COBIT 4 To 5 Mapping

Download as xlsx, pdf, or txt
Download as xlsx, pdf, or txt
You are on page 1of 19

CobiT 4.

1 to COBIT 5 mapping 1
CobiT 4.1 Control objectives COBIT 5 process /practice Ids
AC1 AC1 Source Data Preparation and Authorisation DSS06.02
AC1 AC1 Source Data Preparation and Authorisation DSS06.03
AC1 AC1 Source Data Preparation and Authorisation BAI03.02
AC1 AC1 Source Data Preparation and Authorisation BAI03.03
AC1 AC1 Source Data Preparation and Authorisation BAI03.05
AC1 AC1 Source Data Preparation and Authorisation BAI03.07
AC2 AC2 Source Data Collection and Entry DSS06.02
AC3 AC3 Accuracy, Completeness and Authenticity Checks DSS06.02
AC4 AC4 Processing Integrity and validity DSS06.02
AC5 AC5 Output Review, Reconciliation and Error Handling DSS06.02
AC6 AC6 Transaction Authentication and Integrity DSS06.02
PO1.1 PO1.1 IT Value Management EDM02
PO1.2 PO1.2 Business-IT Alignment APO02.01
PO1.3 PO1.3 Assessment of Current Capability and Performance APO02.02
PO1.4 PO1.4 IT Strategic Plan APO02.03
PO1.4 PO1.4 IT Strategic Plan APO02.04
PO1.4 PO1.4 IT Strategic Plan APO02.05
PO1.5 PO1.5 IT Tactical Plans APO02.05
PO1.6 PO1.6 IT Portfolio Management APO05.05
PO2.1 PO2.1 Enterprise Information Architecture Model APO03.02
PO2.2 PO2.2 Enterprise Data Dictionary and Data Syntax Rules APO03.02
PO2.3 PO2.3 Data Classification Scheme APO03.02
PO2.4 PO2.4 Integrity Management APO01.06
PO3.1 PO3.1 Technological Direction Planning APO02.03
PO3.1 PO3.1 Technological Direction Planning APO04.03
PO3.2 PO3.2 Technical Infrastructure Plan APO02.03
PO3.2 PO3.2 Technical Infrastructure Plan APO02.04
PO3.2 PO3.2 Technical Infrastructure Plan APO02.05
PO3.2 PO3.2 Technical Infrastructure Plan APO04.03
PO3.2 PO3.2 Technical Infrastructure Plan APO04.04
PO3.2 PO3.2 Technical Infrastructure Plan APO04.05
PO3.3 PO3.3 Monitor Future Trends and Regulations EDM01.01
PO3.3 PO3.3 Monitor Future Trends and Regulations APO04.03
PO3.4 PO3.4 Technology Standards APO03.05
CobiT 4.1 to COBIT 5 mapping 2
PO3.5 PO3.5 IT Architecture Board APO01.01
PO4.1 PO4.1 IT Process Framework APO01.03
PO4.1 PO4.1 IT Process Framework APO01.07
PO4.2 PO4.2 IT Strategy Committee APO01.01
PO4.3 PO4.3 IT Steering Committee APO01.01
PO4.4 PO4.4 Organisational Placement of the IT Function APO01.05
PO4.5 PO4.5 IT Organisational Structure APO01.01
PO4.6 PO4.6 Establishment of Roles and Responsibilities APO01.02
PO4.7 PO4.7 Responsibility for IT Quality Assurance APO11.01
PO4.8 PO4.8 Responsibility for Risk, Security and Compliance Deletedthese specific roles are no longer explicitly specified as a practice.
PO4.9 PO4.9 Data and System Ownership APO01.06
PO4.10 PO4.10 Supervision APO01.02
PO4.11 PO4.11 Segregation of Duties APO01.02
PO4.11 PO4.11 Segregation of Duties DSS08.02
PO4.12 PO4.12 IT Staffing APO07.01
PO4.13 PO4.13 Key IT Personnel APO07.02
PO4.14 PO4.14 Contracted Staff Policies and Procedures APO07.06
PO4.15 PO4.15 Relationships APO01.01
PO5.1 PO5.1 Financial Management Framework APO06.01
PO5.2 PO5.2 Prioritisation Within IT Budget APO06.02
PO5.3 PO5.3 IT Budgeting APO06.03
PO5.4 PO5.4 Cost Management APO06.04
PO5.4 PO5.4 Cost Management APO06.05
PO5.5 PO5.5 Benefit Management APO05.06
PO6.1 PO6.1 IT Policy and Control Environment APO01.03
PO6.2 PO6.2 Enterprise IT Risk and Control Framework EDM03.02
PO6.2 PO6.2 Enterprise IT Risk and Control Framework APO01.03
PO6.3 PO6.3 IT Policies Management APO01.03
PO6.3 PO6.3 IT Policies Management APO01.08
PO6.4 PO6.4 Policy, Standards and Procedures Rollout APO01.03
PO6.4 PO6.4 Policy, Standards and Procedures Rollout APO01.08
PO6.5 PO6.5 Communication of IT Objectives and Direction APO01.04
PO7.1 PO7.1 Personnel Recruitment and Retention APO07.01
PO7.2 PO7.1 Personnel Recruitment and Retention APO07.05
PO7.2 PO7.2 Personnel Competencies APO07.03
PO7.3 PO7.3 Staffing of Roles APO01.02
CobiT 4.1 to COBIT 5 mapping 3
PO7.3 PO7.3 Staffing of Roles APO07.01
PO7.4 PO7.4 Personnel Training APO07.03
PO7.5 PO7.5 Dependence Upon Individuals APO07.02
PO7.6 PO7.6 Personnel Clearance Procedures APO07.01
PO7.6 PO7.6 Personnel Clearance Procedures APO07.06
PO7.7 PO7.7 Employee Job Performance Evaluation APO07.04
PO7.8 PO7.8 Job Change and Termination APO07.01
PO8.1 PO8.1 Quality Management System APO11.01
PO8.2 PO8.2 IT Standards and Quality Practices APO11.02
PO8.3 PO8.3 Development and Acquisition Standards ; APO11.02
PO8.3 PO8.3 Development and Acquisition Standards ; APO11.05
PO8.4 PO8.4 Customer Focus APO11.03 APO11.03
PO8.5 PO8.5 Continuous Improvement APO11.06 APO11.06
PO8.6 PO8.6 Quality Measurement, Monitoring and Review APO11.04
PO9.1 PO9.1 IT Risk Management Framework EDM03.02
PO9.1 PO9.1 IT Risk Management Framework APO01.03
PO9.2 PO9.2 Establishment of Risk Context APO12.03
PO9.3 PO9.3 Event Identification APO12.01
PO9.3 PO9.3 Event Identification APO12.03
PO9.4 PO9.4 Risk Assessment APO12.02
PO9.4 PO9.4 Risk Assessment APO12.04
PO9.5 PO9.5 Risk Response APO12.06
PO9.6 PO9.6 Maintenance and Monitoring of a Risk Action Plan APO12.04
PO9.6 PO9.6 Maintenance and Monitoring of a Risk Action Plan APO12.05
PO10.1 PO10.1 Programme Management Framework BAI01.01
PO10.2 PO10.2 Project Management Framework BAI01.01
PO10.3 PO10.3 Project Management Approach BAI01.01
PO10.4 PO10.4 Stakeholder Commitment BAI01.03
