• Bookmark

Portfolio, Program and Project Management Using COBIT 5, Part 3

By Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP, and Eswar Muthukrishnan, CISA, CPISI, MCA, PGDM

COBIT Focus | 29 January 2018

Sunil Bakshi Eswar Muthukrishnan This is the continuation of a series of articles published in COBIT Focus beginning in September 2017. The first article1 discussed the approach for mapping COBIT 5 with the Project Management Institute (PMI’s) standards and publication A Guide to the Project Management Body of Knowledge (PMBOK Guide). The second article discussed the differences between PMI standards and COBIT 5 at a high level.2


PMI published the standards shown in figure 1 that have been adopted by many organizations. Each of these publications has identified and defined processes for implementing these standards. Each standard has a different number of processes, as shown in the second column of figure 1.


Figure 1—PMI Publications

Name of Publication Process Groups Number of Processes
A Guide to the Project Management Body of Knowledge 5th Edition (PMBOK) 3 15
The Standard for Portfolio Management 3rd Edition 5 36
The Standard for Portfolio Management 3rd Edition 5 47


This article provides a mapping of the portfolio management standards with the COBIT 5 processes. The approach shown in figure 2 was developed to map the PMI standards with COBIT 5 processes.


Figure 2—Approach for Mapping PMI Standards With COBIT 5 Processes
Figure 2; View large graphic
View large graphic.


PMI has revised the publications noted with a fourth edition, updating portfolio3 and program management.4 A sixth edition of PMBOK5 was published in September 2017. However, since this mapping was undertaken prior to these publications, the standards listed in figure 1 are described herein. The changes in new editions shall be discussed subsequently.


Since PMI standards are in depth, there are few gaps in activities. COBIT 5 has not specifically identified these activities, but references them.


Portfolio Management

Portfolio management is the highest level of the organization that is responsible for defining, authorizing and supervising programs and projects. Considering it is the highest level in the organizational structure, it should align programs and projects with the organization’s objectives and strategies. Therefore, the portfolio management processes should include governance processes (Evaluate, Direct and Monitor).


The PMI portfolio management standard identifies 5 different knowledge areas for defining processes:

  1. Strategic management
  2. Governance management
  3. Performance management
  4. Communication management
  5. Risk management

Portfolio management standards emphasize that organizations need to ensure that their portfolio management processes are defined in alignment with organizational strategy. The standard recommends that organizations categorize processes into 3 groups:

  1. Defining processes
  2. Aligning processes
  3. Controlling and managing processes

PMI’s portfolio management standard6 identifies 16 generic processes for portfolio management in 3 process groups (figure 3). These processes are interlinked and need to be implemented by considering their interdependencies with the 3 process groups based on the knowledge areas. For example, the knowledge area Governance Management has processes in all 3 process groups since COBIT 5 is a framework for governance of enterprise IT (GEIT). When mapping processes related to governance, one needs to consider knowledge areas. Process groups help establish interdependencies.


Figure 3—Portfolio Management Processes

Process Group
Knowledge Area
Process
Description
Defining

Strategic Management

Develop Portfolio Strategic Plan Align portfolio objectives with enterprise strategic objectives and goals.
Develop Portfolio Charter Define objectives, scope, deliverables, success criteria and time lines, and identify stakeholders.
Define Portfolio Roadmap Identify portfolio components, dependencies, milestones and deliverables.
Governance Management Develop Portfolio
Management Plan 
Develop a plan for governing and managing portfolio activities, change management, performance monitoring and reporting, processes for procurement, and compliance.
Define Portfolio Identify and list components including programs, projects, resources, cost and time lines.
Performance Management Define Portfolio Performance Management Plan Develop a plan to manage the performance of the portfolio and its components to ensure that the organization’s objectives are achieved.
Communication Management Define Portfolio Communication Management Plan Identify stakeholders, determine communication requirements and develop a communication plan.
Risk Management Define Portfolio Risk Management Plan Develop a portfolio risk management plan.
Aligning Strategic Management Manage Strategic Change Evaluate strategic changes within the organization and their impact on portfolio objectives and deliverables, and update the portfolio management plan as needed.
Governance Management Optimize Portfolio Continuously analyze the components to ensure that resources are effectively performing to achieve the organization’s objectives.

