CDI2 COBIT-2019-Design-Toolkit Tkt Eng 1218

12/02/2024
COBIT® 2019 Governance System Design Toolkit
COBIT® 2019 Governance System Design Workbook—Instructions
Terms & Definitions
Relative importance Relative importance (of governance and management objectives) is a number that indicates the influence of a certain design factor on the importance of a certain
COBIT governance or management objective as compared to a baseline (standard) situation. The number is calculated as a percentage difference between the
baseline and the current situation, as determined by the values given to the design factor at hand.
Instructions
Sheet
In this sheet all results of the impact assessment of the design factors are summarized. This is done in line with the governance system design flow explained in the
COBIT Design Guide.
Canvas The user can provide input in columns R/S to adjust the results of the automated calculations, taking into account the enterprise's specific context. When making
adjustments in column R, the spreadsheet expects an explanation in column S.
Sheet Input Section Output Section

In this sheet, the importance of different enterprise strategies can be described. The The output section of this sheet contains the calculated relative importance of
importance is expressed as an integer value between 1 (Not Important) and 5 each of the 40 COBIT 2019 Governance and Management Objectives
(Critical) and can be entered in cells C8-C11.
The chosen values are represented graphically in the two diagrams in the input
Description
section. The diagrams depict the same information, one in a bar chart, the other in a
spider chart.
DF1
[Optional] Enter values between 1 and 5 expressing the importance or relevance of a) Observe the resulting importance scores for each of the 40
each of the given generic enterprise strategies for the user enterprise governance/management objectives.
b) [Optional] Use the graphic(s) for reporting the outcome of this step in the
governance system design process. Both diagrams contain the same
information but in a different representation. Use the one that suits you best.
User Action Required
Copyright ISACA 2018 822790683.xlsx Instructions—Page 1

12/02/2024
Description
DF2
Description
DF3
Description
DF4
Description
DF5

12/02/2024
Description
DF6
Description
DF7
Description
DF8
Description
DF9

12/02/2024
Description
DF10
Chart 1
Chart 2

12/02/2024
COBIT® 2019 Governance System Design Workbook—Canvas
Step 2: Determine the initial scope of the Governance System Step 3: Refine the scope of the Governance System Step 4: Conclude the Scope of the Governance System
Enterprise IT-Related Threat Role of Sourcing IT Implementation Refined Scope: Concluded Scope:
Design Factors: Enterprise Strategy Goals Risk Profile Issues
Initial Scope: Governance/
Management Objectives Landscape Compliance Req's IT Model Methods Technology Adoption Strategy
Governance/ Adjustment
(between -100 and Reason
Governance/ Suggested Agreed Target
Target Capability Capability Level Reason
for IT Management Objectives Management Objectives
Score +100) Level
Score Priority
Weight 1 1 1 1 1 1 1 1 1 1
EDM01—Ensured Governance Framework Setting & 10 15 50 0 ### 50 0 40 -10 0 0 30 65 65 3 3
Maintenance
EDM02—Ensured Benefits Delivery 10 25 -70 0 ### -25 0 0 0 0 0 45 5 5 1 1
EDM03—Ensured Risk Optimization 5 15 -70 -5 ### -35 5 85 -5 20 0 30 40 40 2 2
EDM04—Ensured Resource Optimization 15 25 80 5 ### 85 0 0 -10 0 0 20 65 65 3 3
EDM05—Ensured Stakeholder Engagement -5 -30 55 -5 ### 10 0 40 -10 0 0 30 35 35 2 2
APO01—Managed I&T Management Framework 0 10 5 5 ### 15 0 30 -5 0 0 45 40 40 2 2
APO02—Managed Strategy -15 25 -50 5 ### -25 0 0 5 0 0 30 0 0 1 1
APO03—Managed Enterprise Architecture -25 25 -60 5 ### -35 0 0 5 0 5 55 5 5 1 1
APO04—Managed Innovation -5 25 -70 20 ### -20 0 0 5 0 0 35 5 5 1 1
APO05—Managed Portfolio -10 25 40 5 ### 40 0 0 0 0 0 50 50 50 3 3
APO06—Managed Budget & Costs 15 5 120 5 ### 100 0 0 -10 0 0 -20 55 55 3 3
APO07—Managed Human Resources -15 25 -35 -5 ### -20 0 0 -5 0 0 80 20 20 1 1
APO08—Managed Relationships 10 25 -55 0 ### -15 0 0 0 0 0 65 20 20 1 1
APO09—Managed Service Agreements 15 25 85 -5 ### 80 0 0 5 20 0 5 70 70 3 3
APO10—Managed Vendors 20 30 60 -10 ### 70 0 40 5 20 0 45 100 100 4 4
APO11—Managed Quality 10 5 -70 -10 ### -45 0 0 0 0 0 5 -30 -30 1 1
APO12—Managed Risk 5 35 -40 -5 ### -5 5 85 -10 10 0 25 50 50 3 3
APO13—Managed Security 5 20 -35 -10 ### -15 5 40 -5 0 0 0 10 10 1 1
APO14—Managed Data 0 -15 -55 -5 ### -50 0 30 -5 0 0 25 -10 -10 1 1
BAI01—Managed Programs -20 25 -70 5 ### -40 0 0 0 0 20 30 -5 -5 1 1
BAI02—Managed Requirements Definition 5 25 -70 5 ### -25 0 0 5 0 35 35 20 20 1 1
BAI03—Managed Solutions Identification & Build 5 25 -70 -5 ### -30 0 0 5 0 40 50 25 25 2 2
BAI04—Managed Availability & Capacity 10 30 -70 -15 ### -30 0 0 5 0 0 5 -15 -15 1 1
BAI05—Managed Organizational Change -25 25 -70 -5 ### -50 0 0 -10 0 25 40 -10 -10 1 1
BAI06—Managed IT Changes -10 25 10 0 ### 15 0 0 0 0 35 25 40 40 2 2
BAI07—Managed IT Change Acceptance and Transitioning -5 30 -5 0 ### 15 0 0 5 0 25 35 40 40 2 2
BAI08—Managed Knowledge -5 25 -20 0 ### 0 0 0 -10 0 0 30 10 10 1 1
BAI09—Managed Assets 0 -25 65 20 ### 40 0 0 -10 0 0 0 25 25 2 2
BAI10—Managed Configuration 0 30 10 0 ### 25 0 0 -5 0 15 30 40 40 2 2
BAI11—Managed Projects -20 25 -70 10 ### -35 0 0 5 0 25 35 5 5 1 1
DSS01—Managed Operations 5 25 45 -10 ### 45 0 0 -5 0 5 0 30 30 2 2
DSS02—Managed Service Requests & Incidents 10 30 5 -20 ### 15 0 0 0 0 0 0 10 10 1 1
DSS03—Managed Problems 10 30 5 -15 ### 20 0 0 -5 0 0 30 25 25 2 2
DSS04—Managed Continuity 10 30 -15 -10 ### 10 5 40 -5 0 0 30 40 40 2 2
Copyright ISACA 2018 822790683.xlsx Canvas—Page 5

12/02/2024
COBIT® 2019 Governance System Design Workbook—Canvas
Step 2: Determine the initial scope of the Governance System Step 3: Refine the scope of the Governance System Step 4: Conclude the Scope of the Governance System
Enterprise IT-Related Threat Role of Sourcing IT Implementation Refined Scope: Concluded Scope:
Design Factors: Enterprise Strategy Goals Risk Profile Issues
Initial Scope: Governance/
Management Objectives Landscape Compliance Req's IT Model Methods Technology Adoption Strategy
Governance/ Adjustment
(between -100 and Reason
Governance/ Suggested Agreed Target
Target Capability Capability Level Reason
for IT Management Objectives Management Objectives
Score +100) Level
Score Priority
Weight 1 1 1 1 1 1 1 1 1 1
DSS05—Managed Security Services 5 15 -15 -10 ### -5 0 85 -10 0 0 30 45 45 2 2
DSS06—Managed Business Process Controls 5 20 5 -20 ### 5 0 0 -15 0 0 0 0 0 1 1
MEA01—Managed Performance and Conformance Monitoring 0 5 30 -5 ### 20 0 0 -10 15 10 40 40 40 2 2
MEA02—Managed System of Internal Control 0 0 35 -5 ### 20 0 0 -10 0 0 0 10 10 1 1
MEA03—Managed Compliance with External Requirements 0 -15 -30 -25 ### -50 0 85 -5 0 0 0 5 5 1 1
MEA04—Managed Assurance 0 -5 -50 -5 ### -40 0 65 -10 0 0 0 0 0 1 1
Copyright ISACA 2018 822790683.xlsx Canvas—Page 6

12/02/2024
Information & Technology Governance System Design Information & Technology Governance System Design
Design Factor 1 Enterprise Strategy Design Factor 1 Enterprise Strategy
Input Section—Importance of Each Enterprise Strategy Archetype Input Section—Importance of Each Enterprise Strategy Archetype
Value Importance Baseline Design Factor 1 Enterprise Strategy

(1-5)
Importance of different strategies (Input)
Growth/Acquisition 1 3
Innovation/Differentiation 3 3
Cost Leadership 5 3
Client Service/Stability 4 3
5
Average 3.25
Design Factor 1 Enterprise Strategy 4
Stdev
Importance of different strategies1.48
(Input)
Correction Factor 0.92 3
0 1 2 3 4 5
2
1
1
Copyright ISACA 2018 822790683.xlsx DF1—Page 7

12/02/2024
5
Design Factor 1 Enterprise Strategy Design Factor 1 Enterprise Strategy
Output Section—Resulting relative importance of each governance/management objective Output Section—Resulting relative importance of each governance/management objective
Resulting Governance/Management Design Factor 1 Enterprise Strategy Design Factor 1 Enterprise Strategy
Objectives Importance Resulting Governance/Management Objectives Resulting Governance/Management Objectives Importance (Output)
Importance (Output)
Governance /
Management Score Baseline Relative
EDM02 EDM01 MEA04
Objective Score Importance
EDM03 MEA03
-100 -75 -50 -25 0 25 50 75 100
EDM04 MEA02
EDM01 17.5 15 10 EDM01 100
EDM02 28.5 24 10 EDM05 MEA01
EDM02
EDM03 17 15 5 EDM03 75
APO01 DSS06
EDM04 28.5 22.5 15 EDM04
50
EDM05 19 18 -5 EDM05 APO02 DSS05
APO01 13 12 0 APO01 25
APO02 25.5 28.5 -15 APO02 APO03 DSS04
0
APO03 19 24 -25 APO03
APO04 22 21 -5 APO04 APO04 -25 DSS03
APO05 32 33 -10 APO05
APO06 -50
APO06 28.5 22.5 15 APO05 DSS02
APO07 14 15 -15 APO07 -75
APO08 24.5 21 10 APO08
APO09 APO06 -100 DSS01
APO09 27.5 22.5 15
APO10 APO10
27.5 21 20
APO11 APO11
25 21 10 APO07 BAI11
APO12 APO12
20.5 18 5
APO13
APO13 19 16.5 5
APO14 APO08 BAI10
APO14 13 12 0
BAI01
BAI02 APO09 BAI09
BAI03
Copyright ISACA 2018 822790683.xlsx APO10 BAI08 DF1—Page 8
BAI04
BAI05
APO08
APO10 12/02/2024
APO11
APO07 BAI11
APO12
Information & Technology
APO13 Governance System Design Information & Technology Governance System Design
Design
APO14
Factor 1 Enterprise Strategy APO08 Design Factor 1 Enterprise BAI10
Strategy
BAI01
BAI01 23.5 27 -20
BAI02 APO09 BAI09
BAI02 15.5 13.5 5
BAI03
BAI03 15.5 13.5 5
BAI04 APO10 BAI08
BAI04 21 18 10
BAI05
BAI05 21 25.5 -25 APO11 BAI07
BAI06
BAI06 19 19.5 -10
BAI07 APO12 BAI06
BAI07 18.5 18 -5 BAI08
BAI08 APO13 BAI05
20.5 19.5 -5 BAI09 APO14 BAI04
BAI09 13 12 0 BAI01 BAI02 BAI03
BAI10
BAI10 13 12 0 BAI11
BAI11 24 27 -20 DSS01
DSS01 15 13.5 5 DSS02
DSS02 25 21 10 DSS03
DSS03 21 18 10 DSS04
DSS04 25 21 10 DSS05
DSS05 19 16.5 5 DSS06
DSS06 15 13.5 5 MEA01
MEA01 13 12 0 MEA02
MEA02 13 12 0 MEA03
MEA03 13 12 0 MEA04
MEA04 13 12 0