PO10.5 PO10.5 Project Scope Statement BAI01.07
PO10.6 PO10.6 Project Phase Initiation BAI01.07
PO10.7 PO10.7 Integrated Project Plan BAI01.08
PO10.8 PO10.8 Project 5esources BAI01.08
PO10.9 PO10.9 Project Risk Management BAI01.10
PO10.10 PO10.10 Project Quality Plan BAI01.09
PO10.11 PO10.11 Project Change control BAI01.11
PO10.12 PO10.12 Project Planning of Assurance Methods BAI01.08
CobiT 4.1 to COBIT 5 mapping 4
PO10.13 PO10.13 Project Performance Measurement, Reporting and Monitoring BAI01.06
PO10.13 PO10.13 Project Performance Measurement, Reporting and Monitoring BAI01.11
PO10.14 PO10.14 Project Closure BAI01.13
AI1.1 AI1.1 Definition and Maintenance of Business Functional and Technical Requirements BAI02.01
AI1.2 AI1.2 Risk Analysis Report BAI02.03
AI1.3 AI1.3 Feasibility Study and Formulation of Alternative Courses of Action BAI02.02
AI1.4 AI1.4 Requirements and Feasibility Decision and Approval BAI02.04
AI2.1 AI2.1 High-level Design BAI03.01
AI2.2 AI2.2 Detailed Design BAI03.02
AI2.3 AI2.3 Application Control and Auditability BAI03.05
AI2.4 AI2.4 Application Security and Availability ; BAI03.01
AI2.4 AI2.4 Application Security and Availability ; BAI03.02
AI2.4 AI2.4 Application Security and Availability ; BAI03.03
AI2.4 AI2.4 Application Security and Availability ; BAI03.05
AI2.5 AI2.5 Configuration and Implementation of Acquired Application Software BAI03.03
AI2.5 AI2.5 Configuration and Implementation of Acquired Application Software BAI03.05
AI2.6 AI2.6 Major Upgrades to Existing Systems BAI03.10
AI2.7 AI2.7 Development of Application Software BAI03.03
AI2.7 AI2.7 Development of Application Software BAI03.04
AI2.8 AI2.8 Software Quality Assurance BAI03.06
AI2.9 AI2.9 Applications Requirements Management BAI03.09
AI2.10 AI2.10 Application Software Maintenance BAI03.10
AI3.1 AI3.1 Technological Infrastructure Acquisition Plan BAI03.04
AI3.2 AI3.2 Infrastructure Resource Protection and Availability BAI03.03
AI3.2 AI3.2 Infrastructure Resource Protection and Availability DSS02.03
AI3.3 AI3.3 Infrastructure Maintenance BAI03.10
AI3.4 AI3.4 Feasibility Test Environment BAI03.07
AI3.4 AI3.4 Feasibility Test Environment BAI03.08
AI4.1 AI4.1 Planning for Operational Solutions BAI05.05
AI4.2 AI4.2 Knowledge Transfer to Business Management BAI08.01
AI4.2 AI4.2 Knowledge Transfer to Business Management BAI08.02
AI4.2 AI4.2 Knowledge Transfer to Business Management BAI08.03
AI4.2 AI4.2 Knowledge Transfer to Business Management BAI08.04
AI4.3 AI4.3 Knowledge Transfer to End Users BAI08.01
AI4.3 AI4.3 Knowledge Transfer to End Users BAI08.02
AI4.3 AI4.3 Knowledge Transfer to End Users BAI08.03
CobiT 4.1 to COBIT 5 mapping 5
AI4.3 AI4.3 Knowledge Transfer to End Users BAI08.04
AI4.4 AI4.4 Knowledge Transfer to Operations and Support Staff BAI08.01
AI4.4 AI4.4 Knowledge Transfer to Operations and Support Staff BAI08.02
AI4.4 AI4.4 Knowledge Transfer to Operations and Support Staff BAI08.03
AI4.4 AI4.4 Knowledge Transfer to Operations and Support Staff BAI08.04
AI5.1 AI5.1 Procurement Control BAI03.04
AI5.2 AI5.2 Supplier Contract Management APO10.01
AI5.2 AI5.2 Supplier Contract Management APO10.03
AI5.3 AI5.3 Supplier Selection APO10.02
AI5.4 AI5.4 IT Resources Acquisition APO10.03
AI6.1 AI6.1 Change Standards and Procedures BAI06.01
AI6.1 AI6.1 Change Standards and Procedures BAI06.02
AI6.1 AI6.1 Change Standards and Procedures BAI06.03
AI6.1 AI6.1 Change Standards and Procedures BAI06.04
AI6.2 AI6.2 Impact Assessment, Prioritisation and Authorisation BAI06.01
AI6.3 AI6.3 Emergency Changes BAI06.02
AI6.4 AI6.4 Change Status Tracking and Reporting BAI06.03
AI6.5 AI6.5 Change Closure and Documentation BAI06.04
AI7.1 AI7.1 Training BAI05.05
AI7.2 AI7.2 Test Plan BAI07.01
AI7.2 AI7.2 Test Plan BAI07.03
AI7.3 AI7.3 Implementation Plan BAI07.01
AI7.4 AI7.4 Test Environment BAI07.04
AI7.5 AI7.5 System and Data Conversion BAI07.02
AI7.6 AI7.6 Testing of Changes BAI07.05
AI7.7 AI7.7 Final Acceptance Test BAI07.05
AI7.8 AI7.8 Promotion to Production BAI07.06
AI7.9 AI7.9 Post-implementation Review BAI07.08
DS1.1 DS1.1 Service Level Management Framework APO09.01
DS1.1 DS1.1 Service Level Management Framework APO09.02
DS1.1 DS1.1 Service Level Management Framework APO09.03
DS1.1 DS1.1 Service Level Management Framework APO09.04
DS1.1 DS1.1 Service Level Management Framework APO09.05
DS1.1 DS1.1 Service Level Management Framework APO09.06
DS1.2 DS1.2 Definition of Services APO09.01
DS1.2 DS1.2 Definition of Services APO09.01
CobiT 4.1 to COBIT 5 mapping 6
DS1.2 DS1.2 Definition of Services APO09.01
DS1.3 DS1.3 Service Level Agreements APO09.04
DS1.4 DS1.4 Operating Level Agreements APO09.04
DS1.5 DS1.5 Monitoring and Reporting of Service Level Achievements APO09.05
DS1.6 DS1.6 Review of Service Level Agreements and Contracts APO09.06
DS2.1 DS2.1 Identification of All Supplier Relationships APO10.01
DS2.2 DS2.2 Supplier Relationship Management APO10.03
DS2.3 DS2.3 Supplier Risk Management APO10.04
DS2.4 DS2.4 Supplier Performance Monitoring APO10.05
DS3.1 DS3.1 Performance and Capacity Planning BAI04.03
DS3.2 DS3.2 Current Performance and Capacity BAI04.01
DS3.2 DS3.2 Current Performance and Capacity BAI04.02
DS3.3 DS3.3 Future Performance and Capacity BAI04.01
DS3.4 DS3.4 IT Resources Availability BAI04.05
DS3.5 DS3.5 Monitoring and Reporting BAI04.04
