Mapping to COBIT 5 

 

COBIT 5 is the latest edition of ISACA’s globally accepted framework, providing an end-to-end business view of the governance of enterprise IT that reflects the central role of information and technology in creating value for enterprises.

Reviewing the COBIT 5 Framework

Knowledge of COBIT 5 is not specifically tested on the CGEIT examination. However, the principles, practices, analytical tools and models found in COBIT 5 embody thought leadership and guidance from business, IT and governance experts around the world, and are reflected in the CGEIT job practice task statements.

A thorough review of the COBIT 5 framework and, if possible, supporting publications, is recommended for candidate preparation for the CGEIT examination. To focus a candidate's attention on the specific COBIT 5 content that relates to each CGEIT task statement, and to aid in a candidate's exam preparation, the following tables are provided:

Domain 1: Framework for the Governance of Enterprise IT

Ensure the definition, establishment and management of a framework for the governance of enterprise IT in alignment with the mission, vision and values of the enterprise.

Task Statements

Key Relevant COBIT Processes

Other Key Enablers Specific to the Task Area

[Note: Generally ALL enablers may be relevant to some degree and should be considered.]
1.1 Ensure that a framework for the governance of enterprise IT is established and enables the achievement of enterprise goals and objectives to create stakeholder value, taking into account benefits realization, risk optimization, and resource optimization. EDM01, APO01 Principles, Policies and Frameworks
Other: Goals Cascade
1.2 Identify the requirements and objectives for the framework for the governance of enterprise IT incorporating input from enablers such as principles, policies and frameworks; processes; organizational structures; culture, ethics and behavior; information; services, infrastructure and applications; people, skills and competencies. EDM01, APO01  
1.3 Ensure that the framework for the governance of enterprise IT addresses applicable internal and external requirements (for example, principles, policies and standards, laws, regulations, service capabilities and contracts). EDM01-05, APO01-02, MEA02-03, APO08-10  
1.4 Ensure that strategic planning processes are incorporated into the framework for the governance of enterprise IT APO02  
1.5 Ensure the incorporation of enterprise architecture (EA) into the framework for the governance of enterprise IT in order to optimize IT-enabled business solutions. APO03  
1.6 Ensure that the framework for the governance of enterprise IT incorporates comprehensive and repeatable processes and activities. EDM01, APO01 Principles, Policies and Frameworks
1.7 Ensure that the roles, responsibilities and accountabilities for information systems and IT processes are established. APO01
All COBIT processes
(RACI guidance)
Organisational structures
Principles, Policies and Frameworks
1.8 Ensure issues related to the framework for the governance of enterprise IT are reviewed, monitored, reported and remediated. MEA01-03 Culture, Ethics & Behaviour
1.9 Ensure that organizational structures are in place to enable effective planning and implementation of IT-enabled business investments. All COBIT processes
(RACI guidance)
Organisational structures
1.10 Ensure the establishment of a communication channel to reinforce the value of the governance of enterprise IT and transparency of IT costs, benefits and risk throughout the enterprise. EDM05, APO08  
1.11 Ensure that the framework for the governance of enterprise IT is periodically assessed, including the identification of improvement opportunities. EDM05, MEA01-03  

 

Domain 2: Strategic Management

Ensure that IT enables and supports the achievement of enterprise objectives through the integration and alignment of IT strategic plans with enterprise strategic plans.

Task Statements

Key Relevant COBIT Processes

Other Key Enablers Specific to the Task Area

[Note: Generally ALL enablers may be relevant to some degree and should be considered.]
2.1 Evaluate, direct and monitor IT strategic planning processes to ensure alignment with enterprise goals. EDM02-05, APO02  
2.2 Ensure that appropriate policies and procedures are in place to support IT and enterprise strategic alignment. All COBIT processes Principles, Policies and Frameworks
2.3 Ensure that the IT strategic planning processes and related outputs are adequately documented and communicated. APO02  
2.4 Ensure that enterprise architecture (EA) is integrated into the IT strategic planning process. APO03  
2.5 Ensure prioritization of IT initiatives to achieve enterprise objectives. EDM02-05
APO05
Organisational Structures
Culture
2.6 Ensure that IT objectives cascade into clear roles, responsibilities and actions of IT personnel. APO domain processes Organisational structures
People, skills and competencies

 

Domain 3: Benefits Realization

Ensure that IT-enabled investments are managed to deliver optimized business benefits, and that benefit realization outcome and performance measures are established and evaluated, and that progress is reported to key stakeholders.

