100% found this document useful (6 votes)

2K views

COBIT 2019 Foundation Course Facilitator Guide

Uploaded by

moonsports

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (6 votes)

2K views

COBIT 2019 Foundation Course Facilitator Guide

Uploaded by

moonsports

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 62

COBIT 2019 Foundation Course

Facilitator Guide

1
COBIT 2019 Foundation Course
Facilitator Guide

COBIT Foundation Course

CONTENTS

COBIT Foundation Course 2

Course Overview 5
Course Delivery ........................................................................................................................ 5
Course Description ................................................................................................................... 5
Target Audience ....................................................................................................................... 5
Training and Certification Scheme ........................................................................................... 6
Exam Requirements ................................................................................................................. 6
Learning Objectives.................................................................................................................. 6
materials and equipment .......................................................................................................... 7
Workshop schedule .................................................................................................................. 7

Framework Introduction 8
Topics and Objectives .............................................................................................................. 8
Enterprise Governance of Information and Technology .......................................................... 8
Benefits of Information and Technology Governance .............................................................. 9
EGIT Example .......................................................................................................................... 9
COBIT as and I&T Framework ............................................................................................... 10
Intended AUdience ................................................................................................................. 10
What COBIT Is ....................................................................................................................... 10
GOvernance vs. Management ............................................................................................... 11
What COBIT is not ................................................................................................................. 11
COBIT Format and Product Architecture ............................................................................... 12
COBIT and Other Standards .................................................................................................. 13
Group Discussion Questions .................................................................................................. 13
Sample Question .................................................................................................................... 13

Principles 14
Topics and Objectives ............................................................................................................ 14
Governance System Principles .............................................................................................. 14
Governance Framework Principles ........................................................................................ 15
Review Questions .................................................................................................................. 15

Governance System and Components 17

Topics and Objectives ............................................................................................................ 17
Governance and Management Objectives ............................................................................. 17
Components of a Governance System .................................................................................. 19
Focus Areas ........................................................................................................................... 20

2
COBIT 2019 Foundation Course
Facilitator Guide

Design Factors ....................................................................................................................... 20

Goals Cascade ....................................................................................................................... 27
Group Exercise ....................................................................................................................... 28
Review Questions .................................................................................................................. 29

Governance Management Objectives 31

Topics and Objectives ............................................................................................................ 31
COBIT 2019 framework: governance and Management objectives publication .................... 31
COBIT Core ............................................................................................................................ 31
Governance and management Objectives Purpose Statements ........................................... 32
Governance and Management Objective Relationed Guideance .......................................... 33
Governance and Management Objectives Descriptions ........................................................ 33
High-level Information ............................................................................................................ 34
Goals Cascade ....................................................................................................................... 34
Alignment with Components .................................................................................................. 35
Practical Walkthrough ............................................................................................................ 40
Group Exercise – Goals Cascade .......................................................................................... 41
Group Scenario ...................................................................................................................... 43
Review Questions .................................................................................................................. 44

Performance Management 47
Topics and Objectives ............................................................................................................ 47
COBIT Performance Management Definition and Principles ................................................. 47
COBIT Performance Management Overview ........................................................................ 47
Managing Performance of Processes .................................................................................... 48
Focus Area Maturity Levels .................................................................................................... 49
Managing Performance of Other Governance System Structures ........................................ 50
Performance Management of Organizational Structures ....................................................... 50
Performance Management of Information Items .................................................................... 50
Performance Management of Culture and Behavior .............................................................. 50
Review Questions .................................................................................................................. 51

Designing a Tailored Governance System 52

Topics and Objectives ............................................................................................................ 52
Introduction to designing a tailored governance system ........................................................ 52
The need for tailoring ............................................................................................................. 52
Design Factors ....................................................................................................................... 52
Impact of Design Factors ....................................................................................................... 52
Designing a Tailored System ................................................................................................. 54
Review Questions .................................................................................................................. 54

COBIT Business Case 56

Topics and Objectives ............................................................................................................ 56
Introduction to the COBIT Business Case ............................................................................. 56
The COBIT Business Case Component ................................................................................ 56
Example Scenario – ACME Corporation ................................................................................ 56

3
COBIT 2019 Foundation Course
Facilitator Guide

Review Questions .................................................................................................................. 58

Implementing Enterprise Governance Over IT 59

Topics and Objectives ............................................................................................................ 59
Implementation Guide Purpose and Scope ........................................................................... 59
Design Guide and Implementation Guide Relationships ....................................................... 61
Review Question .................................................................................................................... 61

Course Summary 62

4
COBIT 2019 Foundation Course
Facilitator Guide

Course Overview
COURSE DELIVERY
This is a two-day instructor led course.

COURSE DESCRIPTION
COBIT ® is a framework for the enterprise governance and management of information and technology
(I&T) that supports enterprise goal achievement.

This Foundation Course is intended for current COBIT 5 Foundation Certificate holders as well as those
new to COBIT who are interested in achieving the latest foundation certificate.

This two-day course highlights the concepts, models and key definitions of the COBIT framework and
helps prepare learners to take the COBIT 2019 Foundation Exam.

TARGET AUDIENCE
Current COBIT 5 Foundation Certificate holders who are interested a more in-depth understanding of
COBIT 2019 and/or interested in achieving the COBIT 2019 Foundation Certificate.

Individuals with no previous COBIT training or certifications interested in learning the COBIT 2019
framework essentials.

5
COBIT 2019 Foundation Course
Facilitator Guide

TRAINING AND CERTIFICATION SCHEME

As shown on there are three different paths:

1. The first path is the 2019 Bridge Course which is intended to transition current COBIT 5
accredited training organizations and trainers or COBIT 5 certificate holders seeking to
understand the key differences between COBIT 2019 and COBIT 5.
2. The second path, 2019 COBIT Foundation course and exam is intended for those new to COBIT
or those who wish to gain a deeper understanding of the COBIT 2019 Framework and or prepare
for the COBIT 2019 foundation exam.
3. The third path is the COBIT 2019 Design and Implementation course which is designed to help
learners understand how to design and implement a governance system using COBIT 2019 –
prior to taking the COBIT 2019 design and implementation certificate exam, candidates must first
successfully pass the COBIT 2019 Foundation course.

EXAM REQUIREMENTS
This COBIT Foundation exam is designed to test the candidate’s knowledge of the framework as
opposed to memorization.
• Online proctored exam
• 75 multiple-choice questions
• Closed-book
• One correct answer for each question, using three choices (A, B or C)
• Two-hour duration
• Pass rate is 65% or 49 correct answers out of 75

LEARNING OBJECTIVES
When participants complete this course, they will be able to:
• Recognize the target audience of COBIT 2019.
• Recognize the context, benefits and key reasons COBIT is used as an information and technology
governance framework.
• Recognize the descriptions and purposes of the COBIT product architecture.
• Recall the alignment of COBIT with other applicable frameworks, standards and bodies of knowledge.
• Understand and describe the governance “system” and governance “framework” principles.
• Describe the components of a governance system.
• Understand the overall structure and contents of the Goals Cascade.
• Recall the 40 Governance and Management Objectives and their purpose statements.

6
COBIT 2019 Foundation Course
Facilitator Guide

• Understand the relationship between Governance and Management Objectives and Governance
Components.
• Differentiate COBIT based performance management using maturity and capability perspectives.
• Discover how to design a tailored governance system using COBIT.
• Explain the key points of the COBIT business case.
• Understand and recall the phases of the COBIT implementation approach.
• Describe the relationships between the COBIT Design and Implementation Guides.
• Prepare for the COBIT 2019 Foundation exam.

MATERIALS AND EQUIPMENT

MATERIALS EQUIPMENT

For the Instructor & Participant: For the Instructor:

• PowerPoint® Slides • Laptop
• Participant Guides (PDF of Slides) • LCD Projector
• COBIT 2019: Introduction and Methodology
• COBIT 2019: Governance and Management Objectives

WORKSHOP SCHEDULE

Topic Approx. Timing

(mins)
COBIT Framework Introduction 75
Principles 30
Governance System Components 225
Governance and Management Objectives 235
Performance Management in COBIT 40
Designing a Tailored Governance System 45
The COBIT Business Case 60
Implementing Enterprise Governance Over IT 45
Closing and Questions 10

The times identified for each module are estimated and can vary based on instructor preference.
Be sure to allot time for breaks.

7
COBIT 2019 Foundation Course
Facilitator Guide

Framework Introduction
TOPICS AND OBJECTIVES
Topics
• Enterprise Governance of I&T
• Intended Audience for the COBIT 2019 Framework
• COBIT as an I&T Framework
• COBIT format and product architecture
• Major differences
• COBIT and other standards
• Training and certification

Learning Objectives
• Recognize the target audience of COBIT 2019.
• Recognize the context, benefits and key reasons COBIT is used as an information and technology
governance framework.
• Recognize the descriptions and purposes of the COBIT product architecture.
• Recall the alignment of COBIT with other applicable frameworks, standards and bodies of knowledge.
• Prepare for the COBIT 2019 Foundation exam.

ENTERPRISE GOVERNANCE OF INFORMATION AND TECHNOLOGY

In the light of digital transformation, information and technology (I&T) has become crucial in the support,
sustainability and growth of enterprises. Previously, governing boards and senior management could
delegate, ignore or avoid I&T-related decisions, which now in most sectors and industries, such attitudes
are now ill advised.

Digitized enterprises are increasingly dependent on I&T for survival and growth. Stakeholder value
creation is often driven by a high degree of digitization in new business models, efficient processes,
successful innovation. Therefore, governing models are more important today than ever.

Enterprise governance of information and technology is complex and multifaceted. In addition to I&T
being a new term in COBIT, we also have EGIT, or enterprise governance of I&T – essentially, this
replaces GEIT, or governance of enterprise IT.

There is no silver bullet (or ideal way) to design, implement and maintain effective EGIT within an
organization. As such, members of the governing boards and senior management typically need to tailor
their EGIT arrangements to their own specific context and needs.

Some key points to consider when considering this EGIT system are:
• EGIT is an integral part of corporate governance.
• Exercised by the board that oversees the definition and implementation of processes, structures
and relational mechanisms
• Enables both business and IT people to execute their responsibilities in support of business/IT
alignment.
• Enables creation of business value from I&T-enabled business investments

COBIT 2019 uses "IT" to refer to the organizational department with the main responsibility for
technology. COBIT 2019 focuses on the governance of information AND technology (I&T).
The framework recognizes that information and technology may reside outside of the traditional IT
department and encompasses all information and technology the enterprise generates, processes and
uses to achieve its goals as well as the technology to support that throughout the enterprise.
8
COBIT 2019 Foundation Course
Facilitator Guide

Research has shown that enterprises with poorly designed or adopted approaches to EGIT perform
worse in aligning business and I&T strategies and processes. As a result, such enterprises are much less
likely to achieve their intended business strategies and realize the business value they expect from digital
transformation. These results demonstrate that governance has to be understood and implemented far
beyond the often encountered (for example: the narrow limits inherent in traditional concepts of
governance, risk and compliance (GRC). The GRC acronym itself implicitly suggests that compliance and
related risk represent the spectrum of governance.

Therefore, the context of Enterprise Governance of Information and Technology includes:

• Enterprise Governance of IT – governing Information and Technology should not be left to IT but
should be governed from the enterprise level.
• Business/IT Alignment – ensuring that goals, strategies and priorities are balanced between
stakeholder and enterprise needs and I&T.
• Value Creation – ensuring benefits delivery, risk optimization and resource optimization.

BENEFITS OF INFORMATION AND TECHNOLOGY GOVERNANCE

Fundamentally, EGIT is concerned with value delivery from digital transformation and the mitigation of
business risk that results from digital transformation. More specifically, three main outcomes can be
expected after successful adoption of EGIT.

Benefits realization consists of creating value for the enterprise through I&T, maintaining and increasing
value derived from existing IT investments, and eliminating IT initiatives and assets that are not creating
sufficient value. The basic principle of IT value is delivery of fit-for-purpose services and solutions, on-time
and within budget, that generate the intended financial and nonfinancial benefits. The value that IT
delivers should be aligned directly with the values on which the business is focused. IT value should also
be measured in a way that shows the impact and contributions of IT-enabled investments in the value
creation process of the enterprise.

Risk optimization entails addressing the business risk associated with the use, ownership, operation,
involvement, influence and adoption of I&T within an enterprise. I&T-related business risk consists of I&T-
related events that could potentially impact the business. While value delivery focuses on the creation of
value, risk management focuses on the preservation of value. The management of I&T-related risk should
be integrated within the enterprise risk management approach to ensure a focus on IT by the enterprise.
It should also be measured in a way that shows the impact and contributions of optimizing I&T-related
business risk on preserving value.