DS4.1 DS4.1 IT Continuity Framework DSS04.01
DS4.1 DS4.1 IT Continuity Framework DSS04.02
DS4.2 DS4.2 IT Continuity Plans DSS04.03
DS4.3 DS4.3 Critical IT Resources DSS04.04
DS4.4 DS4.4 Maintenance of the IT Continuity Plan DSS04.02
DS4.4 DS4.4 Maintenance of the IT Continuity Plan DSS04.06
DS4.5 DS4.5 Testing of the IT Continuity Plan DSS04.05
DS4.6 DS4.6 IT Continuity Plan Training DSS04.07
DS4.7 DS4.7 Distribution of the IT Continuity Plan DSS04.03
DS4.8 DS4.8 IT Services Recovery and Resumption DSS04.04
DS4.9 DS4.9 Offsite Backup Storage DSS04.08
DS4.10 DS4.10 Post-resumption Review DSS04.09
DS5.1 DS5.1 Management of IT Security APO13.01
DS5.1 DS5.1 Management of IT Security APO13.03
DS5.2 DS5.2 IT Security Plan APO13.02
DS5.3 DS5.3 Identity Management DSS05.04
DS5.4 DS5.4 User Account Management DSS05.04
DS5.5 DS5.5 Security Testing, Surveillance and Monitoring DSS05.07
DS5.6 DS5.6 Security Incident Definition DSS02.01
DS5.7 DS5.7 Protection of Security Technology DSS05.05
DS5.8 DS5.8 Cryptographic Key Management DSS05.03
CobiT 4.1 to COBIT 5 mapping 7
DS5.9 DS5.9 Malicious Software Prevention, Detection and Correction DSS05.01
DS5.10 DS5.10 Network Security DSS05.02
DS5.11 DS5.11 Exchange of Sensitive Data DSS05.02
DS6.1 DS6.1 Definition of Services APO06.04
DS6.2 DS6.2 IT Accounting APO06.01
DS6.3 DS6.3 Cost Modelling and Charging APO06.04
DS6.4 DS6.4 Cost Model Maintenance APO06.04
DS7.1 DS7.1 Identification of Education and Training Needs APO07.03
DS7.2 DS7.2 Delivery of Training and Education APO07.03
DS7.3 DS7.3 Evaluation of Training Received APO07.03
DS8.1 DS8.1 Service Desk Deleted
DS8.2 DS8.2 Registration of Customer Queries DSS02.01
DS8.2 DS8.2 Registration of Customer Queries DSS02.02
DS8.2 DS8.2 Registration of Customer Queries DSS02.03
DS8.3 DS8.3 Incident Escalation DSS02.04
DS8.4 DS8.4 Incident Closure DSS02.05
DS8.4 DS8.4 Incident Closure DSS02.06
DS8.5 DS8.5 Reporting and Trend Analysis DSS02.07
DS9.1 DS9.1 Configuration Repository and Baseline BAI10.01
DS9.1 DS9.1 Configuration Repository and Baseline BAI10.02
DS9.1 DS9.1 Configuration Repository and Baseline BAI10.04
DS9.1 DS9.1 Configuration Repository and Baseline DSS02.01
DS9.2 DS9.2 Identification and Maintenance of Configuration Items BAI10.03
DS9.3 DS9.3 Configuration Integrity Review BAI10.04
DS9.3 DS9.3 Configuration Integrity Review BAI10.05
DS9.3 DS9.3 Configuration Integrity Review DSS02.05
DS10.1 DS10.1 Identification and Classification of Problems DSS03.01
DS10.2 DS10.2 Problem Tracking and Resolution DSS03.02
DS10.3 DS10.3 Problem Closure DSS03.03
DS10.3 DS10.3 Problem Closure DSS03.04
DS10.4 DS10.4 Integration of Configuration, Incident and Problem Management DSS03.05
DS11.1 DS11.1 Business Requirements for Data Management DSS01.01
DS11.2 DS11.2 Storage and Retention Arrangements DSS04.08
DS11.2 DS11.2 Storage and Retention Arrangements DSS06.04
DS11.3 DS11.3 Media Library Management System DSS04.08
DS11.4 DS11.4 Disposal DSS05.08
CobiT 4.1 to COBIT 5 mapping 8
DS11.5 DS11.5 Backup and Restoration DSS04.08
DS11.6 DS11.6 Security Requirements for Data Management DSS01.01
DS11.6 DS11.6 Security Requirements for Data Management DSS05.08
DS11.6 DS11.6 Security Requirements for Data Management DSS06.05
DS12.1 DS12.1 Site Selection and Layout DSS01.04
DS12.1 DS12.1 Site Selection and Layout DSS01.05
DS12.1 DS12.1 Site Selection and Layout DSS05.05
DS12.2 DS12.2 Physical Security Measures DSS05.05
DS12.3 DS12.3 Physical Access DSS05.05
DS12.4 DS12.4 Protection Against Environmental Factors DSS01.04
DS12.5 DS12.5 Physical Facilities Management DSS01.05
DS13.1 DS13.1 Operations Procedures and Instructions DSS01.01
DS13.2 DS13.2 Job Scheduling DSS01.01
DS13.3 DS13.3 IT Infrastructure Monitoring DSS01.03
DS13.4 DS13.4 Sensitive Documents and Output Devices DSS05.06
DS13.5 DS13.5 Preventive Maintenance for Hardware BAI09.02
ME1.1 ME1.1 Monitoring Approach MEA01.01
ME1.2 ME1.2 Definition and Collection of Monitoring Data MEA01.02
ME1.2 ME1.2 Definition and Collection of Monitoring Data MEA01.03
ME1.3 ME1.3 Monitoring Method MEA01.03
ME1.4 ME1.4 Performance Assessment MEA01.04
ME1.5 ME1.5 Board and Executive Reporting MEA01.04
ME1.6 ME1.6 Remedial Actions MEA01.05
ME2.1 ME2.1 Monitoring of Internal Control Framework MEA02.01
ME2.1 ME2.1 Monitoring of Internal Control Framework MEA02.02
ME2.2 ME2.2 Supervisory Review MEA02.01
ME2.3 ME2.3 Control Exceptions MEA02.04
ME2.4 ME2.4 Control Self-assessment MEA02.03
ME2.5 ME2.5 Assurance of Internal Control MEA02.06
ME2.5 ME2.5 Assurance of Internal Control MEA02.07
ME2.5 ME2.5 Assurance of Internal Control MEA02.08
ME2.6 ME2.6 Internal Control at Third Parties MEA02.01
ME2.7 ME2.7 Remedial Actions MEA02.04
ME3.1
ME3.1 Identification of External Legal, Regulatory and Contractual Compliance
Requirements
MEA03.01
ME3.2 ME3.2 Optimisation of Response to External Requirements MEA03.02
CobiT 4.1 to COBIT 5 mapping 9
ME3.3 ME3.3 Evaluation of Compliance With External Requirements MEA03.03
ME3.4 ME3.4 Positive Assurance of Compliance MEA03.04
ME3.5 ME3.5 Integrated Reporting MEA03.04
ME4.1 ME4.1 Establishment of an IT Governance Framework EDM01
ME4.2 ME4.2 Strategic Alignment
DeletedIn COBIT 5, alignment is considered to be the result of all governance and
management activities.