Performance Management

Manage Supply and Demand Manage the availability of resources for each component of the portfolio.
Manage Portfolio Value Capture, measure and report value creation by the portfolio.
Communication Management Manage Portfolio Information Execute the communication plan.
Risk Management Manage Portfolio Risks Execute the portfolio risk management plan.
Authorizing and Controlling

Governance Management

Authorize Portfolio Authorize portfolio components and resources (a necessary process for governance).
Provide Portfolio Oversight Monitor the performance of the portfolio relative to its alignment with defined objectives and provide directions in cases where deviation is observed.


The portfolio management standard of PMI is for organizations that have multiple portfolios, whereas the primary focus of COBIT 5 is the IT portfolio. Considering this, the effort has been made to map PMI’s processes with those of COBIT 5. Since direct mapping is not possible, the management practices of the process reference model of COBIT 5 was considered. The ISACA publication COBIT 5: Enabling Processes provides a detailed description of processes at activity levels, hence it was used while mapping. The mapping is shown in figure 4.


Figure 4—Portfolio Management Standard and COBIT 5 Process Mapping

PMI's Portfolio Standard Processes
Process Group
COBIT 5 Process
COBIT 5 Management Practices
Develop Portfolio Strategic Plan Defining APO02 Manage Strategy APO02.05 Define the strategic plan and road map.
EDM02 Ensure Benefits Delivery EDM02.03 Monitor value optimization.
EDM02.02 Direct value optimization.
EDM02.03 Monitor value optimization.
Develop Portfolio Charter Defining APO02 Manage Strategy APO02.05 (Indirect) Define the strategic plan and road map.
APO05 Manage Portfolio APO05.05 Maintain portfolios.
Define Portfolio Roadmap Defining APO02 Manage Strategy APO02.05 Define the strategic plan and road map.
APO05 Manage Portfolio APO05.01 Establish the target investment mix.
APO05.02 Determine the availability and sources of funds.
APO05.03 Evaluate and select programs to fund.
Develop Portfolio Management Plan Defining APO02 Manage Strategy APO02.05 Define the strategic plan and road map.
APO05 Manage Portfolio APO05.03 Evaluate and select programs to fund.
APO05.05 Maintain portfolios.
Define Portfolio Defining APO02 Manage Strategy APO02.05 Define the strategic plan and road map.
Define Portfolio Performance Management Plan Defining APO02 Manage Strategy APO02.05 Define the strategic plan and road map.
APO05 Manage Portfolio APO05.01 Establish the target investment mix.
APO05.04 Monitor, optimize and report on investment portfolio performance.
APO05.06 Manage benefits achievement.
Define Portfolio Communication Management Plan Defining APO05 Manage Portfolio APO05.01 Establish the target investment mix.
APO05.02 Determine the availability and sources of funds.
APO05.03 Evaluate and select programs to fund.
APO05.04 Monitor, optimize and report on investment portfolio performance.
APO05.05 Maintain portfolios.
APO05.06 Manage benefits achievement.
APO02 Manage Strategy APO02.06 Communicate the IT strategy and direction.
Define Portfolio Risk Management Plan Defining APO05 Manage Portfolio APO05.01 Establish the target investment mix.
APO12 Manage Risk APO12.01 Collect data.
APO12.02 Analyze risk.
APO12.03 Maintain a risk profile.
APO12.04 Articulate risk.
APO12.05 Define a risk management action portfolio.
APO12.06 Respond to risk.
Manage Strategic Change Aligning APO02 Manage Strategy APO02.01 Understand enterprise direction.
APO05 Manage Portfolio APO05.04 Monitor, optimize and report on investment portfolio performance.
APO05.05 Maintain portfolios.
Optimize Portfolio Aligning APO05 Manage Portfolio APO05.01 Establish the target investment mix.
APO05.02 Determine the availability and sources of funds.
APO05.03 Evaluate and select programs to fund.
APO05.04 Monitor, optimize and report on investment portfolio performance.
APO05.05 Maintain portfolios.
APO05.06 Manage benefits achievement.
Manage Supply and Demand Aligning APO05 Manage Portfolio APO05.01 Establish the target investment mix.
APO05.02 Determine the availability and sources of funds.
APO05.03 Evaluate and select programs to fund.
APO05.04 Monitor, optimize and report on investment portfolio performance.
APO05.05 Maintain portfolios.
APO05.06 Manage benefits achievement.
Manage Portfolio Value Aligning APO05 Manage Portfolio APO05.06 Manage benefits achievement.
EDM02 Ensure Benefit Delivery EDM02.01 Evaluate value optimization.
EDM02.02 Direct value optimization.
EDM02.03 Monitor value optimization.
Manage Portfolio Information Aligning APO05 Manage Portfolio APO05.04 Monitor, optimize and report on investment portfolio performance.
APO05.05 Maintain portfolios.
Manage Portfolio Risks Aligning APO05 Manage Portfolio APO05.01 Establish the target investment mix.
APO12 Manage Risk APO12.01 Collect data.
APO12.02 Analyze risk.
APO12.03 Maintain a risk profile.
APO12.04 Articulate risk.
APO12.05 Define a risk management action portfolio.
APO12.06 Respond to risk.
Authorize Portfolio Authorizing and Controlling APO02 Manage Strategy APO02.04 Conduct a gap analysis
Provide Portfolio Oversight Authorizing and Controlling APO02 Manage Strategy APO02.01 Understand enterprise direction.
APO05 Manage Portfolio APO05.04 Monitor, optimize and report on investment portfolio performance.
APO05.06 Manage benefits achievement.
MEA01 Monitor, Evaluate and Assess Performance and Conformance MEA01.01 Establish a monitoring approach.
MEA01.02 Set performance and conformance targets.
MEA01.03 Collect and process performance and conformance data.
MEA01.04 Analyze and report performance.
MEA01.05 Ensure the implementation of corrective actions.