Resource optimization ensures that the appropriate capabilities are in place to execute the strategic plan
and sufficient, appropriate and effective resources are provided. Resource optimization ensures that an
integrated, economical IT infrastructure is provided, new technology is introduced as required by the
business, and obsolete systems are updated or replaced. Because this outcome recognizes the
importance of people, in addition to hardware and software, it focuses on providing training, promoting
retention and ensuring competence of key IT personnel.

EGIT EXAMPLE
Refer to the Introduction and Methodology publication, Page 12

9
COBIT 2019 Foundation Course
Facilitator Guide

Strategic alignment and performance measurement are of paramount importance and apply overall to all
activities to ensure that I&T-related objectives are aligned with the enterprise goals.

In a large case study of an international airline company, EGIT’s benefits were demonstrated to include:
lower IT-related continuity costs, increased IT-enabled innovation capacity, increased alignment between
digital investments and business goals and strategy, increased trust between business and IT, and a shift
toward a “value mindset” around digital assets.

From this, it is clear that governance has to be understood and implemented much beyond the often
encountered (i.e., narrow) interpretation suggested by the governance, risk and compliance (GRC)
acronym. The GRC acronym itself implicitly suggests that compliance and related risk represent the
spectrum of governance.

COBIT AS AND I&T FRAMEWORK

Over the years, best-practice frameworks have been developed and promoted to assist in the process of
understanding, designing and implementing EGIT. COBIT 2019 builds on and integrates more than 25
years of development in this field, not only incorporating new insights from science, but also
operationalizing these insights as practices. From its foundation in the IT audit community, COBIT has
developed into a broader and more comprehensive I&T governance and management framework and
continues to establish itself as a generally accepted framework for I&T governance.

INTENDED AUDIENCE
COBIT 2019 has a similar target audience to that of COBIT 5—that is, stakeholders for EGIT,. These
include:
• Boards
• Executive Management
• Business Manager
• IT Managers
• Assurance providers, and
• Risk Management professionals
External stakeholders include:
• Regulators
• Business and vendor partners, and
• IT Vendors

WHAT COBIT IS
COBIT is a framework for the governance and management of enterprise information and technology and
it is aimed at the whole enterprise.

Enterprise I&T means all the technology and information processing the enterprise puts in place to
achieve its goals, regardless of where this happens in the enterprise. In other words, enterprise I&T is not
limited to the IT department of an organization, but certainly includes it.

The COBIT framework makes a clear distinction between governance and management. These two
disciplines encompass different activities, require different organizational structures and serve different
purposes.

Governance ensures that:

10
COBIT 2019 Foundation Course
Facilitator Guide

Stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise
objectives.
• Direction is set through prioritization and decision making.
• Performance and compliance are monitored against agreed-on direction and objectives.
• In most enterprises, overall governance is the responsibility of the board of directors, under the
leadership of the chairperson. Specific governance responsibilities may be delegated to special
organizational structures at an appropriate level, particularly in larger, complex enterprises.

Management plans, builds, runs and monitors activities, in alignment with the direction set by the
governance body, to achieve the enterprise objectives. In most enterprises, management is the
responsibility of the executive management, under the leadership of the chief executive officer (CEO).

GOVERNANCE VS. MANAGEMENT

Governance ensures that:
• Stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise
objectives.
• Direction is set through prioritization and decision making.
• Performance and compliance are monitored against agreed-on direction and objectives.
• In most enterprises, overall governance is the responsibility of the board of directors, under the
leadership of the chairperson.
• Specific governance responsibilities may be delegated to special organizational structures at an
appropriate level, particularly in larger, complex enterprises.

Management plans, builds, runs and monitors activities, in alignment with the direction set by the
governance body, to achieve the enterprise objectives.

In most enterprises, management is the responsibility of the executive management, under the leadership
of the chief executive officer (CEO).

WHAT COBIT IS NOT

It is also important to understand what COBIT is not. Misunderstanding the intent of the framework can
surely create confusion and result in a failure to provide value to the enterprise, therefore:
• COBIT is not a full description of the whole IT environment of an enterprise – it focuses on the
areas within Information and Technology that contribute to overall enterprise success.
• COBIT is not a framework to organize business processes – COBIT 2019 uses governance and
management objectives which are associated with I&T related processes that support the
business processes and need for information.
• COBIT is not a technical framework to manage all technology – it is technology neutral and can
be used as a model to help govern and manage processes, practices and activities to support
goal achievement.
• COBIT does not make or prescribe any IT-related decisions – one of my favorite questions in
class is when a student offers me a long, complex scenario and follows this up with “what does
COBIT say to this?”
• It will not decide what the best IT strategy is, what the best architecture is, or how much IT can or
should cost.

Rather, COBIT defines all the components that describe which decisions should be taken, and how and
by whom they should be taken.

11
COBIT 2019 Foundation Course
Facilitator Guide

COBIT FORMAT AND PRODUCT ARCHITECTURE

The idea behind the COBIT 2019 was to update COBIT5 to make it more relevant and user-friendly to
framework users. Therefore, many inputs into this version include, of course, COBIT5, as well as new and
updated industry frameworks, standards, regulations and bodies of knowledge as well as feedback and
input from our community.

The COBIT 2019 “CORE” consists of 40 governance and management objectives, which are organized
into five domains: one governance domain and 4 management domains. Each of these Governance and
management objectives is related to a process. Core publications include the COBIT 2019 Framework,
Introduction and Methodology and the Governance and Management Objectives.

Next you see the design factors. These are new to COBIT and can help an enterprise customize a
governance system to the enterprise’s unique context and circumstances. The design factors are one of
the new elements to the COBIT 2019 framework and will help enterprises tailor a governance system to
their particular needs. Beneath the design factors, on this schematic, are the focus areas. Focus areas
described a certain governance topic, domain or issue that can be addressed by a collection of more
detailed or targeted governance and management objectives and their components which can be helpful
for designing a governance system tailored to your needs.

Finally, we have the ability now to tailor the enterprise governance system for Information and
Technology by using the information from the core, design factors, focus areas and performance
management areas of COBIT to effectively adopt, or implement a tailored governance system.

This is where the COBIT 2019 Design Guide and COBIT 2019 Implementation Guide are extremely
useful.

The COBIT 2019 format and product architecture are different from COBIT 5, and includes the following
publications:
• The COBIT 2019 Framework: Introduction and Methodology introduces the key concepts of COBIT
2019.

12
COBIT 2019 Foundation Course
Facilitator Guide

• The COBIT 2019 Framework: Governance and Management Objectives comprehensively describes
the 40-core governance and management objectives, the processes contained therein, and other
related components. This guide also references other standards and frameworks.
• The COBIT 2019 Implementation Guide: Implementing and Optimizing an Information and Technology
Governance Solution represents an evolution of the COBIT 5 Implementation guide and develops a
road map for continuous governance improvement. It may be used in combination with the COBIT®
2019 Design Guide.

COBIT AND OTHER STANDARDS

One of the guiding principles applied throughout the development of COBIT 2019 was to maintain the
positioning of COBIT as an umbrella framework. This means that COBIT continues to align with several
relevant standards, frameworks and/or regulations. Alignment in this context means:
• COBIT does not contradict any guidance in the related standards.
• COBIT does not copy all the contents of these related standards.
• COBIT provides equivalent statements or references to related guidance.

It is important to note that COBIT is not designed to work by itself – it is best applied when synchronized
with some of the most relevant models in our industry

GROUP DISCUSSION QUESTIONS

How is EGIT implemented at your organization today?
What are the differences between Benefits realization, Risk optimization and Resource optimization?
Which one is receiving more attention?
What other industry frameworks or standards are being used?
How can COBIT assist in the distinction between governance and management?

Pick one or more questions to discuss as a group or pick additional topics/questions that are relevant to
this module.

SAMPLE QUESTION
Module 2 will comprise of approximately 7% of the Foundation exam questions.

Sample questions in this module are intended to reinforce the content covered and may not be the exact
questions seen in the certification exam.
Question: Which of the following best describes COBIT:
a) COBIT is a framework for the governance and management of enterprise information and
technology.
b) COBIT is a full description of the whole IT environment of an enterprise.
c) COBIT is a framework to organize business processes.

The Answer is a
a) Correct. COBIT is the only framework that assists enterprises in the governance and
management of enterprise information and technology
b) Incorrect. There are areas in the IT environment that are not addressed in COBIT – this is why
COBIT refers to other industry frameworks and standards
c) Incorrect. Business processes are not within the scope of COBIT

13
COBIT 2019 Foundation Course
Facilitator Guide

Principles
In this module, we will be discussing principles, which is one of the changes we see in COBIT 2019.
In COBIT5, there were COBIT5 principles, and COBIT 2019 expands to these.

TOPICS AND OBJECTIVES

The topics for this module include:
• Governance “system” principles
• Governance “framework” principles
The learning objectives for this module include:
• Understand and describe the governance “system” and governance “framework” principles.
• Prepare for the COBIT 2019 Foundation exam.

GOVERNANCE SYSTEM PRINCIPLES

There are now two sets of principles within this framework. One set is for a governance system, and one
is for a governance framework. The six principles for a governance system were identified as the COBIT5
principles, in 2019 there have been some minor changes.

These governance system principles include:

• Providing stakeholder value
• A holistic approach
• A dynamic governance system
• Having governance distinct from management
• The ability to tailor to meet enterprise needs, and
• An end to end governance system
These are the core requirements for a governance system for enterprise information and technology.

Provide Stakeholder Value

This has been modified slightly from COBIT5. Each enterprise needs a governance system to satisfy
stakeholder needs and to generate value from the use of I&T. Value reflects a balance among benefits,
risks and resources, and enterprises need an actionable strategy and governance system to realize this
value.

Holistic Approach
This also has been modified slightly from COBIT5. A governance system for enterprise I&T is built from a
number of components that can be of different types and that work together in a holistic way. Don’t
confuse this with the holistic approach from COBIT5 which included the enablers. We no longer have
enablers in the COBIT framework – those are now called components, and we will cover them later in this
course.

Dynamic Governance System

This is new to COBIT. A governance system should be dynamic. This means that each time one or more
of the design factors are changed (e.g., a change in strategy or technology), the impact of these changes
on the EGIT system must be considered. A dynamic view of EGIT will lead toward a viable and future-
proof EGIT system.

14
COBIT 2019 Foundation Course
Facilitator Guide

Governance Distinct from Management

In the COBIT5 principles, this identified that governance and management were separated, but it has
been clarified more by using the word distinct. A governance system should clearly distinguish between
governance and management activities and structures.

Tailored to Enterprise Needs

This is new to COBIT. A governance system should be customized to the enterprise’s needs. It should
also use a set of design factors –which are new to COBIT-- as parameters to customize and prioritize the
governance system components.

End-to-End Governance System

This also has been modified slightly from COBIT5.A governance system should cover the enterprise end
to end. It should focus not only on the IT function but on all technology and information processing the
enterprise puts in place to achieve its goals, regardless of its location in the enterprise.

GOVERNANCE FRAMEWORK PRINCIPLES

The second set of principles are called the Governance Framework Principles.

Although this is new to COBIT, the concepts should not seem new to you. There are thee principles to
governance frameworks:
• Align with major standards
• Open and flexible
• Based on a conceptual model
These identify the underlying principles for a governance framework that can be used to build a
governance system for the enterprise.

Aligned with Major Standards

This has been modified from COBIT5.This was also part of COBIT5, but now it is classified as a distinct
governance framework principle. As discussed in Module 1, COBIT 2019 has updated and expanded on
applicable and relevant standards, frameworks, bodies of knowledge and models that can be part of the
EGIT ecosystem. Therefore, a governance framework should align to these relevant areas.

Open and Flexible

A governance framework should be open and flexible. It should allow the addition of new content and the
ability to address new issues in the most flexible way, while maintaining integrity and consistency.

Based on a Conceptual Model

This is new to COBIT. A governance framework should be based on a conceptual model,
That conceptual model should identify the key components and relationships among components, to
maximize consistency and allow automation.

REVIEW QUESTIONS
What is the primary difference between Governance System Principles and Governance Framework
Principles?
a) Governance System Principles focus on stakeholder needs while Governance Framework
Principles focus on Information and Technology (I&T) needs.
b) Governance System Principles and Governance Framework Principles are the same thing in
COBIT 2019.

15
COBIT 2019 Foundation Course
Facilitator Guide

c) Governance System Principles describe the core requirements for a governance system while
Governance Framework Principles focus on building that governance system.

Answer: c

• Incorrect.
• Incorrect. Governance System Principles and Governance Framework Principles are two different
views.
• Correct. Governance System Principles describe the core requirements for a governance system
while Governance Framework Principles focus on building that governance system.

Reference:
COBIT 2019 Framework Introduction and Methodology, Chapter 3, COBIT Principles

“A governance system should be customized to the enterprise’s needs, using a set of design factors as
parameters to customize and prioritize the governance system components” is an example of which
Governance System Principle?
a) Tailored to enterprise needs
b) Open and flexible
c) Goals cascade

Answer: a

• Correct. “Tailored to enterprise needs” is a Governance System Principle

• Incorrect. “Open and Flexible: is a Governance Framework Principle
• Incorrect. Goals Cascade is not a principle, it is a tool/method used to ensure proper alignment and
prioritization of management objectives based on enterprise goals.