ME4.3 ME4.3 Value Delivery EDM02
ME4.4 ME4.4 Resource Management EDM04
ME4.5 ME4.5 Risk Management EDM03
ME4.6 ME4.6 Performance Measurement EDM01.03;
ME4.6 ME4.6 Performance Measurement EDM02.03;
ME4.6 ME4.6 Performance Measurement EDM03.03;
ME4.6 ME4.6 Performance Measurement EDM04.03
ME4.7 ME4.7 Independent Assurance MEA02.05
ME4.7 ME4.7 Independent Assurance MEA02.06
ME4.7 ME4.7 Independent Assurance MEA02.07
ME4.7 ME4.7 Independent Assurance MEA02-08
COBIT 5 to CobiT 4 mapping 10
CobiT 5 Key Governance/Management Practice CobiT 4.1. Control Objective
APO01 Manage the IT Management Framework
APO01.01 Define the organisational structure PO3.5 PO3.5 IT Architecture Board
APO01.01 Define the organisational structure PO4.2 PO4.2 IT Strategy Committee
APO01.01 Define the organisational structure PO4.3 PO4.3 IT Steering Committee
APO01.01 Define the organisational structure PO4.5 PO4.5 IT Organisational Structure
APO01.01 Define the organisational structure PO4.15 PO4.15 Relationships
APO01.02 Establish roles and responsibilities. PO4.6 PO4.6 Establishment of Roles and Responsibilities
APO01.02 Establish roles and responsibilities. PO4.10 PO4.10 Supervision
APO01.02 Establish roles and responsibilities. PO4.11 PO4.11 Segregation of Duties
APO01.02 Establish roles and responsibilities. PO7.3 PO7.3 Staffing of Roles
APO01.03 Maintain the enablers of the management system. PO4.1 PO4.1 IT Process Framework
APO01.03 Maintain the enablers of the management system. PO6.1 PO6.1 IT Policy and Control Environment
APO01.03 Maintain the enablers of the management system. PO6.2 PO6.2 Enterprise IT Risk and Control Framework
APO01.03 Maintain the enablers of the management system. PO6.3 PO6.3 IT Policies Management
APO01.03 Maintain the enablers of the management system. PO6.4 PO6.4 Policy, Standards and Procedures Rollout
APO01.03 Maintain the enablers of the management system. PO9.1 PO9.1 IT Risk Management Framework
APO01.04 Communicate management objectives and direction PO6.5 PO6.5 Communication of IT Objectives and Direction
APO01.05 Optimise the placement of the IT function PO4.4 PO4.4 Organisational Placement of the IT Function
APO01.06 Define information (data) and system ownership PO2.4 PO2.4 Integrity Management
APO01.06 Define information (data) and system ownership PO4.9 PO4.9 Data and System Ownership
APO01.07 Manage continual improvement of processes. PO4.1 PO4.1 IT Process Framework
APO01.08 Maintain compliance with policies and procedures. PO6.3 PO6.3 IT Policies Management
APO01.08 Maintain compliance with policies and procedures. PO6.4 PO6.4 Policy, Standards and Procedures Rollout
APO02 Manage Strategy
APO02.01 Understand enterprise direction. PO1.2 PO1.2 Business-IT Alignment
APO02.02 Assess the current environment, capabilities and performance PO1.3 PO1.3 Assessment of Current Capability and Performance
APO02.03 Define the target IT capabilities PO1.4 PO1.4 IT Strategic Plan
APO02.03 Define the target IT capabilities PO3.1 PO3.1 Technological Direction Planning
APO02.03 Define the target IT capabilities PO3.2 PO3.2 Technical Infrastructure Plan
APO02.04 Conduct a gap analysis PO1.4 PO1.4 IT Strategic Plan
APO02.04 Conduct a gap analysis PO3.2 PO3.2 Technical Infrastructure Plan
APO02.05 Define the strategic plan and road map. PO1.4 PO1.4 IT Strategic Plan
APO02.05 Define the strategic plan and road map. PO1.5 PO1.5 IT Tactical Plans
APO02.05 Define the strategic plan and road map. PO3.2 PO3.2 Technical Infrastructure Plan
APO02.06 Communicate the IT strategy and direction.
APO03 Manage Enterprise Architecture
APO03.01 Develop the enterprise architecture vision.
APO03.02 Define reference architecture PO2.1 PO2.1 Enterprise Information Architecture Model
APO03.02 Define reference architecture PO2.2 PO2.2 Enterprise Data Dictionary and Data Syntax Rules
APO03.02 Define reference architecture PO2.3 PO2.3 Data Classification Scheme
APO03.03 Select opportunities and solutions
APO03.04 Define architecture implementation.
COBIT 5 to CobiT 4 mapping 11
APO03.05 Provide enterprise architecture services. PO3.4 PO3.4 Technology Standards
APO04 Manage Innovation
APO04.01 Create an environment conducive to innovation.
APO04.02 Maintain an understanding of the enterprise environment
APO04.03 Monitor and scan the technology environment PO3.1 PO3.1 Technological Direction Planning
APO04.03 Monitor and scan the technology environment PO3.2 PO3.2 Technical Infrastructure Plan
APO04.03 Monitor and scan the technology environment PO3.3 PO3.3 Monitor Future Trends and Regulations
APO04.04 Assess the potential of emerging technologies and innovation ideas. PO3.2 PO3.2 Technical Infrastructure Plan
APO04.05 Recommend appropriate further initiatives. PO3.2 PO3.2 Technical Infrastructure Plan
APO04.06 Monitor the implementation and use of innovation.
APO05 Manage Portfolio
APO05.01 Establish the target investment mix.
APO05.02 Determine the availability and sources of funds.
APO05.03 Evaluate and select programmes to fund.
