Lesson 07 - Control

COBIT® 5 Principles 2 and 3

This lesson is a part of COBIT® 5 Foundation Certification Course and provides a detailed understanding of the second and third principles of COBIT® 5. Let us begin with the objectives of this lesson.

Objectives

By the end of this lesson you will be able to:

  • Describe principle 2 of COBIT® 5

  • Discuss governance enablers and governance scope

  • Identify the key roles in governance

  • Explain principle 3 of COBIT® 5

Let us move on to the next section to discuss the second principle of COBIT® 5.

Principle 2—Covering the Enterprise End-to-End

The second key principle of COBIT® 5 is ’covering the enterprise end-to-end’.
It means that COBIT® 5:

  • integrates the governance of enterprise IT with enterprise governance;

  • covers all functions and processes required to govern and manage enterprise information and related technologies wherever that information is processed and

  • addresses all relevant internal and external IT services as well as external and internal business processes.

Now let us understand the governance approach to the second principle.
The image shown below depicts the governance approach to ’covering the enterprise end-to-end’.
Covering the enterprise end to end
The image also shows the flow and interaction between the various components that illustrate the governance approach to this principle.
In the following section, we will discuss the various elements of the governance approach.

Governance Approach

The main elements of the governance approach for the principle ‘covering the enterprise end-to-end’ are as follows.

  • The first element is governance enablers.

- They comprise the organizational resources for governance, such as frameworks, principles, structures, processes and practices towards which action is directed and objectives can be attained. Governance enablers include the enterprise’s resources as well.

- Enablers also comprise resources such as service capabilities including infrastructure and applications, as well as people and information.

- A lack of resources or enablers may affect the ability of the enterprise to create value.

  • The next element is governance scope.

- It may comprise the whole enterprise or an entity.

- Governance can be applied not only at an enterprise entity or unit level but also at a tangible or intangible asset level. In the next section, we will look into the governance roles, activities and relationships.

Governance Roles, Activities and Relationships

To outline governance roles, activities and relationships, it is important to define:

  • who is involved in governance,                                                                            

  • how they are involved,

  • what they do and

  • how they interact within the scope of any governance system.

The key generic roles are handled by the owners and stakeholders, governing body, management and operations team. The key responsibilities of those who are involved in the governance process and the process flow are as follows.

  • The owners and stakeholders are accountable for the governance process. However, they delegate the responsibility of the process to a governing body.

  • The governing body sets the direction of the process to the management.

  • The management instructs and aligns the operations team with the direction set by the governing body.

  • The operations team executes the instructions and re ports back to the management.

  • The management will also monitor operations on behalf of the governing body.

  • The governing body will report back to owners and stakeholders about the performance.

Each of these roles and their responsibilities is discussed in detail in the forthcoming sections. Let us first understand the governance roles, activities and relationships of the stakeholders in the next section.

Owners and Stakeholders—Governance Roles, Activities and Relationships

The role of the owners and stakeholders and their activities, accountabilities and responsibilities are:

  • to specify their needs based on the drivers, for example, strategy changes, a changing business and regulatory environment, new technologies or advances in technology

  • to delegate their requests in the form of needs to be satisfied by the governing body

  • to be accountable in terms of the needs meeting the specified requirements.

In the next section, we will discuss the governance roles, activities and relationships of the governing body.

Governing Body—Governance Roles, Activities and Relationships

The role of the governing body and their responsibilities are:

  • to set directions in terms of enterprise goals for the management to fulfill the stakeholder needs

  • to hold the stakeholders accountable for the needs meeting the specified requirements

  • to receive requests from the stakeholders and evaluate the needs before setting the direction to the management and

  • to monitor the overall management functionality in delivering the stakeholder needs.

In the next section, we will focus on the governance roles, activities and relationships of the management.

Management—Governance Roles, Activities and Relationships

The role of the management and their activities and responsibilities are:

  • to receive directions from the governing body

  • to set IT-related goals for the IT and related operations team to meet the stakeholder needs

  • to instruct and align directions to the operations teams

  • to monitor the overall operations and execution to fulfill the stakeholder needs

  • to receive reports from the operations team.

We will focus on the governance roles, activities and relationships of the operations team in the following section.

Operations Team—Governance Roles, Activities and Relationships

The role of the operations team and their activities and responsibilities are:

  • to plan, build, test, run and monitor the activities that produce the final product or service that meets the stakeholder needs

  • to perform extensive planning, building, testing, running and monitoring the services and

  • to report to the management regarding the performance at regular intervals

In the next section, we will focus on the third principle of COBIT® 5, which is ‘applying a single integrated framework’.