12/02/2024
Growth / Innovation / Client Service /

DF1 Acquisition Differentiation
Cost Leadership
Stability
EDM01 1.0 1.0 1.5 1.5
EDM02 1.5 1.0 2.0 3.5
EDM03 1.0 1.0 1.0 2.0
EDM04 1.5 1.0 4.0 1.0
EDM05 1.5 1.5 1.0 2.0
APO01 1.0 1.0 1.0 1.0
APO02 3.5 3.5 1.5 1.0
APO03 4.0 2.0 1.0 1.0
APO04 1.0 4.0 1.0 1.0
APO05 3.5 4.0 2.5 1.0
APO06 1.5 1.0 4.0 1.0
APO07 2.0 1.0 1.0 1.0
APO08 1.0 1.5 1.0 3.5
APO09 1.0 1.0 1.5 4.0
APO10 1.0 1.0 3.5 1.5
APO11 1.0 1.0 1.0 4.0
APO12 1.0 1.5 1.0 2.5
APO13 1.0 1.0 1.0 2.5
APO14 1.0 1.0 1.0 1.0
BAI01 4.0 2.0 1.5 1.5
BAI02 1.0 1.0 1.5 1.0
BAI03 1.0 1.0 1.5 1.0
BAI04 1.0 1.0 1.0 3.0
BAI05 4.0 2.0 1.0 1.5
BAI06 2.0 2.0 1.0 1.5
BAI07 1.5 2.0 1.0 1.5
BAI08 1.0 3.5 1.0 1.0
BAI09 1.0 1.0 1.0 1.0
BAI10 1.0 1.0 1.0 1.0
BAI11 3.5 3.0 1.5 1.0
DSS01 1.0 1.0 1.0 1.5
Copyright ISACA 2018 822790683.xlsx DF1map—Page 10

12/02/2024
Growth / Innovation / Client Service /

DF1 Acquisition Differentiation
Cost Leadership
Stability
DSS02 1.0 1.0 1.0 4.0
DSS03 1.0 1.0 1.0 3.0
DSS04 1.0 1.0 1.0 4.0
DSS05 1.0 1.0 1.0 2.5
DSS06 1.0 1.0 1.0 1.5
MEA01 1.0 1.0 1.0 1.0
MEA02 1.0 1.0 1.0 1.0
MEA03 1.0 1.0 1.0 1.0
MEA04 1.0 1.0 1.0 1.0

12/02/2024
Design Factor 2 Enterprise Goals Design Factor 2 Enterprise Goals
Input Section—Importance of Each Enterprise Goal Input Section—Importance of Each Enterprise Goal
Value Importance Baseline

(1-5)
EG01—Portfolio of competitive products and services 5 3 Design Factor 2 Enterprise Goals (Input)
EG02—Managed business risk 4 3
EG03—Compliance with external laws and regulations 3 3 EG01—Portfolio of competitive products and services 5
EG04—Quality of financial information 1 3
EG05—Customer-oriented service culture 5 3 EG02—Managed business risk 4
EG06—Business-service continuity and availability 4 3
EG07—Quality of management information 1 3 EG03—Compliance with external laws and regulations 3
EG08—Optimization of internal business process functionality 1 3
EG04—Quality of financial information 1
EG09—Optimization of business process costs 5 3
EG10—Staff skills, motivation and productivity 2 3
EG05—Customer-oriented service culture 5
EG11—Compliance with internal policies 1 3
EG12—Managed digital transformation programs 3 3
EG06—Business-service continuity and availability 4
EG13—Product and business innovation 4 3
Average 3.00 EG07—Quality of management information 1

Design Factor 2 Enterprise Goals (Input) Stdev 1.57
Correction Fact 1.00 EG08—Optimization of internal business process functionality 1
EG09—Optimization of business process costs 5

EG01—Portfolio of competitive products and services
EG13—Product and business innovation EG02—Managed business risk EG10—Staff skills, motivation and productivity 2
5
EG12—Managed digital transformation programs 4 EG03—Compliance with external laws and regulations
3 EG11—Compliance with internal policies 1
2
EG11—Compliance with internal policies 1 EG04—Quality of financial information
0 EG12—Managed digital transformation programs 3

EG10—Staff skills, motivation and productivity EG05—Customer-oriented service culture EG13—Product and business innovation 4
EG01—Portfolio of competitive products and services
EG13—Product and business innovation EG02—Managed business risk EG10—Staff skills, motivation and productivity 2 12/02/2024
COBIT® 2019 Governance System Design Toolkit 5
EG12—Managed digital transformation programs 4 EG03—Compliance with external laws and regulations
3 Information & Technology Governance System Design Information1& Technology Governance System Design
EG11—Compliance with internal policies
2 Design Factor 2 Enterprise Goals Design Factor 2 Enterprise Goals
EG11—Compliance with internal policies 1 EG04—Quality of financial information
0 EG12—Managed digital transformation programs 3
EG10—Staff skills, motivation and productivity EG05—Customer-oriented service culture EG13—Product and business innovation 4
EG09—Optimization of business process costs EG06—Business-service continuity and availability

EG08—Optimization of internal business process functionality EG07—Quality of management information
Resulting Governance/ Management Objectives

Importance
Governance /
Management Score
Baseline Relative Design Factor 2 Enterprise Goals
Objective
Score Importance Design Factor 2 Enterprise Goals Resulting Governance/Management Objectives Importance
Resulting Governance/ Man-
EDM01 112 99 15 agement Objectives Importance
EDM02 144 114 25
EDM03 71 63 15
EDM04 163 129 25
-100 -75 -50 -25 0 25 50 75 100
EDM05 44 63 -30 EDM01
EDM01 EDM02 MEA04
APO01 199 180 10 EDM02
EDM03 MEA03
APO02 EDM04 MEA02
164 132 25 EDM03
APO03 169 135 25 EDM04 EDM05 100 MEA01
APO04 EDM05
152 120 25 APO01 DSS06
APO01 75
APO05 177 141 25 APO02
APO06 121 117 5 APO02 50 DSS05
APO03
APO07 136 108 25 APO04 25
APO05 APO03 DSS04
APO08 238 189 25
APO06 0
APO07 APO04 DSS03
APO08 -25
APO09
-50
APO10 APO05 DSS02
EDM04 MEA02
EDM03
EDM04 EDM05 100 MEA01
EDM05 12/02/2024
COBIT® 2019 Governance System Design Toolkit APO01 DSS06
APO01 75
APO02
APO02 50 DSS05
Information & APO03
Technology Governance System Design Information & Technology Governance System Design
APO04
Design Factor 2 Enterprise Goals 25 Design Factor 2 Enterprise Goals
APO05 APO03 DSS04
APO06 0
APO09 79 63 25 APO07 APO04 DSS03
APO10 100 78 30 APO08 -25
APO11 139 132 5 APO09
-50
APO10 APO05 DSS02
APO12 48 36 35
APO11 -75
APO13 47 39 20 APO12
APO14 67 78 -15 APO13 APO06 -100 DSS01
BIA01 162 129 25 APO14
BAI02 218 174 25 BIA01
BAI02 APO07 BAI11
BAI03 209 165 25 BAI03
BAI04 89 69 30 BAI04
APO08 BAI10
BAI05 227 183 25 BAI05
BAI06 114 90 25 BAI06
BAI07 APO09 BAI09
BAI07 89 69 30 BAI08
BAI08 169 135 25 BAI09 APO10 BAI08
BAI09 37 51 -25 BAI10
BAI10 23 18 30 BAI11 APO11 BAI07
DSS01
BAI11 175 138 25
DSS02 APO12 BAI06
DSS01 79 63 25 DSS03 APO13 BAI05
DSS02 70 54 30 DSS04 APO14 BAI04
DSS03 70 54 30 DSS05 BIA01 BAI02 BAI03
DSS06
DSS04 70 54 30
MEA01
DSS05 94 81 15 MEA02
DSS06 125 105 20 MEA03
MEA01 140 135 5 MEA04
MEA02 136 135 0
MEA03 34 39 -15
MEA04 105 111 -5

12/02/2024
Agile portfolio of Compliance with external Transparency and Customer-oriented service Business service continuity Quality of management Optimization of internal Optimization of business Staff skills, motivation and Compliance with internal Managed business Product and business
competitive products and Managed business risks laws and regulations accuracy of financial culture and availability information business process process costs productivity policies transformation programs innovation
services information functionality
5 4 3 1 5 4 1 1 5 2 1 3 4
AG01 AG02 AG03 AG04 AG05 AG06 AG07 AG08 AG09 AG10 AG11 AG12 AG13
IT compliance and Enablement and Competent and

Security of information, Delivery of programs
Mapping table EG-GA support for business Managed Technology & Realized benefits from Quality of technology delivery of IT services Agility to turn business
processing
support of business
on time, on budget, and
Quality of IT
IT compliance with
motivated staff with Knowledge, expertise
compliance with Information related IT-enabled investments related financial in line with business requirements into processes by Management mutual understanding and initiatives for
infrastructure and meeting requirements internal policies
external laws and risks and services portfolio information requirements operational solutions Integrating applications Information of technology and business innovation
applications and quality standards
regulations and technology business.
Portfolio of agile and competitive

EG01 0 0 1 0 2 2 0 2 2 0 0 0 2
products and services
EG02 Managed business risks 1 2 0 0 0 0 1 0 0 0 1 0 0
Compliance with external laws and
EG03 2 0 0 0 0 0 0 0 0 0 2 0 0
regulations
Transparency and accuracy of financial
EG04 0 0 0 2 0 0 0 0 0 2 0 0 0
information
EG05 Customer-oriented service culture 0 0 1 0 1 1 0 2 1 0 0 1 0
Business service continuity and
EG06 0 1 0 0 1 0 2 0 0 0 0 0 0
availability
Accuracy (Quality?) of Management
EG07 0 0 0 2 0 0 0 0 0 2 0 0 0
Information
Optimization of business process
EG08 0 0 1 0 1 1 0 1 1 0 0 0 0
functionality
EG09 Optimization of business process costs 0 0 1 2 0 0 0 0 1 1 0 0 0
EG10 Staff skills, motivation and productivity 0 0 0 0 0 0 0 1 0 0 0 2 0
EG11 Compliance with internal policies 1 0 0 0 0 0 0 0 0 0 2 0 0
Managed business transformation
EG12 0 0 2 0 1 1 0 2 2 0 0 0 1
programs
EG13 Product and business innovation 0 0 0 0 0 1 0 1 1 0 0 0 2
AG01 AG02 AG03 AG04 AG05 AG06 AG07 AG08 AG09 AG10 AG11 AG12 AG13
IT compliance and Enablement and Competent and

Security of information, Delivery of programs
support for business Managed Technology & Realized benefits from Quality of technology delivery of IT services Agility to turn business support of business Quality of IT motivated staff with Knowledge, expertise
processing on time, on budget, and IT compliance with
compliance with Information related IT-enabled investments related financial in line with business requirements into processes by Management mutual understanding and initiatives for
infrastructure and meeting requirements internal policies
external laws and risks and services portfolio information requirements operational solutions Integrating applications Information of technology and business innovation
applications and quality standards
regulations and technology business.
11 12 22 14 23 23 12 33 31 9 12 9 21
EDM01 EDM02 EDM03 EDM04 EDM05 APO01 APO02 APO03 APO04 APO05 APO06 APO07 APO08 APO09 APO10 APO11 APO12 APO13 APO14 BAI01 BAI02 BAI03 BAI04 BAI05 BAI06 BAI07 BAI08 BAI09 BAI10 BAI11 DSS01 DSS02 DSS03 DSS04 DSS05 DSS06 MEA01 MEA02 MEA03 MEA04
Managed Managed IT Managed Managed Managed Managed Managed

Mapping Table AG-GMO Ensured Governance Ensured Resource Ensured Stakeholder Managed IT Management Managed Human Managed Managed Managed Managed Managed Managed Managed Solutions Managed Managed Managed IT Change Managed Managed Managed Managed Managed Service Managed Managed Managed Business Performance System of Compliance Managed
Framework Setting & Ensured Benefits Delivery Ensured Risk Optimization Optimization Transparency Framework Managed Strategy Managed Architecture Managed Innovation Managed Portfolio Managed Budget & Costs Resources Managed Relationships Service Suppliers Quality Managed Risk Information Data Programs Requirements Identification Availability & Organizationa Changes Acceptance & Knowledge Assets Configuration Projects Operations Requests & Problems Continuity Security Process &
Conformance Internal
with External Internal Audit
Maintenance Agreements Security Definition & Build Capacity l Change Transitioning Incidents Services Controls Control Requirements
Monitoring
IT compliance and support for business

AG01 compliance with external laws and 1 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 2 1
regulations
Managed Technology & Information

AG02 related risks 1 0 2 0 0 1 0 0 0 0 0 0 0 0 0 0 2 1 1 0 0 0 0 0 1 1 0 0 0 0 0 1 1 1 2 1 0 1 0 1
Realized benefits from IT-enabled

AG03 investments and services portfolio 2 2 0 1 0 2 1 1 1 2 1 1 1 0 0 1 0 0 0 2 1 1 0 2 0 0 1 0 0 2 0 0 0 0 0 0 1 0 0 0
Quality of technology related financial

AG04 information 0 0 0 0 1 0 0 0 0 0 2 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 1 0 1
Delivery of IT services in line with business

