Interdependency indicator -
Cobit5 Process Description EXAMPLE OF IMPLEMENTATION
Manage Availability and Capacity
Cobit5 Goal ID:
E-07
Cobit5 Process ID:
BAI04
Domain:
Enterprise Goal
Balanced Scorecard (BSC):
Customer
Sample Metrics:
• Number of customer service interruptions causing significant incidents
• Business cost of incidents
• Number of business processing hours lost due to unplanned service interruptions
• Percent of complaints as a function of committed service availability targets
Count the number business processing hours lost due to unplanned interruptions.
Ensure Resource Optimisation
Cobit5 Goal ID:
E-10
Cobit5 Process ID:
EDM04
Domain:
Enterprise Goal
Balanced Scorecard (BSC):
Customer
Sample Metrics:
• Frequency of service delivery cost optimisation assessments
• Trend of cost assessment vs. service level results
• Satisfaction levels of board and executive management with service delivery costs
Review the assessment reports for the performance in terms of service capabilities. Count the cases where the performance has deviated from the acceptable related baseline. Cross reference this number to the number of information security incidents.
Manage Risk
Cobit5 Goal ID:
E-03
Cobit5 Process ID:
APO12
Domain:
Enterprise Goal
Balanced Scorecard (BSC):
Financial
Sample Metrics:
• Percent of critical business objectives and services covered by risk assessment
• Ratio of significant incidents that were not identified in risk assessments vs. total incidents
• Frequency of update of risk profile
Review the risk assessment report and count the number of risks that may have an impact on the availability of service capabilities.
Manage Risk
Cobit5 Goal ID:
IT-04
Cobit5 Process ID:
APO12
Domain:
IT Goal
Balanced Scorecard (BSC):
Financial
Sample Metrics:
• Percent of critical business processes, IT services and IT-enabled business programmes covered by
risk assessment
• Number of significant IT-related incidents that were not identified in risk assessment
• Percent of enterprise risk assessments including IT-related risk
• Frequency of update of risk profile
Count the number of incidents that led to a loss of service capabilities and were not identified in the risk assessment report.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information