Scribd Logo
Upload

Welcome to Scribd!

  • RACI GeneralTemplate

    Uploaded by

    Carlos H Angel
    71 views103 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    71 views103 pages

    RACI GeneralTemplate

    Uploaded by

    Carlos H Angel

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 103

    MyCobit

    General Template

    Document properties

     Filter criteria:

    Filter1
    Component: RACI
    Processes: PO1 | PO2 | PO3 | PO4 | PO5 | PO6 | PO7 | PO8 | PO9 | PO10 | AI1 | AI2
    | AI3 | AI4 | AI5 | AI6 | AI7 | DS1 | DS2 | DS3 | DS4 | DS5 | DS6 | DS7 | DS8 | DS9
    | DS10 | DS11 | DS12 | DS13 | ME1 | ME2 | ME3 | ME4

    Processes: PO1 | PO2 | PO3 | PO4 | PO5 | PO6 | PO7 | PO8 | PO9 | PO10 | AI1 | AI2
    | AI3 | AI4 | AI5 | AI6 | AI7 | DS1 | DS2 | DS3 | DS4 | DS5 | DS6 | DS7 | DS8 | DS9
    | DS10 | DS11 | DS12 | DS13 | ME1 | ME2 | ME3 | ME4
    MyCobit – General Template Produced by subscriber Sr. Carlos Alberto Hernandez Angel, CISA,CRISC, copyright restricted according to user terms and conditions

    COBIT Online v4.1 - © 2007 ITGI (www.itgi.org) - Only Internal, non-commercial use permitted Page 2
    MyCobit – General Template Produced by subscriber Sr. Carlos Alberto Hernandez Angel, CISA,CRISC, copyright restricted according to user terms and conditions

    PO

    Plan and Organise

    COBIT Online v4.1 - © 2007 ITGI (www.itgi.org) - Only Internal, non-commercial use permitted Page 3
    MyCobit – General Template Produced by subscriber Sr. Carlos Alberto Hernandez Angel, CISA,CRISC, copyright restricted according to user terms and conditions

    PO1 Define a Strategic IT Plan

    COBIT Online v4.1 - © 2007 ITGI (www.itgi.org) - Only Internal, non-commercial use permitted Page 4
    MyCobit – General Template Produced by subscriber Sr. Carlos Alberto Hernandez Angel, CISA,CRISC, copyright restricted according to user terms and conditions

    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Link business goals to IT goals. RACI


    Chief executive officer (CEO) C
    Chief financial officer (CFO) I
    Business Executive A/R
    Chief information officer (CIO) R
    Business Process Owner C

    Identify critical dependencies and current performance. RACI


    Chief executive officer (CEO) C
    Chief financial officer (CFO) C
    Business Executive R
    Chief information officer (CIO) A/R
    Business Process Owner C
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration C
    Compliance, Audit, Risk and Security C

    Build an IT strategic plan. RACI


    Chief executive officer (CEO) A
    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) R
    Business Process Owner I
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security C

    Build IT tactical plans. RACI


    Chief executive officer (CEO) C
    Chief financial officer (CFO) I
    Chief information officer (CIO) A
    Business Process Owner C
    Head Operations C
    COBIT Online v4.1 - © 2007 ITGI (www.itgi.org) - Only Internal, non-commercial use permitted Page 5
    MyCobit – General Template Produced by subscriber Sr. Carlos Alberto Hernandez Angel, CISA,CRISC, copyright restricted according to user terms and conditions

    Chief Architect C
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security I

    Analyse programme portfolios and manage project and service portfolios. RACI
    Chief executive officer (CEO) C
    Chief financial officer (CFO) I
    Business Executive I
    Chief information officer (CIO) A
    Business Process Owner R
    Head Operations R
    Chief Architect C
    Head Development R
    Head IT Administration C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security I

    COBIT Online v4.1 - © 2007 ITGI (www.itgi.org) - Only Internal, non-commercial use permitted Page 6
    PO2 Define the Information Architecture
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Create and maintain corporate/enterprise information model. RACI


    Chief financial officer (CFO) C
    Business Executive I
    Chief information officer (CIO) A
    Business Process Owner C
    Chief Architect R
    Head Development C
    Head IT Administration C
    Compliance, Audit, Risk and Security C

    Create and maintain corporate data dictionary(ies). RACI


    Chief information officer (CIO) I
    Business Process Owner C
    Chief Architect A/R
    Head Development R
    Compliance, Audit, Risk and Security C

    Establish and maintain data classification scheme. RACI


    Chief executive officer (CEO) I
    Chief financial officer (CFO) C
    Business Executive A
    Chief information officer (CIO) C
    Business Process Owner C
    Head Operations I
    Chief Architect C
    Head Development C
    Compliance, Audit, Risk and Security R

    Provide data owners with procedures and tools for classifying information systems. RACI
    Chief executive officer (CEO) I
    Chief financial officer (CFO) C
    Business Executive A
    Chief information officer (CIO) C
    Business Process Owner C
    Head Operations I
    Chief Architect C
    Head Development C
    Compliance, Audit, Risk and Security R
    Utilise the information model, data dictionary and classification scheme to plan RACI
    optimised business systems.
    Chief executive officer (CEO) C
    Chief financial officer (CFO) C
    Business Executive I
    Chief information officer (CIO) A
    Business Process Owner C
    Chief Architect R
    Head Development C
    Compliance, Audit, Risk and Security I
    PO3 Determine Technological Direction
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Create and maintain a technology infrastructure plan. RACI


    Chief financial officer (CFO) I
    Business Executive I
    Chief information officer (CIO) A
    Head Operations C
    Chief Architect R
    Head Development C
    Head IT Administration C
    Compliance, Audit, Risk and Security C