AG05 requirements 0 1 0 1 0 1 1 1 0 2 0 1 2 2 2 1 0 0 0 0 2 2 2 1 1 0 0 0 1 1 2 2 2 2 1 1 2 1 0 1
Agility to turn business requirements into

AG06 operational solutions 0 1 0 1 0 0 1 2 2 1 0 0 2 0 1 0 0 0 0 1 2 2 0 1 2 2 1 0 0 2 0 0 0 0 0 0 0 0 0 0
Security of information, processing

AG07 infrastructure and applications 0 0 2 0 0 1 0 1 0 0 0 0 0 0 0 0 2 2 1 0 0 0 1 0 0 0 0 0 0 0 0 1 1 1 2 1 0 1 0 1
Enablement and support of business

AG08 processes by Integrating applications and 1 1 0 1 0 1 2 2 1 1 0 0 1 1 0 0 0 0 0 1 1 1 0 2 1 0 1 0 0 0 1 0 0 0 0 2 0 0 0 0
technology
Delivery of programs on time, on budget,

AG09 and meeting requirements and quality 0 0 0 2 0 1 0 0 0 1 2 1 1 0 1 2 0 0 0 2 2 2 1 2 0 1 1 0 0 2 0 0 0 0 0 0 1 1 0 0
standards
AG10 Quality of IT Management Information 0 0 0 0 2 1 0 0 0 0 1 0 0 0 0 2 0 0 2 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 2 1 0 1

AG11 IT compliance with internal policies 1 0 1 0 1 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 2 1 2
Competent and motivated staff with
AG12 mutual understanding of technology and 0 0 0 0 0 0 1 0 1 0 0 2 2 0 0 0 0 0 0 0 1 0 0 1 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0
business.
Knowledge, expertise and initiatives for
AG13 business innovation 0 1 0 0 0 0 1 0 2 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0
EDM01 EDM02 EDM03 EDM04 EDM05 APO01 APO02 APO03 APO04 APO05 APO06 APO07 APO08 APO09 APO10 APO11 APO12 APO13 APO14 BAI01 BAI02 BAI03 BAI04 BAI05 BAI06 BAI07 BAI08 BAI09 BAI10 BAI11 DSS01 DSS02 DSS03 DSS04 DSS05 DSS06 MEA01 MEA02 MEA03 MEA04
Managed Managed IT Managed Managed Managed

Ensured Governance Ensured Resource Ensured Stakeholder Managed IT Management Managed Human Managed Managed Managed Managed Managed Managed Managed Managed Managed Managed Performance Managed Managed
Framework Setting & Ensured Benefits Delivery Ensured Risk Optimization Optimization Transparency Framework Managed Strategy Managed Architecture Managed Innovation Managed Portfolio Managed Budget & Costs Resources Managed Relationships Service Suppliers Quality Managed Risk Information Data Programs Requirements Solutions Availability & Organizationa Managed
Identification Capacity Changes
IT Change Managed
Acceptance & Knowledge
Managed
Assets
Managed Managed
Configuration Projects
Managed
Operations
Service
Requests &
Managed
Problems
Managed
Continuity Security Business
Process & System of Compliance Managed
Conformance Internal
with External Internal Audit
Maintenance Agreements Security Definition & Build l Change Transitioning Incidents Services Controls Control Requirements
Monitoring
112 144 71 163 44 199 164 169 152 177 121 136 238 79 100 139 48 47 67 162 218 209 89 227 114 89 169 37 23 175 79 70 70 70 94 125 140 136 34 105
Baseline 99 114 63 129 63 180 132 135 120 141 117 108 189 63 78 132 36 39 78 129 174 165 69 183 90 69 135 51 18 138 63 54 54 54 81 105 135 135 39 111
Imp® 13 26 12 26 -31 10 24 25 26 25 3 25 25 25 28 5 33 20 -15 25 25 26 28 24 26 28 25 -28 27 26 25 29 29 29 16 19 3 0 -13 -6

12/02/2024
Design Factor 3 Risk Profile Design Factor 3 Risk Profile
Input Section—Importance of Each Generic IT Risk Category Input Section—Importance of Each Generic IT Risk Category
Impact Likelihood Design Factor 3 IT Risk Profile

Risk Scenario Category (1-5) (1-5) Risk Rating Baseline
Risk Rating of IT Risk Scenario Categories (Input)
IT investment decision making, portfolio definition &
maintenance 1 1 9 Very High Risk 0 5 10 15 20 25 30
IT investment decision making, portfolio definition & maintenance
Program & projects life cycle management 1 1 9 High Risk
Program & projects life cycle management
IT cost & oversight 5 5 9 Normal Risk
IT cost & oversight
IT expertise, skills & behavior 1 1 9 Low Risk
IT expertise, skills & behavior
Enterprise/IT architecture 1 1 9
Enterprise/IT architecture
IT operational infrastructure incidents 3 3 9
Unauthorized actions 2 2 9 IT operational infrastructure incidents
Software adoption/usage problems 1 1 9 Unauthorized actions

Hardware incidents 2 2 9 Software adoption/usage problems
Software failures 1 1 9 Hardware incidents
Logical attacks (hacking, malware, etc.) 1 1 9
Software failures
Third-party/supplier incidents 2 2 9
Logical attacks (hacking, malware, etc.)
Noncompliance 1 1 9
Third-party/supplier incidents
Geopolitical Issues 1 1 9
Industrial action 1 1 9 Noncompliance
Acts of nature 1 1 9 Geopolitical Issues

Technology-based innovation 1 1 9 Industrial action
Environmental 1 1 9 Acts of nature
Data & information management 1 1 9
Technology-based innovation
Environmental
Average 3.16
Stdev 5.52 Data & information management
Correction Factor 2.85

12/02/2024
Design Factor 3 Risk Profile Design Factor 3 Risk Profile
Resulting Governance/Management
Objectives Importance Design Factor 3 IT Risk Profile Design Factor 3 IT Risk Profile
Resulting Governance/Management Resulting Governance/Management Objectives Importance
Governance / Baseline Relative Objectives Importance
Management Score Score Importance
Objective
EDM01 99 189 50 -100 -75 -50 -25 0 25 50 75 100

EDM02 15 135 -70 EDM01
EDM03 18 162 -70 EDM02
EDM04 EDM03
124 198 80
EDM04
EDM05 102 189 55
EDM05
APO01 121 324 5 EDM01
APO01 EDM02 MEA04
APO02 25 144 -50 EDM03 MEA03
APO02 EDM04 MEA02
APO03 25 171 -60
APO03 EDM05 MEA01
APO04 5 45 -70 100
APO04
APO05 70 144 40 APO01 DSS06
APO05 75
APO06 119 153 120 APO06 APO02 DSS05
APO07 49 216 -35 50
APO07
APO08 23 153 -55 APO08 25
APO03 DSS04
APO09 76 117 85 APO09 0
APO10 123 216 60 APO10 APO04 DSS03
APO11 -25
11 99 -70 APO11
APO12 19 90 -40 APO12 APO05 -50 DSS02
APO13 23 99 -35 APO13 -75
APO14 31 198 -55 APO14
APO06 -100 DSS01
BIA01 9 81 -70 BIA01
BAI02 13 117 -70 BAI02
BAI03 13 117 -70 BAI03 APO07 BAI11
BAI04 1 9 -70 BAI04
BAI05 8 72 -70 BAI05 APO08 BAI10
BAI06 51 135 10 BAI06
BAI07 BAI07 APO09 BAI09

38 117 -5
BAI08
BAI08 39 135 -20
BAI09 APO10 BAI08
BAI10
BAI11 APO11 BAI07
DSS01 APO12 BAI06
DSS02 APO13 BAI05
BAI02
BAI03 APO07 BAI11
BAI04 12/02/2024
BAI05 APO08 BAI10
BAI06
BAI07
Governance System Design Information & Technology Governance System Design
APO09
Design Factor 3 Risk Profile DesignBAI09
Factor 3 Risk Profile
BAI08
BAI09 APO10 BAI08
BAI09 21 36 65
BAI10
BAI10 39 99 10 APO11 BAI07
BAI11
BAI11 4 36 -70
DSS01 APO12 BAI06
DSS01 68 135 45
DSS02 APO13 BAI05
DSS02 52 144 5 DSS03 APO14 BAI04
DSS03 39 108 5 BIA01 BAI02 BAI03
DSS04
DSS04 66 216 -15 DSS05
DSS05 66 216 -15 DSS06
DSS06 52 144 5 MEA01
MEA01 100 216 30 MEA02
MEA02 114 243 35 MEA03
MEA03 37 153 -30 MEA04
MEA04 40 225 -50

12/02/2024
RISKCAT01 RISKCAT02 RISKCAT03 RISKCAT04 RISKCAT05 RISKCAT06 RISKCAT07 RISKCAT08 RISKCAT09 RISKCAT10 RISKCAT11 RISKCAT12 RISKCAT13 RISKCAT14 RISKCAT15 RISKCAT16 RISKCAT17 RISKCAT18 RISKCAT19
DF3 IT Investment
Decision Making,
Program &
Projects Life IT Cost & IT Expertise,
Skills &
Enterprise/ IT Operational
Infrastructure
Unauthorized
Software
Adoption/ Hardware Software Logical Attacks
(Hacking,
Third-Party/
Supplier Noncompliance
Geopolitical Industrial
Acts of Nature
Technology-
Based Environmental
Data &
Information
Portfolio Definition & Cycle Oversight IT Architecture Actions Usage Incidents Failures Issues Action
Maintenance Management Behavior Incidents Problems Malware, etc.) Incidents Innovation Management
EDM01 3.0 2.0 3.0 0.0 0.0 0.0 2.0 0.0 0.0 0.0 0.0 0.0 3.0 2.0 0.0 0.0 2.0 2.0 2.0
EDM02 3.0 2.0 0.0 0.0 2.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 1.0 0.0 0.0 0.0 3.0 1.0 3.0
EDM03 2.0 2.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 1.0 2.0 0.0 3.0 3.0 0.0 0.0 0.0 2.0 3.0
EDM04 3.0 0.0 4.0 3.0 2.0 0.0 0.0 0.0 0.0 0.0 0.0 2.0 1.0 0.0 2.0 0.0 0.0 2.0 3.0
EDM05 3.0 1.0 3.0 0.0 0.0 0.0 2.0 0.0 0.0 1.0 0.0 1.0 3.0 3.0 0.0 0.0 0.0 2.0 2.0
APO01 2.0 3.0 2.0 0.0 2.0 2.0 4.0 2.0 0.0 2.0 3.0 3.0 3.0 0.0 0.0 0.0 3.0 2.0 3.0
APO02 2.0 0.0 0.0 0.0 3.0 0.0 0.0 2.0 1.0 0.0 1.0 2.0 0.0 0.0 0.0 0.0 2.0 2.0 1.0
APO03 2.0 0.0 0.0 0.0 4.0 0.0 0.0 2.0 0.0 2.0 2.0 2.0 0.0 0.0 0.0 0.0 2.0 0.0 3.0
APO04 0.0 0.0 0.0 0.0 1.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 4.0 0.0 0.0
APO05 4.0 2.0 2.0 0.0 2.0 0.0 0.0 2.0 2.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 2.0 0.0 0.0
APO06 2.0 3.0 4.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 2.0 0.0 2.0 0.0 0.0 2.0 2.0 0.0
APO07 0.0 0.0 0.0 4.0 0.0 2.0 3.0 3.0 0.0 0.0 2.0 0.0 0.0 2.0 4.0 0.0 2.0 2.0 0.0
APO08 0.0 0.0 0.0 2.0 2.0 0.0 0.0 4.0 0.0 0.0 2.0 2.0 0.0 0.0 0.0 0.0 3.0 0.0 2.0
APO09 0.0 0.0 2.0 0.0 0.0 0.0 2.0 3.0 0.0 1.0 2.0 3.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
APO10 0.0 2.0 3.0 0.0 0.0 0.0 2.0 2.0 3.0 2.0 2.0 4.0 2.0 2.0 0.0 0.0 0.0 0.0 0.0
APO11 0.0 3.0 0.0 0.0 0.0 0.0 0.0 2.0 0.0 4.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 2.0
APO12 0.0 0.0 0.0 0.0 0.0 0.0 3.0 0.0 0.0 2.0 3.0 0.0 0.0 0.0 0.0 2.0 0.0 0.0 0.0
APO13 0.0 0.0 0.0 0.0 0.0 0.0 4.0 0.0 0.0 0.0 4.0 0.0 3.0 0.0 0.0 0.0 0.0 0.0 0.0
APO14 0.0 0.0 0.0 0.0 0.0 0.0 3.0 2.0 0.0 0.0 2.0 0.0 3.0 0.0 2.0 4.0 2.0 0.0 4.0
BAI01 0.0 4.0 0.0 0.0 2.0 0.0 0.0 3.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
BAI02 2.0 2.0 0.0 0.0 2.0 0.0 0.0 3.0 0.0 2.0 2.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
BAI03 0.0 3.0 0.0 0.0 2.0 0.0 0.0 2.0 0.0 3.0 3.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
BAI04 0.0 1.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
BAI05 0.0 2.0 0.0 2.0 0.0 0.0 0.0 4.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
BAI06 0.0 0.0 0.0 0.0 0.0 3.0 4.0 0.0 0.0 2.0 3.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 3.0
BAI07 0.0 0.0 0.0 0.0 0.0 2.0 3.0 2.0 0.0 4.0 2.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
BAI08 0.0 0.0 0.0 2.0 0.0 3.0 0.0 3.0 0.0 3.0 0.0 0.0 0.0 0.0 2.0 0.0 0.0 0.0 2.0
BAI09 0.0 0.0 0.0 0.0 0.0 1.0 3.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
BAI10 0.0 0.0 0.0 0.0 0.0 2.0 4.0 0.0 0.0 2.0 3.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
BAI11 0.0 4.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
DSS01 0.0 0.0 0.0 0.0 0.0 4.0 3.0 0.0 4.0 0.0 2.0 0.0 0.0 0.0 0.0 0.0 0.0 2.0 0.0
DSS02 0.0 0.0 0.0 0.0 0.0 3.0 2.0 3.0 2.0 2.0 4.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
DSS03 0.0 0.0 0.0 0.0 0.0 3.0 1.0 4.0 0.0 3.0 1.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
DSS04 0.0 0.0 0.0 0.0 0.0 3.0 3.0 0.0 3.0 0.0 4.0 0.0 2.0 0.0 3.0 4.0 0.0 0.0 2.0
DSS05 0.0 0.0 0.0 0.0 0.0 3.0 4.0 0.0 2.0 0.0 4.0 0.0 3.0 0.0 3.0 2.0 0.0 0.0 3.0