APO05.04 Monitor, optimise and report on investment portfolio performance
APO05.05 Maintain portfolios. PO1.6 PO1.6 IT Portfolio Management
APO05.06 Manage benefits achievement. PO5.5 PO5.5 Benefit Management
APO06 Manage Budget and Costs
APO06.01 Manage finance and accounting PO5.1 PO5.1 Financial Management Framework
APO06.01 Manage finance and accounting DS6.2 DS6.2 IT Accounting
APO06.02 Prioritise resource allocation PO5.2 PO5.2 Prioritisation Within IT Budget
APO06.03 Create and maintain budgets. PO5.3 PO5.3 IT Budgeting
APO06.04 Model and allocate costs. PO5.4 PO5.4 Cost Management
APO06.04 Model and allocate costs. DS6.1 DS6.1 Definition of Services
APO06.04 Model and allocate costs. DS6.3 DS6.3 Cost Modelling and Charging
APO06.04 Model and allocate costs. DS6.4 DS6.4 Cost Model Maintenance
APO06.05 Model and allocate costs. PO5.4 PO5.4 Cost Management
APO07 Manage Human Resources
APO07.01 Maintain adequate and appropriate staffing. PO4.12 PO4.12 IT Staffing
APO07.01 Maintain adequate and appropriate staffing. PO7.1 PO7.1 Personnel Recruitment and Retention
APO07.01 Maintain adequate and appropriate staffing. PO7.3 PO7.3 Staffing of Roles
APO07.01 Maintain adequate and appropriate staffing. PO7.6 PO7.6 Personnel Clearance Procedures
APO07.01 Maintain adequate and appropriate staffing. PO7.8 PO7.8 Job Change and Termination
APO07.02 Identify key IT personnel. PO4.13 PO4.13 Key IT Personnel
APO07.02 Identify key IT personnel. PO7.5 PO7.5 Dependence Upon Individuals
APO07.03 Maintain the skills and competencies of personnel. PO7.2 PO7.2 Personnel Competencies
APO07.03 Maintain the skills and competencies of personnel. PO7.4 PO7.4 Personnel Training
APO07.03 Maintain the skills and competencies of personnel. DS7.1 DS7.1 Identification of Education and Training Needs
APO07.03 Maintain the skills and competencies of personnel. DS7.2 DS7.2 Delivery of Training and Education
APO07.03 Maintain the skills and competencies of personnel. DS7.3 DS7.3 Evaluation of Training Received
APO07.04 Evaluate employee job performance. PO7.7 PO7.7 Employee Job Performance Evaluation
APO07.05 Plan and track the usage of IT and business human resources. PO7.2 PO7.1 Personnel Recruitment and Retention
APO07.06 Manage contract staff PO4.14 PO4.14 Contracted Staff Policies and Procedures
COBIT 5 to CobiT 4 mapping 12
APO07.06 Manage contract staff PO7.6 PO7.6 Personnel Clearance Procedures
APO08 Manage Relationships
APO08.01 Understand business expectations.
APO08.02 Identify opportunities, risk and constraints for IT to enhance the business.
APO08.03 Manage the business relationship.
APO08.04 Co-ordinate and communicate.
APO08.05 Provide input to the continual improvement of services.
APO09 Manage Service Agreements
APO09.01 Identify IT services. DS1.1 DS1.1 Service Level Management Framework
APO09.01 Identify IT services. DS1.2 DS1.2 Definition of Services
APO09.01 Identify IT services. DS1.2 DS1.2 Definition of Services
APO09.01 Identify IT services. DS1.2 DS1.2 Definition of Services
APO09.02 Catalogue IT-enabled services. DS1.1 DS1.1 Service Level Management Framework
APO09.03 Define and prepare service agreements. DS1.1 DS1.1 Service Level Management Framework
APO09.04 Monitor and report service levels. DS1.1 DS1.1 Service Level Management Framework
APO09.04 Monitor and report service levels. DS1.3 DS1.3 Service Level Agreements
APO09.04 Monitor and report service levels. DS1.4 DS1.4 Operating Level Agreements
APO09.05 Review service agreements and contracts. DS1.1 DS1.1 Service Level Management Framework
APO09.05 Review service agreements and contracts. DS1.5 DS1.5 Monitoring and Reporting of Service Level Achievements
APO09.06 DS1.1 DS1.1 Service Level Management Framework
APO09.06 DS1.6 DS1.6 Review of Service Level Agreements and Contracts
APO10 Manage Suppliers
APO10.01 Identify and evaluate supplier relationships and contracts. AI5.2 AI5.2 Supplier Contract Management
APO10.01 Identify and evaluate supplier relationships and contracts. DS2.1 DS2.1 Identification of All Supplier Relationships
APO10.02 Select suppliers. AI5.3 AI5.3 Supplier Selection
APO10.03 Manage supplier relationships and contracts. AI5.2 AI5.2 Supplier Contract Management
APO10.03 Manage supplier relationships and contracts. AI5.4 AI5.4 IT Resources Acquisition
APO10.03 Manage supplier relationships and contracts. DS2.2 DS2.2 Supplier Relationship Management
APO10.04 Manage supplier risk. DS2.3 DS2.3 Supplier Risk Management
APO10.05 Monitor supplier performance and compliance. DS2.4 DS2.4 Supplier Performance Monitoring
APO11 Manage Quality
APO11.01 Establish a quality management system (QMS). PO4.7 PO4.7 Responsibility for IT Quality Assurance
APO11.01 Establish a quality management system (QMS). PO8.1 PO8.1 Quality Management System
APO11.02 Define and manage quality standards, practices and procedures. PO8.2 PO8.2 IT Standards and Quality Practices
APO11.02 Define and manage quality standards, practices and procedures. PO8.3 PO8.3 Development and Acquisition Standards ;
APO11.03 Focus quality management on customers. PO8.4 PO8.4 Customer Focus
APO11.04 Perform quality monitoring, control and reviews. PO8.6 PO8.6 Quality Measurement, Monitoring and Review
APO11.05 Integrate quality management into solutions for development and service delivery. PO8.3 PO8.3 Development and Acquisition Standards ;
APO11.06 Maintain continuous improvement. PO8.5 PO8.5 Continuous Improvement
APO12 Manage Risk
APO12.01 Collect data. PO9.3 PO9.3 Event Identification
APO12.02 Analyse risk. PO9.4 PO9.4 Risk Assessment
COBIT 5 to CobiT 4 mapping 13
APO12.03 Maintain a risk profile. PO9.2 PO9.2 Establishment of Risk Context
APO12.03 Maintain a risk profile. PO9.3 PO9.3 Event Identification
APO12.04 Articulate risk. PO9.4 PO9.4 Risk Assessment
APO12.04 Articulate risk. PO9.6 PO9.6 Maintenance and Monitoring of a Risk Action Plan
APO12.05 Define a risk management action portfolio. PO9.6 PO9.6 Maintenance and Monitoring of a Risk Action Plan
APO12.06 Respond to risk. PO9.5 PO9.5 Risk Response
APO13 Manage Security
APO13.01 Establish and maintain an ISMS DS5.1 DS5.1 Management of IT Security
APO13.02 Define and manage an information security risk treatment plan. DS5.2 DS5.2 IT Security Plan
APO13.03 Monitor and review the ISMS DS5.1 DS5.1 Management of IT Security
BAI01.01 Maintain a standard approach for programme and project management PO10.1 PO10.1 Programme Management Framework
BAI01.01 Maintain a standard approach for programme and project management PO10.2 PO10.2 Project Management Framework
BAI01.01 Maintain a standard approach for programme and project management PO10.3 PO10.3 Project Management Approach
BAI01.02 Initiate a programme.
BAI01.03 Manage stakeholder engagement. PO10.4 PO10.4 Stakeholder Commitment
BAI01.04 Develop and maintain the programme plan.
BAI01.05 Launch and execute the programme.
BAI01.06 Monitor, control and report on the programme outcomes. PO10.13
PO10.13 Project Performance Measurement, Reporting and
Monitoring
BAI01.07 Start up and initiate projects within a programme. PO10.5 PO10.5 Project Scope Statement
BAI01.07 Start up and initiate projects within a programme. PO10.6 PO10.6 Project Phase Initiation
BAI01.08 Plan projects PO10.7 PO10.7 Integrated Project Plan
BAI01.08 Plan projects PO10.8 PO10.8 Project 5esources
BAI01.08 Plan projects PO10.12 PO10.12 Project Planning of Assurance Methods
BAI01.09 Manage programme and project quality PO10.10 PO10.10 Project Quality Plan
BAI01.10 Manage programme and project risk PO10.9 PO10.9 Project Risk Management
BAI01.11 Monitor and control projects PO10.11 PO10.11 Project Change control
BAI01.11 Monitor and control projects PO10.13
PO10.13 Project Performance Measurement, Reporting and
Monitoring
BAI01.12 Manage project resources and work packages.