    Create and maintain technology standards. RACI


    Chief information officer (CIO) A
    Head Operations C
    Chief Architect R
    Head Development C
    Head IT Administration I
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security I

    Publish technology standards. RACI


    Chief financial officer (CFO) I
    Business Executive I
    Chief information officer (CIO) A
    Head Operations I
    Chief Architect R
    Head Development I
    Head IT Administration I
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security I

    Monitor technology evolution. RACI


    Chief financial officer (CFO) I
    Business Executive I
    Chief information officer (CIO) A
    Head Operations C
    Chief Architect R
    Head Development C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C
    Define (future)(strategic) use of new technology. RACI
    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) A
    Head Operations C
    Chief Architect R
    Head Development C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C
    PO4 Define the IT Processes, Organisation and Relationships
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Establish IT organisational structure, including committees and linkages to the RACI


    stakeholders and vendors.
    Chief executive officer (CEO) C
    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) A
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration R
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security I

    Design IT process framework. RACI


    Chief executive officer (CEO) C
    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) A
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration R
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C

    Identify system owners. RACI


    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) A
    Business Process Owner C
    Head Operations R
    Chief Architect I
    Head Development I
    Head IT Administration I
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security I

    Identify data owners. RACI


    Chief financial officer (CFO) I
    Business Executive A
    Chief information officer (CIO) C
    Business Process Owner C
    Head Operations I
    Chief Architect R
    Head Development I
    Head IT Administration I
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security C

    Establish and implement IT roles and responsibilities, including supervision and RACI
    segregation of duties.
    Chief financial officer (CFO) I
    Business Executive I
    Chief information officer (CIO) A
    Business Process Owner I
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration R
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C
    PO5 Manage the IT Investment
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Maintain programme portfolio. RACI


    Chief executive officer (CEO) A
    Chief financial officer (CFO) R
    Business Executive R
    Chief information officer (CIO) R
    Business Process Owner C
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security I

    Maintain project portfolio. RACI


    Chief executive officer (CEO) I
    Chief financial officer (CFO) C
    Business Executive A/R
    Chief information officer (CIO) A/R
    Business Process Owner C
    Chief Architect C
    Head Development C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security I

    Maintain service portfolio. RACI


    Chief executive officer (CEO) I
    Chief financial officer (CFO) C
    Business Executive A/R
    Chief information officer (CIO) A/R
    Business Process Owner C
    Head Operations C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security I

    Establish and maintain IT budgeting process. RACI


    Chief executive officer (CEO) I
    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) A
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration R
    The project management office or function (PMO) C

    Identify, communicate and monitor IT investment, cost and value to the business. RACI
    Chief executive officer (CEO) I
    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) A/R
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration R
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C
    PO6 Communicate Management Aims and Direction
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Establish and maintain an IT control environment and framework. RACI


    Chief executive officer (CEO) I
    Chief financial officer (CFO) C
    Business Executive I
    Chief information officer (CIO) A/R
    Business Process Owner I
    Head Operations C
    Head Development C
    Head IT Administration C
    Compliance, Audit, Risk and Security C

    Develop and maintain IT policies. RACI


    Chief executive officer (CEO) I
    Chief financial officer (CFO) I
    Business Executive I
    Chief information officer (CIO) A/R
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration R
    Compliance, Audit, Risk and Security C

    Communicate the IT control framework and IT objectives and direction. RACI


    Chief executive officer (CEO) I
    Chief financial officer (CFO) I
    Business Executive I
    Chief information officer (CIO) A/R
    Head IT Administration R
    Compliance, Audit, Risk and Security C
    PO7 Manage IT Human Resources
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Identify IT skills, position descriptions, salary ranges and personal performance RACI
    benchmarks.
    Chief financial officer (CFO) C
    Chief information officer (CIO) A
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration R
    The project management office or function (PMO) C

    Execute HR policies and procedures relevant to IT (recruit, hire, vet, compensate, RACI
    train, appraise, promote and dismiss).
    Chief information officer (CIO) A
    Head Operations R
    Chief Architect R
    Head Development R
    Head IT Administration R
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security C
    PO8 Manage Quality
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Define a quality management system. RACI


    Chief executive officer (CEO) C
    Business Executive C
    Chief information officer (CIO) A/R
    Business Process Owner I
    Head Operations I
    Chief Architect I
    Head Development I
    Head IT Administration I
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security C

    Establish and maintain a quality management system. RACI


    Chief executive officer (CEO) I
    Chief financial officer (CFO) I
    Business Executive I
    Chief information officer (CIO) A/R
    Business Process Owner I
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C

    Build and communicate quality standards through the organisation. RACI


    Chief financial officer (CFO) I
    Chief information officer (CIO) A/R
    Business Process Owner I
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C

    Build and manage the quality plan for continuous improvement. RACI
    Chief information officer (CIO) A/R
    Business Process Owner I
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C

    Measure, monitor and review compliance with the quality goals. RACI
    Chief information officer (CIO) A/R
    Business Process Owner I
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C
    PO9 Assess and Manage IT Risks
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Determine risk management alignment (e.g., assess risk). RACI


    Chief executive officer (CEO) A
    Chief financial officer (CFO) A/R
    Business Executive C
    Chief information officer (CIO) C
    Business Process Owner A/R
    Head Operations I
    Compliance, Audit, Risk and Security I

    Understand relevant strategic business objectives. RACI


    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) A/R
    Business Process Owner C
    Head Operations C
    Compliance, Audit, Risk and Security I

    Understand relevant business process objectives. RACI


    Chief information officer (CIO) C
    Business Process Owner C
    Head Operations A/R
    Compliance, Audit, Risk and Security I

