Enabling Processes
Enabling Processes
Enabling Processes
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
CHAPTER 5<br />
COBIT 5 PROCESS REFERENCE GUIDE CONTENTS<br />
MEA02 Process Practices, Inputs/Outputs and Activities (cont.)<br />
Management Practice Inputs Outputs<br />
MEA02.02 Review business process<br />
From Description Description To<br />
controls effectiveness.<br />
Review the operation of controls, including a review of<br />
monitoring and test evidence, to ensure that controls<br />
within business processes operate effectively. Include<br />
activities to maintain evidence of the effective operation<br />
of controls through mechanisms such as periodic<br />
testing of controls, continuous controls monitoring,<br />
independent assessments, command and control<br />
centres, and network operations centres. This provides<br />
the business with the assurance of control effectiveness<br />
to meet requirements related to business, regulatory<br />
and social responsibilities.<br />
BAI05.06<br />
BAI05.07<br />
Compliance audit results<br />
Reviews of operational use<br />
Activities<br />
Evidence of control<br />
effectiveness<br />
Internal<br />
�� ���������� ��� ���������� ���� �� �������������� �����������<br />
2. Identify key controls and develop a strategy suitable for validating controls.<br />
3. Identify information that will persuasively indicate whether the internal control environment is operating effectively.<br />
4. Develop and implement cost-effective procedures to determine that persuasive information is based on the information criteria.<br />
5. Maintain evidence of control effectiveness.<br />
Management Practice Inputs Outputs<br />
MEA02.03 Perform control self-assessments.<br />
From Description Description To<br />
Encourage management and process owners to take<br />
positive ownership of control improvement through a<br />
continuing programme of self-assessment to evaluate<br />
��� ������������ ��� ������������� �� ������������<br />
control over processes, policies and contracts.<br />
Self-assessment plans<br />
and criteria<br />
All APO<br />
All BAI<br />
All DSS<br />
All MEA<br />
Results of<br />
self-assessments<br />
Internal<br />
Results of reviews of EDM01.03<br />
Activities<br />
self-assessments All APO<br />
All BAI<br />
All DSS<br />
All MEA<br />
1. Maintain plans and scope and identify evaluation criteria for conducting self-assessments. Plan the communication of results of the self-assessment<br />
process to business, IT and general management and the board. Consider internal audit standards in the design of self-assessments.<br />
2. Determine the frequency of periodic self-assessments, considering the overall effectiveness and efficiency of ongoing monitoring.<br />
�� ������ �������������� ��� ��������������� �� ����������� ����������� �� ������ ����������� ��� �����������<br />
�� ������� ��� ����������� ������� �� ������ ����������� �� ��� ��������������� ��� ������ ��� ������� �� �������� ������� ���� ��������� ����<br />
other enterprises.<br />
5. Compare the results of the self-assessments against industry standards and good practices.<br />
6. Summarise and report outcomes of self-assessments and benchmarking for remedial actions.<br />
7. Define an agreed-on, consistent approach for performing control self-assessments and co-ordinating with internal and external auditors.<br />
Personal Copy of: Mr. Dong Hong Wang<br />
209<br />
Monitor, Evaluate and Assess