contracts.
EDM04.03 Feedback on allocation Updated SLAs Internal
Conduct periodic reviews of the service agreements
and effectiveness of
and revise when needed.
resources and capabilities
APO11.03 Results of quality of
service, including
customer feedback
APO11.04 Results of quality reviews
and audits
BAI04.01 Evaluations against SLAs
Activities
1. Regularly review service agreements according to the agreed-on terms to ensure that they are effective and up to date and changes in requirements,
IT-enabled services, service packages or service level options are taken into account, when appropriate.

Personal Copy of: Dr. Sarwono Sutikno 95
: ENABLING PROCESSES

APO09 Related Guidance
Related Standard Detailed Reference
)3/)%# s0LANNINGANDIMPLEMENTINGNEWORCHANGEDSERVICES
s3ERVICELEVELMANAGEMENT
)4),6 s$EMAND-ANAGEMENT
s3ERVICE0ORTFOLIO-ANAGEMENT
s3ERVICE#ATALOGUE-ANAGEMENT
s3ERVICE,EVEL-ANAGEMENT
s3ERVICE2EPORTING
Align, Plan and Organise

96 Personal Copy of: Dr. Sarwono Sutikno