    Identify internal IT objectives and establish risk context. RACI


    Business Process Owner A/R
    Chief Architect C
    Head Development C
    Head IT Administration C
    Compliance, Audit, Risk and Security I

    Identify events associated with objectives [some events are business-oriented RACI
    (business is A); some are IT-oriented (IT is A, business is C)].
    Chief executive officer (CEO) I
    Chief information officer (CIO) A/C
    Business Process Owner A
    Head Operations R
    Chief Architect R
    Head Development R
    Head IT Administration R
    Compliance, Audit, Risk and Security C

    Assess risk associated with events. RACI


    Chief information officer (CIO) A/C
    Business Process Owner A
    Head Operations R
    Chief Architect R
    Head Development R
    Head IT Administration R
    Compliance, Audit, Risk and Security C

    Evaluate risk responses. RACI


    Chief executive officer (CEO) I
    Chief financial officer (CFO) I
    Business Executive A
    Chief information officer (CIO) A/C
    Business Process Owner A
    Head Operations R
    Chief Architect R
    Head Development R
    Head IT Administration R
    Compliance, Audit, Risk and Security C

    Prioritise and plan control activities. RACI


    Chief executive officer (CEO) C
    Chief financial officer (CFO) C
    Business Executive A
    Chief information officer (CIO) A
    Business Process Owner R
    Head Operations R
    Chief Architect C
    Head Development C
    Head IT Administration C
    Compliance, Audit, Risk and Security C

    Approve and ensure funding for risk action plans. RACI


    Chief financial officer (CFO) A
    Business Executive A
    Business Process Owner R
    Head Operations I
    Chief Architect I
    Head Development I
    Head IT Administration I
    Compliance, Audit, Risk and Security I
    Maintain and monitor a risk action plan. RACI
    Chief executive officer (CEO) A
    Chief financial officer (CFO) C
    Business Executive I
    Chief information officer (CIO) R
    Business Process Owner R
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security R
    PO10 Manage Projects
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Define a programme/portfolio management framework for IT investments. RACI


    Chief executive officer (CEO) C
    Chief financial officer (CFO) C
    Business Executive A
    Chief information officer (CIO) R
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C

    Establish and maintain an IT project management framework. RACI


    Chief executive officer (CEO) I
    Chief financial officer (CFO) I
    Business Executive I
    Chief information officer (CIO) A/R
    Business Process Owner I
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security C

    Establish and maintain an IT project monitoring, measurement and management RACI


    system.
    Chief executive officer (CEO) I
    Chief financial officer (CFO) I
    Business Executive I
    Chief information officer (CIO) R
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) A/R
    Compliance, Audit, Risk and Security C

    Build project charters, schedules, quality plans, budgets, and communication and risk RACI
    management plans.
    Business Executive C
    Chief information officer (CIO) C
    Business Process Owner C
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) A/R
    Compliance, Audit, Risk and Security C

    Assure the participation and commitment of project stakeholders. RACI


    Chief executive officer (CEO) I
    Business Executive A
    Chief information officer (CIO) R
    Business Process Owner C
    Compliance, Audit, Risk and Security C

    Assure the effective control of projects and project changes. RACI


    Business Executive C
    Chief information officer (CIO) C
    Head Operations C
    Chief Architect C
    Head Development C
    The project management office or function (PMO) A/R
    Compliance, Audit, Risk and Security C

    Define and implement project assurance and review methods. RACI


    Business Executive I
    Chief information officer (CIO) C
    Head Development I
    The project management office or function (PMO) A/R
    Compliance, Audit, Risk and Security C
    AI

    Acquire and Implement


    AI1 Identify Automated Solutions
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Define business functional and technical requirements. RACI


    Business Executive C
    Chief information officer (CIO) C
    Business Process Owner R
    Head Operations C
    Chief Architect R
    Head Development R
    The project management office or function (PMO) A/R
    Compliance, Audit, Risk and Security I

    Establish processes for integrity/currency of requirements. RACI


    Chief information officer (CIO) C
    Head Operations C
    Head Development C
    The project management office or function (PMO) A/R
    Compliance, Audit, Risk and Security C

    Identify, document and analyse business process risk. RACI


    Business Executive A/R
    Chief information officer (CIO) R
    Business Process Owner R
    Head Operations R
    Chief Architect C
    Head Development R
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security C

    Conduct a feasibility study/impact assessment in respect of implementing proposed RACI


    business requirements.
    Business Executive A/R
    Chief information officer (CIO) R
    Business Process Owner R
    Head Operations C
    Chief Architect C
    Head Development C
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security C
    Assess IT operational benefits of proposed solutions. RACI
    Chief financial officer (CFO) I
    Business Executive R
    Chief information officer (CIO) A/R
    Business Process Owner R
    Head Operations I
    Chief Architect I
    Head Development I
    The project management office or function (PMO) R

    Assess business benefits of proposed solutions. RACI


    Business Executive A/R
    Chief information officer (CIO) R
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration I
    The project management office or function (PMO) R

    Develop a requirements approval process. RACI


    Business Executive C
    Chief information officer (CIO) A
    Head Operations C
    Chief Architect C
    Head Development C
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security C

    Approve and sign off on solutions proposed. RACI


    Chief financial officer (CFO) C
    Business Executive A/R
    Chief information officer (CIO) R
    Business Process Owner R
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration I
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security C
    AI2 Acquire and Maintain Application Software
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Translate business requirements into high-level design specification. RACI


    Business Process Owner C
    Chief Architect C
    Head Development A/R
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security C

    Prepare detailed design and technical software application requirements. RACI


    Chief information officer (CIO) I
    Business Process Owner C
    Head Operations C
    Chief Architect C
    Head Development A/R
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security C

