Assurance and Best Practices

COSO 2013 and COBIT 5 Mapping

Places where the relevant principles of COBIT map to COSO 2013 principles* are marked as Yes.
  
COSO Coverage
Control Environment Risk Assessment Control Activities Information and communication Monitoring Activities
COBIT 5 Framework Principle 1 Principle 2 Principle 3 Principle 4 Principle 5 Principle 6 Principle 7 Principle 8 Principle 9 Principle 10 Principle 11 Principle 12 Principle 13 Principle 14 Principle 15 Principle 16 Principle 17
                                   
Evaluate, Direct and Monitor                                  
EDM01 Ensure Governance Framework Setting and Maintenance Yes Yes Yes   Yes Yes   Yes   Yes              
EDM02 Ensure Benefits Delivery   Yes     Yes Yes       Yes              
EDM03 Ensure Risk Optimisation   Yes     Yes Yes Yes     Yes              
EDM04 Ensure Resource Optimisation   Yes     Yes Yes       Yes              
EDM05 Ensure Stakeholder Transparency   Yes     Yes Yes       Yes         Yes   Yes
                                   
Align, Plan and Organize (APO)                                  
APO01 Manage the IT Management Framework Yes   Yes Yes Yes Yes   Yes Yes Yes   Yes   Yes      
APO02 Manage Strategy         Yes Yes       Yes              
APO03 Manage Enterprise Architecture         Yes Yes       Yes              
APO04 Manage Innovation         Yes Yes       Yes              
APO05 Manage Portfolio         Yes Yes       Yes              
APO06 Manage Budget and Costs         Yes Yes       Yes              
APO07 Manage Human Resources Yes     Yes Yes Yes   Yes   Yes              
APO08 Manage Relationships         Yes Yes       Yes              
APO09 Manage Service Agreements         Yes Yes       Yes              
APO10 Manage Suppliers         Yes Yes       Yes              
APO11 Manage Quality         Yes Yes       Yes     Yes        
APO12 Manage Risk         Yes Yes Yes     Yes              
APO13 Manage Security         Yes Yes       Yes              
                                   
Build, Acquire and Implement                                  
BAI01 Manage Programmes and Projects         Yes Yes       Yes              
BAI02 Manage Requirements Definition         Yes Yes     Yes Yes              
BAI03 Manage Solutions Identification and Build         Yes Yes       Yes              
BAI04 Manage Availability and Capacity         Yes Yes       Yes              
BAI05 Manage Organisational Change Enablement         Yes Yes     Yes Yes              
BAI06 Manage Changes         Yes Yes     Yes Yes              
BAI07 Manage Change Acceptance and Transitioning         Yes Yes     Yes Yes              
BAI08 Manage Knowledge         Yes Yes       Yes              
BAI09 Manage Assets         Yes Yes       Yes              
BAI10 Manage Configuration         Yes Yes       Yes              
                                   
Deliver, Service and Support                                  
DSS01 Manage Operations         Yes Yes       Yes              
DSS02 Manage Service Requests and Incidents         Yes Yes       Yes              
DSS03 Manage Problems         Yes Yes       Yes              
DSS04 Manage Continuity         Yes Yes       Yes              
DSS05 Manage Security Services         Yes Yes       Yes              
DSS06 Manage Business Process Controls         Yes Yes       Yes Yes            
                                   
Monitor, Evaluate and Assess                                  
MEA01 Monitor, Evaluate and Assess Performance and Conformance         Yes Yes       Yes     Yes        
MEA02 Monitor, Evaluate and Assess the System of Internal Control         Yes Yes       Yes     Yes     Yes Yes
MEA03 Monitor, Evaluate and Assess Compliance With External Requirements         Yes Yes   Yes   Yes              
COSO 2013 framework should be referred to get the idea on the core areas and the relevant principles.*
You must sign in to rate content.
(Unrated)

Comments

There are no comments yet for this post.

Leave a Comment

You must be logged in to post a comment.