12/02/2024
RISKCAT01 RISKCAT02 RISKCAT03 RISKCAT04 RISKCAT05 RISKCAT06 RISKCAT07 RISKCAT08 RISKCAT09 RISKCAT10 RISKCAT11 RISKCAT12 RISKCAT13 RISKCAT14 RISKCAT15 RISKCAT16 RISKCAT17 RISKCAT18 RISKCAT19
DF3 IT Investment
Decision Making,
Program &
Projects Life IT Cost & IT Expertise,
Skills &
Enterprise/ IT Operational
Infrastructure
Unauthorized
Software
Adoption/ Hardware Software Logical Attacks
(Hacking,
Third-Party/
Supplier Noncompliance
Geopolitical Industrial
Acts of Nature
Technology-
Based Environmental
Data &
Information
Portfolio Definition & Cycle Oversight IT Architecture Actions Usage Incidents Failures Issues Action
Maintenance Management Behavior Incidents Problems Malware, etc.) Incidents Innovation Management
DSS06 0.0 0.0 0.0 0.0 0.0 3.0 4.0 2.0 0.0 0.0 2.0 0.0 2.0 0.0 0.0 0.0 0.0 0.0 3.0
MEA01 1.0 2.0 2.0 0.0 0.0 2.0 2.0 0.0 0.0 2.0 3.0 2.0 2.0 2.0 0.0 2.0 0.0 0.0 2.0
MEA02 1.0 2.0 2.0 0.0 0.0 3.0 3.0 0.0 0.0 2.0 3.0 2.0 2.0 3.0 0.0 2.0 0.0 0.0 2.0
MEA03 0.0 1.0 0.0 0.0 0.0 1.0 2.0 0.0 0.0 0.0 3.0 2.0 4.0 2.0 0.0 0.0 0.0 0.0 2.0
MEA04 1.0 2.0 0.0 0.0 0.0 0.0 3.0 0.0 0.0 2.0 3.0 2.0 2.0 4.0 0.0 2.0 2.0 0.0 2.0

12/02/2024
Design Factor 4 IT-Related Issues Design Factor 4 IT-Related Issues
Input Section—Importance of Each Generic IT-Related Issue Input Section—Importance of Each Generic IT-Related Issue
IT-Related Issue Importance Baseline

(1-3) Design Factor 4 IT-Related Issues
Importance of IT-Related Issues (Input)
Frustration between different IT entities across the organization because
of a perception of low contribution to business value 2 No Issue 0 1 2 3
Frustration between business departments (i.e., the IT customer) and the

IT department because of failed initiatives or a perception of low 2 Issue
contribution to business value
Significant IT-related incidents, such as data loss, security breaches,

project failure and application errors, linked to IT
2 Serious Issue
oard members, executives or senior management to engage with IT, or a lack of committed business sponsorship for IT
Service delivery problems by the IT outsourcer(s) 2
Failures to meet IT-related regulatory or contractual requirements 2
Regular audit findings or other assessment reports about poor IT

2
performance or reported IT quality or service problems
Substantial hidden and rogue IT spending, that is, IT spending by user

departments outside the control of the normal IT investment decision 2
mechanisms and approved budgets
Duplications or overlaps between various initiatives, or other forms of

2
wasted resources
Insufficient IT resources, staff with inadequate skills or staff

2
burnout/dissatisfaction
IT-enabled changes or projects frequently failing to meet business needs

2
and delivered late or over budget
Reluctance by board members, executives or senior management to

2
engage with IT, or a lack of committed business sponsorship for IT
Complex IT operating model and/or unclear decision mechanisms for IT-

2
related decisions
Excessively high cost of IT 2
Obstructed or failed implementation of new initiatives or innovations

2
caused by the current IT architecture and systems
Gap between business and technical knowledge, which leads to business

users and information and/or technology specialists speaking different 2
languages

Reluctance by board members, executives or senior managem
12/02/2024
Design Factor 4 IT-Related Issues Design Factor 4 IT-Related Issues
Regular issues with data quality and integration of data across various
2
sources
High level of end-user computing, creating (among other problems) a lack

of oversight and quality control over the applications that are being 2
developed and put in operation
Business departments implementing their own information solutions with

little or no involvement of the enterprise IT department (related to end-
user computing, which often stems from dissatisfaction with IT solutions 2 Average 1.30
and services)
Ignorance of and/or noncompliance with privacy regulations 2 Stdev 0.46

Inability to exploit new technologies or innovate using I&T 2
Correction 1.54
Factor
Resulting Governance/ Management Design Factor 4 IT-Related Issues

Objectives Importance Resulting Governance/ Management Objectives Design Factor 4 IT-Related Issues
Importance Resulting Governance/Management Objectives Importance
Governance / Baseline Relative
Objective -100 -75 -50 -25 0 25 50 75 100
EDM01 46.5 70 0 EDM01
EDM02 EDM02
46 70 0
EDM03 EDM03
29 47 -5
EDM04
EDM04 45.5 67 5 EDM02 EDM01 MEA04
EDM05 EDM03 MEA03
EDM05 25.5 41 -5
APO01 EDM04 MEA02
APO01 39 56 5
APO02
APO02 33.5 50 5 EDM05 100 MEA01
APO03
APO03 46 66 5 APO04 APO01 75 DSS06
APO04 24.5 32 20 APO05
APO05 46 68 5 APO06 APO02 50 DSS05
APO06 41.5 62 5 APO07
25
APO07 29 47 -5 APO08 APO03 DSS04
APO08 45.5 70 0 APO09 0
APO09 26.5 43 -5 APO10 APO04 DSS03
-25
APO10 23 39 -10 APO11
APO12 -50
APO05 DSS02
APO13
Copyright ISACA 2018 APO14 822790683.xlsx -75 DF4—Page 22
BIA01
APO06 -100 DSS01
75
APO05
APO06 APO02 50 DSS05
12/02/2024
COBIT® 2019 Governance System Design Toolkit APO07
25
APO08 APO03 DSS04
Information & APO09
Technology Governance System Design 0
Information & Technology Governance System Design
APO10 Factor 4 IT-Related Issues
Design APO04 Design Factor 4 IT-Related
DSS03Issues
-25
APO11
APO11 25 43 -10 APO12 -50
APO05 DSS02
APO12 32.5 52 -5 APO13
APO14 -75
APO13 19.5 33 -10
BIA01
APO14 37.5 60 -5 APO06 -100 DSS01
BAI02
BIA01 24 35 5
BAI03
BAI02 34.5 51 5
BAI04 APO07 BAI11
BAI03 25.5 41 -5
BAI05
BAI04 13 23 -15 BAI06
BAI05 17.5 28 -5 BAI07
APO08 BAI10
BAI06 27 42 0 BAI08
BAI07 24.5 38 0 BAI09 APO09 BAI09
BAI08 20 31 0 BAI10
BAI09 18 23 20 BAI11 APO10 BAI08
BAI10 16.5 25 0 DSS01
BAI11 DSS02 APO11 BAI07
31.5 45 10
DSS01 16 27 -10 DSS03
APO12 BAI06
DSS02 17.5 33 -20 DSS04
APO13 BAI05
DSS03 DSS05
18 32 -15 APO14 BAI04
DSS04 DSS06 BIA01 BAI03
12.5 21 -10 BAI02
MEA01
DSS05 16.5 29 -10
MEA02
DSS06 15.5 29 -20
MEA03
MEA01 37.5 61 -5
MEA04
MEA02 29 48 -5
MEA03 14.5 29 -25
MEA04 35 58 -5