    Specify application controls within the design. RACI


    Business Process Owner R
    Head Operations C
    Head Development A/R
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security R

    Customise and implement acquired automated functionality. RACI


    Business Process Owner C
    Head Operations C
    Head Development A/R
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security C

    Develop formalised methodologies and processes to manage the application RACI


    development process.
    Chief information officer (CIO) C
    Head Operations C
    Chief Architect C
    Head Development A
    Head IT Administration C
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security C

    Create a software quality assurance plan for the project. RACI


    Business Process Owner I
    Chief Architect C
    Head Development R
    The project management office or function (PMO) A/R
    Compliance, Audit, Risk and Security C

    Track and manage application requirements. RACI


    Head Development R
    The project management office or function (PMO) A/R

    Develop a plan for the maintenance of software applications. RACI


    Chief information officer (CIO) C
    Head Operations C
    Head Development A/R
    The project management office or function (PMO) C
    AI3 Acquire and Maintain Technology Infrastructure
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Define acquisition procedure/process. RACI


    Chief financial officer (CFO) C
    Chief information officer (CIO) A
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration R
    Compliance, Audit, Risk and Security I

    Discuss infrastructure requirements with (approved) vendors. RACI


    Chief financial officer (CFO) C/I
    Chief information officer (CIO) A
    Business Process Owner I
    Head Operations R
    Chief Architect C
    Head Development C
    Head IT Administration R
    Compliance, Audit, Risk and Security I

    Define strategy and plan maintenance for infrastructure. RACI


    Chief information officer (CIO) A
    Head Operations R
    Chief Architect R
    Head Development R
    Head IT Administration C

    Configure infrastructure components. RACI


    Chief information officer (CIO) A
    Head Operations R
    Chief Architect C
    Compliance, Audit, Risk and Security I
    AI4 Enable Operation and Use
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Develop strategy to operationalise the solution. RACI


    Chief information officer (CIO) A
    Business Process Owner A
    Head Operations R
    Head Development R
    Compliance, Audit, Risk and Security I
    Deployment Team R
    Training Department C

    Develop knowledge transfer methodology. RACI


    Chief information officer (CIO) C
    Business Process Owner A
    Deployment Team C
    Training Department R

    Develop end-user procedure manuals. RACI


    Business Process Owner A/R
    Head Development R
    Compliance, Audit, Risk and Security C
    Deployment Team C

    Develop technical support documentation for operations and support staff. RACI
    Head Operations A/R
    Head Development C
    Compliance, Audit, Risk and Security C

    Develop and deliver training. RACI


    Business Process Owner A
    Head Operations A
    Head Development R
    Training Department R

    Evaluate training results and enhance documentation as required. RACI


    Business Process Owner A
    Head Operations A
    Deployment Team R
    Training Department R
    AI5 Procure IT Resources
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Develop IT procurement policies and procedures aligned with procurement policies at RACI
    the corporate level.
    Chief executive officer (CEO) I
    Chief financial officer (CFO) C
    Chief information officer (CIO) A
    Head Operations I
    Chief Architect I
    Head Development I
    Head IT Administration R
    Compliance, Audit, Risk and Security C

    Establish/maintain a list of accredited suppliers. RACI


    Head IT Administration A/R

    Evaluate and select suppliers through a request for proposal (RFP) process. RACI
    Chief executive officer (CEO) C
    Chief financial officer (CFO) C
    Chief information officer (CIO) A
    Head Operations R
    Head Development R
    Head IT Administration R
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security C

    Develop contracts that protect the organisation’s interests. RACI


    Chief executive officer (CEO) R
    Chief financial officer (CFO) C
    Chief information officer (CIO) A
    Head Operations R
    Head Development R
    Head IT Administration R
    Compliance, Audit, Risk and Security C

    Procure in compliance with established procedures. RACI


    Chief information officer (CIO) A
    Head Operations R
    Head Development R
    Head IT Administration R
    Compliance, Audit, Risk and Security C
    AI6 Manage Changes
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Develop and implement a process to consistently record, assess and prioritise change RACI
    requests.
    Chief information officer (CIO) A
    Business Process Owner I
    Head Operations R
    Chief Architect C
    Head Development R
    Head IT Administration C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C

    Assess impact and prioritise changes based on business needs. RACI


    Chief information officer (CIO) I
    Business Process Owner R
    Head Operations A/R
    Chief Architect C
    Head Development R
    Head IT Administration C
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security C

    Assure that any emergency and critical change follows the approved process. RACI
    Chief information officer (CIO) I
    Business Process Owner I
    Head Operations A/R
    Chief Architect I
    Head Development R
    Compliance, Audit, Risk and Security C

    Authorise changes. RACI


    Chief information officer (CIO) I
    Business Process Owner C
    Head Operations A/R
    Head Development R

    Manage and disseminate relevant information regarding changes. RACI


    Chief information officer (CIO) A
    Business Process Owner I
    Head Operations R
    Chief Architect C
    Head Development R
    Head IT Administration I
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security C
    AI7 Install and Accredit Solutions and Changes
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Build and review implementation plans. RACI


    Business Executive C
    Chief information officer (CIO) A
    Business Process Owner I
    Head Operations C
    Chief Architect C
    Head Development R
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C

    Define and review a test strategy (entry and exit criteria) and an operational test plan RACI
    methodology.
    Business Executive C
    Chief information officer (CIO) A
    Business Process Owner C
    Head Operations C
    Chief Architect C
    Head Development R
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C

    Build and maintain a business and technical requirements repository and test cases RACI
    for accredited systems.
    Chief information officer (CIO) A
    Head Development R

