Enabling Processes

Recommendations

Info

Monitor, Evaluate and Assess MEA02 RACI Chart 208 : ENABLING PROCESSES Chief Executive Officer Chief Financial Officer Chief Operating Officer Business Executives Business Process Owners Strategy Executive Committee �� Board Key Management Practice MEA02.01 Monitor internal controls. MEA02.02 I C I C R R R R R A I R R R R R R R Review business process controls effectiveness. MEA02.03 I I R I A R I I I R R C C C C C Perform control self-assessments. MEA02.04 I C I C R R R R R A I R R R R R R R Identify and report control deficiencies. MEA02.05 I C I C R R I I R R A I R R R R R R R Ensure that assurance providers are independent and qualified. R A A R MEA02.06 Plan assurance initiatives. A C R C C C R C C C C C C C C MEA02.07 Scope assurance initiatives. R R R C C A R C C C C C C C C MEA02.08 Execute assurance initiatives. I I C R C I I C A R C C C C C C C C MEA02 Process Practices, Inputs/Outputs and Activities Chief Risk Officer Chief Information Security Officer Architecture Board Enterprise Risk Committee Head Human Resources Compliance Audit Chief Information Officer Management Practice Inputs Outputs MEA02.01 Monitor internal controls. Continuously monitor, benchmark and improve the IT control environment and control framework to meet �� From Description Description To APO12.04 Results of third-party risk assessments Head Architect Head Development Head IT Operations Results of internal control monitoring and reviews APO13.03 ISMS audit reports Results of benchmarking Outside COBIT Industry standards and good practices and other evaluations Head IT Administration Service Manager Information Security Manager Business Continuity Manager EDM01.03 All APO All BAI All DSS All MEA EDM01.03 All APO All BAI All DSS All MEA Activities 1. Perform internal control monitoring and evaluation activities based on organisational governance standards and industry-accepted frameworks and practices. Include monitoring and evaluation of the efficiency and effectiveness of managerial supervisory reviews. 2. Consider independent evaluations of the internal control system (e.g., by internal audit or peers). �� offshore development or production activities). 4. Ensure that control activities are in place and exceptions are promptly reported, followed up and analysed, and appropriate corrective actions are prioritised and implemented according to the risk management profile (e.g., classify certain exceptions as a key risk and others as a non-key risk). 5. Maintain the IT internal control system, considering ongoing changes in business and IT risk, the organisational control environment, relevant business and IT processes, and IT risk. If gaps exist, evaluate and recommend changes. 6. Regularly evaluate the performance of the IT control framework, benchmarking against industry accepted standards and good practices. Consider formal adoption of a continuous improvement approach to internal control monitoring. �� contractual obligations. Personal Copy of: Mr. Dong Hong Wang Privacy Officer
CHAPTER 5 COBIT 5 PROCESS REFERENCE GUIDE CONTENTS MEA02 Process Practices, Inputs/Outputs and Activities (cont.) Management Practice Inputs Outputs MEA02.02 Review business process From Description Description To controls effectiveness. Review the operation of controls, including a review of monitoring and test evidence, to ensure that controls within business processes operate effectively. Include activities to maintain evidence of the effective operation of controls through mechanisms such as periodic testing of controls, continuous controls monitoring, independent assessments, command and control centres, and network operations centres. This provides the business with the assurance of control effectiveness to meet requirements related to business, regulatory and social responsibilities. BAI05.06 BAI05.07 Compliance audit results Reviews of operational use Activities Evidence of control effectiveness Internal �� 2. Identify key controls and develop a strategy suitable for validating controls. 3. Identify information that will persuasively indicate whether the internal control environment is operating effectively. 4. Develop and implement cost-effective procedures to determine that persuasive information is based on the information criteria. 5. Maintain evidence of control effectiveness. Management Practice Inputs Outputs MEA02.03 Perform control self-assessments. From Description Description To Encourage management and process owners to take positive ownership of control improvement through a continuing programme of self-assessment to evaluate �� control over processes, policies and contracts. Self-assessment plans and criteria All APO All BAI All DSS All MEA Results of self-assessments Internal Results of reviews of EDM01.03 Activities self-assessments All APO All BAI All DSS All MEA 1. Maintain plans and scope and identify evaluation criteria for conducting self-assessments. Plan the communication of results of the self-assessment process to business, IT and general management and the board. Consider internal audit standards in the design of self-assessments. 2. Determine the frequency of periodic self-assessments, considering the overall effectiveness and efficiency of ongoing monitoring. �� other enterprises. 5. Compare the results of the self-assessments against industry standards and good practices. 6. Summarise and report outcomes of self-assessments and benchmarking for remedial actions. 7. Define an agreed-on, consistent approach for performing control self-assessments and co-ordinating with internal and external auditors. Personal Copy of: Mr. Dong Hong Wang 209 Monitor, Evaluate and Assess
Page 1 and 2:
Enabling Processes Personal Copy of
Page 3 and 4:
ACKNOWLEDGEMENTS ISACA wishes to re
Page 5 and 6:
ACKNOWLEDGEMENTS (CONT.) ACKNOWLEDG
Page 7 and 8:
TABLE OF CONTENTS TABLE OF CONTENTS
Page 9 and 10:
LIST OF FIGURES LIST OF FIGURES Fig
Page 11 and 12:
CHAPTER 1 INTRODUCTION CHAPTER 1 IN
Page 13 and 14:
CHAPTER 2. THE GOALS CASCADE AND ME
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
CHAPTER 3 THE COBIT 5 PROCESS MODEL
Page 21 and 22:
Enabler Performance Management CHAP
Page 23 and 24:
CHAPTER 4 THE COBIT 5 PROCESS REFER
Page 25 and 26:
CHAPTER 5 COBIT 5 PROCESS REFERENCE
Page 27 and 28:
Generic Guidance for Processes CHAP
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
EDM02 Process Practices, Inputs/Out
Page 39 and 40:
Page 41 and 42:
EDM03 Process Practices, Inputs/Out
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
APO01 Process Practices, Inputs/Out
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
APO04 Manage Innovation (cont.) CHA
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
APO13 Manage Security Process Descr
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
BAI01 Process Practices, Inputs/Out
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158: CHAPTER 5 COBIT 5 PROCESS REFERENCE
Page 179 and 180: DSS02 Process Practices, Inputs/Out
Page 195 and 196: DSS05 Process Practices, Inputs/Out
Page 205 and 206: MEA01 Process Practices, Inputs/Out
Page 207: CHAPTER 5 COBIT 5 PROCESS REFERENCE
Page 217 and 218: APPENDIX A MAPPING BETWEEN COBIT 5
Page 225 and 226: APPENDIX B DETAILED MAPPING ENTERPR
Page 227 and 228: APPENDIX C DETAILED MAPPING IT-RELA
Page 229 and 230: Deliver, Service and Support Monito
show all

Enabling Processes

Create successful ePaper yourself

Delete template?

Save as template?