The sequence processes are considered based on relevance to the PMI’s process, to which the COBIT 5 process gets mapped. For example, since Defining Strategic Plan directly relates to APO02 Manage Strategy and indirectly relates to EDM 02 Ensure Benefits Delivery, the sequence is not as it appears in PRM of COBIT 5.


Conclusion

Mapping of COBIT 5 with PMI standards is useful in providing assurance that the COBIT 5 framework can be used as a “single integrated framework” across organizations. This is the third article covering a high-level mapping of the portfolio management standard. Future articles will discuss mapping of PMI’s program management standard and project management standard (PMBOK) processes with the COBIT 5 process reference model.


Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP

Is a freelance consultant and visiting faculty member at the National Institute of Bank Management, India. He has worked in IT, IT governance, IS audit, information security and IT risk management. He has 40 years of experience in various positions in different industries.


Eswar Muthukrishnan, CISA, CPISI, MCA, PGDM

Is a freelance consultant with more than 24 years of experience in IT and IT services in the telecommunications industry. He has held roles such as chief information officer and vice president of service delivery of IT and ITES, program management, transition management.


Endnotes

1 Bakshi, S.; “Portfolio, Program and Project Management Using COBIT 5,” COBIT Focus, 11 September 2017
2 Bakshi, S.; E. Muthukrishnan; “Portfolio, Program and Project Management Using COBIT 5, Part 2,” COBIT Focus, 2 January 2018
3 Project Management Institute, The Standard for Portfolio Management 4th Edition, USA, 2017
4 Project Management Institute, The Standard for Program Management 4th Edition, USA, 2017
5 Project Management Institute, A Guide to the Project Management Body of Knowledge (PMBOK Guide) 6th Edition, USA, 2017
6 Project Management Institute, The Standard for Portfolio Management, 3rd Edition, USA, 2013

THIS WEBSITE USES INFORMATION GATHERING TOOLS INCLUDING COOKIES, AND OTHER SIMILAR TECHNOLOGY.
BY USING THIS WEBSITE, YOU CONSENT TO USE OF THESE TOOLS. IF YOU DO NOT CONSENT, DO NOT USE THIS WEBSITE. USE OF THIS WEBSITE IS NOT REQUIRED BY ISACA. OUR PRIVACY POLICY IS LOCATED HERE.