    Perform system conversion and integration tests on test environment. RACI


    Business Executive I
    Chief information officer (CIO) I
    Business Process Owner R
    Head Operations C
    Chief Architect C
    Head Development A/R
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security C

    Deploy test environment and conduct final acceptance tests. RACI


    Business Executive I
    Chief information officer (CIO) I
    Business Process Owner R
    Head Operations A
    Chief Architect C
    Head Development A/R
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security C

    Recommend promotion to production based on agreed-upon accreditation criteria. RACI


    Business Executive I
    Chief information officer (CIO) R
    Business Process Owner A
    Head Operations R
    Chief Architect C
    Head Development R
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security C
    DS

    Deliver and Support


    DS1 Define and Manage Service Levels
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Create a framework for defining IT services. RACI


    Business Executive C
    Chief information officer (CIO) A
    Business Process Owner C
    Head Operations C
    Chief Architect I
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security C
    Service Manager R

    Build an IT service catalogue. RACI


    Business Executive I
    Chief information officer (CIO) A
    Business Process Owner C
    Head Operations C
    Chief Architect I
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security I
    Service Manager R

    Define SLAs for critical IT services. RACI


    Chief financial officer (CFO) I
    Business Executive I
    Chief information officer (CIO) C
    Business Process Owner C
    Head Operations R
    Chief Architect I
    Head Development R
    Head IT Administration R
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C
    Service Manager A/R

    Define OLAs for meeting SLAs. RACI


    Chief information officer (CIO) I
    Business Process Owner C
    Head Operations R
    Chief Architect I
    Head Development R
    Head IT Administration R
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C
    Service Manager A/R

    Monitor and report end-to-end service level performance. RACI


    Chief information officer (CIO) I
    Business Process Owner I
    Head Operations R
    Head Development I
    Head IT Administration I
    Compliance, Audit, Risk and Security I
    Service Manager A/R

    Review SLAs and UCs. RACI


    Chief financial officer (CFO) I
    Chief information officer (CIO) I
    Business Process Owner C
    Head Operations R
    Head Development R
    Head IT Administration R
    Compliance, Audit, Risk and Security C
    Service Manager A/R

    Review and update IT service catalogue. RACI


    Business Executive I
    Chief information officer (CIO) A
    Business Process Owner C
    Head Operations C
    Chief Architect I
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security I
    Service Manager R

    Create service improvement plan. RACI


    Business Executive I
    Chief information officer (CIO) A
    Business Process Owner I
    Head Operations R
    Chief Architect I
    Head Development R
    Head IT Administration C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security I
    Service Manager R
    DS2 Manage Third-party Services
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Identify and categorise third-party service relationships. RACI


    Chief information officer (CIO) I
    Business Process Owner C
    Head Operations R
    Chief Architect C
    Head Development R
    Head IT Administration A/R
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C

    Define and document supplier management processes. RACI


    Chief financial officer (CFO) C
    Chief information officer (CIO) A
    Business Process Owner I
    Head Operations R
    Chief Architect I
    Head Development R
    Head IT Administration R
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C

    Establish supplier evaluation and selection policies and procedures. RACI


    Chief financial officer (CFO) C
    Chief information officer (CIO) A
    Business Process Owner C
    Head Operations C
    Head Development C
    Head IT Administration R
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C

    Identify, assess and mitigate supplier risks. RACI


    Chief financial officer (CFO) I
    Chief information officer (CIO) A
    Head Operations R
    Head Development R
    Head IT Administration R
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C
    Monitor supplier service delivery. RACI
    Chief information officer (CIO) R
    Business Process Owner A
    Head Operations R
    Head Development R
    Head IT Administration R
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C

    Evaluate long-term goals of the service relationship for all stakeholders. RACI
    Chief executive officer (CEO) C
    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) A/R
    Business Process Owner C
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration R
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C
    DS3 Manage Performance and Capacity
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Establish a planning process for the review of performance and capacity of IT RACI
    resources.
    Chief information officer (CIO) A
    Head Operations R
    Chief Architect C
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) C

    Review current IT resources’ performance and capacity. RACI


    Chief information officer (CIO) C
    Business Process Owner I
    Head Operations A/R
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) C

    Conduct IT resources’ performance and capacity forecasting. RACI


    Chief information officer (CIO) C
    Business Process Owner C
    Head Operations A/R
    Chief Architect C
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) C

    Conduct gap analysis to identify IT resources mismatch. RACI


    Chief information officer (CIO) C
    Business Process Owner I
    Head Operations A/R
    Head Development R
    Head IT Administration C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security I

    Conduct contingency planning for potential IT resources unavailability. RACI


    Chief information officer (CIO) C
    Business Process Owner I
    Head Operations A/R
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security C

    Continuously monitor and report the availability, performance and capacity of IT RACI
    resources.
    Chief information officer (CIO) I
    Business Process Owner I
    Head Operations A/R
    Head Development I
    Head IT Administration I
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security I
    DS4 Ensure Continuous Service
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Develop IT continuity framework. RACI


    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) A
    Business Process Owner C
    Head Operations R
    Chief Architect R
    Head Development R
    Head IT Administration C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security R

    Conduct business impact analysis and risk assessment. RACI


    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) C
    Business Process Owner C
    Head Operations A/R
    Chief Architect C
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C

    Develop and maintain IT continuity plans. RACI


    Chief executive officer (CEO) I
    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) C
    Business Process Owner I
    Head Operations A/R
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C

    Identify and categorise IT resources based on recovery objectives. RACI


    Chief information officer (CIO) C
    Head Operations A/R
    Head Development C
    Head IT Administration I
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security I

    Define and execute change control procedures to ensure IT continuity plan is current. RACI
    Chief information officer (CIO) I
    Head Operations A/R
    Head Development R
    Head IT Administration R
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security I