BAI01.13 Close a project or iteration PO10.14 PO10.14 Project Closure
BAI01.14 Close a programme.
BAI02.01 Define and maintain business functional and technical requirements. AI1.1
AI1.1 Definition and Maintenance of Business Functional and
Technical Requirements
BAI02.02 Perform a feasibility study and formulate alternative solutions AI1.3
AI1.3 Feasibility Study and Formulation of Alternative Courses of
Action
BAI02.03 Manage requirements risk. AI1.2 AI1.2 Risk Analysis Report
BAI02.04 Obtain approval of requirements and solutions. AI1.4 AI1.4 Requirements and Feasibility Decision and Approval
BAI03.01 Design high-level solutions AI2.1 AI2.1 High-level Design
BAI03.01 Design high-level solutions AI2.4 AI2.4 Application Security and Availability ;
BAI03.02 Design detailed solution components AC1 AC1 Source Data Preparation and Authorisation
BAI03.02 Design detailed solution components AI2.2 AI2.2 Detailed Design
BAI03.02 Design detailed solution components AI2.4 AI2.4 Application Security and Availability ;
COBIT 5 to CobiT 4 mapping 14
BAI03.03 Develop solution components. AC1 AC1 Source Data Preparation and Authorisation
BAI03.03 Develop solution components. AI2.4 AI2.4 Application Security and Availability ;
BAI03.03 Develop solution components. AI2.5
AI2.5 Configuration and Implementation of Acquired Application
Software
BAI03.03 Develop solution components. AI2.7 AI2.7 Development of Application Software
BAI03.03 Develop solution components. AI3.2 AI3.2 Infrastructure Resource Protection and Availability
BAI03.04 Procure solution components. AI2.7 AI2.7 Development of Application Software
BAI03.04 Procure solution components. AI3.1 AI3.1 Technological Infrastructure Acquisition Plan
BAI03.04 Procure solution components. AI5.1 AI5.1 Procurement Control
BAI03.05 Build solutions. AC1 AC1 Source Data Preparation and Authorisation
BAI03.05 Build solutions. AI2.3 AI2.3 Application Control and Auditability
BAI03.05 Build solutions. AI2.4 AI2.4 Application Security and Availability ;
BAI03.05 Build solutions. AI2.5
AI2.5 Configuration and Implementation of Acquired Application
Software
BAI03.06 Perform quality assurance. AI2.8 AI2.8 Software Quality Assurance
BAI03.07 Prepare for solution testing. AC1 AC1 Source Data Preparation and Authorisation
BAI03.07 Prepare for solution testing. AI3.4 AI3.4 Feasibility Test Environment
BAI03.08 Execute solution testing. AI3.4 AI3.4 Feasibility Test Environment
BAI03.09 Manage changes to requirements. AI2.9 AI2.9 Applications Requirements Management
BAI03.10 Maintain solutions. AI2.6 AI2.6 Major Upgrades to Existing Systems
BAI03.10 Maintain solutions. AI2.10 AI2.10 Application Software Maintenance
BAI03.10 Maintain solutions. AI3.3 AI3.3 Infrastructure Maintenance
BAI03.11 Define IT services and maintain the service portfolio.
BAI04.01 Assess current availability, performance and capacity and create a baseline. DS3.2 DS3.2 Current Performance and Capacity
BAI04.01 Assess current availability, performance and capacity and create a baseline. DS3.3 DS3.3 Future Performance and Capacity
BAI04.02 Assess business impact DS3.2 DS3.2 Current Performance and Capacity
BAI04.03 Plan for new or changed service requirements. DS3.1 DS3.1 Performance and Capacity Planning
BAI04.04 Monitor and review availability and capacity. DS3.5 DS3.5 Monitoring and Reporting
BAI04.05 Investigate and address availability, performance and capacity issues. DS3.4 DS3.4 IT Resources Availability
BAI05 Manage Organisational Change Enablement
BAI05.01 Establish the desire to change
BAI05.02 Form an effective implementation team.
BAI05.03 Communicate desired vision.
BAI05.04 Empower role players and identify short-term wins.
BAI05.05 Enable operation and use. AI4.1 AI4.1 Planning for Operational Solutions
BAI05.05 Enable operation and use. AI7.1 AI7.1 Training
BAI05.06 Embed new approaches.
BAI05.07 Sustain changes.
BAI06 Manage Changes
BAI06.01 Evaluate, prioritise and authorise change requests. AI6.1 AI6.1 Change Standards and Procedures
BAI06.01 Evaluate, prioritise and authorise change requests. AI6.2 AI6.2 Impact Assessment, Prioritisation and Authorisation
BAI06.02 Manage emergency changes. AI6.1 AI6.1 Change Standards and Procedures
BAI06.02 Manage emergency changes. AI6.3 AI6.3 Emergency Changes
COBIT 5 to CobiT 4 mapping 15
BAI06.03 Track and report change status. AI6.1 AI6.1 Change Standards and Procedures
BAI06.03 Track and report change status. AI6.4 AI6.4 Change Status Tracking and Reporting
BAI06.04 Close and document the changes. AI6.1 AI6.1 Change Standards and Procedures
BAI06.04 Close and document the changes. AI6.5 AI6.5 Change Closure and Documentation
BAI07 Manage Change Acceptance and Transitioning
BAI07.01 Establish an implementation plan. AI7.2 AI7.2 Test Plan
BAI07.01 Establish an implementation plan. AI7.3 AI7.3 Implementation Plan
BAI07.02 Plan business process, system and data conversion. AI7.5 AI7.5 System and Data Conversion
BAI07.03 Plan acceptance tests. AI7.2 AI7.2 Test Plan
BAI07.04 Establish a test environment. AI7.4 AI7.4 Test Environment
BAI07.05 Perform acceptance tests. AI7.6 AI7.6 Testing of Changes
BAI07.05 Perform acceptance tests. AI7.7 AI7.7 Final Acceptance Test
BAI07.06 Promote to production and manage releases. AI7.8 AI7.8 Promotion to Production
BAI07.07 Provide early production support.