12/02/2024
Frustration between different Frustration between business Significant IT-related Regular audit findings or Substantial hidden and rogue IT IT-enabled changes or Reluctance by board members, Obstructed or failed Gap between business and technical High level of end-user computing,
IT entities across the departments (i.e., the IT customer) incidents, such as data loss, Failures to meet IT-related other assessment reports spending, that is, IT spending by user Duplications or overlaps Insufficient IT resources, staff projects frequently failing to executives or senior management Complex IT operating model implementation of new knowledge, which leads to business Regular issues with data creating (among other problems) a Business departments implementing Ignorance of and/or Inability to exploit new
DF4 organization because of a and the IT department because of security breaches, project Service delivery problems by regulatory or contractual about poor IT performance departments outside the control of between various initiatives with inadequate skills or meet business needs and to engage with IT, or a lack of and/or unclear decision Excessively high cost of IT initiatives or innovations users and information and/or quality and integration of lack of oversight and quality their own information solutions with noncompliance with technologies or innovate
perception of low contribution failed initiatives or a perception of failure and application the IT outsourcer(s) requirements or reported IT quality or the normal IT investment decision or other forms of wasted staff burnout / delivered late or over committed business sponsorship mechanisms for IT-related caused by the current IT technology specialists speaking data across various sources control over the applications that little or no involvement of the privacy regulations using I&T
to business value low contribution to business value errors, linked to IT service problems mechanisms and approved budgets resources dissatisfaction budget for IT decisions architecture and systems different languages are being developed and put in enterprise IT department
operation
EDM01 3.0 3.0 1.0 1.0 2.0 2.0 2.0 1.0 1.0 1.0 3.0 3.5 1.0 1.0 1.0 1.0 2.0 3.0 1.5 1.0 35
EDM02 2.5 3.0 1.0 1.0 1.5 2.5 2.0 1.5 0.5 2.5 1.5 1.0 3.0 2.0 1.0 1.0 2.0 2.0 1.0 2.5 35
EDM03 1.0 1.0 2.0 1.0 2.0 2.0 1.0 1.0 0.0 0.5 1.0 0.0 1.0 1.5 1.0 2.0 1.0 1.0 2.5 1.0 24
EDM04 1.0 1.0 1.0 1.0 1.0 2.0 3.0 3.5 3.5 1.0 1.5 0.0 4.0 2.0 1.0 1.5 2.0 2.5 0.0 1.0 34
EDM05 1.0 1.0 1.0 1.0 1.5 2.0 1.0 1.0 0.0 1.0 3.0 1.5 1.5 0.5 0.0 0.5 1.0 1.0 1.0 0.0 21
APO01 2.0 1.0 2.0 1.0 2.0 2.0 1.0 1.0 0.0 0.5 1.5 4.0 1.0 2.0 1.0 1.0 1.5 2.0 0.5 1.0 28
APO02 1.5 1.5 1.5 1.5 1.0 1.5 1.0 1.0 0.0 1.0 2.5 0.5 0.5 1.5 1.5 0.5 2.0 2.0 0.0 2.5 25
APO03 1.0 1.5 1.0 2.0 0.5 1.5 2.0 1.5 1.0 3.5 0.5 0.5 1.0 4.0 1.0 3.5 2.0 3.0 0.0 2.0 33
APO04 1.0 1.0 1.0 1.0 0.5 0.5 0.5 0.5 0.0 0.0 0.5 1.0 0.5 2.0 1.0 0.0 0.5 0.5 0.0 4.0 16
APO05 3.0 3.0 1.0 1.5 2.0 2.0 1.5 3.5 0.5 2.0 2.0 1.5 2.0 1.0 0.5 0.0 2.5 2.5 0.0 2.0 34
APO06 3.5 2.0 1.0 1.5 1.5 2.0 4.0 3.0 1.0 2.0 1.0 1.5 4.0 0.0 0.0 0.0 1.0 2.0 0.0 0.0 31
APO07 1.5 1.0 1.0 1.0 1.0 1.5 2.0 2.0 4.0 1.0 0.0 0.0 1.0 0.0 3.0 0.0 0.5 0.5 1.5 1.0 24
APO08 2.5 2.0 1.0 2.5 1.5 1.0 2.5 2.0 1.5 1.0 3.0 1.0 0.5 1.0 4.0 1.0 3.0 3.5 0.0 0.5 35
APO09 2.0 1.5 2.0 4.0 1.0 2.5 1.5 2.0 0.5 1.0 0.0 0.0 1.0 0.0 0.0 0.0 1.0 1.5 0.0 0.0 22
APO10 1.0 1.0 2.0 4.0 1.5 1.5 1.5 0.0 1.5 1.0 0.0 0.0 1.0 0.0 0.0 0.0 0.5 2.0 1.0 0.0 20
APO11 1.0 1.0 3.0 1.5 1.0 3.0 0.0 0.0 0.0 2.0 0.0 0.0 0.0 0.5 0.5 3.0 2.0 2.0 0.0 1.0 22
APO12 1.0 0.5 2.5 1.5 2.0 2.0 1.0 1.0 0.5 1.0 1.0 1.0 1.0 1.0 1.0 2.0 1.0 1.5 2.5 1.0 26
APO13 0.0 0.0 3.5 1.0 2.0 1.0 0.0 1.0 0.0 0.5 0.0 0.0 0.0 0.0 0.0 1.5 2.0 1.0 2.0 1.0 17
APO14 1.0 1.5 3.0 1.0 2.5 1.5 1.0 1.5 0.0 1.5 0.0 0.0 0.5 2.5 0.5 4.0 2.5 2.0 3.0 0.5 30
BAI01 0.0 1.0 1.5 0.0 0.0 0.0 0.0 3.0 1.0 3.5 0.0 0.0 1.5 0.5 1.0 0.0 1.5 2.0 0.0 1.0 18
BAI02 0.0 3.0 0.0 0.0 0.5 2.0 0.0 2.0 0.0 3.5 0.0 1.0 1.0 2.0 2.0 1.5 2.5 3.0 0.5 1.0 26
BAI03 1.0 2.0 2.0 0.0 0.0 2.0 0.0 1.0 0.0 3.0 0.0 0.5 1.0 1.0 1.0 0.5 2.0 2.0 1.0 0.5 21
BAI04 0.5 0.0 2.0 3.0 0.0 2.0 0.0 0.0 0.0 0.0 0.0 0.0 0.5 0.0 0.0 1.0 1.0 1.0 0.0 0.5 12
BAI05 1.0 3.0 0.0 0.0 0.0 0.0 0.0 0.5 0.0 3.0 1.0 0.0 0.0 0.5 2.0 0.0 0.5 1.5 0.0 1.0 14
BAI06 0.0 0.0 2.5 3.0 0.5 1.5 0.0 1.0 0.0 1.5 0.0 1.0 0.5 1.0 0.5 2.0 2.0 2.0 1.0 1.0 21
BAI07 0.0 1.0 2.0 2.0 0.5 1.5 0.0 0.5 0.0 2.0 0.0 1.0 0.0 1.0 0.5 2.0 2.0 2.0 0.0 1.0 19
BAI08 0.0 0.0 0.0 1.5 0.5 0.5 0.0 1.0 2.0 0.5 0.0 0.5 0.0 1.0 3.0 2.0 1.0 1.5 0.0 0.5 16
BAI09 0.5 0.5 1.0 0.0 0.0 0.0 2.0 2.0 0.0 0.0 0.0 0.0 2.0 1.0 0.0 0.0 1.0 1.5 0.0 0.0 12
BAI10 0.0 0.0 2.5 2.0 0.5 0.0 0.0 0.5 0.0 0.0 0.0 0.0 1.0 1.5 0.0 1.5 1.0 2.0 0.0 0.0 13
BAI11 1.0 2.0 2.5 0.0 0.0 0.0 2.0 3.0 1.0 4.0 0.0 0.0 1.5 2.0 0.5 0.0 1.0 1.5 0.0 0.5 23

Step 2 Initial Design
Governance and Management Objectives Importance
-100 -80 -60 -40 -20 0 20 40 60 80 100

EDM01 50
-25 EDM02
-35 EDM03
EDM04 85
EDM05 10
APO01 15
-25 APO02
-35 APO03
-20 APO04
APO05 40
APO06 100
-20 APO07
-15
APO08
APO09 80
APO10 70
-45 APO11
-5
APO12
-15
APO13
-50 APO14
-40 BAI01
-25 BAI02
-30 BAI03
-30 BAI04
-50 BAI05
BAI06 15
BAI07 15
0
BAI08
BAI09 40
BAI10 25
-35 BAI11
DSS01 45
DSS02 15
DSS03 20
DSS04 10
-5
DSS05
DSS06 5
MEA01 20
MEA02 20
-50 MEA03
-40 MEA04
12/02/2024
Design Factor 5 Threat Landscape Design Factor 5 Threat Landscape
Input Section—Importance of Threat Landscape Input Section—Importance of Threat Landscape
Value Importance (100%) Baseline Page intentionally left blank
High 35% 33%

Normal 65% 67%
Average
Stdev
Design Factor 5 IT Threat Landscape
High Normal
35%
65%

12/02/2024
Design Factor 5 Threat Landscape Design Factor 5 Threat Landscape
65%

Importance Design Factor 5 Threat Landscape
Resulting Governance/Management Objectives Importance
Governance / Baseline Relative Design Factor 5 Threat Landscape
Management Score Score Importance Resulting Governance/Management
Objective Objectives Importance
EDM01 1.70 1.66 0
EDM02 1.00 1.00 0
-100 -75 -50 -25 0 25 50 75 100
EDM03 2.05 1.99 5
EDM01
EDM04 1.00 1.00 0 EDM02 EDM01
EDM05 EDM02 MEA04
1.35 1.33 0 EDM03 EDM03 MEA03
APO01 1.70 1.66 0 EDM04 EDM04 MEA02
APO02 1.00 1.00 0 EDM05 EDM05 MEA01
100
APO03 1.70 1.66 0 APO01
APO04 1.00 1.00 0
APO03
APO05 1.00 1.00 0 APO02 50 DSS05
APO04
APO06 1.00 1.00 0 APO05 25
APO07 1.35 1.33 0 APO06 APO03 DSS04
APO08 1.00 1.00 0 APO07 0
APO08 APO04 DSS03
-25
APO09
APO10 -50
APO05 DSS02
Copyright ISACA 2018 APO11 822790683.xlsx DF5—Page 27
APO12 -75
EDM05 EDM05 MEA01
100
APO01
APO02 APO01 75 DSS06 12/02/2024
APO03
Information & Technology Governance
APO05 System Design Information25& Technology Governance System Design
Design Factor
APO06 5 Threat Landscape APO03 Design Factor 5 ThreatDSS04
Landscape
APO07 0
APO09 1.35 1.33 0 APO08 APO04 DSS03
-25
APO09
APO10 1.70 1.66 0
APO10 -50
APO11 1.35 1.33 0 APO11
APO05 DSS02
APO12 2.05 1.99 5 APO12 -75
APO13 2.05 1.99 5 APO13
APO06 -100 DSS01
APO14 1.70 1.66 0 APO14
BIA01 BIA01
1.00 1.00 0
BAI02 APO07 BAI11
BAI02 1.00 1.00 0
BAI03
BAI03 1.00 1.00 0 BAI04
BAI04 1.35 1.33 0 APO08 BAI10
BAI05
BAI05 1.00 1.00 0 BAI06
BAI06 1.70 1.66 0 BAI07 APO09 BAI09
BAI07 BAI08
1.00 1.00 0
BAI09 APO10 BAI08
BAI08 1.00 1.00 0 BAI10
BAI09 1.00 1.00 0 BAI11 APO11 BAI07
BAI10 1.70 1.66 0 DSS01
APO12 BAI06
BAI11 1.00 1.00 0 DSS02
DSS03 APO13 BAI05
DSS01 1.00 1.00 0
DSS04 APO14 BAI04
DSS02 1.70 1.66 0 BIA01 BAI02 BAI03
DSS05
DSS03 1.35 1.33 0 DSS06
DSS04 2.05 1.99 5 MEA01
DSS05 1.70 1.66 0 MEA02
DSS06 1.70 1.66 0 MEA03
MEA01 1.70 1.66 0 MEA04
MEA02 1.35 1.33 0

MEA03 1.70 1.66 0
MEA04 1.70 1.66 0

12/02/2024
DF5 High Normal

EDM01 3.0 1.0
EDM02 1.0 1.0
EDM03 4.0 1.0
EDM04 1.0 1.0
EDM05 2.0 1.0
APO01 3.0 1.0
APO02 1.0 1.0
APO03 3.0 1.0
APO04 1.0 1.0
APO05 1.0 1.0
APO06 1.0 1.0
APO07 2.0 1.0
APO08 1.0 1.0
APO09 2.0 1.0
APO10 3.0 1.0
APO11 2.0 1.0
APO12 4.0 1.0
APO13 4.0 1.0
APO14 3.0 1.0
BAI01 1.0 1.0
BAI02 1.0 1.0
BAI03 1.0 1.0
BAI04 2.0 1.0
BAI05 1.0 1.0
BAI06 3.0 1.0
BAI07 1.0 1.0
BAI08 1.0 1.0
BAI09 1.0 1.0
BAI10 3.0 1.0
BAI11 1.0 1.0
DSS01 1.0 1.0
DSS02 3.0 1.0

12/02/2024
DF5 High Normal

DSS03 2.0 1.0
DSS04 4.0 1.0
DSS05 3.0 1.0
DSS06 3.0 1.0
MEA01 3.0 1.0
MEA02 2.0 1.0
MEA03 3.0 1.0
MEA04 3.0 1.0

12/02/2024
Design Factor 6 Compliance Requirements Design Factor 6 Compliance Requirements
Input Section—Importance of Compliance Requirements Input Section—Importance of Compliance Requirements
Value Importance Baseline Page intentionally left blank

(100%)
High 85% 0%
Normal 15% 100%
Low 0% 0%
Average
Design Factor 6 Compliance Requirements
High Normal Low
15%
Stdev
85%

12/02/2024
Design Factor 6 Compliance Requirements Design Factor 6 Compliance Requirements
Correction Facto 1.00
Resulting Governance/ Management

Objectives Importance Design Factor 6 Compliance Requirements Design Factor 6 Compliance Requirements
Resulting Governance/Management Resulting Governance/Management Objectives Importance
Governance / Objectives Importance
Baseline Relative
Objective
-100 -75 -50 -25 0 25 50 75 100
EDM01 2.85 2.00 40 EDM01
EDM02 1.00 1.00 0 EDM02
EDM03 3.70 2.00 85 EDM03
EDM04 1.00 1.00 0 EDM04
EDM05 1.42 1.00 40 EDM05 EDM02 EDM01 MEA04
APO01 APO01 EDM03 MEA03
1.92 1.50 30
APO02 EDM04 MEA02
APO02 1.00 1.00 0
APO03 EDM05 MEA01
APO03 1.00 1.00 0 100
APO04 APO01 DSS06
APO04 1.00 1.00 0 75
APO05
APO05 1.00 1.00 0 APO06 APO02 DSS05
50
APO06 1.00 1.00 0 APO07
APO07 25
1.00 1.00 0 APO08 APO03 DSS04
APO08 1.00 1.00 0 APO09 0
APO09 1.00 1.00 0 APO10 APO04
-25
DSS03
APO10 1.42 1.00 40 APO11
APO11 1.00 1.00 0
APO13
APO12 3.70 2.00 85 -75
APO14
APO13 1.42 1.00 40 BIA01 APO06 -100 DSS01
APO14 1.92 1.50 30 BAI02
BIA01 1.00 1.00 0 BAI03
APO07 BAI11
BAI02 1.00 1.00 0 BAI04
BAI03 1.00 1.00 0 BAI05
APO08 BAI10
BAI04 1.00 1.00 0 BAI06
BAI05 BAI07
1.00 1.00 0 APO09 BAI09
BAI08
BAI09
APO10 BAI08
BAI10
BAI11 APO11 BAI07
DSS01
APO14
BIA01 APO06 -100 DSS01
BAI02 12/02/2024
COBIT® 2019 Governance System Design Toolkit BAI03
APO07 BAI11
BAI04
Information & Technology Governance
BAI05 System Design APO08
BAI10
Design Factor 6 Compliance Requirements
BAI06 Design Factor 6 Compliance Requirements
BAI07
APO09 BAI09
BAI08
BAI06 1.00 1.00 0
BAI09
BAI07 1.00 1.00 0 BAI10
APO10 BAI08
BAI08 1.00 1.00 0 BAI11 APO11 BAI07
BAI09 1.00 1.00 0 DSS01
BAI10 1.00 1.00 0 DSS02 APO12 BAI06
BAI11 1.00 1.00 0 DSS03 APO13 BAI05
DSS04 APO14 BAI04
DSS01 1.00 1.00 0 BIA01 BAI02 BAI03
DSS02 DSS05
1.00 1.00 0
DSS06
DSS03 1.00 1.00 0
MEA01
DSS04 1.42 1.00 40 MEA02
DSS05 1.85 1.00 85 MEA03
DSS06 1.00 1.00 0 MEA04
MEA01 1.00 1.00 0
MEA02 1.00 1.00 0
MEA03 3.70 2.00 85
MEA04 3.28 2.00 65

