Enabling Processes
Enabling Processes
Enabling Processes
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
CHAPTER 3<br />
THE COBIT 5 PROCESS MODEL<br />
CHAPTER 3<br />
THE COBIT 5 PROCESS MODEL<br />
<strong>Processes</strong> are one of the seven enabler categories for governance and management of enterprise IT, as explained in<br />
COBIT 5, chapter 5. The specifics for the processes enabler compared to the generic enabler description are shown<br />
in figure 8.<br />
Enabler Dimension<br />
Enabler Performance<br />
Management<br />
Figure 8—COBIT 5 Enabler: <strong>Processes</strong><br />
Stakeholders Goals Life Cycle Good Practices<br />
����������<br />
� ������������<br />
����������<br />
� ������������<br />
����������������<br />
����������������<br />
�������������������<br />
��������������������<br />
� �����������<br />
� ��������������<br />
�������������������<br />
� ��������<br />
�����������<br />
���������������<br />
��������������������������������<br />
����������������<br />
������<br />
��������<br />
����������������<br />
� ����������������<br />
�������������<br />
������������������<br />
����������������<br />
Generic Practices for<br />
<strong>Processes</strong><br />
��Process Practices,<br />
Activities, Detailed<br />
Activities<br />
��W������������<br />
� ����������������<br />
A process is defined as ‘a collection of practices influenced by the enterprise’s policies and procedures that takes<br />
inputs from a number of sources (including other processes), manipulates the inputs and produces outputs<br />
(e.g., products, services)’.<br />
The process model shows:<br />
� Stakeholders—<strong>Processes</strong> have internal and external stakeholders, with their own roles; stakeholders and their<br />
responsibility levels are documented in charts that show who is responsible, accountable, consulted or informed<br />
(RACI). External stakeholders include customers, business partners, shareholders and regulators. Internal stakeholders<br />
include board, management, staff and volunteers.<br />
� Goals—Process goals are defined as ‘a statement describing the desired outcome of a process. An outcome can be an<br />
artefact, a significant change of a state or a significant capability improvement of other processes’. They are part of<br />
the goals cascade, i.e., process goals support IT-related goals, which in turn support enterprise goals.<br />
Process goals can be categorised as:<br />
– Intrinsic goals—Does the process have intrinsic quality? Is it accurate and in line with good practice? Is it<br />
compliant with internal and external rules?<br />
– Contextual goals—Is the process customised and adapted to the enterprise’s specific situation? Is the process<br />
relevant, understandable, easy to apply?<br />
– Accessibility and security goals—The process remains confidential, when required, and is known and accessible to<br />
those who need it.<br />
At each level of the goals cascade, hence also for processes, metrics are defined to measure the extent to which goals are<br />
achieved. Metrics can be defined as ‘a quantifiable entity that allows the measurement of the achievement of a process<br />
goal. Metrics should be SMART—specific, measurable, actionable, relevant and timely’.<br />
Personal Copy of: Mr. Dong Hong Wang<br />
�������������<br />
��������<br />
������������������<br />
��������<br />
�����������������������������������<br />
�����������������<br />
19