Reference:
COBIT 2019 Framework Introduction and Methodology, Chapter 3, COBIT Principles

16
COBIT 2019 Foundation Course
Facilitator Guide

Governance System and Components

This is new to COBIT and is probably one of the most significant positive changes in COBIT 2019.

TOPICS AND OBJECTIVES

Our topics for this module are:
• Governance and management objectives
• Components of the governance system
• Focus areas
• Design factors
• Goals cascade
• Exercise
And our learning objectives include:
• Understand and describe the components of a governance system
• Understand the overall structure and contents of the Goals Cascade
• Prepare for the COBIT 2019 Foundation exam

GOVERNANCE AND MANAGEMENT OBJECTIVES

The introduction of governance and management objectives helps provide more clear and achievable
results. For information and technology to contribute to enterprise goals, a number of governance and
management objectives should be achieved.

Basic concepts include:

• A governance or management objective always relates to one process and a series of related
components of other types to help achieve the objective.
• A governance objective relates to a governance process, while a management objective relates to a
management process.
• Governance processes typically are under the accountability of boards and executive management;
management processes are the domain of senior and middle management.

Instructors may note that Governance and Management objectives are the last step in the updated Goals
Cascade. This depends on the amount of students in class that are COBIT5, as they will now start to see
how these are important to the Core.

17
COBIT 2019 Foundation Course
Facilitator Guide

Similar to COBIT5, the governance and management objectives in COBIT are grouped into five domains.
The domains have names with verbs that express the key purpose and areas of activity of the objectives
contained in them. Governance objectives are grouped in the Evaluate, Direct and Monitor (EDM)
domain. In this domain, the governing body evaluates strategic options, directs senior management on
the chosen strategic options and monitors the achievement of the strategy.

Management objectives are grouped in four domains

• Align, Plan and Organize (APO) addresses the overall organization, strategy and supporting
activities for I&T. This was also known as the plan domain in COBIT5.
• Build, Acquire and Implement (BAI) treats the definition, acquisition and implementation of I&T
solutions and their integration in business processes. This was also known as the build domain in
COBIT5.
• Deliver, Service and Support (DSS) addresses the operational delivery and support of I&T services,
including security. This was also known as the Run domain in COBIT5.
• Monitor, Evaluate and Assess (MEA) —addresses performance monitoring and conformance of I&T
with internal performance targets, internal control objectives and external requirements. This was also
known as the monitor domain in COBIT5.

18
COBIT 2019 Foundation Course
Facilitator Guide

Known as the Process Reference Model, or PRM in COBIT5, COBIT 2019 identifies this as the COBIT
Core Model. The core model outlines the 40 governance and management objectives – each of which are
associated with a process. Like in COBIT5, you see across the top the EDM domain with 5 governance
objectives (remember, each of these are associated with a process). Below EDM, you may also recognize
the APO with 14 management objectives, BAI with 11 management objectives, DSS with 6 management
objectives and MEA with 4 management objectives.

NOTE: The names of the Governance and Management Objectives are subtly different from COBIT 5.
They are now expressed as past principles instead of active verbs, expressing their nature of ‘objectives
to be achieved’.

NOTE: This is explained in more detail in Module 5 of this course, Governance and Management
Objectives.

COMPONENTS OF A GOVERNANCE SYSTEM

To satisfy the governance and management objectives we just discussed, each enterprise needs to
establish, tailor and sustain a governance system built from a number of components.

Components are factors that, individually and collectively, contribute to the good operations of the
enterprise’s governance system over I&T. These factors were known as enablers in COBIT5.
Components interact with each other,
resulting in a holistic governance system for
I&T. Components can be of different types,
the most familiar are processes. However,
components of a governance system also
include organizational structures; information
items; skills and competencies; culture and
behavior; policies and procedures; and
services, infrastructure and applications.

• Processes describe an organized set of

practices and activities to achieve certain
objectives and produce a set of outputs
that support achievement of overall IT-
related goals.
• Organizational structures are the key
decision-making entities in an enterprise.
• Information is pervasive throughout any
organization and includes all information
produced and used by the enterprise.
COBIT focuses on information required for
the effective functioning of the governance
system of the enterprise.
• People, skills and competencies are required for good decisions, execution of corrective action and
successful completion of all activities.
• Culture, ethics and behavior of individuals and of the enterprise are often underestimated as factors
in the success of governance and management activities.
• Principles, policies and frameworks translate desired behavior into practical guidance for day-to-
day management.
• Services, infrastructure and applications include the infrastructure, technology and applications that
provide the enterprise with the governance system for I&T processing.

19
COBIT 2019 Foundation Course
Facilitator Guide

It is important to understand that components of all types can be generic or can be variants of generic
components. These generic components are described in the COBIT core model and apply in principle to
any situation. However, they are generic in nature and generally need customization before being
practically implemented. Variants are based on generic components but are tailored for a specific
purpose or context within a focus area (e.g., for information security, DevOps, a particular regulation).

FOCUS AREAS
Focus areas are an additon to COBIT. Many enterprises adopting COBIT may need additional guidance
and advice on applying this model with areas of high interest. A focus area describes a certain
governance topic, domain or issue that can be addressed by a collection of governance and management
objectives and their components and they can contain a combination of generic governance components
and variants. The number of focus areas is virtually unlimited. That is what makes COBIT open-ended:
New focus areas can be added as required or as subject matter experts and practitioners contribute.

Current examples include: small and medium enterprises, information security, digital transformation,
cloud computing, privacy and devops. DevOps is given as example for both a component variant and a
focus area. Why? DevOps is a current theme in the marketplace and definitely requires specific guidance,
making it a focus area. Within this focus area will be a number of the generic governance and
management objectives of the core COBIT model, but there will also be a number of variants of (multiple,
development, operational- and monitoring-related) processes and organizational structures.

DESIGN FACTORS
New to COBIT 2019, design factors are factors that can guide the design of an enterprise’s governance
system and position it for success in the use of I&T. Think of these as parameters that can assist in
creating a tailored governance system that truly aligns with specific and unique enterprise needs.
• The design factors include: Enterprise strategy, Enterprise goals, Risk profile, Enterprise size, Threat
landscape, Compliance requirements, Role of IT, Sourcing model for IT, IT implementation methods
and Technology adoption strategy.

NOTE: There are currently 11 design factors identified (this number is currently open-ended and may
change).

• Their potential impacts on the governance system are noted in module 7 of this course, and more
information and detailed guidance on how to use the design factors for designing a governance
system can be found in the COBIT Design Guide publication.

Enterprise Strategy
• Enterprises can have different strategies, which can be expressed as (a combination of) the
archetypes.
• These strategy archetypes include:
• Growth and acquisition – for example revenue growth
• Innovation and differentiation – for example new innovative products or services
• Cost leadership – for example short term cost minimization, and
• Client service and stability – for example, a stable or client-oriented service.
• Organizations typically have a primary strategy and, at most, one secondary strategy.

20
COBIT 2019 Foundation Course
Facilitator Guide

Enterprise Goals
The enterprise strategy is realized by the achievement of (a set of) enterprise goals. These goals are
defined in the COBIT framework, structured along the balanced scorecard (BSC) dimensions, and include
the goals shown below.

21
COBIT 2019 Foundation Course
Facilitator Guide

Risk Profile
The risk profile identifies the I&T-related risk to which the enterprise is currently exposed. It also indicates
which areas of risk are exceeding the risk appetite. The risk categories listed above were identified in a
previous risk focused COBIT publication and merit consideration. Modified from ISACA, The Risk IT
Practitioner Guide, USA, 2009. Newly developed generic scenarios will be available in the COBIT 2019
Design Guide and in even more detail in the Risk Focus Area.

22
COBIT 2019 Foundation Course
Facilitator Guide

I&T Related Issues

A related method for an I&T risk assessment is for the enterprise is to consider which I&T-related issues it
currently faces, or, in other words, what I&T-related risk has materialized. This list has been modified
from the Pain Points from ISACA, COBIT® 5: Implementation, USA, 2012

Threat Landscape
This identifies the threat landscape under which the enterprise operates, and can be classified as
• Normal – or what are considered normal threats
• High – a high threat environment due to things like geopolitical situation, industry sector or particular
profile

23
COBIT 2019 Foundation Course
Facilitator Guide

Compliance Requirements
These are the compliance requirements to which the enterprise is subject can be classified according to
the following categories:
• Low – or a minimal set of compliance requirements that are lower than average
• Normal – or regular compliance requirements that are common across industries, and
• High – or higher than average compliance requirements generally related to industry sectors or
geopolitical situations

Role of IT
These roles are from McFarlan’s strategic grid for information systems. They consist of:
• Support role – IT does not play a crucial role in business processes and services
• Factory role – IT is not seen as a driver, but when IT fails, there is immideate impact
• Turnaround role – IT is seen as a driver for innovating business processes and services, but there is
not a critcial dependency
• Strategic role – IT is critical for both running and innovating the organization’s business processes and
services

24
COBIT 2019 Foundation Course
Facilitator Guide

Sourcing Model for IT

This refers the sourcing model for IT that the enterprise adopts. These include:
• Outsourcing – using a third party to provide IT services
• Cloud – maximizing the cloud for providing IT services to users
• Insourced – using your own IT staff and services, and
• Hybrid – leveraging a mixed model which combines the other three models in varying degrees

IT Implementation Methods
These implementation methods can be classified as:
• Agile – using agile development working methods for software development
• DevOps – using DevOps working methods for software building, deployment and operations
• Traditional – using a classic approach such as waterfall, and separates development from
operations
• Hybrid – using a mix of traditional and modern methods, such as “bimodal IT”

25
COBIT 2019 Foundation Course
Facilitator Guide

Technology Adoption Strategy

These can be classified as:
• First mover – adopting new technologies as early as possible to gain advantage
• Follower – typically waiting for new technologies to become mainstream before adopting them, and
• Slow adopter – being late with adoption of new technologies

Enterprise Size
Two categories are identified for the design of an enterprise’s governance system.
These are:
• Large enterprise – those with more than 250 full time employees, and
• Small and medium enterprise – those with 50 to 250 full time employees
• Micro-enterprises, or enterprises with fewer than 50 staff members, are not considered in this view.

26
COBIT 2019 Foundation Course
Facilitator Guide

GOALS CASCADE
Goals cascade is one of the key design factors for a governance system and supports prioritization of
management objectives based on prioritization of enterprise goals. It has been updated thoroughly in
COBIT 2019.

Like COBIT5, the COBIT 2019 goals cascade starts with stakeholder needs and drivers. These cascade
to enterprise goals, similar to COBIT5. Enterprise goals have been consolidated, reduced, updated and
clarified. Enterprise goals cascade is what we call alignment goals, and further supports translation of
enterprise goals into priorities for alignment goals - you may recall these as IT related goals in COBIT5.
Alignment goals have also been consolidated, reduced, updated and clarified where necessary. Finally,
alignment goals cascade to governance and management objectives. In COBIT5, this cascade linked to
what are called enablers.

Updated Enterprise Goals

COBIT has modified and updated the enterprise goals. There are now 13 enterprise goals as opposed to
17 in COBIT5. As before, these goals are also organized into the balanced scorecard view. This list of
enterprise goals can be found in the COBIT 2019 Framework book. Each goal also includes example
metrics that are not shown in this slide.

27
COBIT 2019 Foundation Course
Facilitator Guide

Alignment Goals

COBIT has new alignment goals that have replaced IT related goals from COBIT5. There are now 13
alignment goals as opposed to 17 in COBIT5. As before, these goals are also organized into the
balanced scorecard view. This list of alignment goals can be found in the COBIT 2019 Framework book.
Each goal also includes example metrics that are not shown in this slide.

GROUP EXERCISE
NAMECO is an IT Managed Service Provider in North America. They are an aggressive, for profit
organization that strives to aggressively grow revenues while providing a stable client base. NAMECO is
considered one of the top five MSPs in the industry and operates in a high threat environment with
multiple competitors who are constantly attempting to challenge their position in the market.
With over 400 tenet clients and 15,000 end users, each one has a very unique set of compliance
requirements: 1) 30% of their clients are publicly traded entities, 2) 7% are heath care related, 3) 87%
process credit cards, and 4) 6% have private information regarding EU citizens.

The enterprise risk management group has identified multiple risk scenarios that have the potential of
inhibiting the aggressive growth goals identified by the governing body. These include: 1) recruiting and
maintaining qualified and skilled staff, 2) the threat of competitors, 3) complex compliance requirements
from multiple requirements (NAMECO has private information from users across the globe, including EU
citizens), and 4) the unknown risks of vendors who provide critical services to NAMECO.