12/02/2024
DF6 High Normal Low

EDM01 3.0 2.0 1.0
EDM02 1.0 1.0 1.0
EDM03 4.0 2.0 1.0
EDM04 1.0 1.0 1.0
EDM05 1.5 1.0 1.0
APO01 2.0 1.5 1.0
APO02 1.0 1.0 1.0
APO03 1.0 1.0 1.0
APO04 1.0 1.0 1.0
APO05 1.0 1.0 1.0
APO06 1.0 1.0 1.0
APO07 1.0 1.0 1.0
APO08 1.0 1.0 1.0
APO09 1.0 1.0 1.0
APO10 1.5 1.0 1.0
APO11 1.0 1.0 1.0
APO12 4.0 2.0 1.0
APO13 1.5 1.0 1.0
APO14 2.0 1.5 1.0
BAI01 1.0 1.0 1.0
BAI02 1.0 1.0 1.0
BAI03 1.0 1.0 1.0
BAI04 1.0 1.0 1.0
BAI05 1.0 1.0 1.0
BAI06 1.0 1.0 1.0
BAI07 1.0 1.0 1.0
BAI08 1.0 1.0 1.0
BAI09 1.0 1.0 1.0
BAI10 1.0 1.0 1.0
BAI11 1.0 1.0 1.0
DSS01 1.0 1.0 1.0
DSS02 1.0 1.0 1.0

12/02/2024
DF6 High Normal Low

DSS03 1.0 1.0 1.0
DSS04 1.5 1.0 1.0
DSS05 2.0 1.0 1.0
DSS06 1.0 1.0 1.0
MEA01 1.0 1.0 1.0
MEA02 1.0 1.0 1.0
MEA03 4.0 2.0 1.0
MEA04 3.5 2.0 1.0

12/02/2024
Design Factor 7 Role of IT Design Factor 7 Role of IT
Input Section—Importance of Role of IT Input Section—Importance of Role of IT
Value Importance (1-5) Baseline Page intentionally left blank

Support 1 3
Factory 3 3
Turnaround 4 3
Strategic 1 3
Average 2.25
Stdev 1.30
Design Factor 7 Role of IT (Input)

0 1 2 3 4 5
Support 1
Factory 3
Turnaround 4
Strategic 1

Support 1
12/02/2024
Factory Information3& Technology Governance System Design Information & Technology Governance System Design
Turnaround 4
Strategic 1

Importance Design Factor 7 Role of IT
Design Factor 7 Role of IT Resulting Governance/Management Objectives Importance
Governance / Baseline Relative Resulting Governance/Management Ob-
Management Score
Objective
Score Importance jectives Importance
EDM01 17.0 25.5 -10

-100 -75 -50 -25 0 25 50 75 100
EDM02 17.0 22.5 0
EDM01
EDM03 17.0 24.0 -5
EDM02
EDM04 10.0 15.0 -10 EDM01
EDM03 EDM02 MEA04
EDM05 10.0 15.0 -10 EDM04 EDM03 MEA03
APO01 14.0 19.5 -5 EDM05 EDM04 MEA02
APO02 19.0 24.0 5 APO01 EDM05 100 MEA01
APO03 14.0 18.0 5 APO02
21.5 27.0 5 APO03
APO05 17.0 22.5 0 APO04
50
APO02 DSS05
APO06 10.0 15.0 -10 APO05
APO07 9.5 13.5 -5 APO06 25
APO03 DSS04
APO07
0
APO08
Copyright ISACA 2018 APO09 822790683.xlsx
APO04
-25
DF7—Page 37
DSS03
APO10
EDM05 EDM04 MEA02
APO01 EDM05 100 MEA01

12/02/2024
COBIT® 2019 Governance System Design Toolkit APO02
APO01 75 DSS06
APO03
APO04
Information & Technology Governance System Design APO02 Information
50 & Technology Governance DSS05
System Design
APO05
APO06 25
APO03 DSS04
APO08 14.5 19.5 0 APO07
0
APO09 15.0 19.5 5 APO08
APO09 APO04 DSS03
APO10 16.5 21.0 5 -25
APO10
APO11 13.5 18.0 0
APO11 -50
APO12 15.5 22.5 -10 APO05 DSS02
APO12
APO13 16.0 22.5 -5 -75
APO13
APO14 14.0 19.5 -5
BIA01 14.5 19.5 0 BIA01
BAI02 19.0 24.0 5 BAI02
BAI03 19.0 24.0 5 BAI03 APO07 BAI11
BAI04 16.5 21.0 5 BAI04
BAI05 10.0 15.0 -10 BAI05 APO08 BAI10
BAI06 14.5 19.5 0 BAI06
BAI07 14.0 18.0 5 BAI07
APO09 BAI09
BAI08 10.0 15.0 -10 BAI08
BAI09 10.0 15.0 -10 BAI09
APO10 BAI08
BAI10 11.5 16.5 -5 BAI10
BAI11 14.0 18.0 5 BAI11
APO11 BAI07
DSS01 DSS01
18.5 25.5 -5
DSS02 APO12 BAI06
DSS02 19.0 25.5 0
DSS03
DSS03 19.5 27.0 -5 APO13 BAI05
DSS04
DSS04 19.5 27.0 -5 APO14 BAI04
DSS05 BIA01 BAI02 BAI03
DSS05 18.5 27.0 -10
DSS06
DSS06 10.5 16.5 -15 MEA01
MEA01 10.0 15.0 -10 MEA02
MEA02 10.0 15.0 -10 MEA03
MEA03 9.5 13.5 -5 MEA04
MEA04 10.0 15.0 -10

12/02/2024
DF7 Support Factory Turnaround Strategic

EDM01 1.0 2.0 1.5 4.0
EDM02 1.0 1.0 2.5 3.0
EDM03 1.0 3.0 1.0 3.0
EDM04 1.0 1.0 1.0 2.0
EDM05 1.0 1.0 1.0 2.0
APO01 1.0 1.5 1.5 2.5
APO02 1.0 1.0 3.0 3.0
APO03 1.0 1.0 2.0 2.0
APO04 0.5 1.0 3.5 4.0
APO05 1.0 1.0 2.5 3.0
APO06 1.0 1.0 1.0 2.0
APO07 1.0 1.0 1.0 1.5
APO08 1.0 1.0 2.0 2.5
APO09 1.0 2.0 1.5 2.0
APO10 1.0 2.5 1.5 2.0
APO11 1.0 1.5 1.5 2.0
APO12 1.0 2.5 1.0 3.0
APO13 1.0 2.0 1.5 3.0
APO14 1.0 1.5 1.5 2.5
BAI01 1.0 1.0 2.0 2.5
BAI02 1.0 1.0 3.0 3.0
BAI03 1.0 1.0 3.0 3.0
BAI04 1.0 2.5 1.5 2.0
BAI05 1.0 1.0 1.0 2.0
BAI06 1.0 2.5 1.0 2.0
BAI07 1.0 1.0 2.0 2.0
BAI08 1.0 1.0 1.0 2.0
BAI09 1.0 1.0 1.0 2.0
BAI10 1.0 1.5 1.0 2.0
BAI11 1.0 1.0 2.0 2.0
DSS01 1.0 3.5 1.0 3.0
DSS02 1.0 3.0 1.5 3.0

12/02/2024
DF7 Support Factory Turnaround Strategic

DSS03 1.0 3.0 1.5 3.5
DSS04 1.0 3.0 1.5 3.5
DSS05 1.5 2.5 1.5 3.5
DSS06 1.0 1.0 1.0 2.5
MEA01 1.0 1.0 1.0 2.0
MEA02 1.0 1.0 1.0 2.0
MEA03 1.0 1.0 1.0 1.5
MEA04 1.0 1.0 1.0 2.0

12/02/2024
Design Factor 8 Sourcing Model for IT Design Factor 8 Sourcing Model for IT
Input Section—Importance of Sourcing Model for IT Input Section—Importance of Sourcing Model for IT
Value Importance (100%) Baseline

Outsourcing 25% 33% Page intentionally left blank
Cloud 60% 33%
Insourced 15% 34%
Average
Design Factor 8 IT Sourcing Model (Input)
Stdev
Correction Facto 1.00
Outsourcing Cloud Insourced
15%
25%
60%

12/02/2024
60% Design Factor 8 Sourcing Model for IT Design Factor 8 Sourcing Model for IT

Importance
Governance / Design Factor 8 Sourcing Model for IT Design Factor 8 Sourcing Model for IT
Baseline Relative Resulting Governance/ Management Objectives Importance
Management Score
Score Importance Resulting Governance/Management Objec-
Objective tives Importance
EDM01 1.00 1.00 0
EDM02 1.00 1.00 0
EDM03 1.60 1.33 20 -100 -75 -50 -25 0 25 50 75 100
EDM04 EDM01
1.00 1.00 0
EDM02 EDM02 EDM01 MEA04
EDM05 1.00 1.00 0 EDM03 MEA03
EDM03
APO01 1.00 1.00 0 EDM04
EDM04 MEA02
APO02 1.00 1.00 0 EDM05 EDM05 100 MEA01
APO03 1.00 1.00 0 APO01
APO01 75 DSS06
APO02
APO04 1.00 1.00 0
APO03
APO05 1.00 1.00 0 APO04
APO02 50 DSS05
APO06 1.00 1.00 0 APO05 25
APO07 1.00 1.00 0 APO06 APO03 DSS04
APO07 0
APO08 1.00 1.00 0
APO08 APO04 DSS03
APO09 3.55 2.98 20 -25
APO09
APO10 3.55 2.98 20 APO10 -50
APO11 1.00 1.00 0 APO05 DSS02
APO11
APO12 1.85 1.66 10 APO12 -75
APO13 1.00 1.00 0 APO13
APO06 -100 DSS01
APO14
APO14 1.00 1.00 0 BIA01
BIA01 1.00 1.00 0 BAI02
APO07 BAI11
BAI02 1.00 1.00 0 BAI03
BAI03 1.00 1.00 0 BAI04
BAI05 APO08 BAI10
BAI04 1.00 1.00 0
BAI06
BAI05 1.00 1.00 0 BAI07 APO09 BAI09
BAI06 1.00 1.00 0 BAI08
BAI09
APO10 BAI08
BAI10
Copyright ISACA 2018 BAI11 822790683.xlsx DF8—Page 42
APO11 BAI07
DSS01
DSS02 APO12 BAI06
BIA01
BAI02
APO07 BAI11 12/02/2024
BAI04
BAI05 APO08 BAI10
BAI06 Information & Technology Governance System Design
Design BAI07
Factor 8 Sourcing Model for IT APO09
Design Factor 8 Sourcing
BAI09
Model for IT
BAI08
BAI07 1.00 1.00 0 BAI09
APO10 BAI08
BAI08 1.00 1.00 0 BAI10
BAI11
BAI09 1.00 1.00 0 APO11 BAI07
DSS01
BAI10 1.00 1.00 0 DSS02 APO12 BAI06
BAI11 1.00 1.00 0 DSS03
APO13 BAI05
DSS01 1.00 1.00 0 DSS04
APO14 BAI04
DSS02 1.00 1.00 0 DSS05 BIA01 BAI02 BAI03
DSS06
DSS03 1.00 1.00 0
MEA01
DSS04 1.00 1.00 0 MEA02
DSS05 1.00 1.00 0 MEA03
DSS06 1.00 1.00 0 MEA04
MEA01 2.70 2.32 15
MEA02 1.00 1.00 0
MEA03 1.00 1.00 0
MEA04 1.00 1.00 0

12/02/2024
DF8 Outsourcing Cloud Insourcing

EDM01 1.0 1.0 1.0
EDM02 1.0 1.0 1.0
EDM03 1.0 2.0 1.0
EDM04 1.0 1.0 1.0
EDM05 1.0 1.0 1.0
APO01 1.0 1.0 1.0
APO02 1.0 1.0 1.0
APO03 1.0 1.0 1.0
APO04 1.0 1.0 1.0
APO05 1.0 1.0 1.0
APO06 1.0 1.0 1.0
APO07 1.0 1.0 1.0
APO08 1.0 1.0 1.0
APO09 4.0 4.0 1.0
APO10 4.0 4.0 1.0
APO11 1.0 1.0 1.0
APO12 2.0 2.0 1.0
APO13 1.0 1.0 1.0
APO14 1.0 1.0 1.0
BAI01 1.0 1.0 1.0
BAI02 1.0 1.0 1.0
BAI03 1.0 1.0 1.0
BAI04 1.0 1.0 1.0
BAI05 1.0 1.0 1.0
BAI06 1.0 1.0 1.0
BAI07 1.0 1.0 1.0
BAI08 1.0 1.0 1.0
BAI09 1.0 1.0 1.0
BAI10 1.0 1.0 1.0
BAI11 1.0 1.0 1.0
DSS01 1.0 1.0 1.0
DSS02 1.0 1.0 1.0

