COBIT® Process No. |
COBIT® Process Name |
Related Guidance Frameworks and Standards |
EDM01 |
Ensure Governance Framework Setting and Maintenance |
COSO, ISO/IEC 38500, King III, OECD |
EDM02 |
Ensure Benefits Delivery |
COSO, ISO/IEC 38500, King III |
EDM03 |
Ensure Risk Optimisation |
COSO/ERM, ISO/IEC 31000, ISO/IEC 38500, King III |
EDM04 |
Ensure Resource Optimisation |
ISO/IEC 38500, King III, TOGAF® 9 |
EDM05 |
Ensure Stakeholder Transparency |
COSO, ISO/IEC 38500, King III |
APO01 |
Manage the IT Management Framework |
ISO/IEC 20000, ISO/IEC 27002 |
APO02 |
Manage Strategy |
ITIL 2011 |
APO03 |
Manage Enterprise Architecture |
TOGAF® 9 |
APO04 |
Manage Innovation |
None |
APO05 |
Manage Portfolio |
ISO/IEC 20000, ITIL 2011, SFIA |
APO06 |
Manage Budget and Costs |
ISO/IEC 20000, ITIL 2011 |
APO07 |
Manage Human Resources |
ISO27002, SFIA |
APO08 |
Manage Relationships |
ISO/IEC 20000, ITIL 2011 |
APO09 |
Manage Service Agreements |
ISO/IEC 20000, ITIL 2011 |
APO10 |
Manage Suppliers |
ISO/IEC 20000, ITIL 2011, PMBOK® |
APO11 |
Manage Quality |
ISO 9001:2008 |
APO12 |
Manage Risk |
ISO27001:2005, ISO/IEC 27002:2011, ISO/IEC 31000 |
APO13 |
Manage Security |
ISO/IEC 27001:2005, ISO27002:2011, NIST SP800-53 Rev 1 |
BAI01 |
Manage Programmes and Projects |
PMBOK®, PRINCE2 |
BAI02 |
Manage Requirements Definitions |
ITIL 2011 |
BAI03 |
Manage Solutions Identification and Build |
None |
BAI04 |
Manage Availability and Capacity |
ISO/IEC 20000, ITIL 2011 |
BAI05 |
Manage Organisational Change Enablement |
Kotter (1996), Leading Change, Boston, Harvard Business School Press |
BAI06 |
Manage Changes |
ISO/IEC 20000, ITIL 2011 |
BAI07 |
Manage Change Acceptance and Transitioning |
ISO/IEC 20000, ITIL 2011, PMBOK®, PRINCE2 |
BAI08 |
Manage Knowledge |
ITIL 2011 |
BAI09 |
Manage Assets |
ITIL 2011 |
BAI10 |
Manage Configuration |
ISO/IEC 20000, ITIL 2011 |
DSS01 |
Manage Operations |
ITIL 2011 |
DSS02 |
Manage Service Requests and Incidents |
ISO/IEC 20000, ISO27002, ITIL 2011 |
DSS03 |
Manage Problems |
ISO/IEC 20000, ITIL 2011 |
DSS04 |
Manage Continuity |
BS 25999-2007 (now ISO22301:2012), ISO/IEC 27002:2011, ITIL 2011 |
DSS05 |
Manage Security Services |
ISO/IEC 27002:2011, NIST SP800-53 Rev 1, ITIL 2011 |
DSS06 |
Manage Business Process Controls |
None |
MEA01 |
Monitor, Evaluate and Assess Performance and Conformance |
ISO/IEC 20000, ITIL 2011 |
MEA02 |
Monitor, Evaluate and Assess the System of Internal Controls |
None |
MEA03 |
Monitor, Evaluate and Assess Compliance with External Requirements |
None |