• Bookmark

Portfolio, Program and Project Management Using COBIT 5, Part 2

By Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP, and Eswar Muthukrishnan, CISA

COBIT Focus | 2 January 2018

Sunil Bakshi Eswar Muthukrishnan This is a continuation of a previous article1 published in COBIT Focus in September 2017. The first article discussed the approach for mapping COBIT 5 with the Project Management Institute (PMI) standards and The Standard for Program Management–Fourth Edition.2 This article covers the mapping of the processes in the PMI standards with those of COBIT 5.

PMI’s standards have been adopted by many organizations. Each of the publications listed in figure 1 focuses on, identifies and defines processes for implementing these standards. Each standard has a different number of processes, as shown in the third column in figure 1.

Figure 1—PMI Publications—Number of Processes

Name of Publication Process Groups Number of Processes
A Guide to the Project Management Body of Knowledge 5th Edition (PMBOK) 3 15
The Standard for Portfolio Management 3rd Edition 5 36
The Standard for Portfolio Management 3rd Edition 5 47

COBIT 5 and PMI Standards

COBIT 5 is based on 5 principles, one of which calls for a single integrated framework. COBIT 5 is a good example of this, as it is a single framework that integrates inputs from various standards, as illustrated in figure 2. However, in comparing this figure to figure 1, it can be noted that figure 2 identifies only the PMBOK and does not include the other 2 standards that are listed in figure 1.

Figure 2—COBIT Coverage of Other Standards

Source: ISACA, COBIT 5, USA, 2012. Reprinted with permission.

Figure 3 adjusts figure 2 by showing how the 2 standards from figure 1 that are not included in figure 2 would be mapped to the COBIT 5 domains and supporting standards.

Figure 3—COBIT Coverage of Other Standards (Adjusted)

Source: Based on ISACA, COBIT 5, USA, 2012. Reprinted with permission

This representation is based on the coverage of COBIT 5 and PMI standards within an organization. Organizations depend on IT, hence COBIT is generally applicable to the entire organization. However, the primary focus of COBIT 5 is IT. PMI standards, on the other hand, cover the entire organization except operational processes that are deployed for delivering products and services. A typical organization has 1 or more business functions, as depicted by the vertical columns in figure 4.

Figure 4—Organizational Perspective of Coverage

The organization structure in figure 4 is a general representation. The actual applicability of standards may vary depending upon the organization.

PMI standards are also applicable for the organization’s portfolios, programs and projects, not only IT.

COBIT 5 and Portfolio, Program and Project Management

Mapping of COBIT 5 with PMI standards needs to be done at the process and activity levels. Analysis of the COBIT 5 Process Reference Model (PRM) indicates that there are 2 processes that directly address portfolio, program and project management:

  • APO05—Manage Portfolio
  • BAI01—Manage Program and Projects

However, considering the entirety of PMI standards, one must refer to other processes since PRM covers all processes an organization may need to implement in order to achieve governance of enterprise IT (GEIT).

Further analysis of PRM indicates that APO05 and BAI01 processes are dependent on other processes within the PRM framework. Figure 5 shows these dependencies. APO05 dependencies are depicted in figure 6 and BAI01 dependencies can be seen in figure 8. Figure 7 lists the management practices of the process APO05 and figure 9 presents management practices of BAI01 process.

Figure 5—COBIT 5 Process Reference Model

Source: ISACA, COBIT 5, USA, 2012. Reprinted with permission. View Large Graphic.

Figure 6—Process Dependencies of APO05

Figure 7—Management Practices of Process APO05

APO05.01 Establish the target investment mix.
APO05.02 Determine the availability and sources of funds.
APO05.03 Evaluate and select programs to fund.
APO05.04 Monitor, optimize and report on investment portfolio performance.
APO05.05 Maintain portfolios.
APO05.06 Manage benefits achievement.

Figure 8—Process Dependencies of BAI01

Figure 9—Management Practices of Process BAI01

BAI01.01 Maintain a standard approach for program and project management.
BAI01.02 Initiate a program.
BAI01.03 Manage stakeholder engagement.
BAI01.04 Develop and maintain the program plan.
BAI01.05 Launch and execute the program.
BAI01.06 Monitor, control and report on the program outcomes.
BAI01.07 Start up and initiate projects within a program.
BAI01.08 Plan projects.
BAI01.09 Manage program and project quality.
BAI01.10 Manage program and project risk.
BAI01.11 Monitor and control projects.
BAI01.12 Manage project resources and work packages.
BAI01.13 Close a project or iteration.
BAI01.14 Close a program.


This article, the second in a series, illustrates how mapping of COBIT 5 with PMI standards helps provide assurance that the COBIT 5 framework can be used as a single integrated framework across organizations. The next article will discuss mapping of PMI’s standard processes with the COBIT 5 PRM.


Is a freelance consultant and visiting faculty member at the National Institute of Bank Management, India. He has worked in IT, IT governance, IS audit, information security and IT risk management. He has 40 years of experience in various positions in different industries.

Eswar Muthukrishnan, CISA

Is a freelance consultant with more than 24 years of experience in IT and IT services in the telecom industry. He has held roles such as chief information officer, vice president of service delivery and program management.


1 Bakshi, S.; “Portfolio, Program and Project Management Using COBIT 5,” COBIT Focus, 11 September 2017
2 Project Management Institute, The Standard for Program Management–Fourth Edition, USA, 2017