COBIT 5-Self-Assessment Templates - BAI - 25 August 2015

The Self-assessment Guide is provided as a stand-alone guide, which can
less rigorous assessment of the capability of their IT processes. This may be a precursor to undertakin
assessment. The approach is based on the COBIT PAM used in the COBIT 5 Assessment Programm
requirements in support of the self assessment, nor does it require use of the COBIT PAM; suffici
full self-assessment template has been provided that simplifies the process without the need to refere
COBIT Assessment Programme.
Instructions
1. It is recommended that the assessment be undertaken by a small team or reviewed by a team of IT

although independent assessors are not required for this.
1. Use the Process results tab (example in appendix A of the guide) to summarize your results of the a
2. If a more rigoruous assessment is required and/or evidentiary requirements to be produced then us
templates at 3. and 4. of the toolkit
3. You are required to start at level 1 because that is where the specfic questions are asked about the
achieved.
4. At Level 1 For each process be assessed ask if the process is achieveing its outcomes, answer yes
comments to support your conclusion.
5. For Level 1 you can RATE each of the outcomes but the assessment approach requires an overall as
attribute level PA1.1
6. At higher levels you are no longer looking at specific process outcomes but at overall generi
to 5.
7. To PASS a particular level the process must be rated Largely or Fully, to move onto the next level al
example if PA2.1 is Largely and PA2.2 Fully, you are deemed to be at Level 2 but the overall Level 2 ra
assess at higher levels.
8. Use this process as a 'pre-cursor' to a more detailed assessment and not as the definitiv
processes.
PROCESS ASSESSMENT RESULTS

Process ID
Process Name
To be
Level 0
assessed
Level 1
Level 2
Processes for Governance of Enterprise IT Evaluate, Direct and Monitor

EDM01
EDM02
EDM03
EDM04
EDM05
Ensure Governance Framework Setting and

Maintenance
Ensure Benefits Delivery
Ensure Risk Optimisation
Ensure Resource Optimisation
Ensure Stakeholder Transparency
Align, Plan and Organise

APO01
APO02
APO03
APO04
APO05
APO06
APO07
APO08
APO09
APO10
APO11
APO12
APO13
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
Manage
the IT Management Framework

Strategy
Enterprise Architecture
Innovation
Portfolio
Budget and Costs
Human Resources
Relationships
Service Agreements
Suppliers
Quality
Risk
Security
Build, Acquire and Implement

BAI01
BAI02
BAI03
Manage Programmes and Projects

Manage Requirements Definition
Manage Solutions Identification and Build
Level 3
Level 4
Level 5
BAI04
BAI05
Manage Availability and Capacity

Manage Organisational Change Enablement
BAI06
BAI07
Manage Changes
Manage Change Acceptance and Transitioning
BAI08
BAI09
BAI10
Manage Knowledge
Manage Assets
Manage Configuration
Deliver, Service and Support

DSS01
DSS02
DSS03
DSS04
DSS05
DSS06
Manage
Manage
Manage
Manage
Manage
Manage
Operations
Service Requests and Incidents
Problems
Continuity
Security Services
Business Process Controls
Monitor, Evaluate and Assess

MEA01
Monitor, Evaluate and Assess Performance and

Conformance
MEA02
Monitor, Evaluate and Assess the System of Internal

Control
MEA03
Monitor, Evaluate and Assess Compliance with

External Requirements
N- 0%-15%
P- 15%-50%
N Not Achieved
P Partially Achieved
L Largely Achieved
F- Fully Achieved
L- 50%-85%
F- 85%-100%
Self-assessmentTemplate (Appendix D of the Self-assessment Guide)

Process Name Level 0
BAI01
Rating by
Criteria
Capability
Level Achieved
N- 0%-15%
P- 15%-50%
L- 50%-85%
N Not Achieved
L Largely Achieved
F- Fully Achieved
BAI01
Purpose
Assess whether the following

outcomes are achieved.
Level 0
Incomplete
The process is not implemented,

or fails to achieve its process
purpose.
Level 1
Performed
PA 1.1 The implemented process

achieves its process purpose.
Level 1
Performed
Level 2
Managed
PA 2.1 Performance Management

- A measure of the extent to
which the performance of the
process is managed.
PA 2.2 Work Product Management

which the work products
produced by the process are
appropriately managed. The
work products (or outputs from
the process) are defined and
controlled.

controlled.
Level 3
Established
PA 3.1 Process Definition - A

measure of the extent to which a
standard process is maintained to
support the deployment of the
defined process.
PA 3.2 Process Deployment - A

measure of the extent to which
the standard process is
effectively deployed as a defined
process to achieve its process
outcomes.
Level 4
Predictable
PA 4.1 Process Measurement - A

measurement results are used to
ensure that performance of the
process supports the
achievement of relevant process
performance objectives in support
of defined business goals.