    Regularly test IT continuity plan. RACI


    Chief information officer (CIO) I
    Business Process Owner I
    Head Operations A/R
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security I

    Develop follow-on action plan from test results. RACI


    Chief information officer (CIO) C
    Business Process Owner I
    Head Operations A/R
    Chief Architect C
    Head Development R
    Head IT Administration R
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security I

    Plan and conduct IT continuity training. RACI


    Chief information officer (CIO) I
    Business Process Owner R
    Head Operations A/R
    Head Development C
    Head IT Administration R
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security I

    Plan IT services recovery and resumption. RACI


    Chief financial officer (CFO) I
    Business Executive I
    Chief information officer (CIO) C
    Business Process Owner C
    Head Operations A/R
    Chief Architect C
    Head Development R
    Head IT Administration R
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security C

    Plan and implement backup storage and protection. RACI


    Chief information officer (CIO) I
    Head Operations A/R
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security I

    Establish procedures for conducting post-resumption reviews. RACI


    Chief information officer (CIO) C
    Business Process Owner I
    Head Operations A/R
    Head Development C
    Head IT Administration C
    Compliance, Audit, Risk and Security C
    DS5 Ensure Systems Security
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Define and maintain an IT security plan. RACI


    Chief executive officer (CEO) I
    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) A
    Business Process Owner C
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration I
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security R

    Define, establish and operate an identity (account) management process. RACI


    Business Executive I
    Chief information officer (CIO) A
    Business Process Owner C
    Head Operations R
    Chief Architect R
    Head Development I
    Compliance, Audit, Risk and Security C

    Monitor potential and actual security incidents. RACI


    Chief information officer (CIO) A
    Business Process Owner I
    Head Operations R
    Chief Architect C
    Head Development C
    Compliance, Audit, Risk and Security R

    Periodically review and validate user access rights and privileges. RACI
    Chief information officer (CIO) A
    Business Process Owner I
    Head Operations C
    Compliance, Audit, Risk and Security R

    Establish and maintain procedures for maintaining and safeguarding cryptographic RACI
    keys.
    Chief information officer (CIO) A
    Head Operations R
    Head IT Administration I
    Compliance, Audit, Risk and Security C

    Implement and maintain technical and procedural controls to protect information RACI
    flows across networks.
    Chief information officer (CIO) A
    Business Process Owner C
    Head Operations C
    Chief Architect R
    Head Development R
    Compliance, Audit, Risk and Security C

    Conduct regular vulnerability assessments. RACI


    Chief financial officer (CFO) I
    Chief information officer (CIO) A
    Business Process Owner I
    Head Operations C
    Chief Architect C
    Head Development C
    Compliance, Audit, Risk and Security R
    DS6 Identify and Allocate Costs
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Map IT infrastructure to services provided/business processes supported. RACI


    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) A
    Business Process Owner C
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration R
    The project management office or function (PMO) C

    Identify all IT costs (e.g., people, technology) and map them to IT services on a unit RACI
    cost basis.
    Chief financial officer (CFO) C
    Chief information officer (CIO) A
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration R
    The project management office or function (PMO) C

    Establish and maintain an IT accounting and cost control process. RACI


    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) A
    Business Process Owner C
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration R
    The project management office or function (PMO) C

    Establish and maintain charging policies and procedures. RACI


    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) A
    Business Process Owner C
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration R
    The project management office or function (PMO) C
    DS7 Educate and Train Users
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Identify and characterise users’ training needs. RACI


    Business Executive C
    Chief information officer (CIO) A
    Business Process Owner R
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C
    Training Department R

    Build a training programme. RACI


    Business Executive C
    Chief information officer (CIO) A
    Business Process Owner R
    Head Operations C
    Chief Architect I
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security I
    Training Department R

    Conduct awareness, education and training activities. RACI


    Business Executive I
    Chief information officer (CIO) A
    Business Process Owner C
    Head Operations C
    Chief Architect I
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security I
    Training Department R

    Perform training evaluation. RACI


    Business Executive I
    Chief information officer (CIO) A
    Business Process Owner R
    Head Operations C
    Chief Architect I
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security I
    Training Department R

    Identify and evaluate best training delivery methods and tools. RACI
    Business Executive I
    Chief information officer (CIO) A/R
    Business Process Owner R
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C
    Training Department R
    DS8 Manage Service Desk and Incidents
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Create classification (severity and impact) and escalation procedures (functional and RACI
    hierarchical).
    Chief information officer (CIO) C
    Business Process Owner C
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration C
    Compliance, Audit, Risk and Security C
    Service Desk/Incident Manager A/R

    Detect and record incidents/service requests/information requests. RACI


    Service Desk/Incident Manager A/R

    Classify, investigate and diagnose queries. RACI


    Chief information officer (CIO) I
    Head Operations C
    Chief Architect C
    Head Development C
    Compliance, Audit, Risk and Security I
    Service Desk/Incident Manager A/R

    Resolve, recover and close incident. RACI


    Business Process Owner I
    Head Operations R
    Chief Architect R
    Head Development R
    Compliance, Audit, Risk and Security C
    Service Desk/Incident Manager A/R

    Inform users (e.g., status updates). RACI


    Chief information officer (CIO) I
    Business Process Owner I
    Service Desk/Incident Manager A/R

    Produce management reporting. RACI


    Chief executive officer (CEO) I
    Chief information officer (CIO) I
    Business Process Owner I
    Head Operations I
    Head IT Administration I
    Compliance, Audit, Risk and Security I
    Service Desk/Incident Manager A/R
    DS9 Manage the Configuration
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Develop configuration management planning procedures. RACI


