COBIT® 5 Principles 4 and 5 Tutorial

1 COBIT® 5 Principles 4 and 5

This lesson covers the fourth and the fifth principles of COBIT® 5, which are enabling a holistic approach and separating governance from management respectively. Let us begin with the objectives of this lesson in the next screen.

2 Objectives

By the end of this lesson you will be able to: ? Explain principles 4 and 5 of COBIT® 5 ? Identify the COBIT® 5 enablers and enabler dimensions ? Describe the governance-management interaction for each enabler Let us move on to the next screen to discuss the fourth principle of COBIT® 5.

3 Principle 4—Enabling a Holistic Approach

COBIT® 5 defines a set of enablers to support the implementation of a comprehensive governance and management system for enterprise IT. COBIT® 5 enablers are: defined as factors that, individually and collectively, influence if an initiative is successful; driven by the goals cascade and described by the COBIT® 5 framework in seven categories. Any enterprise should always consider an interconnected set of enablers. Each enabler needs the input of other enablers to be fully effective. For example, processes need information and organisational structures need enablers such as skills and behaviour. Each enabler delivers output for the benefit of other enablers. For example, processes deliver information, skills, and behaviour to make processes efficient. In the next screen, we will look into the COBIT® 5 Enablers image.

4 COBIT® 5 Enablers

The image on the screen depicts the seven enablers of COBIT® 5. Principles, policies and frameworks Processes Organisational structures Culture, ethics and behaviour Information Services, infrastructure and applications People, skills and competencies Let us proceed to the next screen to understand the COBIT® 5 Enabler dimensions.

5 COBIT® 5 Enabler Dimensions

All enablers have a set of common dimensions that: provide a common, simple and structured way to deal with other enablers and allow an entity to manage its complex interactions and facilitate successful outcomes of the enablers. The image on the screen depicts the various enabler dimensions. Enabler dimension consists of the stakeholders dimension, goals dimension, life cycle dimension, and good practices dimension. Click each enabler dimension to know more. Let us start with the stakeholders dimension. Each enabler has stakeholders, for example, processes have different parties who execute process activities and have an interest in the process outcomes. They can be internal or external stakeholders. Their needs translate into enterprise goals which in turn translate into IT-related goals. The next dimension is related to goals. Each enabler has a number of goals, and values are achieved when these goals are met. Goals can be defined as expected outcomes. The application and operation of the enabler and enabler goals are the final step in the goals cascade. Enabler goals can also be divided into intrinsic quality, contextual quality, access and security. Next, we will discuss the lifecycle dimension. Each enabler has a lifecycle of plan, design, build, acquire, create, implement, use, operate, evaluate, monitor, update and dispose. The final dimension is related to good practices. These practices support the achievement of enabler goals. They are also defined for each enabler. This dimension contains the practices, work products including both inputs and outputs. In the next screen, we will look into the COBIT® 5 enabler performance management.

6 COBIT® 5 Enabler Performance Management

The image on the screen depicts the various elements of enabler performance management. For performance management to be effective, the following questions must be asked: Are stakeholder needs addressed? Are enabler goals achieved? Is the enabler lifecycle managed? Are good practices applied? The first two questions deal with the actual outcome of the enabler and the metrics for the achievement of goals are called Lag Indicators. A Lag Indicator is one that follows an event. The importance of a Lag Indicator is its ability to confirm that something, which maybe a pattern, has occurred. Some common examples of Lag Indicators are profit, revenue and costs. Let us understand the concept of lag indicator metrics with the help of the following example. The Cost Efficiency Ratio or CER (read as C-E-R) target for the financial year is equal to below 50%. The ratio is calculated as a percentage of the revenue or expenses divided by revenue. If expenses are $1 million (read as ONE Million Dollars) and revenue is $2 million (read as Two Million Dollar), then the CER is 0.5 (read as Zero point Five) or 50%, that is, $1million divided by $2million. As per the calculated CER, a target return of 5% increase for every $1 increase in the stock prices is provided to the investors. The next two questions deal with the actual functioning of the enabler and the metrics for the application of practice are called Lead Indicators. The Lead Indicators are used to influence future events. These are often related to activities undertaken by people. Let us understand the concept of lead indicator metrics with the help of the following example. Lead indicator metrics can be used based on the reports generated on the number of unreported compliance breaches and incidents open, for example, a total number of compliance breaches not reported within 2 hours of occurrence and total number of incidents open beyond 2 days. In the next screen, let us focus on separating governance from management, which is the fifth principle of COBIT® 5.