BAI07.08 Perform a post-implementation review AI7.9 AI7.9 Post-implementation Review
BAI08 Manage Knowledge
BAI08.01 Nurture and facilitate a knowledge-sharing culture. AI4.2 AI4.2 Knowledge Transfer to Business Management
BAI08.01 Nurture and facilitate a knowledge-sharing culture. AI4.3 AI4.3 Knowledge Transfer to End Users
BAI08.01 Nurture and facilitate a knowledge-sharing culture. AI4.4 AI4.4 Knowledge Transfer to Operations and Support Staff
BAI08.02 Identify and classify sources of information. AI4.2 AI4.2 Knowledge Transfer to Business Management
BAI08.02 Identify and classify sources of information. AI4.3 AI4.3 Knowledge Transfer to End Users
BAI08.02 Identify and classify sources of information. AI4.4 AI4.4 Knowledge Transfer to Operations and Support Staff
BAI08.03 Organise and contextualise information into knowledge. AI4.2 AI4.2 Knowledge Transfer to Business Management
BAI08.03 Organise and contextualise information into knowledge. AI4.3 AI4.3 Knowledge Transfer to End Users
BAI08.03 Organise and contextualise information into knowledge. AI4.4 AI4.4 Knowledge Transfer to Operations and Support Staff
BAI08.04 Use and share knowledge AI4.2 AI4.2 Knowledge Transfer to Business Management
BAI08.04 Use and share knowledge AI4.3 AI4.3 Knowledge Transfer to End Users
BAI08.04 Use and share knowledge AI4.4 AI4.4 Knowledge Transfer to Operations and Support Staff
BAI08.05 Evaluate and retire information.
BAI09 Manage Assets
BAI09.01 Identify and record current assets.
BAI09.02 Manage critical assets DS13.5 DS13.5 Preventive Maintenance for Hardware
BAI09.03 Manage the asset life cycle
BAI09.04 Optimise asset costs.
BAI09.05 Optimise asset costs.
BAI10 Manage Configuration
BAI10.01 Establish and maintain a configuration model. DS9.1 DS9.1 Configuration Repository and Baseline
BAI10.02 Establish and maintain a configuration repository and baseline. DS9.1 DS9.1 Configuration Repository and Baseline
BAI10.03 Maintain and control configuration items. DS9.2 DS9.2 Identification and Maintenance of Configuration Items
BAI10.04 Produce status and configuration reports. DS9.1 DS9.1 Configuration Repository and Baseline
BAI10.04 Produce status and configuration reports DS9.3 DS9.3 Configuration Integrity Review
BAI10.05 Verify and review integrity of the configuration repository. DS9.3 DS9.3 Configuration Integrity Review
DSS01 Manage Operations
COBIT 5 to CobiT 4 mapping 16
DSS01.01 Perform operational procedures. DS11.1 DS11.1 Business Requirements for Data Management
DSS01.01 Perform operational procedures. DS11.6 DS11.6 Security Requirements for Data Management
DSS01.01 Perform operational procedures. DS13.1 DS13.1 Operations Procedures and Instructions
DSS01.01 Perform operational procedures. DS13.2 DS13.2 Job Scheduling
DSS01.02 Manage outsourced IT services
DSS01.03 Monitor IT infrastructure DS13.3 DS13.3 IT Infrastructure Monitoring
DSS01.04 Manage the environment DS12.1 DS12.1 Site Selection and Layout
DSS01.04 Manage the environment DS12.4 DS12.4 Protection Against Environmental Factors
DSS01.05 Manage facilities. DS12.1 DS12.1 Site Selection and Layout
DSS01.05 Manage facilities. DS12.5 DS12.5 Physical Facilities Management
DSS02 Manage Service Requests and Incidents
DSS02.01 Define incident and service request classification schemes. DS5.6 DS5.6 Security Incident Definition
DSS02.01 Define incident and service request classification schemes. DS8.2 DS8.2 Registration of Customer Queries
DSS02.01 Define incident and service request classification schemes. DS9.1 DS9.1 Configuration Repository and Baseline
DSS02.02 Record, classify and prioritise requests and incidents. DS8.2 DS8.2 Registration of Customer Queries
DSS02.03 Verify, approve and fulfil service requests. AI3.2 AI3.2 Infrastructure Resource Protection and Availability
DSS02.03 Verify, approve and fulfil service requests. DS8.2 DS8.2 Registration of Customer Queries
DSS02.04 Investigate, diagnose and allocate incidents. DS8.3 DS8.3 Incident Escalation
DSS02.05 Resolve and recover from incidents. DS8.4 DS8.4 Incident Closure
DSS02.05 Resolve and recover from incidents. DS9.3 DS9.3 Configuration Integrity Review
DSS02.06 Close service requests and incidents. DS8.4 DS8.4 Incident Closure
DSS02.07 Track status and produce reports. DS8.5 DS8.5 Reporting and Trend Analysis
DSS03 Manage Problems
DSS03.01 Identify and classify problems. DS10.1 DS10.1 Identification and Classification of Problems
DSS03.02 Investigate and diagnose problems. DS10.2 DS10.2 Problem Tracking and Resolution
DSS03.03 Raise known errors. DS10.3 DS10.3 Problem Closure
DSS03.04 Resolve and close problems. DS10.3 DS10.3 Problem Closure
DSS03.05 Perform proactive problem management. DS10.4
DS10.4 Integration of Configuration, Incident and Problem
Management
DSS04 Manage Continuity
DSS04.01 Define the business continuity policy, objectives and scope DS4.1 DS4.1 IT Continuity Framework
DSS04.02 Maintain a continuity strategy. DS4.1 DS4.1 IT Continuity Framework
DSS04.02 Maintain a continuity strategy. DS4.4 DS4.4 Maintenance of the IT Continuity Plan
DSS04.03 Develop and implement a business continuity response. DS4.2 DS4.2 IT Continuity Plans
DSS04.03 Develop and implement a business continuity response. DS4.7 DS4.7 Distribution of the IT Continuity Plan
DSS04.04 Exercise, test and review the BCP. DS4.3 DS4.3 Critical IT Resources
DSS04.04 Exercise, test and review the BCP. DS4.8 DS4.8 IT Services Recovery and Resumption
DSS04.05 Review, maintain and improve the continuity plan DS4.5 DS4.5 Testing of the IT Continuity Plan
DSS04.06 Conduct continuity plan training DS4.4 DS4.4 Maintenance of the IT Continuity Plan
DSS04.07 Manage backup arrangements DS4.6 DS4.6 IT Continuity Plan Training
DSS04.08 Conduct post-resumption review. DS4.9 DS4.9 Offsite Backup Storage
DSS04.08 Conduct post-resumption review. DS11.2 DS11.2 Storage and Retention Arrangements
DSS04.08 Conduct post-resumption review. DS11.3 DS11.3 Media Library Management System
COBIT 5 to CobiT 4 mapping 17
DSS04.08 Conduct post-resumption review. DS11.5 DS11.5 Backup and Restoration
DSS04.09 DS4.10 DS4.10 Post-resumption Review
DSS05 Manage Security Services
DSS05.01 Protect against malware. DS5.9 DS5.9 Malicious Software Prevention, Detection and Correction
DSS05.02 Manage network and connectivity security. DS5.10 DS5.10 Network Security
DSS05.02 Manage network and connectivity security. DS5.11 DS5.11 Exchange of Sensitive Data
DSS05.03 Manage endpoint security. DS5.8 DS5.8 Cryptographic Key Management
DSS05.04 Manage user identity and logical access. DS5.3 DS5.3 Identity Management
DSS05.04 Manage user identity and logical access. DS5.4 DS5.4 User Account Management
DSS05.05 Manage physical access to IT assets. DS5.7 DS5.7 Protection of Security Technology
DSS05.05 Manage physical access to IT assets. DS12.1 DS12.1 Site Selection and Layout
DSS05.05 Manage physical access to IT assets. DS12.2 DS12.2 Physical Security Measures
DSS05.05 Manage physical access to IT assets. DS12.3 DS12.3 Physical Access
DSS05.06 Manage sensitive documents and output devices. DS13.4 DS13.4 Sensitive Documents and Output Devices
DSS05.07 Monitor the infrastructure for security-related events. DS5.5 DS5.5 Security Testing, Surveillance and Monitoring
DSS05.08 DS11.4 DS11.4 Disposal
DSS05.08 DS11.6 DS11.6 Security Requirements for Data Management
DSS06 Manage Business Process Controls
DSS06.01 Align control activities embedded in business processes with enterprise objectives
DSS06.02 Control the processing of information. AC1 AC1 Source Data Preparation and Authorisation
DSS06.02 Control the processing of information. AC2 AC2 Source Data Collection and Entry
DSS06.02 Control the processing of information. AC3 AC3 Accuracy, Completeness and Authenticity Checks
DSS06.02 Control the processing of information. AC4 AC4 Processing Integrity and validity
DSS06.02 Control the processing of information. AC5 AC5 Output Review, Reconciliation and Error Handling
DSS06.02 Control the processing of information. AC6 AC6 Transaction Authentication and Integrity
DSS06.03 Manage roles, responsibilities, access privileges and levels of authority AC1 AC1 Source Data Preparation and Authorisation
DSS06.04 Manage errors and exceptions. DS11.2 DS11.2 Storage and Retention Arrangements
DSS06.05 Ensure traceability of information events DS11.6 DS11.6 Security Requirements for Data Management
DSS06.06 Secure information assets.
