Interdependency indicator -
Cobit5 Process Description EXAMPLE OF IMPLEMENTATION
Manage Budget and Costs
Cobit5 Goal ID:
IT-04
Cobit5 Process ID:
APO06
Domain:
IT Goal
Balanced Scorecard (BSC):
Financial
Sample Metrics:
• Percent of critical business processes, IT services and IT-enabled business programmes covered by
risk assessment
• Number of significant IT-related incidents that were not identified in risk assessment
• Percent of enterprise risk assessments including IT-related risk
• Frequency of update of risk profile
Review the budget and cost allocation methodology. Count the services that have a high criticality based on the methodology.
Manage Availability and Capacity
Cobit5 Goal ID:
IT-14
Cobit5 Process ID:
BAI04
Domain:
IT Goal
Balanced Scorecard (BSC):
Internal
Sample Metrics:
• Level of business user satisfaction with quality and timeliness (or availability) of
management information
• Number of business process incidents caused by non-availability of information
• Ratio and extent of erroneous business decisions where erroneous or unavailable information
was a key factor
Review the availability requirements and forecast plan. Identify and count the number of services that have the highest availability requirements.
Ensure Risk Optimisation
Cobit5 Goal ID:
IT-06
Cobit5 Process ID:
EDM03
Domain:
IT Goal
Balanced Scorecard (BSC):
Financial
Sample Metrics:
• Percent of investment business cases with clearly defined and approved expected IT-related costs
and benefits
• Percent of IT services with clearly defined and approved operational costs and expected benefits
• Satisfaction survey of key stakeholders regarding the level of transparency, understanding and
accuracy of IT financial information
Count the number of services residing over the acceptable tolerance level of the organisation.
Manage Security
Cobit5 Goal ID:
IT-10
Cobit5 Process ID:
APO13
Domain:
IT Goal
Balanced Scorecard (BSC):
Internal
Sample Metrics:
• Number of security incidents causing financial loss, business disruption or public embarrassment
• Number of IT services with outstanding security requirements
• Time to grant, change and remove access privileges, compared to agreed-on service levels
• Frequency of security assessment against latest standards and guidelines
Count the number of deviations identified during the ISMS audits per service per period of time.
Manage Continuity
Cobit5 Goal ID:
E-07
Cobit5 Process ID:
DSS04
Domain:
Enterprise Goal
Balanced Scorecard (BSC):
Customer
Sample Metrics:
• Number of customer service interruptions causing significant incidents
• Business cost of incidents
• Number of business processing hours lost due to unplanned service interruptions
• Percent of complaints as a function of committed service availability targets
Review the business impact analysis and identify the number of services that have the smallest RTOs.
Manage Risk
Cobit5 Goal ID:
E-03
Cobit5 Process ID:
APO12
Domain:
Enterprise Goal
Balanced Scorecard (BSC):
Financial
Sample Metrics:
• Percent of critical business objectives and services covered by risk assessment
• Ratio of significant incidents that were not identified in risk assessments vs. total incidents
• Frequency of update of risk profile
Review the risk assessment results. Use the criteria selected for the assessment of risk and group the risks that have been identified based on their criticality.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information