Principle 3—Applying a Single Integrated Framework

The following are some important information about frameworks, models and standards.

Frameworks 

  • Frameworks are a system of rules, ideas or beliefs used to plan and build or even provide a support structure to build something.

  • Example, buildings, enterprises and best practices systems, such as ITIL® (read as I-T-I-L), COBIT® or software applications

 Models 

  • Models are similar to blueprints or prototypes of the intended real objects. They are physical representations that aid better visualization and conception of the real objects.

  • Examples of models are blueprints of buildings, 3D models and prototypes of products.

 Standards

  • Standards are agreed levels of quality. They are used as the norm and have to be met for the fulfillment of organizational goals and objectives.

  • Example, many companies have to comply with the quality standards such as ISO 9001 (Read as nine thousand and one) Standard, especially in the healthcare or food-related industries.

COBIT® 5 is an integrated framework because:

  • it aligns with the latest relevant standards and frameworks.

  • it is complete in enterprise coverage.

  • it provides a basis to integrate other frameworks, standards and practices effectively.

  • it integrates the knowledge previously distributed over different ISACA® (read as one word EESAKA) frameworks.

  • it provides a simple architecture for structuring guidance materials and producing a consistent product set.

In the next section, we will look into the illustration of the COBIT® 5 integrated framework.

What are you waiting for? Interested in taking up a COBIT® 5 Course? Check out our Course Preview!

COBIT® 5 Single Integrated Framework

The image shown below depicts the COBIT® 5 Integrated framework.
COBIT 5 Integrated Framework
As a single integrated framework, COBIT® 5 consists of existing ISACA® (read as EESAKA) guidance that includes other frameworks such as older versions of COBIT®, Val IT® (read as Value I-T), Risk IT® (read as Risk I-T) and BMIS™ (read as B-M-I-S). It also includes the new ISACA® guidance materials and other standards and frameworks. The COBIT® 5 knowledge base consists of current guidance and contents, along with the structure for the future content. The COBIT® 5 enablers contribute greatly to the knowledge base and its upkeep. The content filter for the knowledge base is applied to provide the various COBIT® 5 guides and publications namely

  • COBIT® 5

  • COBIT® 5 Enablers Guide

  • COBIT® 5 Professional Guides and

  • COBIT® 5 Online Collaborative Environment.

In the next section, we will discuss the ISACA® frameworks that have influenced COBIT® 5 and are included in it.

COBIT® 5 and Legacy ISACA® Frameworks

COBIT® 5 includes three legacy frameworks:

  • COBIT® 4.1 (read as KOBIT four point one) Control Objectives

  • Val IT® Key (read as Value I-T Key) Management Practices

  • Risk IT® Management Practices

These map to the COBIT® 5 Governance and Management Practices.
The image shown below depicts the three legacy frameworks:
COBIT 5 and Legacy ISACA Frameworks

In the next section, we will look into the COBIT® 5 product family.

COBIT® 5 Product Family

The image shown below depicts the COBIT® 5 product family which enables a single integrated framework.
COBIT 5 Product Family

  • COBIT® 5: A Business Framework for the Governance and Management of Enterprise IT

  • COBIT® 5: Enabling Processes COBIT® 5 Implementation Guide

  • COBIT® 5 for Information Security

  • COBIT® 5 for Assurance

  • COBIT® 5 for Risk

  • COBIT® 5 Online Collaborative Environment

A series of other products that will be tailored to specific audiences or topics are planned. The COBIT® 5 products are linked to the external sources for standards.

Planning to get COBIT 5 Certified? Click to see our Course Preview!

Summary

Let us summarise what we have learned in this tutorial:

  • The second principle of COBIT® 5 is ‘covering the enterprise end-to-end’ which means that COBIT® 5 integrates the governance of enterprise IT with enterprise governance.

  • The governance enablers comprise the organizational resources for the governance and the enterprise.

  • The governance scope comprises the whole enterprise, an entity and a tangible or an intangible asset.

  • The key roles in governance are handled by the owners and stakeholders, governing body, management and operations team.

  • The third principle of COBIT® 5 is ‘applying a single integrated framework’.

  • COBIT® 5 is an integrated framework because it aligns with the latest relevant standards and frameworks.

We will learn about Principle 4 and 5 of COBIT® 5 in the next lesson.

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Name*
Email*
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Email*
Phone Number*
Company*
Job Title*