Professional Documents
Culture Documents
Cobit Audit
Cobit Audit
EG01—Portfolio of competitive products and services 3 3 EG01—Portfolio of competitive products and services 3
EG02—Managed business risk 4 3
EG02—Managed business risk 4
EG03—Compliance with external laws and regulations 5 3
EG04—Quality of financial information 1 3 EG03—Compliance with external laws and regulations 5
EG05—Customer-oriented service culture 4 3
EG06—Business-service continuity and availability 2 3 EG04—Quality of financial information 1
BAI08
APO08 BAI10
BAI10
DSS03
APO10 BAI08
DSS05
APO11 BAI07
MEA01
APO12 BAI06
MEA03 APO13 BAI05
APO14 BAI04
BIA01 BAI02 BAI03
Impact Likelihood (1- Design Factor 3 IT Risk Profile
Risk Scenario Category (1-5) 5) Risk Rating Baseline
Risk Rating of IT Risk Scenario Categories (Input)
IT investment decision making, portfolio definition & 2 1 2 9 0 5 10 15 20 25
maintenance
IT investment decision making, portfolio definition & maintenance
Program & projects life cycle management 4 3 12 9
Program & projects life cycle management
Complex IT operating model and/or unclear decision mechanisms for IT- Reluctance by board members, executives or senior management to engage with IT, or a lack of committed business sponsorship for IT
2
related decisions
20%
80%
Design Factor 5 Threat Landscape
Resulting Governance/Management
Objectives Importance
0
Support
Support 0 3
Factory 1
Factory 1 3
Turnaround 4 3
Strategic 2 3 Turnaround 4
Strategic 2
Design Factor 7 Role of IT
Resulting Governance/Management Ob-
jectives Importance
EDM02 EDM01 MEA04
-100 -75 -50 -25 0 25 50 75 100 EDM03 MEA03
EDM01 EDM04 MEA02
EDM02
EDM05 100 MEA01
EDM03
EDM04
APO01 75 DSS06
EDM05
APO01
APO02 APO02 50 DSS05
APO03
APO04 25
APO03 DSS04
APO05
APO06 0
APO07 APO04 DSS03
APO08 -25
APO09
APO10 -50
APO05 DSS02
APO11
APO12 -75
APO13
APO14 APO06 -100 DSS01
BIA01
BAI02
BAI03
APO07 BAI11
BAI04
BAI05
BAI06
APO08 BAI10
BAI07
BAI08
BAI09 APO09 BAI09
BAI10
BAI11
DSS01 APO10 BAI08
DSS02
DSS03 APO11 BAI07
DSS04
DSS05 APO12 BAI06
DSS06
MEA01 APO13 BAI05
MEA02 APO14 BAI04
MEA03 BIA01 BAI02 BAI03
MEA04
Design Factor 8 IT Sourcing Model (Input)
20%
60% 20%
Design Factor 8 Sourcing Model for IT
Resulting Governance/Management Objectives Design Factor 8 Sourcing Model for IT
Importance Resulting Governance/ Management Objectives Importance
30%
Design Factor 9 IT Implementation Methods
Resulting Governance/Management Objectives Importance
Design Factor 9 IT Implementation Methods
Resulting Governance/Management Objec-
tives Importance
EDM02 EDM01 MEA04
EDM03 MEA03
EDM04 MEA02
-100 -75 -50 -25 0 25 50 75 100
EDM01 EDM05 100 MEA01
EDM05 50
APO02 DSS05
APO02 25
APO03 DSS04
APO04
0
APO06 APO04 DSS03
-25
APO08
-50
APO05 DSS02
APO10
-75
APO12
APO06 -100 DSS01
APO14
BAI02
APO07 BAI11
BAI04
DSS03
APO11 BAI07
DSS05
APO12 BAI06
MEA01
APO13 BAI05
MEA03 APO14 BAI04
BIA01 BAI02 BAI03
Design Factor 10 Technology Adoption Strategy
First mover Follower Slow adopter
70%
Design Factor 10 Technology Adoption
Strategy Design Factor 10 Technology Adoption Strategy
Resulting Governance/Management Objec- Resulting Governance/Management Objectives Importance
tives Importance
-100 -75 -50 -25 0 25 50 75 100
EDM01
EDM02
EDM03
EDM02 EDM01 MEA04
EDM04
EDM03 MEA03
EDM05
EDM04 MEA02
APO01
APO02 EDM05 100 MEA01
APO03
APO01 75 DSS06
APO04
APO05
APO02 50 DSS05
APO06
APO07 25
APO08 APO03 DSS04
APO09 0
APO10 APO04 DSS03
APO11 -25
APO12
-50
APO13 APO05 DSS02
APO14 -75
BIA01
BAI02 APO06 -100 DSS01
BAI03
BAI04
BAI05 APO07 BAI11
BAI06
BAI07
APO08 BAI10
BAI08
BAI09
BAI10 APO09 BAI09
BAI11
DSS01 APO10 BAI08
DSS02
DSS03 APO11 BAI07
DSS04
DSS05 APO12 BAI06
DSS06
APO13 BAI05
MEA01
APO14 BAI04
MEA02 BIA01 BAI02 BAI03
MEA03
MEA04
THANK YOU