DSS08.02 PO4.11 PO4.11 Segregation of Duties
EDM01 Ensure Governance Framework Setting and Maintenance
EDM01.01 Evaluate the governance system. ME4.1 ME4.1 Establishment of an IT Governance Framework
EDM01.01 Evaluate the governance system PO3.3 PO3.3 Monitor Future Trends and Regulations
EDM01.02 Evaluate the governance system. ME4.1 ME4.1 Establishment of an IT Governance Framework
EDM01.03 Evaluate the governance system. ME4.1 ME4.1 Establishment of an IT Governance Framework
EDM01.03 Monitor the governance system ME4.6 ME4.6 Performance Measurement
EDM02 Ensure Benefits Delivery
EDM02.01 Evaluate value optimisation PO1.1 PO1.1 IT Value Management
EDM02.02 Direct value optimisation PO1.1 PO1.1 IT Value Management
EDM02.03 Monitor value optimisation PO1.1 PO1.1 IT Value Management
EDM02.01 Evaluate value optimisation ME4.3 ME4.3 Value Delivery
EDM02.02 Direct value optimisation ME4.3 ME4.3 Value Delivery
COBIT 5 to CobiT 4 mapping 18
EDM02.03 Monitor value optimisation ME4.3 ME4.3 Value Delivery
EDM02.03 Monitor value optimisation ME4.6 ME4.6 Performance Measurement
EDM03 Ensure Risk Optimisation
EDM03.01 Evaluate risk management ME4.5 ME4.5 Risk Management
EDM03.02 Direct risk management ME4.5 ME4.5 Risk Management
EDM03.03 Monitor risk management ME4.5 ME4.5 Risk Management
EDM03.02 Direct risk management PO9.1 PO9.1 IT Risk Management Framework
EDM03.02 Direct risk management PO6.2 PO6.2 Enterprise IT Risk and Control Framework
EDM03.03 Monitor risk management ME4.6 ME4.6 Performance Measurement
EDM04 Ensure Resource Optimisation
EDM04.01 Evaluate resource management ME4.4 ME4.4 Resource Management
EDM04.02 Direct resource management ME4.4 ME4.4 Resource Management
EDM04.03 Monitor resource management ME4.4 ME4.4 Resource Management
EDM04.03 Monitor resource management ME4.6 ME4.6 Performance Measurement
EDM05 Ensure Stakeholder Transparency
EDM05.01 Evaluate stakeholder reporting requirements.
EDM05.02 Direct stakeholder communication and reporting.
EDM05.03 Monitor stakeholder communication.
MEA01 Monitor, Evaluate and Assess Performance and Conformance
MEA01.01 Establish a monitoring approach. ME1.1 ME1.1 Monitoring Approach
MEA01.02 Set performance and conformance targets ME1.2 ME1.2 Definition and Collection of Monitoring Data
MEA01.03 Collect and process performance and conformance data. ME1.2 ME1.2 Definition and Collection of Monitoring Data
MEA01.03 Collect and process performance and conformance data. ME1.3 ME1.3 Monitoring Method
MEA01.04 Analyse and report performance ME1.4 ME1.4 Performance Assessment
MEA01.04 Analyse and report performance ME1.5 ME1.5 Board and Executive Reporting
MEA01.05 Ensure the implementation of corrective actions. ME1.6 ME1.6 Remedial Actions
MEA02 Monitor, Evaluate and Assess the System of Internal Control
MEA02.01 Monitor internal controls ME2.1 ME2.1 Monitoring of Internal Control Framework
MEA02.01 Monitor internal controls ME2.2 ME2.2 Supervisory Review
MEA02.01 Monitor internal controls ME2.6 ME2.6 Internal Control at Third Parties
MEA02.02 Review business process controls effectiveness ME2.1 ME2.1 Monitoring of Internal Control Framework
MEA02.03 Perform control self-assessments. ME2.4 ME2.4 Control Self-assessment
MEA02.04 Identify and report control deficiencies. ME2.3 ME2.3 Control Exceptions
MEA02.04 Identify and report control deficiencies. ME2.7 ME2.7 Remedial Actions
MEA02.05 Ensure that assurance providers are independent and qualified. ME4.7 ME4.7 Independent Assurance
MEA02.06 Plan assurance initiatives. ME2.5 ME2.5 Assurance of Internal Control
MEA02.06 Plan assurance initiatives. ME4.7 ME4.7 Independent Assurance
MEA02.07 Scope assurance initiatives. ME2.5 ME2.5 Assurance of Internal Control
MEA02.07 Scope assurance initiatives. ME4.7 ME4.7 Independent Assurance
MEA02.08 Execute assurance initiatives. ME2.5 ME2.5 Assurance of Internal Control
MEA02-08 Execute assurance initiatives. ME4.7 ME4.7 Independent Assurance
MEA03 Monitor, Evaluate and Assess Compliance with External Requirements
COBIT 5 to CobiT 4 mapping 19
MEA03.01 Identify external compliance requirements. ME3.1
ME3.1 Identification of External Legal, Regulatory and Contractual
Compliance Requirements
MEA03.02 Optimise response to external requirements. ME3.2 ME3.2 Optimisation of Response to External Requirements
MEA03.03 Confirm external compliance ME3.3 ME3.3 Evaluation of Compliance With External Requirements
MEA03.04 Obtain assurance of external compliance. ME3.4 ME3.4 Positive Assurance of Compliance
MEA03.04 Obtain assurance of external compliance. ME3.5 ME3.5 Integrated Reporting
PO4.8 PO4.8 Responsibility for Risk, Security and Compliance
DS8.1 DS8.1 Service Desk
ME4.2 ME4.2 Strategic Alignment

You might also like