The IT organization also supports the company’s staff of 300 FTEs and is currently considered a
“necessity” which has caused some issues. Due to the nature of its business, NAMECO cannot continue
with its strategy unless IT is seen as a key success factor. Most of the services provided by IT are a mix
of insourced, cloud, and outsourced services and IT generally adopts new technologies once they have
been proven in the market. Although the organization is primarily a waterfall model for delivery, there are
two full time agile teams that support the core applications of the business. This model has worked up to
this point, but there are pressures from the business to deploy services faster.

With the aggressive growth of the company, the IT organization has experienced multiple issues that
have resulted in unsatisfactory client reviews. The key concerns include: 1) failure to meet Service Level
Agreements (many of these failures are due to suppliers), 2) multiple audit findings of non-compliance of
data privacy, and 3) Insufficient IT resources/knowledge required to support the goals of the enterprise.
Other key observations include: 1) there are no documented or well-understood decision matrices in the
organization, 2) policies exist, but have not been updated in the last 3 years, 3) the leadership of the
organization endorse a ‘risk taking’ culture, but do not support risky decisions that fail, 4) no skills matrix
28
COBIT 2019 Foundation Course
Facilitator Guide

exists that identifies the skills and competencies required to support IT services, 5) an IT service catalog
exists, but is not acknowledged or followed, 6) there is no formal recognition of IT processes, they are ad
hoc and not well documented, and 7) there is no real understanding of the data/information architectures
or flows and there is an absence of information classification.

Using the NAMECO scenario, discuss which COBIT Design Factors would be relevant for the governance
system of NAMECO, and identify which values you would assign to the relevant design factors.

This exercise will last approximately one hour.

The intent of this exercise is to increase students’ understanding of the design factors.

Depending on class size, instructors can determine the best approach to this exercise: 1) complete these
as small groups, or 2) complete these as a class.

Give the groups 30 minutes to complete their analysis. Each group can present their findings to the class.

The presentations and discussion should take approximately 30 minutes.

REVIEW QUESTIONS
A governance or management objective always relates to _____ and a series of related components of
other types to help achieve the objective.
a) Compliance requirements
b) One process
c) One or more enablers

Answer: b

• Incorrect. Not all governance or management objectives always relate to compliance requirements.
• Correct. Each governance objective relates to a process in the governance domain (EDM), and each
management objective relates to a process in the management domains (APO, BAI, DSS, MEA).
• Incorrect. Enablers were in COBIT5 and are referred to as components in COBIT 2019.

Reference: COBIT 2019 Framework: Basic Concepts: Governance Systems and Components, Chapter 4

Which of the following is NOT a component of the governance system?

a) Enterprise size
b) Organizational structures
c) Information

Answer: a

• Correct. Enterprise size is not a component of the governance system, it is a design factor.
• Incorrect. Organizational structures is a component of the governance system and was formerly part
of enablers in COBIT5.
• Incorrect. Information is a component of the governance system and was formerly part of enablers in
COBIT5.

______________ are factors that can influence the design of an enterprise’s governance system and
position it for success in the use of I&T.
a) Components of the governance system
b) Alignment goals
c) Design factors
29
COBIT 2019 Foundation Course
Facilitator Guide

Answer: c

• Incorrect. Components are factors that, individually and collectively, contribute to the good operations
of the enterprise’s governance system over I&T.
• Incorrect. Alignment goals are formerly IT-related goals and are part of the goals cascade.
• Correct. Design factors are are factors that can influence the design of an enterprise’s governance
system and position it for success in the use of I&T.

Reference: COBIT 2019 Framework: Basic Concepts: Governance Systems and Components, Chapter 4

Which of the following is a design factor for a governance system that supports prioritization of
management objectives based on prioritization of enterprise goals?
a) Balanced scorecard
b) Holistic approach
c) Risk Profile

Answer: c

• Incorrect. The Balanced scorecard is not a design factor.

• Incorrect. A holistic approach is one of the six governance system principles.
• Correct. The goals cascade is a key design factor.

Reference: COBIT 2019 Framework: Basic Concepts: Governance Systems and Components, Chapter 4

30
COBIT 2019 Foundation Course
Facilitator Guide

Governance Management Objectives

Governance and management objectives provide more clear and achievable results. For information and
technology to contribute to enterprise goals, a number of governance and management objectives should
be achieved. In this module, we will take a closer look at these.

TOPICS AND OBJECTIVES

Our topics for this module are:
• Overview of the COBIT core model
• Governance and management objectives
• Group exercise
Our learning objectives are:
• Recall the 40 Governance and Management Objectives and their purpose statements.
• Understand the relationship between Governance and Management Objectives and Governance
Components.
• Prepare for the COBIT 2019 Foundation Exam

COBIT 2019 FRAMEWORK: GOVERNANCE AND MANAGEMENT OBJECTIVES

PUBLICATION
This guide is written for professionals throughout the enterprise, including business, audit, security, risk
management, IT and other practitioners who will benefit from detailed guidance on the 40 governance
and management objectives of the COBIT core model.

This publication provides a comprehensive description of the 40-core governance and management
objectives defined in the COBIT core model, the processes contained therein, other related components,
and references to related guidance such as other standards and frameworks. This publication explains:
• The structure that is used to detail the guidance for the 40 governance and management objectives
across components.
• The appendices include more detail on the mapping tables that inform the goals cascade, descriptions
of organizational structures and a list of source references.

COBIT CORE

31
COBIT 2019 Foundation Course
Facilitator Guide

The core outlines the 40 governance and management objectives – each of which are associated with a
process. Across the top the EDM domain with 5 governance objectives (remember, each of these are
associated with a process). Below EDM, you may also recognize the APO with 14 management
objectives, BAI with 11 management objectives, DSS with 6 management objectives and MEA with 4
management objectives.

EDM
Governance objectives are grouped in the Evaluate, Direct and Monitor (EDM) domain. In this domain,
the governing body evaluates strategic options, directs senior management on the chosen strategic
options and monitors the achievement of the strategy.

APO
Align, Plan and Organize (APO) addresses the overall organization, strategy and supporting activities
for I&T.

BAI
Build, Acquire and Implement (BAI) treats the definition, acquisition and implementation of I&T
solutions and their integration in business processes.

DSS
Deliver, Service and Support (DSS) addresses the operational delivery and support of I&T services,
including security.

MEA
Monitor, Evaluate and Assess (MEA) addresses performance monitoring and conformance of I&T with
internal performance targets, internal control objectives and external requirements.

Refer to the Governance and Management objectives publication, page 11.

GOVERNANCE AND MANAGEMENT OBJECTIVES PURPOSE STATEMENTS

Please refer to pages 33- 35 in the Governance and Management Objectives publication for more
information on the objectives and purpose statements for:
• EDM
• APO
• BAI
• DSS
MEA

32
COBIT 2019 Foundation Course
Facilitator Guide

GOVERNANCE AND MANAGEMENT OBJECTIVE RELATIONED GUIDEANCE

Each of the 40 governance and management objectives provide valuable information on the processes
and components related to the objective. Governance and management objectives always relate to one
process in the COBIT Core. Also, governance and management objectives relate to the governance
components (one of these components is Process. Remember, there are seven components, which we
called enablers in COBIT5. For each governance and management objective, Chapter 3 of the
Governance and Management Objectives publication provides information related to each of the
governance components applicable to that governance or management objective.

GOVERNANCE AND MANAGEMENT OBJECTIVES DESCRIPTIONS

Each of the 40 governance and management objectives is described in the following ways in COBIT:

High level Information for each includes

• Domain name
• Focus area
• Governance or management objective name
• Description
• Purpose statement
Goals Cascade information includes
• Applicable alignment goals
• Applicable enterprise goals
• Example metrics
Related Components:
• Processes
• Organizational structures
• Information flows and items
• People, skills and competencies
• Policies and frameworks
• Culture, ethics and behavior
• Services, infrastructure and applications
As previously seen, related guidance is also provided for each governance and management objective
these are areas such as:
• Standards, frameworks and compliance requirements and
• Detailed references
33
COBIT 2019 Foundation Course
Facilitator Guide

• This related guidance is found under each of the applicable components – this is different from
COBIT5 where this was applied to the process level.

HIGH-LEVEL INFORMATION
These tables are unpopulated and used to illustrate high-level information. A detailed example should be
used after this section of the material to walk-through to enhance the participants knowledge. (This is
noted in the materials at the appropriate time).

Refer to the Governance and Management Objectives publication, Page 18.

This identifies the applicable
• Domain
• Focus area
• Governance or management objective
• Description
• Purpose statements

Refer to the Governance and Management Objectives publication, Page 193 for a detailed example of the
populated view for BAI06 – Managed IT Changes.

GOALS CASCADE

This is the view of the goals cascade information provided. Each governance or management objective
supports the achievement of alignment goals that are related to larger enterprise goals. As previously
discussed, alignment goals (known as IT-related goals in COBIT5), have a primary link to a governance
or management objective. Alignment goals also support higher-level enterprise goals. Each of these
types of goals also includes example metrics.

Refer to the Governance and Management Objectives publication, Page 193 for an example of the
populated view for BAI06 – Managed IT Changes.
34
COBIT 2019 Foundation Course
Facilitator Guide

Review enterprise and alignment goals and mapping found on pages 297-298 in the Governance and
Management Objectives publication.

ALIGNMENT WITH COMPONENTS

Governance and Management objectives are achieved through (successful outcomes of) governance
components to the Governance Components.

Process Component Display

• Each governance and management objective includes several process practices. Each process
has one or more activities.
• A limited number of example metrics accompanies each process practice, to measure the
achievement of the practice and its contribution to the achievement of the overall objective.
• Capability Levels are explained in the upcoming slides.

Capability Levels

35
COBIT 2019 Foundation Course
Facilitator Guide

Capability levels were assigned to each activity. This enables a clear definition of the processes at
different capability levels. A process reaches a certain capability level as soon as all activities of that level
are performed successfully. COBIT 2019 supports a Capability Maturity Model Integration or CMMI based
process-capability scheme which ranges from 0 to 5. The capability level is a measure of how well a
process is implemented and performing. This is described in the performance management section of the
course.

Related Guidance
The Related Guidance is updated in COBIT 2109 and refers to all standards, frameworks, compliance
requirements and other guidance that are relevant for the process at hand. These are references to other
standards and guidance where relevant. Note that related guidance is available for ALL components, not
just processes. The detailed references cite specific chapters or sections within the related guidance
If no “related guidance” is listed, no applicable references are known from the sources mapped.

A complete list of sources for the related guidance is included in Appendix C of the Governance and
Management Objectives publication. As always, ISACA encourages the practitioner community suggest
related guidance that might add additional value to COBIT.

Organizational Structures Display

This is the unpopulated view of the Organizational Structures for each Governance and Management
Objective. A populated view will be on the next slide.
• The organizational structures governance component suggests levels of responsibility and
accountability for process practices.
• The charts include individual roles as well as organizational structures, from both business and IT.
• Where relevant, references to other standards and additional guidance are included in the
organizational structure components section.

Refer to the Governance and Management Objectives publication, Page 195, which is an example of the
populated view for BAI06 – Managed IT Changes.

36
COBIT 2019 Foundation Course
Facilitator Guide

Organizational Structures

ROLES AND ORGANIZATIONAL STRUCTURES

The following roles and organizational structures have been defined in the context of COBIT 2019:

Board Enterprise Risk Committee Enterprise Risk Committee

Executive Committee Chief Information Security Officer Chief Information Security Officer
Chief Executive Officer Business Process Owner Business Process Owner
Chief Financial Officer Portfolio Manager Portfolio Manager
Chief Operating Officer Steering (Programs/Projects) Steering (Programs/Projects)
Chief Risk Officer Committee Committee
Chief Information Officer Program Manager Program Manager
Chief Technology Officer
Project Manager Project Manager
Chief Digital Officer
Project Management Office Project Management Office
I&T Governance Board
Data Management Function Data Management Function
Architecture Board
Head Human Resources Head Human Resources
Relationship Manager

References: COBIT 2019 Governance and Management Objectives, Chapter 3

Refer to the Governance and Management Objectives publication, Page 21-22

Students are encouraged to review the definitions of these roles and organizational structures to help
prepare for the Foundation exam. The organizational structures component was formerly known as an
enabler in COBIT 5. There are small changes between COBIT 5 and COBIT 2019.

Each of the governance and management objectives indicates organizational structures applicable to that
objective. The list on this slide is and example of roles and organizational structures that have been
defined in the context of COBIT 2019. A detailed description of each of these roles and organizational
structures is included in Appendix B of the Governance and Management Objectives Publication – it is
suggested that students become familiar with the high-level descriptions of these roles and structures.

