Parent Framework: COBIT 2019
Domain: Align Plan and Organise
Managed IT management framework
Design the management system for enterprise ICT based on enterprise goals and other design factors. Based on this design, implement all required components of the management system.
Implement a consistent management approach for enterprise governance requirements to be met, covering governance components such as management processes; organizational structures; roles and responsibilities; reliable and repeatable activities; information items; policies and procedures; skills and competencies; culture and behavior; and services, infrastructure and applications.
APO01.01 Design the management system for enterprise I&T.
Design a management system tailored to the needs of the enterprise. Management needs of the enterprise are defined through the use of the goals cascade and by application of design factors. Ensure the governance components are integrated and aligned with the enterprise’s governance and management philosophy and operating style.
APO01.02 Communicate management objectives, direction and decisions made.
Communicate awareness and promote understanding of alignment and I&T objectives to stakeholders throughout the enterprise. Communicate at regular intervals on important I&T-related decisions and their impact for the organization.
APO01.03 Implement management processes (to support the achievement of governance and management objectives).
Define target process capability levels and implementation priority based on the management system design.
APO01.04 Define and implement the organizational structures.
Put in place the required internal and extended organizational structures (e.g., committees) per the management system design, enabling effective and efficient decision making. Ensure that required technology and information knowledge is included in the composition of management structures.
APO01.05 Establish roles and responsibilities.
Define and communicate roles and responsibilities for enterprise I&T, including authority levels, responsibilities and accountability.
APO01.06 Optimize the placement of the IT function.
Position the IT capabilities in the overall organizational structure to reflect the strategic importance and operational dependency of IT within the enterprise. The reporting line of the CIO and representation of IT within senior management should be commensurate with the importance of I&T within the enterprise.
APO01.07 Define information (data) and system ownership.
Define and maintain responsibilities for ownership of information (data) and information systems. Ensure that owners classify information and systems and protect them in line with their classification.
APO01.08 Define target skills and competencies.
Define the required skills and competencies to achieve relevant management objectives.
APO01.09 Define and communicate policies and procedures.
Put in place procedures to maintain compliance with and performance measurement of policies and other components of the control framework. Enforce the consequences of noncompliance or inadequate performance. Track trends and performance and consider these in the future design and improvement of the control framework.
APO01.10 Define and implement infrastructure, services and
Define and implement infrastructure, services and applications to support the governance and management system (e.g., architecture repositories, risk management system, project management tools, cost tracking tools and incident monitoring tools).
APO01.11 Manage continual improvement of the I&T management
Continually improve processes and other management system components to ensure that they can deliver against governance and management objectives. Consider COBIT implementation guidance, emerging standards, compliance requirements, automation opportunities and the feedback of stakeholders.
Enterprise IT governance GOVN
The establishment and oversight of an organisation’s approach to the use of Information systems and digital services, and associated technology, in line with the needs of the principal stakeholders of the organisation and overall organisational corporate governance requirements. The determination and accountability for evaluation of current and future needs; directing the planning for both supply and demand of these services; the quality, characteristics, and level of IT services; and for monitoring the conformance to obligations (including regulatory, legislation, control, and other standards) to ensure positive contribution of IT to the organisation’s goals and objectives.
IT management ITMG
The management of the IT infrastructure and resources required to plan for, develop, deliver and support IT services and products to meet the needs of a business. The preparation for new or changed services, management of the change process and the maintenance of regulatory, legal and professional standards. The management of performance of systems and services in terms of their contribution to business performance and their financial costs and sustainability. The management of bought-in services. The development of continual service improvement plans to ensure the IT infrastructure adequately supports business needs.