7 Principle 5—Separating Governance from Management

The COBIT® 5 framework makes a clear distinction between governance and management. Governance and management encompass different types of activities, require different organisational structures and serve different purposes. ’COBIT® 5: Enabling Processes’ differentiates the activities associated with governance and management. In the next screen, let us look into the differences between governance and management.

8 Governance vs. Management

The basic differences between governance and management are as follows. Governance includes the Evaluate, Direct and Monitor or EDM processes whereas, management includes the Plans, Builds, Runs and Monitors or PBRM (read as P-B-R-M) processes. Governance has the following objectives: It ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved. It sets direction through prioritisation and decision-making. It monitors performance, compliance and progress against the agreed direction and objectives. The management aligns its activities with the direction set by the governance body to achieve the enterprise objectives using the PBRM processes. In the next screen, we will focus on the interaction between the governance and management entities.

9 Interaction between Governance and Management Entities

The image on the screen depicts the interaction between governance and management entities. The interaction consists of EDM (read as E-D-M) processes for governance and PBRM (read as P-B-R-M) processes for management. The governing body evaluates the business needs, directs and monitors the management to cater to the business needs. The management in turn plans, builds, runs and monitors to fulfil the business needs directed by the governing body. The management feedback is then evaluated by the governing body. In the next screen, we will look into the Process Reference Model that consists of the EDM and PBRM processes.

10 COBIT® 5 Process Reference Model (PRM)

The image on the screen depicts the Process Reference Model or PRM (read as P-R-M). As evident from the image, there are various processes for governance and management of enterprise IT. There are a total of five EDM (read as E-D-M) or governance processes and thirty two PBRM (read as P-B-R-M) or management processes. Please note that it is easy to relate the five EDM or governance processes to the initial steps in the Goals Cascade. EDM is about setting the governance framework and maintaining it. This helps to deliver value to stakeholders by ensuring the delivery of benefits, optimising risks and resources, and ensuring transparency among stakeholders. There is no requirement to know the thirty-two PBRM (read as P-B-R-M) management processes in-depth for the COBIT 5 Foundation Exam. However, it is recommended to go through the processes to briefly understand the activities, the names of which are self-explanatory. In the next screen, we will understand the governance-management interaction for each of the seven enablers.

11 Governance-Management Interaction for Each Enabler

The table on the screen depicts the governance-management interaction for the seven enablers of COBIT® 5. Let us begin with the first enabler that is principles, policies and frameworks. These are the vehicles by which the governance decisions are institutionalised within the enterprise. They are also an interaction between the governance decisions and management. The second enabler is processes. In the illustrative COBIT® 5 process model, a distinction is made between governance and management, including the practices and activities for each. The process model also includes Responsible, Accountable, Consulted and Informed or RACI (read as R-A-C-I) charts describing the responsibilities of different organisational structures and roles within the enterprise. The third enabler is organisational structure. The different organisational structures defined in an enterprise can be put together in the governance space or the management space, depending on their composition and scope of decisions. Interactions take place between the decisions taken by the governance structures and the decisions and operations implementing the former. The fourth enabler is culture, ethics and behaviour. This is also a key enabler of good governance and management of the enterprise. It is set at the top and is an important interaction between the governance and management. The fifth enabler is information. Information used for evaluating, directing and monitoring enterprise IT is exchanged between the governance and management as described in the process model inputs and outputs. The sixth enabler is services, infrastructure and applications. Services, supported by the applications and infrastructure, are required to provide the governance body with adequate information and to support the EDM activities. The seventh enabler is people, skills and competencies. The governance and management activities require different skillsets, but an essential skill for both is to understand sets of tasks and how they differ. In the next screen, we will look into the mapping of enterprise goals to governance and management

12 Mapping Enterprise Goals to Governance and Management

The COBIT® 5 enterprise goals are mapped to questions related to governance and management. Please take some time to go through these questions in the table attached. Click the button to view the table.

13 Summary

Let us summarise what we have learnt in this lesson: The fourth and fifth principles of COBIT® 5 are enabling a holistic approach and separating governance from management. The COBIT® 5 enablers are principles, policies and frameworks; processes; organisational structures; culture, ethics and behaviour; information; services, infrastructure and applications; and people, skills and competencies. The COBIT® 5 enabler dimensions are stakeholders, goals, lifecycle and good practices dimensions. Under information enabler, the Information used for evaluating, directing and monitoring enterprise IT is exchanged between the governance and management as described in the process model inputs and outputs. Next, we will look at a few questions based on the lessons covered so far.

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Phone Number*
Job Title*