12/02/2024
DF8 Outsourcing Cloud Insourcing

DSS03 1.0 1.0 1.0
DSS04 1.0 1.0 1.0
DSS05 1.0 1.0 1.0
DSS06 1.0 1.0 1.0
MEA01 3.0 3.0 1.0
MEA02 1.0 1.0 1.0
MEA03 1.0 1.0 1.0
MEA04 1.0 1.0 1.0

12/02/2024
Design Factor 9 IT Implementation Methods Design Factor 9 IT Implementation Methods
Input Section—Importance of IT Implementation Methods Input Section—Importance of IT Implementation Methods
Agile 35% 15%
DevOps 15% 10%
Traditional 50% 75%
Design Factor 9 IT Implementation Methods

Agile DevOps Traditional
35%
50%
15%

12/02/2024
15% Design Factor 9 IT Implementation Methods

Importance
Governance / Design Factor 9 IT Implementation Methods Resulting Governance/Management Objectives Importance
Baseline Relative Resulting Governance/Management Objec-
Objective tives Importance
EDM01 1.00 1.00 0
EDM02 1.00 1.00 0
EDM02 EDM01 MEA04
EDM03 1.00 1.00 0 EDM03 MEA03
-100 -75 -50 -25 0 25 50 75 100
EDM04 1.00 1.00 0 EDM01 EDM04 MEA02
EDM05 1.00 1.00 0 EDM02 100
EDM05 MEA01
APO01 1.00 1.00 0 EDM03
EDM04 75
APO02 1.00 1.00 0 APO01 DSS06
EDM05
APO03 1.15 1.10 5 APO01
APO02 50 DSS05
APO04 1.00 1.00 0 APO02
APO05 1.00 1.00 0 APO03 25
APO04 APO03 DSS04
APO06 1.00 1.00 0 APO05 0
APO07 1.08 1.05 0 APO06
APO08 APO04 DSS03
1.00 1.00 0 APO07 -25
APO09 1.00 1.00 0 APO08
APO09 -50
APO10 1.00 1.00 0 APO05 DSS02
APO10
APO11 1.00 1.00 0 APO11 -75
APO12
Copyright ISACA 2018 APO14 822790683.xlsx DF9—Page 47
BIA01
BAI02 APO07 BAI11
APO03 25
APO04 APO03 DSS04
APO05 0
APO06
12/02/2024
APO08
APO09Governance System Design Information
-50 & Technology Governance System Design
Design FactorAPO10
9 IT Implementation Methods APO05 DSS02
APO11 -75
APO12 1.08 1.05 0 APO12
APO13 1.00 1.00 0
APO14
APO14 1.00 1.00 0 BIA01
BIA01 1.42 1.20 20 BAI02 APO07 BAI11
BAI02 2.03 1.48 35 BAI03
BAI03 2.35 1.65 40 BAI04
BAI05 APO08 BAI10
BAI04 1.00 1.00 0 BAI06
BAI05 1.60 1.28 25 BAI07
APO09 BAI09
BAI06 2.03 1.48 35 BAI08
BAI07 BAI09
1.75 1.38 25
BAI10 APO10 BAI08
BAI08 1.00 1.00 0 BAI11
BAI09 1.00 1.00 0 DSS01 APO11 BAI07
BAI10 1.33 1.18 15 DSS02
BAI11 DSS03 APO12 BAI06
1.53 1.23 25
DSS04
DSS01 1.23 1.15 5 DSS05 APO13 BAI05
DSS02 1.08 1.05 0 DSS06 APO14 BAI04
BIA01 BAI02 BAI03
DSS03 1.08 1.05 0 MEA01
DSS04 MEA02
1.00 1.00 0
MEA03
DSS05 1.00 1.00 0 MEA04
DSS06 1.00 1.00 0
MEA01 1.25 1.13 10
MEA02 1.00 1.00 0
MEA03 1.00 1.00 0
MEA04 1.00 1.00 0

12/02/2024
DF9 Agile DevOps Traditional

EDM01 1.0 1.0 1.0
EDM02 1.0 1.0 1.0
EDM03 1.0 1.0 1.0
EDM04 1.0 1.0 1.0
EDM05 1.0 1.0 1.0
APO01 1.0 1.0 1.0
APO02 1.0 1.0 1.0
APO03 1.0 2.0 1.0
APO04 1.0 1.0 1.0
APO05 1.0 1.0 1.0
APO06 1.0 1.0 1.0
APO07 1.0 1.5 1.0
APO08 1.0 1.0 1.0
APO09 1.0 1.0 1.0
APO10 1.0 1.0 1.0
APO11 1.0 1.0 1.0
APO12 1.0 1.5 1.0
APO13 1.0 1.0 1.0
APO14 1.0 1.0 1.0
BAI01 2.0 1.5 1.0
BAI02 3.5 2.0 1.0
BAI03 4.0 3.0 1.0
BAI04 1.0 1.0 1.0
BAI05 2.5 1.5 1.0
BAI06 3.5 2.0 1.0
BAI07 2.5 2.5 1.0
BAI08 1.0 1.0 1.0
BAI09 1.0 1.0 1.0
BAI10 1.5 2.0 1.0
BAI11 2.5 1.0 1.0
DSS01 1.0 2.5 1.0
DSS02 1.0 1.5 1.0

12/02/2024
DF9 Agile DevOps Traditional

DSS03 1.0 1.5 1.0
DSS04 1.0 1.0 1.0
DSS05 1.0 1.0 1.0
DSS06 1.0 1.0 1.0
MEA01 1.5 1.5 1.0
MEA02 1.0 1.0 1.0
MEA03 1.0 1.0 1.0
MEA04 1.0 1.0 1.0

12/02/2024
Design Factor 10 Technology Adoption Strategy Design Factor 10 Technology Adoption Strategy
Input Section—Importance of Technology Adoption Strategy Input Section—Importance of Technology Adoption Strategy

First mover 80% 15%
Follower 20% 70%
Slow adopter 0% 15%
Design Factor 10 Technology Adoption Strategy

First mover Follower Slow adopter
20%
80%

12/02/2024
Design Factor 10 Technology Adoption Strategy Design Factor 10 Technology Adoption Strategy

Importance
Design Factor 10 Technology Adoption
Governance / Baseline Relative Strategy Design Factor 10 Technology Adoption Strategy
Management Score Resulting Governance/Management Objec-
Objective
Score Importance Resulting Governance/Management Objectives Importance
tives Importance
EDM01 3.30 2.50 30
EDM02 3.70 2.58 45
EDM03 1.40 1.08 30 -100 -75 -50 -25 0 25 50 75 100
EDM04 2.40 2.00 20 EDM01
EDM01
EDM02 EDM02 MEA04
EDM05 1.40 1.08 30 EDM03 MEA03
EDM03 EDM04 MEA02
APO01 2.30 1.57 45 EDM04
APO02 3.80 2.93 30 EDM05 EDM05 100 MEA01
APO03 1.80 1.15 55 APO01 APO01 DSS06
75
APO04 APO02
3.80 2.85 35
APO05 3.70 2.50 50 APO04
APO06 1.10 1.35 -20 APO05 25
APO03 DSS04
APO07 2.20 1.22 80 APO06
APO07 0
APO08 2.70 1.65 65
APO08 APO04 DSS03
APO09 1.50 1.42 5 -25
APO09
APO10 2.30 1.57 45 APO10 -50
APO05 DSS02
APO11 1.50 1.42 5 APO11
APO12 -75
APO12 1.90 1.50 25
APO13
APO13 1.00 1.00 0 APO06 -100 DSS01
APO14
APO14 2.40 1.92 25 BIA01
BIA01 3.80 2.93 30 BAI02
APO07 BAI11
BAI02 3.30 2.43 35 BAI03
BAI04
BAI03 3.70 2.50 50
BAI05 APO08 BAI10
BAI04 1.50 1.42 5 BAI06
BAI05 2.80 2.00 40 BAI07
APO09 BAI09
BAI08
BAI09
BAI10 APO10 BAI08
BAI11
DSS01 APO11 BAI07
APO13
APO06 -100 DSS01
APO14
BIA01
12/02/2024
APO07 BAI11
BAI03
BAI04
BAI05 APO08
BAI10
Design Factor 10 BAI06
Technology Adoption Strategy Design Factor 10 Technology Adoption Strategy
BAI07
APO09 BAI09
BAI06 2.40 1.92 25 BAI08
BAI07 BAI09
3.30 2.43 35 APO10 BAI08
BAI10
BAI08 1.40 1.08 30 BAI11
BAI09 1.00 1.00 0 DSS01 APO11 BAI07
BAI10 1.40 1.08 30 DSS02
APO12 BAI06
BAI11 DSS03
3.30 2.43 35 APO13 BAI05
DSS04
DSS01 1.00 1.00 0 DSS05 APO14 BAI04
BIA01 BAI02 BAI03
DSS02 1.00 1.00 0 DSS06
DSS03 1.40 1.08 30 MEA01
DSS04 1.40 1.08 30 MEA02
MEA03
DSS05 1.40 1.08 30 MEA04
DSS06 1.00 1.00 0
MEA01 2.80 2.00 40
MEA02 1.00 1.00 0
MEA03 1.00 1.00 0
MEA04 1.00 1.00 0

12/02/2024
DF10 First Mover Follower Slow Adopter

EDM01 3.5 2.5 1.5
EDM02 4.0 2.5 1.5
EDM03 1.5 1.0 1.0
EDM04 2.5 2.0 1.5
EDM05 1.5 1.0 1.0
APO01 2.5 1.5 1.0
APO02 4.0 3.0 1.5
APO03 2.0 1.0 1.0
APO04 4.0 3.0 1.0
APO05 4.0 2.5 1.0
APO06 1.0 1.5 1.0
APO07 2.5 1.0 1.0
APO08 3.0 1.5 1.0
APO09 1.5 1.5 1.0
APO10 2.5 1.5 1.0
APO11 1.5 1.5 1.0
APO12 2.0 1.5 1.0
APO13 1.0 1.0 1.0
APO14 2.5 2.0 1.0
BAI01 4.0 3.0 1.5
BAI02 3.5 2.5 1.0
BAI03 4.0 2.5 1.0
BAI04 1.5 1.5 1.0
BAI05 3.0 2.0 1.0
BAI06 2.5 2.0 1.0
BAI07 3.5 2.5 1.0
BAI08 1.5 1.0 1.0
BAI09 1.0 1.0 1.0
BAI10 1.5 1.0 1.0
BAI11 3.5 2.5 1.0
DSS01 1.0 1.0 1.0
DSS02 1.0 1.0 1.0

12/02/2024
DF10 First Mover Follower Slow Adopter

DSS03 1.5 1.0 1.0
DSS04 1.5 1.0 1.0
DSS05 1.5 1.0 1.0
DSS06 1.0 1.0 1.0
MEA01 3.0 2.0 1.0
MEA02 1.0 1.0 1.0
MEA03 1.0 1.0 1.0
MEA04 1.0 1.0 1.0

Governance and Management Objecti ves Importance (All Design Factors)
-100 -80 -60 -40 -20 0 20 40 60 80 100
EDM01 65
EDM02 5
EDM03 40
EDM04 65
EDM05 35
APO01 40
APO02
0
APO03 5
APO04 5
APO05 50
APO06 55
APO07 20
APO08 20
APO09 70
APO10 100
-30 APO11
APO12 50
APO13 10
APO14
-10
BIA01
-5
BAI02 20
BAI03 25
-15 BAI04
-10
BAI05
BAI06 40
BAI07 40
BAI08 10
BAI09 25
BAI10 40
BAI11 5
DSS01 30
DSS02 10
DSS03 25
DSS04 40
DSS05 45
DSS06
0
MEA01 40
MEA02 10
MEA03 5
MEA04
0
12/02/2024
Design Factor 1 Enterprise Strategy Design Factor 2 Enterprise Goals