Organizational Structures Display

This is the unpopulated view of the organizational structures component provided within each governance
and management objective. The organizational structures governance component suggests levels of
responsibility and accountability for process practices. Notice that only responsibility and accountability
are mentioned, and not consulted and informed – also known as the RACI model. The charts include
individual roles as well as organizational structures, from both business and IT. Where relevant,
references to other standards and additional guidance are included in the organizational structure
components section.
37
COBIT 2019 Foundation Course
Facilitator Guide

Responsible and Accountable

One change in COBIT 2019 is that the framework only suggests responsible and accountable roles.
This, of course is different from COBIT5 which also had consulted and informed. The different levels of
involvement included for these structures can be divided into responsible and accountable levels:
• Responsible (R) roles take the main operational stake in fulfilling the practice and create the intended
outcome. Who is getting the task done? Who drives the task?
• Accountable (A) roles carry overall accountability. As a principle, accountability cannot be shared. Who
accounts for the success and achievement of the task?

Enterprises should review levels of responsibility and accountability, consulted and informed, and update
roles and organizational structures in the chart according to the enterprise’s context, priorities and
preferred terminology. A detailed description of each of these roles and organizational structures is
included in Appendix B of the Governance and Management Objectives publication.

Consulted and Informed

Since the attribution of consulted and informed roles depends much more on organizational context and
priorities, they are not included in this detailed guidance. Practitioners can complete charts by adding two
levels of involvement for roles and organizational structures:
• Consulted (C) roles provide input for the practice. Who is providing input?
• Informed (I) roles are informed of the achievements and/or deliverables of the practice. Who is
receiving information?

Related Guidance
Of course, each of the components, and in this case, organizational structures, has related guidance
references. This is the unpopulated view of the related guidance section of the organizational structure’s
component. This refers to all standards, frameworks, compliance requirements and other guidance that
are relevant for the organizational structures at hand and their levels of involvement in the process.
The detailed reference area cites specific chapters or sections within related guidance. A complete list of
sources is included in Appendix C. Also, note that these standards are defined in module 2, COBIT
Framework introduction.

Information Flows and Items Component Display

This component provides guidance on the information flows and items linked with process practices.
Each practice includes inputs and outputs, with indications of origin and destination. Each output is sent
to one or a number of destinations, typically another COBIT process practice. Outputs become inputs to
their destinations. A number of outputs have many destinations and are not listed as inputs in the target
processes (for readability). Where relevant, references to other standards and additional guidance are
included in the information flows and items component.

38
COBIT 2019 Foundation Course
Facilitator Guide

Refer to pages 24-25 and page 195 of the Governance and Management Objectives publication to
illustrate these.

People, Skills and Competencies Component

This component identifies human resources and skills required to achieve the governance or
management objective. COBIT 2019 based this guidance on the Skills Framework for the Information
Age, or SFIA V6. All listed skills are described in detail in the SFIA framework. The Detailed Reference
provides a unique code that correlates to SFIA guidance on the skill.
As you see here, other references include:
• The e-Competence Framework (e-CF) and
• The Core Principles for the Professional Practice of Internal Auditing by The Institute of Internal
Auditors

Refer to the Governance and Management Objectives publication, Page 196 for an illustrative example.

Principles, Policies and Procedures Component

This component provides detailed guidance on policies and procedures that are relevant for the
governance or management objective.

This guidance includes:

• The name of relevant policies and procedures, with a description of the purpose and content of the
policy.
• Where relevant, references to other standards and additional guidance are included in the information
flows and items component.

39
COBIT 2019 Foundation Course
Facilitator Guide

Refer to the Governance and Management Objectives publication, Page 25 and 196 for an illustrative
example.

Culture, ethics and behavior Component

This component provides detailed guidance on desired cultural elements within the organization that
support the achievement of a governance or management objective.
• This includes the Related Guidance which cites specific chapters or sections within where more
information can be consulted.
• Where relevant, references to other standards and additional guidance are included.

Refer to the Governance and Management Objectives publication, Page 25 and 196 for an illustrative
example.

Services, Infrastructure and Services Component

This component provides detailed guidance on third-party services, types of infrastructure and categories
of applications that can be applied to support the achievement of a governance or management objective.
To avoid naming specific vendors or products, the guidance is generic. Entries provide direction for
enterprises to build their governance system for I&T.

Refer to the Governance and Management Objectives publication, Page 25 and 196 for an illustrative
example.

PRACTICAL WALKTHROUGH
Have the students open up to chapter 4 of the COBIT Governance and Management Objectives -Detailed
Guidance book. Review the examples in the section highlighting the importance of each section of the
table.

Refer to Chapter 4 in the COBIT Governance and Management Objectives – Detailed Guidance.

40
COBIT 2019 Foundation Course
Facilitator Guide

GROUP EXERCISE – GOALS CASCADE

For each Enterprise Goal, circle the appropriate Balanced Scorecard dimension.

Conduct this as a group discussion. Answers below:

• Portfolio of competitive products and services: Financial
• Product and business innovation: Growth
• Business service continuity and availability: Customer
• Optimization of business process costs: Internal
• Managed digital transformation programs: Growth
• Customer-oriented service culture: Customer
• Managed business risk: Financial
For each Alignment Goal, circle the appropriate Governance or Management Objective that has a
PRIMARY relationship.

This will require the Governance and Management Objectives publication to answer all questions. See
Appendix A, Mapping tables page 298. Conduct this as a group discussion. Answers below:
• Quality of I&T management information: EDM05
• Knowledge, expertise and initiatives for business innovation: APO08
• Managed I&T-related risk: DSS05
• Delivery of I&T services in line with business requirements: APO05

41
COBIT 2019 Foundation Course
Facilitator Guide

Match each purpose statement with the appropriate Governance or Management objective.

Conduct this as a group discussion. Answers below:

• Implement solutions safely and in line with the agreed expectations and outcomes.
• BAI07 Managed IT Change Acceptance and Transitioning
• Ensure that stakeholders are supportive of the I&T strategy and road map, communication to
stakeholders is effective and timely, and the basis for reporting is established to increase performance.
Identify areas for improvement, and confirm that I&T-related objectives and strategies are in line with
the enterprise’s strategy.
• EDM05 Ensure Stakeholder Engagement
• Implement solutions safely and in line with the agreed expectations and outcomes.
• BAI07 Managed IT Change Acceptance and Transitioning
• Maintain information integrity and the security of information assets handled within business processes
in the enterprise or its outsourced operation.
• DSS06 Managed Business Process Controls
Match each description with the appropriate Governance Component as it applies to Governance and
Management Objectives.

Conduct this as a group discussion. Answers below:

• For each practice, inputs and outputs are identified – Information
• Based on the Skills Framework for the Information Age, or SFIA - People, Skills, Competencies
• COBIT 2019 only suggests responsible and accountable roles - Organizational Structures

42
COBIT 2019 Foundation Course
Facilitator Guide

• Third-party services, types of infrastructure and categories of applications that can be applied to
support the achievement of a governance or management objective. - Services, Infrastructure and
Applications

GROUP SCENARIO
This is an optional exercise. Instructors either pick one enterprise goal and complete this as a group or
assign an enterprise goal to each group to walk through the goals cascade and determine which
Governance or Management Objectives are most appropriate.

Instructors may instruct the groups to use Primary, Secondary, or both as a means to select the
Governance and Management Objectives.

NAMECO is an IT Managed Service Provider in North America. They are an aggressive, for profit
organization that strives to aggressively grow revenues while providing a stable client base. NAMECO is
considered one of the top five MSPs in the industry and operates in a high threat environment with
multiple competitors who are constantly attempting to challenge their position in the market.

With over 400 tenet clients and 15,000 end users, each one has a very unique set of compliance
requirements: 1) 30% of their clients are publicly traded entities, 2) 7% are heath care related, 3) 87%
process credit cards, and 4) 6% have private information regarding EU citizens.

Using information from the NAMECO scenario, use the goals cascade to determine the most appropriate
Governance or Management Objectives.

NAMECO has determined that the two most critical enterprise goals for the upcoming year include the
following:
• Enterprise goal 2 (EG02) Managed business risk
• Enterprise goal 3 (EG03) Compliance with external laws and regulations
• Enterprise goal 8 (EG08) Optimization of internal business process functionality
43
COBIT 2019 Foundation Course
Facilitator Guide

• Enterprise goal 10 (EG10) Staff skills, motivation and productivity

REVIEW QUESTIONS
Known as the Process Reference Model (PRM) in COBIT 5, the _______ organizes the Governance and
Management Objectives into five domains.
a) Organizational Structures
b) Goals Cascade
c) COBIT Core Model

Answer: c

• Incorrect. Organizational Structures is one of the governance components known as an enabler in

COBIT5.
• Incorrect. The goals cascade is a COBIT model used to assist in the alignment goals of all IT efforts
with business objectives
• Correct. Enablers were in COBIT5 and are referred to as components in COBIT 2019

Reference: COBIT Governance and Management Objectives

Governance ________ are factors that, individually and collectively, contribute to the good operations of
the enterprise’s governance system over I&T and were known as enablers in COBIT 5.
a) Components
b) Objectives
c) Practices

Answer: c

• Correct. This is the correct definition of the Governance Components in COBIT 2019. To satisfy
governance and management objectives, each enterprise needs to establish, tailor and sustain a
governance system built from a number of components.
• Incorrect. Governance and Management Objectives contribute to the alignment of IT and
achievement of enterprise goals and were not known as enablers in COBIT5.
• Incorrect. Practices assist in the achievement of governance and management objectives.

Reference: COBIT Governance and Management Objectives

44
COBIT 2019 Foundation Course
Facilitator Guide

Which two levels of involvement does COBIT 2019 identify within the updated RACI chart?
a) Consulted and Informed
b) Responsible and Accountable
c) Ownership and Delegated

Answer: b

• Incorrect. Consulted and Informed are not levels of involvement in the detailed guidance in COBIT
2019. They still exist, but the attribution of these depends on organizational context and priorities.
• Correct. A detailed description of each of these roles are included in the detail guidance of COBIT
2019.
• Incorrect. Ownership and Delegated are not part of the RACI chart.

Reference: COBIT Governance and Management Objectives

Which Governance or Management Objective has the following purpose statement?

“Realize defined project outcomes and reduce the risk of unexpected delays, costs and value erosion by
improving communications to and involvement of business and end users. Ensure the value and quality of
project deliverables and maximize their contribution to the defined programs and investment portfolio.”
a) BAI11 Managed Projects
b) BAI02 Managed Requirements Definition
c) APO09 Managed Service Agreements

Answer: a
a) Correct. This is the purpose statement for BAI11, Managed Projects
b) Incorrect. The purpose statement of BAI02 is “Create optimal solutions that meet enterprise
needs while minimizing risk.”
c) Incorrect. The purpose statement of APO09 is “Ensure that I&T products, services and service
levels meet current and future enterprise needs.”

Which Governance or Management Objective has the following purpose statement?

“Achieve competitive advantage, business innovation, improved customer experience, and improved
operational effectiveness and efficiency by exploiting I&T developments and emerging technologies.”
a) APO01 Managed Service Catalog
b) APO04 Managed Innovation
c) BAI08 Managed Knowledge

Answer: b
a) Incorrect. APO01 is not Managed Service Catalog. There are no objectives with this name.
b) Correct. The purpose statement of APO04 is “Achieve competitive advantage, business
innovation, improved customer experience, and improved operational effectiveness and efficiency
by exploiting I&T developments and emerging technologies.”
c) Incorrect. The purpose statement of BAI08 is “Provide the knowledge and information required to
support all staff in the governance and management of enterprise I&T and allow for informed
decision making.”

45
COBIT 2019 Foundation Course
Facilitator Guide

Within the COBIT Goals Cascade, under which Balanced Scorecard dimension would you find the
Enterprise Goal “Managed digital transformation programs?”
a) Align, Plan and Organize (APO)
b) DevOps
c) Growth

Answer: c
a) Incorrect. APO01 is not a Balanced Scorecard dimension, it is a domain within the COBIT Core.
b) Incorrect. DevOps is not a Balanced Scorecard dimension, it is a Focus Area
c) Correct. This is the correct Balanced Scorecard dimension that the Enterprise Goal falls within.

46
COBIT 2019 Foundation Course
Facilitator Guide

Performance Management
Building on the previous versions COBIT 2019 has updated the performance management aspect of the
framework.

TOPICS AND OBJECTIVES

The topics we will cover in this module include:
• Performance management definition, principles and overview
• Managing performance of processes
• Managing performance of other governance system components
• Module summary
In line with the learning objectives for this course, this module will focus on
• Differentiate COBIT based performance management using maturity and capability perspectives.
• Prepare for the COBIT 2019 Foundation exam.

COBIT PERFORMANCE MANAGEMENT DEFINITION AND PRINCIPLES

Performance management is an essential part of a governance and management system. Performance
management is a general term for all activities and methods. It expresses how well the governance and
management system and all the components of an enterprise work, and how they can be improved up to
the required level.

