Enabling Processes

Recommendations

Info

Align, Plan and Organise APO07 RACI Chart Key Management PracticeBoard APO07.01 Maintain adequate and appropriate staffing. APO07.02 Identify key IT personnel. APO07.03 Maintain the skills and competencies of personnel. APO07.04 �� performance. APO07.05 Plan and track the usage of IT and business human resources. APO07.06 Manage contract staff. 84 : ENABLING PROCESSES Chief Executive Officer Chief Financial Officer Chief Operating Officer Business Executives APO07 Process Practices, Inputs/Outputs and Activities Business Process Owners Strategy Executive Committee �� Chief Risk Officer Chief Information Security Officer Architecture Board Enterprise Risk Committee Head Human Resources Compliance Audit Chief Information Officer R I R A R R R R R R R R R A R R R R R R R R R A R R R R R R R R R A R R R R R R R R C A R R I R R R R R R R R R R A R R R R R R R Management Practice Inputs Outputs APO07.01 Maintain adequate and appropriate staffing. Evaluate staffing requirements on a regular basis or �� or IT environments to ensure that the enterprise has sufficient human resources to support enterprise goals �� external resources. From Description Description To EDM04.01 � �� allocation of resources and capabilities EDM04.03 Remedial actions to address resource management deviations Head Architect Head Development Staffing requirement evaluations Head IT Operations Competency and career development plans APO01.02 Definition of supervisory practices Personnel sourcing plans Internal APO06.03 � �� Outside COBIT � �� and procedures Activities �� 3. Include background checks in the IT recruitment process for employees, contractors and vendors. The extent and frequency of these checks should �� 4. Establish flexible resource arrangements to support changing business needs, such as the use of transfers, external contractors and third-party service arrangements. 5. Ensure that cross-training takes place and there is backup to key staff to reduce single-person dependency. Personal Copy of: Mr. Dong Hong Wang Head IT Administration Service Manager Information Security Manager Internal Internal Business Continuity Manager Privacy Officer
CHAPTER 5 COBIT 5 PROCESS REFERENCE GUIDE CONTENTS APO07 Process Practices, Inputs/Outputs and Activities (cont.) Management Practice Inputs Outputs APO07.02 Identify key IT personnel. Identify key IT personnel while minimising reliance on � �� through knowledge capture (documentation), knowledge sharing, succession planning and staff backup. From Description Description To Activities �� 2. As a security precaution, provide guidelines on a minimum time of annual vacation to be taken by key individuals. �� 4. Regularly test staff backup plans. Management Practice Inputs Outputs APO07.03 Maintain the skills and competencies From Description Description To of personnel. Define and manage the skills and competencies required of personnel. Regularly verify that personnel have the competencies to fulfil their roles on the basis EDM01.02 Reward system approach Skills and competencies matrix APO01.02 BAI01.02 BAI01.04 �� EDM04.03 Remedial actions to Skills development plans EDM04.01 verify that these competencies are being maintained, address resource APO01.02 using qualification and certification programmes where management deviations appropriate. Provide employees with ongoing learning and opportunities to maintain their knowledge, skills and competencies at a level required to achieve BAI08.03 Published knowledge repositories Review reports Internal enterprise goals. BAI08.04 Knowledge awareness and training schemes DSS04.06 � �� skills and competencies � �� Outside COBIT Enterprise goals �� Activities 1. Define the required and currently available skills and competencies of internal and external resources to achieve enterprise, IT and process goals. 2. Provide formal career planning and professional development to encourage competency development, opportunities for personal advancement and reduced dependence on key individuals. 3. Provide access to knowledge repositories to support the development of skills and competencies. 4. Identify gaps between required and available skills and develop action plans to address them on an individual and collective basis, such as training (technical and behavioural skills), recruitment, redeployment and changed sourcing strategies. 5. Develop and deliver training programmes based on organisational and process requirements, including requirements for enterprise knowledge, internal control, ethical conduct and security. 6. Conduct regular reviews to assess the evolution of the skills and competencies of the internal and external resources. Review succession planning. 7. Review training materials and programmes on a regular basis to ensure adequacy with respect to changing enterprise requirements and their impact on necessary knowledge, skills and abilities. Personal Copy of: Mr. Dong Hong Wang 85 Align, Plan and Organise
Page 1 and 2:
Enabling Processes Personal Copy of
Page 3 and 4:
ACKNOWLEDGEMENTS ISACA wishes to re
Page 5 and 6:
ACKNOWLEDGEMENTS (CONT.) ACKNOWLEDG
Page 7 and 8:
TABLE OF CONTENTS TABLE OF CONTENTS
Page 9 and 10:
LIST OF FIGURES LIST OF FIGURES Fig
Page 11 and 12:
CHAPTER 1 INTRODUCTION CHAPTER 1 IN
Page 13 and 14:
CHAPTER 2. THE GOALS CASCADE AND ME
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
CHAPTER 3 THE COBIT 5 PROCESS MODEL
Page 21 and 22:
Enabler Performance Management CHAP
Page 23 and 24:
CHAPTER 4 THE COBIT 5 PROCESS REFER
Page 25 and 26:
CHAPTER 5 COBIT 5 PROCESS REFERENCE
Page 27 and 28:
Generic Guidance for Processes CHAP
Page 29 and 30:
Page 31 and 32:
Page 33 and 34: CHAPTER 5 COBIT 5 PROCESS REFERENCE
Page 37 and 38: EDM02 Process Practices, Inputs/Out
Page 41 and 42: EDM03 Process Practices, Inputs/Out
Page 55 and 56: APO01 Process Practices, Inputs/Out
Page 71 and 72: APO04 Manage Innovation (cont.) CHA
Page 83: CHAPTER 5 COBIT 5 PROCESS REFERENCE
Page 113 and 114: APO13 Manage Security Process Descr
Page 123 and 124: BAI01 Process Practices, Inputs/Out
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
BAI03 Process Practices, Inputs/Out
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
DSS02 Process Practices, Inputs/Out
Page 181 and 182:
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
DSS05 Process Practices, Inputs/Out
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
Page 203 and 204:
Page 205 and 206:
MEA01 Process Practices, Inputs/Out
Page 207 and 208:
Page 209 and 210:
Page 211 and 212:
Page 213 and 214:
Page 215 and 216:
Page 217 and 218:
APPENDIX A MAPPING BETWEEN COBIT 5
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
APPENDIX B DETAILED MAPPING ENTERPR
Page 227 and 228:
APPENDIX C DETAILED MAPPING IT-RELA
Page 229 and 230:
Deliver, Service and Support Monito
show all

Enabling Processes

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?