    Business Process Owner C
    Head Operations A
    Chief Architect C
    Head Development I
    Head IT Administration C
    Compliance, Audit, Risk and Security C
    Configuration Manager R

    Collect initial configuration information and establish baselines. RACI


    Head Operations C
    Chief Architect C
    Head Development C
    Compliance, Audit, Risk and Security I
    Configuration Manager A/R

    Verify and audit configuration information (includes detection of unauthorised RACI


    software).
    Chief financial officer (CFO) I
    Head Operations A
    Head IT Administration I
    Compliance, Audit, Risk and Security I
    Configuration Manager A/R

    Update configuration repository. RACI


    Head Operations R
    Chief Architect R
    Head Development R
    Compliance, Audit, Risk and Security I
    Configuration Manager A/R
    DS10 Manage Problems
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Identify and classify problems. RACI


    Business Executive I
    Chief information officer (CIO) I
    Business Process Owner C
    Head Operations A
    Chief Architect C
    Head Development C
    Compliance, Audit, Risk and Security I
    Problem Manager R

    Perform root cause analysis. RACI


    Head Operations C
    Head Development C
    Problem Manager A/R

    Resolve problems. RACI


    Business Process Owner C
    Head Operations A
    Chief Architect R
    Head Development R
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security C
    Problem Manager C

    Review status of problems. RACI


    Business Executive I
    Chief information officer (CIO) I
    Business Process Owner C
    Head Operations A/R
    Chief Architect C
    Head Development C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C
    Problem Manager R

    Issue recommendations for improvement and create a related request for change. RACI
    Business Process Owner I
    Head Operations A
    Chief Architect I
    Head Development I
    The project management office or function (PMO) I
    Problem Manager R

    Maintain problem records. RACI


    Business Process Owner I
    Head Operations I
    Head Development I
    Compliance, Audit, Risk and Security I
    Problem Manager A/R
    DS11 Manage Data
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Translate data storage and retention requirements into procedures. RACI


    Chief information officer (CIO) A
    Business Process Owner I
    Head Operations C
    Chief Architect R
    Compliance, Audit, Risk and Security C

    Define, maintain and implement procedures to manage media library. RACI


    Chief information officer (CIO) A
    Head Operations R
    Chief Architect C
    Head Development C
    Head IT Administration I
    Compliance, Audit, Risk and Security C

    Define, maintain and implement procedures for secure disposal of media and RACI
    equipment.
    Chief information officer (CIO) A
    Business Process Owner C
    Head Operations R
    Head IT Administration I
    Compliance, Audit, Risk and Security C

    Back up data according to scheme. RACI


    Chief information officer (CIO) A
    Head Operations R

    Define, maintain and implement procedures for data restoration. RACI


    Chief information officer (CIO) A
    Business Process Owner C
    Head Operations R
    Chief Architect C
    Head Development C
    Compliance, Audit, Risk and Security I
    DS12 Manage the Physical Environment
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Define required level of physical protection. RACI


    Business Process Owner C
    Head Operations A/R
    Chief Architect C
    Compliance, Audit, Risk and Security C

    Select and commission the site (data center, office, etc.). RACI
    Chief executive officer (CEO) I
    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) C
    Business Process Owner C
    Head Operations A/R
    Chief Architect C
    Head IT Administration C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security C

    Implement physical environment measures. RACI


    Business Process Owner I
    Head Operations A/R
    Chief Architect I
    Head Development I
    Compliance, Audit, Risk and Security C

    Manage physical environment (maintaining, monitoring and reporting included). RACI


    Head Operations A/R
    Chief Architect C

    Define and implement procedures for physical access authorisation and maintenance. RACI
    Chief information officer (CIO) C
    Business Process Owner I
    Head Operations A/R
    Chief Architect I
    Head Development I
    Head IT Administration I
    Compliance, Audit, Risk and Security C
    DS13 Manage Operations
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Create/modify operations procedures (including manuals, checklists, shift planning, RACI


    handover documentation, escalation procedures, etc.).
    Head Operations A/R
    Compliance, Audit, Risk and Security I

    Schedule workload and batch jobs. RACI


    Business Process Owner C
    Head Operations A/R
    Chief Architect C
    Head Development C

    Monitor infrastructure and processing, and resolve problems. RACI


    Head Operations A/R
    Compliance, Audit, Risk and Security I

    Manage and secure physical output (e.g., paper, media). RACI


    Head Operations A/R
    Compliance, Audit, Risk and Security C

    Apply fixes or changes to the schedule and infrastructure. RACI


    Business Process Owner C
    Head Operations A/R
    Chief Architect C
    Head Development C
    Compliance, Audit, Risk and Security C

    Implement/establish a process for safeguarding authentication devices against RACI


    interference, loss and theft.
    Chief information officer (CIO) A
    Head Operations R
    Head IT Administration I
    Compliance, Audit, Risk and Security C

    Schedule and perform preventive maintenance. RACI


    Head Operations A/R
    ME

    Monitor and Evaluate


    ME1 Monitor and Evaluate IT Performance
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Establish the monitoring approach. RACI


    Chief executive officer (CEO) A
    Chief financial officer (CFO) R
    Business Executive C
    Chief information officer (CIO) R
    Business Process Owner I
    Head Operations C
    Chief Architect I
    Head Development C
    Head IT Administration I
    Compliance, Audit, Risk and Security C

    Identify and collect measureable objectives that support the business objectives. RACI
    Chief executive officer (CEO) C
    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) A
    Business Process Owner R
    Head Operations R
    Head Development R

    Create scorecards. RACI


    Chief information officer (CIO) A
    Head Operations R
    Chief Architect C
    Head Development R
    Head IT Administration C