As such, it includes concepts and methods such as capability levels and maturity levels. COBIT uses the
term “COBIT performance management” (CPM) to describe these activities, and the concept is an integral
part of the COBIT framework.
• Performance management in COBIT 2019 is based on the following principles:
• It should be simple to understand and use
• It should be consistent with, and support the COBIT conceptual model
• It should provide reliable, repeatable and relevant results
• It must be flexible
• It should support different types of assessments

COBIT PERFORMANCE MANAGEMENT OVERVIEW

The CPM model largely aligns to and extends CMMI Development 2.0 concepts:
• Process activities are associated to capability levels.
• This is included in the COBIT Framework: Governance and Management Objectives guide.
• Other governance and management component types (organizational structures, information) may
also have capability levels defined for them in future guidance that ISACA may release.
• Maturity levels are associated with focus areas (a collection of governance and management
objectives and underlying components) and will be achieved if all required capability levels are
achieved.

47
COBIT 2019 Foundation Course
Facilitator Guide

Focusing on the COBIT update only, shown on the far right of this slide, notice that capability levels can
be viewed from the process perspective or any other perspective such as governance and management
components. Capability is addressed at each of those levels. While maturity is seen as an overall view of
all altitudes of capability. If enterprises desire to continue using the COBIT 5 process capability model,
they have all the required information to do so in COBIT 2019 Framework: Governance and Management
Objectives. An important note about the COBIT5 Capability Assessment Model is that it is based on
ISO15504, which is now ISO/IEC 33000. The capability levels have very different meanings in each of
these. Finally, no separate process assessment model (PAM) publications are necessary, nor will they be
provided with COBIT 2019.

PROCESS CAPABILITY LEVELS

48
COBIT 2019 Foundation Course
Facilitator Guide

The capability level is a measure of how well a process is implemented and performing. This figure
depicts the model, the increasing capability levels and the general characteristics of each. The COBIT
core model assigns capability levels to all process activities, enabling clear definition of the processes
and required activities for achieving the different capability levels.

RATING CAPABILITY LEVELS

A capability level can be achieved to varying degrees, which can be expressed by a set of ratings. The
range of available ratings depends on the context in which the performance assessment is made. Some
formal methods leading to independent certification use a binary pass/fail set of ratings. Less formal
methods that are often used in performance-improvement contexts work better with a larger range of
ratings, such as the following set:
• Fully—which means that the capability level is achieved for more than 85%.
• This remains a judgment call, but it can be substantiated by the examination or assessment of the
components of the enabler, such as process activities, process goals or organizational structure good
practices.
• Largely—The capability level is achieved between 50 percent and 85 percent.
• Partially—The capability level is achieved between 15 percent and 50 percent.
• Not—The capability level is achieved less than 15 percent.

FOCUS AREA MATURITY LEVELS

Sometimes a higher level is required for expressing performance without the granularity applicable to
individual process capability ratings. Maturity levels can be used for that purpose. COBIT 2019 defines
maturity levels as a performance measure at the focus area level. Maturity levels are associated with
focus areas, or a collection of governance and management objectives and underlying components
A certain maturity level is achieved if all the processes contained in the focus area achieve that particular
capability level.

49
COBIT 2019 Foundation Course
Facilitator Guide

MANAGING PERFORMANCE OF OTHER GOVERNANCE SYSTEM STRUCTURES

Managing the performance of other governance system components is also crucial. In the COBIT 2019
Framework, examples provided in the publication include the following governance components:
• Organizational Structures
• Information Items
• Culture and Behavior
NOTE: We do not cover these in detail in this course. You can refer to the Framework book for more
information (Introduction and Methodology publication, Page 40)

PERFORMANCE MANAGEMENT OF ORGANIZATIONAL STRUCTURES

Although no generally accepted or formal method exists for assessing organizational structures, they can
be less formally assessed according to the following criteria. For each criterion, a number of subcriteria
can be defined, linked to the various capability levels. The criteria are:
• Successful execution of those process practices for which the organizational structure (or role) has
accountability or responsibility (an A or an R, respectively, in a responsible-accountable-consulted-
informed [RACI] chart).
• As for the processes, low capability levels require a subset of these criteria to be satisfied, and higher
capability levels require all criteria to be satisfied. But, as already indicated, no generally accepted
scheme exists for assessing organizational structures. However, this does not prevent an enterprise
from defining its own capability scheme for organizational structures.

Successful application of a number of good practices for organizational structures, such as:
• Operating principles
• Composition
• Span of control
• Level of authority/decision rights
• Delegation of authority
• Escalation procedures
Instructors should refer to the referenced pages to discuss the details of each good practice identified in
this slide.

PERFORMANCE MANAGEMENT OF INFORMATION ITEMS

The information item component for a governance system of I&T is more or less equivalent to the process
work products as described in COBIT® 2019 Framework: Governance and Management Objectives.

An information item can be assessed by considering the extent to which the relevant quality criteria, as
defined in figure 6.4, are achieved.

This model defines three main quality criteria for information and 15 sub criteria, as illustrated on page 42,
figure 6.4 in the Introduction to Methodology publication.

PERFORMANCE MANAGEMENT OF CULTURE AND BEHAVIOR

For the culture and behavior governance component, it should be possible to define a set of desirable
(and/or undesirable) behaviors for good governance and management of IT, and to assign different levels
of capability to each.

COBIT® 2019 Framework: Governance and Management Objectives defines aspects of the culture and
behavior component for most objectives.
50
COBIT 2019 Foundation Course
Facilitator Guide

From there, it is possible to assess the extent to which these conditions or behaviors are met.

Focus area content, which will contain a more detailed set of desired behaviors, will be developed going
forward.

The user is advised to consult isaca.org/cobit for the latest status and available focus area guidance.
of each good practice identified in this slide.

REVIEW QUESTIONS
Which of the following is a key principle to COBIT Performance Management (CPM)?
a) The CPM should include 5 levels of capability and maturity.
b) Assessing performance should be completed at the governance component level only.
c) The CPM should support different types of assessments

Answer: c

• Incorrect. Assessing performance can be assessed at multiple levels with varying models to conduct
the assessments
• Incorrect. Governance System Principles and Governance Framework Principles are two different
views.
• Correct. The CPM is intended to support multiple types of assessments, such as capability and
maturity.

Reference:
COBIT 2019 Framework: Introduction and Methodology Chapter 6 Performance Management in COBIT

COBIT 2019 Performance management supports which industry-based process capability scheme?
a) CMMI-based process capability scheme.
b) COBIT has its own capability scheme and does not support any industry-based frameworks.
c) Skills Framework for the Information Age (SFIA)

Answer: a

• Correct. The CPM model largely aligns to and extends CMMI® Development 2.0 concepts
• Incorrect. COBIT is based on using multiple industry frameworks and in this case it is CMMI.
• Incorrect. The SFIA is an industry framework referenced by COBIT in the People Skills and
Competencies component

Reference:
COBIT 2019 Framework: Introduction and Methodology Chapter 6 Performance Management in COBIT

51
COBIT 2019 Foundation Course
Facilitator Guide

Designing a Tailored Governance System

This module contains information that is totally new to COBIT 2019. In this section we will discuss design
factors as well as how to design a tailored governance system.

TOPICS AND OBJECTIVES

The topics we will cover in this module include:

• Introduction to designing a tailored governance system
• Impact of design factors
• Designing a tailored system
• Module summary
Consistent with the course objectives, we will address the following:
• Discover how to design a tailored governance system using COBIT
• Prepare for the COBIT 2019 Foundation exam

INTRODUCTION TO DESIGNING A TAILORED GOVERNANCE SYSTEM

This section describes how an enterprise can design a customized governance solution for enterprise
Information and Technology. Governance over a complex matter like Information and Technology
requires a multitude of components, including processes, organizational structures, information flows,
behaviors, etc. All of these need to work together in a systemic way, and for that reason we will refer to
the tailored governance solution every enterprise should build as the ‘governance system for enterprise
information & technology’, or ‘governance system’ in short.

THE NEED FOR TAILORING

Each enterprise is distinct in many various aspects: size of the enterprise, industry sector, regulatory
landscape, threat landscape, role of IT for the organization, tactical technology related choices and
others. All of these differences – which we collectively refer to as ‘design factors’– require organizations
to tailor their governance system for gaining most value out of their use of Information and Technology.
There is no unique governance system for enterprise Information and Technology that fits all. Tailoring
means that an enterprise starts from the COBIT Core model and applies changes to this generic
framework based on the relevance and importance of a series of design.

DESIGN FACTORS
As discussed in Module 4, Design Factors are factors that can influence the design of an enterprise’s
governance system and position it for success in the use of I&T. The potential impacts design factors can
have on the governance system are noted in this module. Information and detailed guidance on how to
use the design factors for designing a governance system can be found in the COBIT® 2019 Design
Guide.

IMPACT OF DESIGN FACTORS

Design factors influence in different ways the tailoring of the governance system of an enterprise.

There are three different types of impacts:

• Management objective priority and target capability levels
• Component variations, and
• Specific focus areas
52
COBIT 2019 Foundation Course
Facilitator Guide

Management Objective and Target Capability Levels.

This design factor influence can make some governance and management objectives more important
than others, sometimes to the extent that they become negligible. In practice, this higher importance
translates into setting higher target capability levels.

The COBIT core model contains 40 governance and management objectives, each consisting of the
identically named process and a number of related components. They are intrinsically equivalent; there is
no natural order of priority among them.

Example: When an enterprise identifies the most relevant enterprise goal(s) from the enterprise goal list
and applies the goals cascade, this will lead to a selection of priority management objectives.

For example, when EG01—Portfolio of competitive products and services is ranked as very high by an
enterprise, this will make management objective APO05—Managed Portfolio an important part of this
enterprise’s governance system.

Component Variations
Components are required to achieve governance and management objectives. Some design factors can
influence the importance of one or more components or can require specific variations.

Example: An enterprise that operates in a highly regulated environment will attribute more importance to
documented work products and policies and procedures and to some roles, such as the compliance
officer function.

Specific Focus Areas.

Some design factors, such as threat landscape, specific risk, target development methods and
infrastructure set-up, will drive the need for variation of the core COBIT model content to a specific
context.

Example: Enterprises adopting a DevOps approach will require a governance system that has a variant of
several generic COBIT processes, described in the DevOps focus area guidance for COBIT.

53
COBIT 2019 Foundation Course
Facilitator Guide

DESIGNING A TAILORED SYSTEM

The different stages and steps in the design process will result in recommendations for prioritizing
governance and management objectives or related governance system components, for target capability
levels, or for adopting specific variants of a governance system component. Some of these steps or sub
steps may result in conflicting guidance, which is inevitable when considering a larger number of design
factors, the overall generic nature of the design factor guidance and the mapping tables used. These
steps include the following:
• Understand the enterprise context and strategy
• Determine the initial scope of the governance system
• Refine the scope of the governance system, and
• Conclude the governance system design
It is recommended to put all guidance obtained during the different steps on a design canvas and—in the
last stage of the design process—resolve (to the degree possible) the conflicts among the elements on
the design canvas and conclude. There is no magic formula. The final design will be a case-by-case
decision, based on all the elements on the design canvas. By following these steps, enterprises will
realize a governance system that is tailored to their needs.

REVIEW QUESTIONS
Designing a tailored governance system will result in recommendations for prioritizing governance and
management objectives or related governance system components, for ____________, or for adopting
specific variants of a governance system component.
a) target capability levels
b) documenting the four enabler dimensions
c) documenting the most appropriate accountabilities and responsibilities

Answer: a
a) Correct. Determining or prioritizing target capability levels can be a result of designing a tailored
governance system.
b) Incorrect. The four enabler dimensions are part of COBIT 5 and are not in COBIT 2019
54
COBIT 2019 Foundation Course
Facilitator Guide

c) Incorrect. Accountabilities and responsibilities (which replaces the RACI) is more detailed and
can be found in the governance and management objectives. Designing a tailored governance
system does not discuss these.

Which of the following is the correct set of steps in the governance system design workflow?
a) Understand the enterprise context and strategy; Determine the initial scope of the governance
system; Refine the scope of the governance system; Conclude the governance system design.
b) What are the drivers; Where are we now; Where to we want to be; What needs to be done; How
do we get there; Did we get there; How do we keep the momentum going.
c) Direct the governance system; Plan the governance system; Build the governance system; Run
the governance system; Monitor the governance system

Answer: a

• Correct. This is the correct set of steps in the workflow.

• Incorrect. These steps are the steps to the COBIT implementation Roadmap
• Incorrect. These steps correlate with the five domains

In which stage of the Governance System Design Workflow would an enterprise consider the current I&T-
related issues?
a) Understand enterprise strategy
b) Determine the initial scope of the governance system
c) Plan program

Answer: b

a) Incorrect. Considering the current I&T related issues is not a sub step of Understand enterprise
strategy.
b) Correct. Considering the current I&T related issues is a sub step of stage 2 in the Governance
System Design Workflow.
c) Incorrect. Plan program is step 4 of the Implementation model.

