Embedded Files
Process Description
Process Description
Analyse and articulate the requirements for the governance of enterprise IT, and put in place and maintain effective enabling structures, principles, processes and practices, with clarity of responsibilities and authority to achieve the enterprise’s mission, goals and objectives.
Process Purpose Statement
Process Purpose Statement
Provide a consistent approach integrated and aligned with the enterprise governance approach. To ensure that IT-related decisions are made in line with the enterprise’s strategies and objectives, ensure that IT-related processes are overseen effectively and transparently, compliance with legal and regulatory requirements is confirmed, and the governance requirements for board members are met.
IT RELATED GOALS
IT RELATED GOALS
01 Alignment of IT and business strategy
01 Alignment of IT and business strategy
Percent of enterprise strategic goals and requirements supported by IT strategic goals
Level of stakeholder satisfaction with scope of the planned portfolio of programmes and services
Percent of IT value drivers mapped to business value drivers
03 Commitment of executive management for making IT-related decisions
03 Commitment of executive management for making IT-related decisions
Percent of executive management roles with clearly defined accountabilities for IT decisions
Number of times IT is on the board agenda in a proactive manner
Frequency of IT strategy (executive) committee meetings
Rate of execution of executive IT-related decisions
07 Delivery of IT services in line with business requirements
07 Delivery of IT services in line with business requirements
Number of business disruptions due to IT service incidents
Percent of business stakeholders satisfied that IT service delivery meets agreed-on service levels
Percent of users satisfied with the quality of IT service delivery
PROCESS GOALS
PROCESS GOALS
1. Strategic decision-making model for IT is effective and aligned with the enterprise’s internal and external environment and stakeholder requirements.
1. Strategic decision-making model for IT is effective and aligned with the enterprise’s internal and external environment and stakeholder requirements.
Actual vs. target cycle time for key decisions
Level of stakeholder satisfaction (measured through surveys)
2. The governance system for IT is embedded in the enterprise.
2. The governance system for IT is embedded in the enterprise.
Number of roles, responsibilities and authorities that are defined, assigned and accepted by appropriate business and IT management
Degree by which agreed-on governance principles for IT are evidenced in processes and practices (percentage of processes and practices with clear traceability to principles)
Number of instances of non-compliance with ethical and professional behaviour guidelines
3. Assurance is obtained that the governance system for IT is operating effectively
3. Assurance is obtained that the governance system for IT is operating effectively
Frequency of independent reviews of governance of IT
Frequency of governance of IT reporting to the executive committee and board
Number of governance of IT issues reported
RACI CHART
RACI CHART
EDM01.01 Evaluate the governance system.
EDM01.01 Evaluate the governance system.
Continually identify and engage with the enterprise’s stakeholders, document an understanding of the requirements, and make a judgement on the current and future design of governance of enterprise IT.
Analyze and identify the internal and external environmental factors (legal, regulatory and contractual obligations) and trends in the business environment that may influence governance design.
Determine the significance of IT and its role with respect to the business.
Consider external regulations, laws and contractual obligations and determine how they should be applied within the governance of enterprise IT.
Align the ethical use and processing of information and its impact on society, natural environment, and internal and external stakeholder interests with the enterprise’s direction, goals and objectives.
Determine the implications of the overall enterprise control environment with regard to IT.
Articulate principles that will guide the design of governance and decision making of IT.
Understand the enterprise’s decision-making culture and determine the optimal decision-making model for IT. 8. Determine the appropriate levels of authority delegation, including threshold rules, for IT decisions.
EDM01.02 Direct the governance system.
EDM01.02 Direct the governance system.
Inform leaders and obtain their support, buy-in and commitment. Guide the structures, processes and practices for the governance of IT in line with agreed-on governance design principles, decision-making models and authority levels. Define the information required for informed decision making.
Communicate governance of IT principles and agree with executive management on the way to establish informed and committed leadership.
Establish or delegate the establishment of governance structures, processes and practices in line with agreed-on design principles.
Allocate responsibility, authority and accountability in line with agreed-on governance design principles, decision-making models and delegation.
Ensure that communication and reporting mechanisms provide those responsible for oversight and decision-making with appropriate information.
Direct that staff follow relevant guidelines for ethical and professional behaviour and ensure that consequences of non-compliance are known and enforced.
Direct the establishment of a reward system to promote desirable cultural change.
EDM01.03 Monitor the governance system.
EDM01.03 Monitor the governance system.
Monitor the effectiveness and performance of the enterprise’s governance of IT. Assess whether the governance system and implemented mechanisms (including structures, principles and processes) are operating effectively and provide appropriate oversight of IT.
Assess the effectiveness and performance of those stakeholders given delegated responsibility and authority for governance of enterprise IT.
Periodically assess whether agreed-on governance of IT mechanisms (structures, principles, processes, etc.) are established and operating effectively.
Assess the effectiveness of the governance design and identify actions to rectify any deviations found.
Maintain oversight of the extent to which IT satisfies obligations (regulatory, legislation, common law, contractual), internal policies, standards and professional guidelines.
Provide oversight of the effectiveness of, and compliance with, the enterprise’s system of control.
Monitor regular and routine mechanisms for ensuring that the use of IT complies with relevant obligations (regulatory, legislation, common law, contractual), standards and guidelines.
References :
ISACA. (2012). COBIT 5 Enabling Processes. USA: ISACA.
Page updated
Google Sites
Report abuse