Task Statements

Key Relevant COBIT Processes

Other Key Enablers Specific to the Task Area

[Note: Generally ALL enablers may be relevant to some degree and should be considered.]
3.1 Ensure that IT-enabled investments are managed as a portfolio of investments. EDM02, APO05  
3.2 Ensure that IT-enabled investments are managed through their economic life cycle to achieve business benefit. EDM02, EDM05, APO05, MEA01-03, BAI05, BAI01  
3.3 Ensure business ownership and accountability for IT-enabled investments are established. EDM02, APO05, APO08-09 Organisational structures
Culture
3.4 Ensure that IT investment management practices align with enterprise investment management practices. APO05-06  
3.5 Ensure that IT-enabled investment portfolios, IT processes and IT services are evaluated and benchmarked to achieve business benefit. APO05, APO09, MEA01  
3.6 Ensure that outcome and performance measures are established and evaluated to assess progress towards the achievement of enterprise and IT objectives. MEA01, EDM05  
3.7 Ensure that outcome and performance measures are monitored and reported to key stakeholders in a timely manner. EDM05, MEA01  
3.8 Ensure that improvement initiatives are identified, prioritized, initiated and managed based on outcome and performance measures. APO11, MEA01, APO04 (depends on how ‘improvement' is defined) Culture, ethics and behaviour

 

Domain 4: Risk Optimization

Ensure that an IT risk management framework exists to identify, analyze, mitigate, manage, monitor and communicate IT-related business risk, and that the framework for IT risk management is in alignment with the enterprise risk management (ERM) framework.

Task Statements

Key Relevant COBIT Processes

Other Key Enablers Specific to the Task Area

[Note: Generally ALL enablers may be relevant to some degree and should be considered.]
4.1 Ensure that comprehensive IT risk management processes are established to identify, analyze, mitigate, manage, monitor, and communicate IT risk. EDM03, APO12  
4.2 Ensure that legal and regulatory compliance requirements are addressed through IT risk management. EDM03, MEA03, APO12, BAI01  
4.3 Ensure that IT risk management is aligned with the enterprise risk management (ERM) framework. APO12  
4.4 Ensure appropriate senior level management sponsorship for IT risk management. EDM03, APO12 Organisational structures
People, skills and competencies
Culture
4.5 Ensure that IT risk management policies, procedures and standards are developed and communicated. EDM03, APO12 Principles, Policies and Frameworks
4.6 Ensure the identification of key risk indicators (KRIs). APO12  
4.7 Ensure timely reporting and proper escalation of risk events and responses to appropriate levels of management. EDM03, APO12, MEA02, EDM05  

 

Domain 5: Resource Optimization

Ensure the optimization of IT resources, including information, services, infrastructure and applications, and people, to support the achievement of enterprise objectives.

Task Statements

Key Relevant COBIT Processes

Other Key Enablers Specific to the Task Area

[Note: Generally ALL enablers may be relevant to some degree and should be considered.]
5.1 Ensure that processes are in place to identify, acquire and maintain IT resources and capabilities (i.e., information, services, infrastructure and applications, and people). APO01 & most other APO domain processes  
5.2 Evaluate, direct and monitor sourcing strategies to ensure existing resources are taken into account to optimize IT resource utilization. EDM04-05  
5.3 Ensure the integration of IT resource management into the enterprise’s strategic and tactical planning. MEA01-03, EDM05, BAI01, APO05-06  
5.4 Ensure the alignment of IT resource management processes with the enterprise’s resource management processes. EDM04, APO09, APO10, APO06  
5.5 Ensure that a resource gap analysis process is in place so that IT is able to meet strategic objectives of the enterprise. MEA01-03, EDM05  
5.6 Ensure that policies exist to guide IT resource sourcing strategies that include service level agreements (SLAs) and changes to sourcing strategies. EDM04, APO09, APO10  
5.7 Ensure that policies and processes are in place for the assessment, training and development of staff to address enterprise requirements and personal/professional growth. APO07 People, skills and competencies