55
COBIT 2019 Foundation Course
Facilitator Guide

COBIT Business Case

INSTRUCTORS – You may recognize that this module comes before the implementation module which is
not the order in the framework book. This business case module is before implementation in this course,
so that “making the case” is addressed before addressing the implementation approach.

TOPICS AND OBJECTIVES

Our topics for this module include:
• Making a case for getting started
• Overview of the COBIT business case
• Example scenario
• Module summary
And objectives are:
• Explain the key points of the COBIT business case.

INTRODUCTION TO THE COBIT BUSINESS CASE

Common business practices dictate preparing a business case to analyze and justify the initiation of a
large project and/or financial investment. The concept of a business case is not new, but this guidance is
new to COBIT 2019. COBIT provides a nonprescriptive, generic guide to encourage preparation of a
business case. Every enterprise has its own reasons for improving EGIT and its own approach to
preparing business cases. The COBIT 2019 Framework and Methodology publication provides an
example scenario.

THE COBIT BUSINESS CASE COMPONENT

The Framework Introduction and Methodology publication provides an example business case scenario
using a fictitious company using the following outline. Although the example is derived from actual
situations, it does not reflect a specific, existing enterprise. The example and guidance is provided to help
focus on the issues that should be addressed in a business case. Of course, you can modify this
business case based on your specific needs. However, it is absolutely paramount that a business case be
developed and monitored through its entire economic lifecycle.

EXAMPLE SCENARIO – ACME CORPORATION

The example scenario is Acme Corporation, a large multinational enterprise with a mixture of traditional,
well-established business units as well as new Internet-based businesses adopting the very latest
technologies. Many of the business units have been acquired and exist in various countries with different
local political, cultural and economic environments. The central group’s executive management team has
been influenced by the latest enterprise governance guidance, including COBIT, which they have used
centrally for some time. They want to make sure that rapid expansion and adoption of advanced IT will
deliver the value expected; they also intend to manage significant new risk. They have, therefore,
mandated enterprise wide adoption of a uniform EGIT approach. This approach includes involvement by
the audit and risk functions and internal annual reporting by business unit management of the adequacy
of controls in all entities.

Refer to the Introduction and Methodology publication, Pages 53-61:

• This example and the guidance in this publication in provided to help focus on the issues that should
be addressed in a business case.
• Although the example is derived from actual situations, it does not reflect a specific, existing
enterprise.
• Review this business case with the class directly from the COBIT 2019 Framework:
Introduction and Methodology Chapter 9 The COBIT Business Case on pages 53 – 61
• Review this scenario and discuss key points with the class directly from the publication
56
COBIT 2019 Foundation Course
Facilitator Guide

This is an optional exercise.

The intent of this exercise is to gain an understanding of the key areas of a business case and how an
enterprise can make the case for an enterprise governance system.

Instructors may choose to assign sections of the business case to each group to analyze the NAMECO
scenario and create their key points to an assigned section of the business case.

Other key observations include: 1) there are no documented or well-understood decision matrices in the
organization, 2) policies exist, but have not been updated in the last 3 years, 3) the leadership of the
organization endorse a ‘risk taking’ culture, but do not support risky decisions that fail, 4) no skills matrix
exists that identifies the skills and competencies required to support IT services, 5) an IT service catalog
exists, but is not acknowledged or followed, 6) there is no formal recognition of IT processes, they are ad
hoc and not well documented, and 7) there is no real understanding of the data/information architectures
or flows and there is an absence of information classification.

57
COBIT 2019 Foundation Course
Facilitator Guide

REVIEW QUESTIONS
When developing a business case, which of the following is an applicable reference when deriving
challenges and success factors?
a) COBIT Design Factors
b) The COBIT 2019 Implementation Guide
c) All of the above

Answer: c
a) Incorrect. Although this is a correct statement, b is also. COBIT Design Factors can be used to
derive potential challenges.
b) Incorrect. Although this is a correct statement, a is also. The COBIT 2019 Implementation Guide
can be used to derive potential challenges and success factors.
c) Correct. Both a and b are applicable references when deriving challenges and success factors.
An enterprise can also develop their own.

Reference:
COBIT 2019 Framework Introduction and Methodology, Chapter 9, The COBIT Business Case

58
COBIT 2019 Foundation Course
Facilitator Guide

Implementing Enterprise Governance

Over IT
In this module we will discuss implementing enterprise governance over IT. You may recognize a few of
these concepts from COBIT 5

TOPICS AND OBJECTIVES

Our topics for this module include:
• Implementation guide purpose and scope
• Implementation phases
• Design guide and implementation guide relationships
• Module summary
Objectives are:
• Understand and recall the phases of the COBIT implementation approach.
• Describe the relationships between the COBIT Design and Implementation Guides

IMPLEMENTATION GUIDE PURPOSE AND SCOPE

The COBIT 2019 Implementation

Guide emphasizes an enterprise-
wide view of governance of I&T.
It recognizes that I&T are pervasive
in enterprises and that it is neither
possible nor good practice to
separate business and IT-related
activities. The governance and
management of enterprise I&T
should, therefore, be implemented
as an integral part of enterprise
governance, covering the full end-
to-end business and IT functional
areas of responsibility.

One of the common reasons why

some governance system
implementations fail is that they are not initiated and then managed properly as programs to ensure that
benefits are realized. Governance programs need to be sponsored by executive management, be
properly scoped and define objectives that are attainable. This enables the enterprise to absorb the pace
of change as planned. Program management is, therefore, addressed as an integral part of the
implementation life cycle. It is also assumed that while a program and project approach is recommended
to effectively drive improvement initiatives, the goal is also to establish a normal business practice and
sustainable approach to governing and managing enterprise I&T just like any other aspect of enterprise
governance.

For this reason, the implementation approach is based on empowering business and IT stakeholders and
role players to take ownership of IT-related governance and management decisions and activities by
facilitating and enabling change. The implementation program is closed when the process for focusing on
IT-related priorities and governance improvement is generating a measurable benefit, and the program
has become embedded in ongoing business activity.

59
COBIT 2019 Foundation Course
Facilitator Guide

Phase 1 What are the drivers?

Phase 1 of the implementation approach identifies current change drivers and creates at executive
management levels a desire to change that is then expressed in an outline of a business case.

A change driver is an internal or external event, condition or key issue that serves as a stimulus for
change. Events, trends (industry, market or technical), performance shortfalls, software implementations
and even the goals of the enterprise can all act as change drivers.

Risk associated with implementation of the program itself is described in the business case and managed
throughout the life cycle.

Preparing, maintaining and monitoring a business case are fundamental and important disciplines for
justifying, supporting and then ensuring successful outcomes for any initiative, including improvement of
the governance system. They ensure a continuous focus on the benefits of the program and their
realization.

Phase 2 Where are we now?

Phase 2 aligns I&T-related objectives with enterprise strategies and risk, and prioritizes the most
important enterprise goals, alignment goals and processes.

The COBIT® 2019 Design Guide provides several design factors to help with the selection.
Based on the selected enterprise and IT-related goals and other design factors, the enterprise must
identify critical governance and management objectives and underlying processes that are of sufficient
capability to ensure successful outcomes.

Management needs to know its current capability and where deficiencies may exist. This can be achieved
by a process capability assessment of the current status of the selected processes.

Phase 3 Where do we want to be?

Phase 3 sets a target for improvement followed by a gap analysis to identify potential solutions.

Some solutions will be quick wins and others more challenging, long-term tasks. Priority should be given
to projects that are easier to achieve and likely to give the greatest benefit. Longer-term tasks should be
broken down into manageable pieces.

Phase 4 What needs to be done?

Phase 4 describes how to plan feasible and practical solutions by defining projects supported by
justifiable business cases and a change plan for implementation. A well-developed business case can
help ensure that the project’s benefits are identified and continually monitored.

Phase 5 How do we get there?

Phase 5 provides for implementing the proposed solutions via day-to-day practices and establishing
measures and monitoring systems to ensure that business alignment is achieved, and performance can
be measured.

Success requires engagement, awareness and communication, understanding and commitment of top
management, and ownership by the affected business and IT process owners.

Phase 6 Did we get there?

Phase 6 focuses on sustainable transition of the improved governance and management practices into
normal business operations. It further focuses on monitoring achievement of the improvements using the
performance metrics and expected benefits.

60
COBIT 2019 Foundation Course
Facilitator Guide

Phase 7 How do we keep the momentum going?

Phase 7 reviews the overall success of the initiative, identifies further governance or management
requirements and reinforces the need for continual improvement. It also prioritizes further opportunities to
improve the governance system.

Program and project management is based on good practices and provides for checkpoints at each of the
seven phases to ensure that the program’s performance is on track, the business case and risk are
updated, and planning for the next phase is adjusted as appropriate. It is assumed that the enterprise’s
standard approach would be followed.

Further guidance on program and project management can also be found in COBIT management
objectives BAI01 Managed programs and BAI11 Managed projects. Although reporting is not mentioned
explicitly in any of the phases, it is a continual thread through all of the phases and iterations.

DESIGN GUIDE AND IMPLEMENTATION GUIDE RELATIONSHIPS

The workflow explained in the COBIT 2019 Design Guide elaborates a set of tasks defined in the
Implementation Guide and has the following connection points:
• Notice that there are three phases of the implementation guide that are influenced or enhance by the
design guide.
• Why only the first three phases?
• Because these are the most appropriate for the design of EGIT
From this slide you can see that:
• Phase 1 of the Implementation guide is aligned with the COBIT design guide step1, Understand the
enterprise context and strategy
• Phase 2 of the implementation guide is aligned with steps 2-4 of the COBIT design guide, and
• Phase 3 of the implementation guide is aligned with step 4 of the COBIT design guide

REVIEW QUESTION
What is the best description of the alignment between the COBIT Implementation and Design Guides?
a) They both define the same governance and management objectives that assist in the adoption of
and enterprise governance framework.
b) Both approaches have seven steps, and each of those steps aligns with each other.
c) The COBIT Design Guide primarily aligns with the first three phases of the implementation
lifecycle.

61
COBIT 2019 Foundation Course
Facilitator Guide

Answer: c
a) Incorrect. Although governance and management objectives are critical to the adoption of EGIT,
they are not critical factors that align these two guides.
b) Incorrect. The Implementation approach has 7 phases, and the Design guide has 4 – they do not
align
c) Correct. Because the design guide focuses on designing a tailored governance system, it is
appropriate that it aligns with the first three phases of the implementation lifecycle (What are the
drivers; Where are we now; Where do we want to be)

In which phase of the implementation lifecycle would an enterprise “Define the Road Map” for the
implementation?
a) Phase 3, Where do we want to be?
b) Phase 6, Did we get there?
c) Phase 1, Assess Current State

Answer: a
a) Correct. Phase 3 of the implementation lifecycle includes “Define Road Map” in the Program
Management ring.
b) Incorrect. Phase 6, Did we get there includes: Realize benefits (Program management ring),
Embed new approaches (Change enablement ring), and Operate and measure (Continual
improvement ring)
c) Incorrect. Phase 1 does not include Define the road map. Additionally, where do we want to be is
not part of Phase 1, it is the title of Phase 2.

Course Summary
Here is a summary of what we have learned:
• Recognize the context, benefits and key reasons COBIT is used as an information and technology
governance framework.
• Recognize the descriptions and purposes of the COBIT product architecture.
• Recall the alignment of COBIT with other applicable frameworks, standards and bodies of knowledge.
• Understand and describe the governance “system” and governance “framework” principles.
• Describe the components of a governance system.
• Understand the overall structure and contents of the Goals Cascade.
• Recall the 40 Governance and Management Objectives and their purpose statements.
• Understand the relationship between Governance and Management Objectives and Governance
Components.
• Differentiate COBIT based performance management using maturity and capability perspectives.
• Discover how to design a tailored governance system using COBIT
• Explain the key points of the COBIT business case.
• Understand and recall the phases of the COBIT implementation approach.
• Describe the relationships between the COBIT Design and Implementation Guides.
• Prepare for the COBIT 2019 Foundation exam.

