Enabling Processes

Recommendations

Info

Build, Acquire and Implement BAI02 RACI Chart Key Management PracticeBoard BAI02.01 Define and maintain business functional and technical requirements. BAI02.02 Perform a feasibility study and formulate alternative solutions. BAI02.03 Manage requirements risk. BAI02.04 Obtain approval of requirements and solutions. 130 : ENABLING PROCESSES Chief Executive Officer Chief Financial Officer Chief Operating Officer Business Executives BAI02 Process Practices, Inputs/Outputs and Activities Business Process Owners Strategy Executive Committee �� Chief Risk Officer Chief Information Security Officer Architecture Board Enterprise Risk Committee Head Human Resources Compliance Audit Chief Information Officer I R A R C C C C R R C C C C C R R A R C C C C R C C C C C R R A R R C C R C R R C C C C R R A R C C C C C C C C C C Management Practice Inputs Outputs BAI02.01 Define and maintain business functional and technical requirements. Based on the business case, identify, prioritise, specify and agree on business information, functional, technical and control requirements covering the �� the expected outcomes of the proposed IT-enabled business solution. From Description Description To APO01.06 � �� guidelines � �� guidelines Head Architect Head Development Head IT Operations Requirements definition repository APO03.01 Architecture principles Confirmed acceptance criteria from stakeholders APO03.02 � �� model � �� descriptions and architecture definition APO03.05 Solution development guidance APO10.02 Supplier RFIs and RFPs APO11.03 Acceptance criteria Personal Copy of: Mr. Dong Hong Wang Record of requirement change requests Head IT Administration Service Manager Information Security Manager BAI03.01 BAI03.02 BAI04.01 BAI05.01 BAI03.01 BAI03.02 BAI04.03 BAI05.01 BAI05.02 BAI03.09 Business Continuity Manager Privacy Officer
CHAPTER 5 COBIT 5 PROCESS REFERENCE GUIDE CONTENTS BAI02 Process Practices, Inputs/Outputs and Activities (cont.) BAI02.01 Activities 1. Define and implement a requirements definition and maintenance procedure and a requirements repository that are appropriate for the size, �� 2. Express business requirements in terms of how the gap between current and desired business capabilities needs to be addressed and how a role will interact with and use the solution. �� prioritised and recorded in a way that is understandable to the stakeholders, business sponsors and technical implementation personnel, recognising that the requirements may change and will become more detailed as they are implemented. 4. Specify and prioritise the information, functional and technical requirements based on the confirmed stakeholder requirements. Include information control requirements in the business processes, automated processes and IT environments to address information risk and to comply with laws, regulations and commercial contracts. �� 6. Confirm acceptance of key aspects of the requirements, including enterprise rules, information controls, business continuity, legal and regulatory compliance, auditability, ergonomics, operability and usability, safety, and supporting documentation. �� solution evolves. 8. Consider requirements relating to enterprise policies and standards, enterprise architecture, strategic and tactical IT plans, in-house and outsourced business and IT processes, security requirements, regulatory requirements, people competencies, organisational structure, business case, and enabling technology. Management Practice Inputs Outputs BAI02.02 Perform a feasibility study and formulate From Description Description To alternative solutions. APO03.05 Solution development Feasibility study report BAI03.02 Perform a feasibility study of potential alternative guidance BAI03.03 solutions, assess their viability and select the preferred option. If appropriate, implement the selected option as APO10.01 Supplier catalogue �� APO10.02 a pilot to determine possible improvements. development plan BAI03.01 APO10.02 � �� supplier evaluations � �� APO11.03 Acceptance criteria Activities 1. Define and execute a feasibility study, pilot or basic working solution that clearly and concisely describes the alternative solutions that will satisfy the business and functional requirements. Include an evaluation of their technological and economic feasibility. �� budget limitations. 3. Review the alternative solutions with all stakeholders and select the most appropriate one based on feasibility criteria, including risk and cost. �� Personal Copy of: Mr. Dong Hong Wang 131 Build, Acquire and Implement
Page 1 and 2:
Enabling Processes Personal Copy of
Page 3 and 4:
ACKNOWLEDGEMENTS ISACA wishes to re
Page 5 and 6:
ACKNOWLEDGEMENTS (CONT.) ACKNOWLEDG
Page 7 and 8:
TABLE OF CONTENTS TABLE OF CONTENTS
Page 9 and 10:
LIST OF FIGURES LIST OF FIGURES Fig
Page 11 and 12:
CHAPTER 1 INTRODUCTION CHAPTER 1 IN
Page 13 and 14:
CHAPTER 2. THE GOALS CASCADE AND ME
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
CHAPTER 3 THE COBIT 5 PROCESS MODEL
Page 21 and 22:
Enabler Performance Management CHAP
Page 23 and 24:
CHAPTER 4 THE COBIT 5 PROCESS REFER
Page 25 and 26:
CHAPTER 5 COBIT 5 PROCESS REFERENCE
Page 27 and 28:
Generic Guidance for Processes CHAP
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
EDM02 Process Practices, Inputs/Out
Page 39 and 40:
Page 41 and 42:
EDM03 Process Practices, Inputs/Out
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
APO01 Process Practices, Inputs/Out
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
APO04 Manage Innovation (cont.) CHA
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80: CHAPTER 5 COBIT 5 PROCESS REFERENCE
Page 87 and 88: APO07 Process Practices, Inputs/Out
Page 113 and 114: APO13 Manage Security Process Descr
Page 123 and 124: BAI01 Process Practices, Inputs/Out
Page 129: CHAPTER 5 COBIT 5 PROCESS REFERENCE
Page 179 and 180: DSS02 Process Practices, Inputs/Out
Page 181 and 182:
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
DSS05 Process Practices, Inputs/Out
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
Page 203 and 204:
Page 205 and 206:
MEA01 Process Practices, Inputs/Out
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
Page 213 and 214:
Page 215 and 216:
Page 217 and 218:
APPENDIX A MAPPING BETWEEN COBIT 5
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
APPENDIX B DETAILED MAPPING ENTERPR
Page 227 and 228:
APPENDIX C DETAILED MAPPING IT-RELA
Page 229 and 230:
Deliver, Service and Support Monito
show all

Enabling Processes

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?