Resulting Governance/Management Resulting Governance/ Management Initial Summary—Governance and Management Objectives
Objectives Importance Objectives Importance
-100 -50 0 50 100 150
EDM02 EDM01 MEA04 EDM01
EDM03 MEA03 EDM02
EDM03
MEA04
MEA03 EDM01—Ensured Governance Framework Setting & Maintenance 50
EDM04 MEA02 EDM04 MEA02
EDM05 100 MEA01 100 -25 Benefits Delivery
EDM02—Ensured
EDM05 MEA01
APO01 75 DSS06 APO01 75 DSS06 -35
EDM03—Ensured Risk Optimization
50 50 EDM04—Ensured Resource Optimization 85
APO02 DSS05 APO02 DSS05
25 25
APO03 DSS04 APO03 DSS04 EDM05—Ensured Stakeholder Engagement 10
0 0
APO04 DSS03
APO01—Managed I&T Management Framework 15
APO04 -25 DSS03 -25
-50
-25
APO02—Managed Strategy
-50 APO05 DSS02
APO05 DSS02
-75 -75 -35 Enterprise Architecture
APO03—Managed
APO06 -100 DSS01 APO06 -100 DSS01 -20 Innovation
APO04—Managed
APO05—Managed Portfolio 40
APO07 BAI11 APO07 BAI11
APO06—Managed Budget & Costs 100
-20 Resources
APO07—Managed Human
APO09 BAI09 APO09 BAI09 -15
APO08—Managed Relationships
APO10 BAI08 APO10 BAI08 APO09—Managed Service Agreements 80
APO11 BAI07 APO11 BAI07 APO10—Managed Vendors 70
APO12 BAI06
APO12 BAI06 -45 APO11—Managed Quality
APO13 BAI05
APO14 BAI04 BIA01 BAI02 BAI03 -5
APO12—Managed Risk
BAI01 BAI02 BAI03
-15 Security
APO13—Managed
-50 APO14—Managed Data
Design Factor 3 Risk Profile Design Factor 4 IT-Related Issues -40 BAI01—Managed Programs
Resulting Governance/Management Resulting Governance/Management -25
BAI02—Managed Requirements Definition
-30 Identification & Build
BAI03—Managed Solutions
EDM02 EDM01 MEA04 EDM01
-30Availability & Capacity
BAI04—Managed
EDM03 MEA03
EDM04 MEA02
EDM04 MEA02 -50
BAI05—Managed Organizational Change
EDM05 100 MEA01 EDM05 100 MEA01
75
BAI06—Managed IT Changes 15
APO01 DSS06 APO01 75 DSS06
50 BAI07—Managed IT Change Acceptance and Transitioning 15
APO02 DSS05 APO02 50 DSS05
25 25
BAI08—Managed Knowledge0
0 0 BAI09—Managed Assets 40
-25 -25 BAI10—Managed Configuration 25
-50 -50
APO05 DSS02 APO05 DSS02 -35BAI11—Managed Projects
-75 -75
DSS01—Managed Operations 45
APO06 -100 DSS01 APO06 -100 DSS01
DSS02—Managed Service Requests & Incidents 15
APO07 BAI11 APO07 BAI11 DSS03—Managed Problems 20
APO08 BAI10
DSS04—Managed Continuity 10
APO08 BAI10
-5
DSS05—Managed Security Services
DSS06—Managed Business Process Controls 5
MEA01—Managed Performance and Conformance Monitoring 20
APO12 BAI06
MEA02—Managed System of Internal Control 20
APO12 BAI06
APO13 BAI05
APO13 BAI05 -50Compliance with External Requirements
MEA03—Managed
APO14 BAI04
APO14 BAI04 BIA01 BAI02 BAI03
BIA01 BAI02 BAI03 -40 MEA04—Managed Assurance
Copyright ISACA 2018 822790683.xlsx Dashboard1—Page 57

12/02/2024
Design Factor 5 Threat Landscape Design Factor 6 Compliance Requirements

Resulting Governance/Management Resulting Governance/Management
Objectives Importance Objectives Importance Governance and Management Objectives Importance (All Design Factors)
EDM02 EDM01 MEA04 EDM02 EDM01 MEA04

EDM05 100 MEA01 EDM05 100 MEA01
75 75 EDM01—Ensured Governance Framework Setting & Maintenance 65
50 50
25 25
APO03 DSS04 APO03 DSS04 EDM02—Ensured Benefits Delivery 5
0 0
APO04 -25 DSS03 APO04 -25 DSS03
-50 -50 EDM03—Ensured Risk Optimization 40

-75 -75
APO06 -100 DSS01 APO06 -100 DSS01
EDM04—Ensured Resource Optimization 65
EDM05—Ensured Stakeholder Engagement 35


APO01—Managed I&T Management Framework 40

APO12 BAI06 APO12 BAI06 APO02—Managed Strategy
0
BIA01 BAI02 BAI03 BIA01 BAI02 BAI03
APO03—Managed Enterprise Architecture 5
Design Factor 7 Role of IT Design Factor 8 Sourcing Model for IT

Resulting Governance/Management Resulting Governance/Management APO04—Managed Innovation 5
EDM02 EDM01 MEA04 EDM02 EDM01 MEA04 APO05—Managed Portfolio 50
EDM05 100 MEA01 EDM05 100 MEA01
APO01 75 DSS06 75 APO06—Managed Budget & Costs 55
APO01 DSS06
50 50
25 25
APO03 DSS04 APO03 DSS04 APO07—Managed Human Resources 20
0 0
APO04 -25 DSS03 APO04 -25 DSS03
-50 -50 APO08—Managed Relationships 20

-75 -75
APO06 -100 DSS01 APO06 -100 DSS01

APO09—Managed Service Agreements 70
APO10—Managed Vendors 100


-30 APO11—Managed Quality
APO12 BAI06 APO12 BAI06 APO12—Managed Risk 50

BIA01 BAI03 BIA01 BAI02 BAI03
BAI02
APO13—Managed Security 10
Design Factor 9 IT Implementation Methods Design Factor 10 Technology Adoption Strategy APO14—Managed
-10 Data
Resulting Governance/Management Resulting Governance/Management
BAI01—Managed Programs
-5
EDM02 EDM01 MEA04 EDM02 EDM01 MEA04
EDM05 100 MEA01 EDM05 100 MEA01 BAI02—Managed Requirements Definition 20
APO01 75 DSS06 APO01 75 DSS06
50 50
25 25 BAI03—Managed Solutions Identification & Build 25
0 0
APO04 -25 DSS03 APO04 -25 DSS03
BAI04—Managed
-50 -50
-75 -75
APO06 -100 DSS01 APO06 -100 DSS01 BAI05—Managed Organizational
-10 Change

Copyright ISACA 2018 822790683.xlsx BAI06—Managed IT Changes 40 Dashboard2—Page 58

BAI07—Managed IT Change Acceptance and Transitioning 40
APO04 -25 DSS03 APO04 -25 DSS03
BAI04—Managed
-50 -50
-75 -75 12/02/2024
APO06 -100 DSS01 APO06 -100 DSS01 BAI05—Managed Organizational
-10 Change

BAI06—Managed IT Changes 40

BAI07—Managed IT Change Acceptance and Transitioning 40

BAI08—Managed Knowledge 10
BIA01 BAI02 BAI03 BIA01 BAI02 BAI03
BAI09—Managed Assets 25
BAI10—Managed Configuration 40
BAI11—Managed Projects 5
DSS01—Managed Operations 30
DSS02—Managed Service Requests & Incidents 10
DSS03—Managed Problems 25
DSS04—Managed Continuity 40
DSS05—Managed Security Services 45
DSS06—Managed Business Process Controls

0
MEA01—Managed Performance and Conformance Monitoring 40
MEA02—Managed System of Internal Control 10
MEA03—Managed Compliance with External Requirements 5
MEA04—Managed Assurance
0
Copyright ISACA 2018 822790683.xlsx Dashboard2—Page 59

CDI2 COBIT-2019-Design-Toolkit Tkt Eng 1218

Uploaded by

Document Informationclick to expand document information

Document Informationclick to expand document information

Copyright:

Available Formats

CDI2 COBIT-2019-Design-Toolkit Tkt Eng 1218

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CDI2 COBIT-2019-Design-Toolkit Tkt Eng 1218

Uploaded by

Copyright:

Available Formats

12/02/2024

COBIT® 2019 Governance System Design Toolkit

COBIT® 2019 Governance System Design Workbook—Instructions

Terms & Definitions

Sheet Input Section Output Section

Copyright ISACA 2018 822790683.xlsx Instructions—Page 1

COBIT® 2019 Governance System Design Workbook—Instructions

User Action Required

User Action Required

User Action Required

User Action Required

Copyright ISACA 2018 822790683.xlsx Instructions—Page 2

COBIT® 2019 Governance System Design Workbook—Instructions

User Action Required

User Action Required

User Action Required

User Action Required

Copyright ISACA 2018 822790683.xlsx Instructions—Page 3

COBIT® 2019 Governance System Design Workbook—Instructions

User Action Required

Copyright ISACA 2018 822790683.xlsx Instructions—Page 4

COBIT® 2019 Governance System Design Workbook—Canvas

EDM02—Ensured Benefits Delivery 10 25 -70 0 ### -25 0 0 0 0 0 45 5 5 1 1

EDM03—Ensured Risk Optimization 5 15 -70 -5 ### -35 5 85 -5 20 0 30 40 40 2 2

EDM04—Ensured Resource Optimization 15 25 80 5 ### 85 0 0 -10 0 0 20 65 65 3 3

EDM05—Ensured Stakeholder Engagement -5 -30 55 -5 ### 10 0 40 -10 0 0 30 35 35 2 2

APO01—Managed I&T Management Framework 0 10 5 5 ### 15 0 30 -5 0 0 45 40 40 2 2

APO02—Managed Strategy -15 25 -50 5 ### -25 0 0 5 0 0 30 0 0 1 1

APO03—Managed Enterprise Architecture -25 25 -60 5 ### -35 0 0 5 0 5 55 5 5 1 1

APO04—Managed Innovation -5 25 -70 20 ### -20 0 0 5 0 0 35 5 5 1 1

APO05—Managed Portfolio -10 25 40 5 ### 40 0 0 0 0 0 50 50 50 3 3

APO06—Managed Budget & Costs 15 5 120 5 ### 100 0 0 -10 0 0 -20 55 55 3 3

APO07—Managed Human Resources -15 25 -35 -5 ### -20 0 0 -5 0 0 80 20 20 1 1

APO08—Managed Relationships 10 25 -55 0 ### -15 0 0 0 0 0 65 20 20 1 1

APO09—Managed Service Agreements 15 25 85 -5 ### 80 0 0 5 20 0 5 70 70 3 3

APO10—Managed Vendors 20 30 60 -10 ### 70 0 40 5 20 0 45 100 100 4 4

APO11—Managed Quality 10 5 -70 -10 ### -45 0 0 0 0 0 5 -30 -30 1 1

APO12—Managed Risk 5 35 -40 -5 ### -5 5 85 -10 10 0 25 50 50 3 3

APO13—Managed Security 5 20 -35 -10 ### -15 5 40 -5 0 0 0 10 10 1 1

APO14—Managed Data 0 -15 -55 -5 ### -50 0 30 -5 0 0 25 -10 -10 1 1

BAI01—Managed Programs -20 25 -70 5 ### -40 0 0 0 0 20 30 -5 -5 1 1

BAI02—Managed Requirements Definition 5 25 -70 5 ### -25 0 0 5 0 35 35 20 20 1 1

BAI03—Managed Solutions Identification & Build 5 25 -70 -5 ### -30 0 0 5 0 40 50 25 25 2 2

BAI06—Managed IT Changes -10 25 10 0 ### 15 0 0 0 0 35 25 40 40 2 2

BAI07—Managed IT Change Acceptance and Transitioning -5 30 -5 0 ### 15 0 0 5 0 25 35 40 40 2 2

BAI08—Managed Knowledge -5 25 -20 0 ### 0 0 0 -10 0 0 30 10 10 1 1

BAI09—Managed Assets 0 -25 65 20 ### 40 0 0 -10 0 0 0 25 25 2 2

BAI10—Managed Configuration 0 30 10 0 ### 25 0 0 -5 0 15 30 40 40 2 2

BAI11—Managed Projects -20 25 -70 10 ### -35 0 0 5 0 25 35 5 5 1 1

DSS01—Managed Operations 5 25 45 -10 ### 45 0 0 -5 0 5 0 30 30 2 2

DSS02—Managed Service Requests & Incidents 10 30 5 -20 ### 15 0 0 0 0 0 0 10 10 1 1

DSS03—Managed Problems 10 30 5 -15 ### 20 0 0 -5 0 0 30 25 25 2 2

DSS04—Managed Continuity 10 30 -15 -10 ### 10 5 40 -5 0 0 30 40 40 2 2

Copyright ISACA 2018 822790683.xlsx Canvas—Page 5

COBIT® 2019 Governance System Design Workbook—Canvas

DSS05—Managed Security Services 5 15 -15 -10 ### -5 0 85 -10 0 0 30 45 45 2 2

DSS06—Managed Business Process Controls 5 20 5 -20 ### 5 0 0 -15 0 0 0 0 0 1 1

MEA01—Managed Performance and Conformance Monitoring 0 5 30 -5 ### 20 0 0 -10 15 10 40 40 40 2 2