COBIT 2019 Design Guide PDF
91% (11)
COBIT 2019 Design Guide PDF
150 pages
Cobit 2019 Framework PDF
43% (7)
Cobit 2019 Framework PDF
139 pages
COBIT 2019 Exam Preparation Questions and Answers 46 60
100% (17)
COBIT 2019 Exam Preparation Questions and Answers 46 60
5 pages
COBIT 2019 Framework Governance and Management Objectives Res Eng 1118 - Cobit - Governance PDF
38% (8)
COBIT 2019 Framework Governance and Management Objectives Res Eng 1118 - Cobit - Governance PDF
144 pages
COBIT 2019 Design Guide PDF
100% (1)
COBIT 2019 Design Guide PDF
151 pages
COBIT-2019-Design-Toolkit TKT Eng 1218
75% (20)
COBIT-2019-Design-Toolkit TKT Eng 1218
56 pages
COBIT 2019 Implementation Guide Res Eng 1218
No ratings yet
COBIT 2019 Implementation Guide Res Eng 1218
78 pages
Cobit 2019 Foundation Certification: Sample Exam 1
No ratings yet
Cobit 2019 Foundation Certification: Sample Exam 1
6 pages
EDM01 Ensure Governance Framework Setting and Maintenance Audit Assurance Program - Icq - Eng - 0214
100% (2)
EDM01 Ensure Governance Framework Setting and Maintenance Audit Assurance Program - Icq - Eng - 0214
28 pages
COBIT 2019 Foundation Sample Exams
100% (1)
COBIT 2019 Foundation Sample Exams
4 pages
COBIT 2019 Design Guide Res Eng 1218
90% (10)
COBIT 2019 Design Guide Res Eng 1218
150 pages
COBIT2019 SampleExam 1 Questions
100% (1)
COBIT2019 SampleExam 1 Questions
6 pages
CGEIT
50% (2)
CGEIT
142 pages
COBIT 5 Cheatsheet
100% (4)
COBIT 5 Cheatsheet
2 pages
COBIT 2019 Bridge Sample Paper
No ratings yet
COBIT 2019 Bridge Sample Paper
8 pages
IT Governance: A Pocket Guide
From Everand
IT Governance: A Pocket Guide
Alan Calder
3/5 (1)
Service Integration and Management (SIAM™) Foundation Body of Knowledge (BoK)
From Everand
Service Integration and Management (SIAM™) Foundation Body of Knowledge (BoK)
Claire Agutter
No ratings yet
425796316-COBIT-2019-Framework-Governance-and-Management-Objectives English
100% (1)
425796316-COBIT-2019-Framework-Governance-and-Management-Objectives English
288 pages
Paulo Câmara, Filipe Morais The Palgrave Handbook of ESG and Corporate PDF
No ratings yet
Paulo Câmara, Filipe Morais The Palgrave Handbook of ESG and Corporate PDF
464 pages
CRISC Exam - Study Guide
From Everand
CRISC Exam - Study Guide
Hemang Doshi
3.5/5 (2)
COBIT-2019-Implementation-Guide Res Eng 1218 PDF
100% (5)
COBIT-2019-Implementation-Guide Res Eng 1218 PDF
78 pages
Cobit 5 Checklist
100% (3)
Cobit 5 Checklist
21 pages
Cobit 2019
100% (2)
Cobit 2019
23 pages
COBIT 2019 - ISO 27001 (2013 - 14 - 15) Crossover
100% (2)
COBIT 2019 - ISO 27001 (2013 - 14 - 15) Crossover
66 pages
COBIT 5 Foundation Workshop Courseware
100% (6)
COBIT 5 Foundation Workshop Courseware
166 pages
ITAF-4th-Edition Witaf4 FMK Eng 1020 PDF
100% (8)
ITAF-4th-Edition Witaf4 FMK Eng 1020 PDF
106 pages
Interfacing and Adopting ITIL and COBIT
From Everand
Interfacing and Adopting ITIL and COBIT
Gary Hardy
No ratings yet
CISA Certified Information Systems Auditor Study Guide
From Everand
CISA Certified Information Systems Auditor Study Guide
David L. Cannon
5/5 (3)
COBIT2019 - Foundation Course - PG - V1.1
100% (1)
COBIT2019 - Foundation Course - PG - V1.1
17 pages
COBIT Foundation V1.1 (Master Slides)
100% (8)
COBIT Foundation V1.1 (Master Slides)
273 pages
Cobit Guide
86% (7)
Cobit Guide
65 pages
Getting Started With Geit - RES
100% (2)
Getting Started With Geit - RES
52 pages
COBIT® 2019 Governance System Design Workbook-Instructions: Terms & Definitions
67% (3)
COBIT® 2019 Governance System Design Workbook-Instructions: Terms & Definitions
60 pages
IT Governance With Cobit 5 PDF
100% (3)
IT Governance With Cobit 5 PDF
244 pages
ISO/IEC 38500: A pocket guide
From Everand
ISO/IEC 38500: A pocket guide
Alan Calder
4/5 (2)
Auditor's Guide to IT Auditing
From Everand
Auditor's Guide to IT Auditing
Richard E. Cascarino
4.5/5 (3)
ISO/IEC 20000: An Introduction to the global standard for service management
From Everand
ISO/IEC 20000: An Introduction to the global standard for service management
David Clifford
No ratings yet
Information Systems Auditing: The IS Audit Testing Process: Information Systems Auditing, #3
From Everand
Information Systems Auditing: The IS Audit Testing Process: Information Systems Auditing, #3
Robert E. Davis
1/5 (1)
Prince2 PDF
No ratings yet
Prince2 PDF
166 pages
CRG 650 - Annual Report
No ratings yet
CRG 650 - Annual Report
13 pages
Cobit 2019 and Risk Management PDF
100% (7)
Cobit 2019 and Risk Management PDF
34 pages
Cobit 2019
100% (6)
Cobit 2019
34 pages
COBIT 2019 Foundation Exam Guide
100% (2)
COBIT 2019 Foundation Exam Guide
10 pages
Presentation Deck - Handout Slides
0% (1)
Presentation Deck - Handout Slides
31 pages
Assurance COBIT2019
100% (1)
Assurance COBIT2019
51 pages
COBIT 2019Foundation-Edited by Hashem Al-Azizi
100% (5)
COBIT 2019Foundation-Edited by Hashem Al-Azizi
112 pages
Using Itil 4 and Cobit 2019 To Create An Integrated I&T Framework Environment
No ratings yet
Using Itil 4 and Cobit 2019 To Create An Integrated I&T Framework Environment
10 pages
COBIT 5 Implementation Introduction
25% (4)
COBIT 5 Implementation Introduction
6 pages
Cobit 2019 Foundation Certification: Sample Exam 3
No ratings yet
Cobit 2019 Foundation Certification: Sample Exam 3
10 pages
COBIT 2019 Exam Guide - FINAL - Jan102020
100% (1)
COBIT 2019 Exam Guide - FINAL - Jan102020
11 pages
COBIT 2019 Foundation Exam Guide
100% (1)
COBIT 2019 Foundation Exam Guide
11 pages
COBIT 2019 Major Differences With COBIT 5
100% (1)
COBIT 2019 Major Differences With COBIT 5
12 pages
COBIT-2019-Framework-Introduction-and-Methodology - Res - Eng - 1118 Pages 1-50 - Flip PDF Download - FlipHTML5
No ratings yet
COBIT-2019-Framework-Introduction-and-Methodology - Res - Eng - 1118 Pages 1-50 - Flip PDF Download - FlipHTML5
64 pages
COBIT 2019 DESIGN-IMPLEMENTATION COURSE INHOUSEv1 PDF
No ratings yet
COBIT 2019 DESIGN-IMPLEMENTATION COURSE INHOUSEv1 PDF
4 pages
COBIT 2019 Bridge Sample Paper - Rationale
No ratings yet
COBIT 2019 Bridge Sample Paper - Rationale
8 pages
COBIT 2019 Audit Strategy
100% (1)
COBIT 2019 Audit Strategy
17 pages
COBIT 2019 Certification Training
100% (1)
COBIT 2019 Certification Training
7 pages
Cgeit Exam Frameworks
100% (2)
Cgeit Exam Frameworks
34 pages
CGEIT The Ultimate Step-By-Step Guide
From Everand
CGEIT The Ultimate Step-By-Step Guide
Gerardus Blokdyk
2/5 (3)
ISO 38500 Complete Self-Assessment Guide
From Everand
ISO 38500 Complete Self-Assessment Guide
Gerardus Blokdyk
2/5 (1)
ISO IEC 27006 The Ultimate Step-By-Step Guide
From Everand
ISO IEC 27006 The Ultimate Step-By-Step Guide
Gerardus Blokdyk
No ratings yet
ISO 20000 Second Edition
From Everand
ISO 20000 Second Edition
Gerardus Blokdyk
No ratings yet
IT Governance to Drive High Performance: Lessons from Accenture
From Everand
IT Governance to Drive High Performance: Lessons from Accenture
Robert E. Kress
No ratings yet
PR COBIT5 Trainer Requirements
No ratings yet
PR COBIT5 Trainer Requirements
29 pages
CTFL Syll2018
0% (1)
CTFL Syll2018
57 pages
Cobit Course Outline
No ratings yet
Cobit Course Outline
1 page
Prince 2
No ratings yet
Prince 2
17 pages
COBIT Foundation Syllabus v1.1 TRACK CHANGES
No ratings yet
COBIT Foundation Syllabus v1.1 TRACK CHANGES
9 pages
Netsuite Foundation Course Outline
No ratings yet
Netsuite Foundation Course Outline
2 pages
Itil May 2018
No ratings yet
Itil May 2018
94 pages
Information Security Management Expert Based On ISO/IEC 27002
No ratings yet
Information Security Management Expert Based On ISO/IEC 27002
20 pages
PC0-001 (New)
No ratings yet
PC0-001 (New)
68 pages
ICGB
No ratings yet
ICGB
68 pages
English Preparation Guide Exin Isfs 201403
No ratings yet
English Preparation Guide Exin Isfs 201403
21 pages
Practice Test: CIW 1D0-520
No ratings yet
Practice Test: CIW 1D0-520
45 pages
4-Days PMP Exam Preparation Workshop
No ratings yet
4-Days PMP Exam Preparation Workshop
3 pages
Prince 2
No ratings yet
Prince 2
56 pages
Training
No ratings yet
Training
330 pages
Microsoft 70 347 PDF
No ratings yet
Microsoft 70 347 PDF
126 pages
Conservation Areas Act 1978
No ratings yet
Conservation Areas Act 1978
20 pages
Asset Management 101 The What Why and How For Your Community CNAM
No ratings yet
Asset Management 101 The What Why and How For Your Community CNAM
32 pages
Global Governance - Present and Future
No ratings yet
Global Governance - Present and Future
6 pages
USAID Gift To Kenya Counties $50M
100% (1)
USAID Gift To Kenya Counties $50M
182 pages
Flipkart Labels 19 Jan 2024 07 20
No ratings yet
Flipkart Labels 19 Jan 2024 07 20
4 pages
Constitutional Values Sem 1 & 2
No ratings yet
Constitutional Values Sem 1 & 2
7 pages
Upsc Polity Syllabus 12
No ratings yet
Upsc Polity Syllabus 12
3 pages
Shared Services Optimisation PDF
No ratings yet
Shared Services Optimisation PDF
12 pages
Midterm Reviewer
No ratings yet
Midterm Reviewer
6 pages
A Project Cycle Management and Logical Framework Toolkit - : A Practical Guide For Equal Development Partnerships
No ratings yet
A Project Cycle Management and Logical Framework Toolkit - : A Practical Guide For Equal Development Partnerships
68 pages
House of HR 2023 Annual Report Def
No ratings yet
House of HR 2023 Annual Report Def
104 pages
1657872754163223
No ratings yet
1657872754163223
24 pages
MoA PHIC Konsulta
No ratings yet
MoA PHIC Konsulta
3 pages
GPPB Resolution No. 05-2015
No ratings yet
GPPB Resolution No. 05-2015
17 pages
Reward-Management Perkins 9781843983774 c01
No ratings yet
Reward-Management Perkins 9781843983774 c01
25 pages
Guide Local Governance in Fragile and Conflict Settings
No ratings yet
Guide Local Governance in Fragile and Conflict Settings
188 pages
P. Gopalkrishnan v. State of Kerala, (2020) 9 SCC 161
No ratings yet
P. Gopalkrishnan v. State of Kerala, (2020) 9 SCC 161
41 pages
Understanding Policymaking in Indonesia: in Search of A Policy Cycle
No ratings yet
Understanding Policymaking in Indonesia: in Search of A Policy Cycle
39 pages
ZBC-BOARD-CHARTER
No ratings yet
ZBC-BOARD-CHARTER
23 pages
The Functioning of Internal Audit in Category A Municipalities in South Africa
No ratings yet
The Functioning of Internal Audit in Category A Municipalities in South Africa
433 pages
2030 HRH Strategy 19 3 2020
100% (1)
2030 HRH Strategy 19 3 2020
123 pages
NATO OPLAN Overview From 09-10
No ratings yet
NATO OPLAN Overview From 09-10
36 pages
ELECTORAL POLITICS ASSIGNMENT
No ratings yet
ELECTORAL POLITICS ASSIGNMENT
2 pages
Inquidia Business Analyst For Projects Doha
No ratings yet
Inquidia Business Analyst For Projects Doha
7 pages
IBM Tivoli Privacy Manager
No ratings yet
IBM Tivoli Privacy Manager
274 pages
MDS Brochure
No ratings yet
MDS Brochure
4 pages
ADL2601 Exam 2
No ratings yet
ADL2601 Exam 2
5 pages
Constitution - Science Club
No ratings yet
Constitution - Science Club
6 pages