    Assess performance. RACI


    Chief financial officer (CFO) I
    Business Executive I
    Chief information officer (CIO) A
    Business Process Owner R
    Head Operations R
    Chief Architect C
    Head Development R
    Head IT Administration C
    Report performance. RACI
    Board I
    Chief executive officer (CEO) I
    Chief financial officer (CFO) I
    Business Executive A
    Chief information officer (CIO) A
    Business Process Owner R
    Head Operations R
    Chief Architect C
    Head Development R
    Head IT Administration C
    Compliance, Audit, Risk and Security I

    Identify and monitor performance improvement actions. RACI


    Chief information officer (CIO) A
    Business Process Owner R
    Head Operations R
    Chief Architect C
    Head Development R
    Head IT Administration C
    Compliance, Audit, Risk and Security C
    ME2 Monitor and Evaluate Internal Control
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Monitor and control IT internal control activities. RACI


    Chief information officer (CIO) A
    Head Operations R
    Head Development R
    Head IT Administration R
    Compliance, Audit, Risk and Security R

    Monitor the self-assessment process. RACI


    Business Executive I
    Chief information officer (CIO) A
    Head Operations R
    Head Development R
    Head IT Administration R
    Compliance, Audit, Risk and Security C

    Monitor the performance of independent reviews, audits and examinations. RACI


    Business Executive I
    Chief information officer (CIO) A
    Head Operations R
    Head Development R
    Head IT Administration R
    Compliance, Audit, Risk and Security C

    Monitor the process to obtain assurance over controls operated by third parties. RACI
    Chief executive officer (CEO) I
    Chief financial officer (CFO) I
    Business Executive I
    Chief information officer (CIO) A
    Head Operations R
    Head Development R
    Head IT Administration R
    Compliance, Audit, Risk and Security C

    Monitor the process to identify and assess control exceptions. RACI


    Chief executive officer (CEO) I
    Chief financial officer (CFO) I
    Business Executive I
    Chief information officer (CIO) A
    Business Process Owner I
    Head Operations R
    Head Development R
    Head IT Administration R
    Compliance, Audit, Risk and Security C

    Monitor the process to identify and remediate control exceptions. RACI


    Chief executive officer (CEO) I
    Chief financial officer (CFO) I
    Business Executive I
    Chief information officer (CIO) A
    Business Process Owner I
    Head Operations R
    Head Development R
    Head IT Administration R
    Compliance, Audit, Risk and Security C

    Report to key stakeholders. RACI


    Board I
    Chief executive officer (CEO) I
    Chief financial officer (CFO) I
    Chief information officer (CIO) A/R
    Compliance, Audit, Risk and Security I
    ME3 Ensure Compliance With External Requirements
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Define and execute a process to identify legal, contractual, policy and regulatory RACI
    requirements.
    Chief information officer (CIO) A/R
    Business Process Owner C
    Head Operations I
    Chief Architect I
    Head Development I
    Head IT Administration C
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security R

    Evaluate compliance of IT activities with IT policies, plans and procedures. RACI


    Chief executive officer (CEO) I
    Chief financial officer (CFO) I
    Business Executive I
    Chief information officer (CIO) A/R
    Business Process Owner I
    Head Operations R
    Chief Architect R
    Head Development R
    Head IT Administration R
    The project management office or function (PMO) R
    Compliance, Audit, Risk and Security R
    Board I

    Report positive assurance of compliance of IT activities with IT policies, plans and RACI
    procedures.
    Chief information officer (CIO) A/R
    Business Process Owner C
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration C
    The project management office or function (PMO) C
    Compliance, Audit, Risk and Security R

    Provide input to align IT policies, plans and procedures in response to compliance RACI
    requirements.
    Chief information officer (CIO) A/R
    Business Process Owner C
    Head Operations C
    Chief Architect C
    Head Development C
    Head IT Administration C
    Compliance, Audit, Risk and Security R

    Integrate IT reporting on regulatory requirements with similar output from other RACI
    business functions.
    Chief information officer (CIO) A/R
    Head Operations I
    Chief Architect I
    Head Development I
    Head IT Administration R
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security R
    ME4 Provide IT Governance
    RACI
    A RACI Chart identifies who is Responsible, Accountable, Consulted, and/or Informed

    Establish executive and board oversight and facilitation over IT activities. RACI
    Board A
    Chief executive officer (CEO) R
    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) C
    Compliance, Audit, Risk and Security C

    Review, endorse, align and communicate IT performance, IT strategy, and resource RACI
    and risk management with business strategy.
    Board A
    Chief executive officer (CEO) R
    Chief financial officer (CFO) I
    Business Executive I
    Chief information officer (CIO) R
    Compliance, Audit, Risk and Security C

    Obtain periodic independent assessment of performance and compliance with policies, RACI
    plans and procedures.
    Board A
    Chief executive officer (CEO) R
    Chief financial officer (CFO) C
    Business Executive I
    Chief information officer (CIO) C
    Head Operations I
    Chief Architect I
    Head Development I
    Head IT Administration I
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security R

    Resolve findings of independent assessments, and ensure management's RACI


    implementation of agreed-upon recommendations.
    Board A
    Chief executive officer (CEO) R
    Chief financial officer (CFO) C
    Business Executive I
    Chief information officer (CIO) C
    Head Operations I
    Chief Architect I
    Head Development I
    Head IT Administration I
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security R

    Generate an IT governance report. RACI


    Board A
    Chief executive officer (CEO) C
    Chief financial officer (CFO) C
    Business Executive C
    Chief information officer (CIO) R
    Business Process Owner C
    Head Operations I
    Chief Architect I
    Head Development I
    Head IT Administration I
    The project management office or function (PMO) I
    Compliance, Audit, Risk and Security C

    You might also like