PA 4.2 Process Control - A

the process is quantitatively
managed to produce a process
that is stable, capable and
predictable within defined limits.
Level 5
Optimizing.
PA 5.1 Process innovation - A

changes to the process are
identified from analysis of
common causes of variation in
performance, and from
investigations of innovative
approaches to the definition and
deployment of the process.
PA 5.2 Process optimisation - A

changes to the definition,
management and performance of
the process result in effective
impact that achieves the relevant
process improvement objectives.
mplate (Appendix D of the Self-assessment Guide)

Level 1
Level 2
PA 1.1
PA 2.1
L- 50%-85%
F- 85%-100%
Realise business benefits and reduce the risk of unexpected delays, costs and value erosion by improving communication
maximising their contribution to the investment and services portfolio.
Criteria
At this level, there is little or no evidence of any achievement of
the process purpose.
The following process outcomes are being achieved:
Criteria Are
Met Y/N
Y
Overall rati
BAI01-O1 Relevant stakeholders are engaged in the

programmes and projects.
BAI01-O2 The scope and outcomes of programmes and projects

are viable and aligned with objectives.
BAI01-O3 Programme and project plans are likely to achieve the

expected outcomes.
BAI01-O4 The programme and project activities are executed

according to the plans.
BAI01-O5 There are sufficient programme and project resources

to perform activities according to the plans.
BAI01-O6 The programme and project expected benefits are

achieved and accepted.
As a result of full achievement of this attribute:

a)Objectives for the performance of the process are
identified.
b)Performance of the process is planned and monitored.
c)Performance of the process is adjusted to meet plans.
d)Responsibilities and authorities for performing the
process are defined, assigned and communicated.
e)Resources and information necessary for performing
the process are identified, made available, allocated and
used.
f)Interfaces between the involved parties are
managed to ensure both effective communication and
also clear assignment of responsibility.
a)Requirements for the work products of the process are
defined.
b)Requirements for documentation and control of the

work products are defined.
c) Work products are appropriately identified,
documented, and controlled.
d)Work products are reviewed in accordance with planned
arrangements and adjusted as necessary to meet
requirements.
a)A standard process, including appropriate tailoring
guidelines, is defined that describes the fundamental
elements that must be incorporated into a defined process.
b)The sequence and interaction of the standard process

with other processes is determined.
c) Required competencies and roles for performing a
process are identified as part of the standard process.
d)Required infrastructure and work environment for
performing a process are identified as part of the
standard process.
e)Suitable methods for monitoring the effectiveness and
suitability of the process are determined.
a)A defined process is deployed based upon an
appropriately selected and/or tailored standard process.
b)Required roles, responsibilities and authorities for
performing the defined process are assigned and
communicated.
c)Personnel performing the defined process are
competent on the basis of appropriate education, training,
and experience.
d)Required resources and information necessary for
performing the defined process are made available,
allocated and used.
e)Required infrastructure and work environment for
managed and maintained.
f)Appropriate data are collected and analysed as a
basis for understanding the behaviour of, and to
demonstrate the suitability and effectiveness of the
process, and to evaluate where continuous
improvement of the process can be made.
a)Process information needs in support of relevant
defined business goals are established.
b)Process measurement objectives are derived from
process information needs.
c)Quantitative objectives for process performance in
support of relevant business goals are established.
d)Measures and frequency of measurement are identified

and defined in line with process measurement objectives
and quantitative objectives for process performance.
e)Results of measurement are collected, analysed and
reported in order to monitor the extent to which the
quantitative objectives for process performance are met.
f) Measurement results are used to characterise process
performance.
a) Analysis and control techniques are determined and
applied where applicable.
b)Control limits of variation are established for normal
process performance.
c)Measurement data are analysed for special causes of
variation.
d)Corrective actions are taken to address special causes of
variation.
e)Control limits are re-established (as necessary) following
corrective action.
a) Pprocess improvement objectives for the process are
defined that support the relevant business goals.
b) Appropriate data are analysed to identify common
causes of variations in process performance.
c)Appropriate data are analysed to identify opportunities
for best practice and innovation.
d)Improvement opportunities derived from new
technologies and process concepts are identified.
e)An implementation strategy is established to achieve the
a) Impact of all proposed changes is assessed against the
objectives of the defined process and standard process.
b) Implementation of all agreed changes is managed to
ensure that any disruption to the process performance is
understood and acted upon.
c)Basedonactualperformance,effectiveness of process change is
evaluated against the defined product requirements and
process objectives to determine whether results are due to
common or special causes.
vel 2
PA 2.2
costs and value erosion by improving communications to and involvement of business and end users, ensuring the value and quality
o.
Question
Does the Company have policies and

prcoedures, or existing processes for IT
programme and project management
(planning, execution, monitoring)?
Overall rating for the process
Comment
- Does the stakeholder involved in work and

decision making for each of the
programmes and projects?
- Apakah setiap pemangku kepentingan
dilibatkan dalam setiap pengerjaan dan
pengambilan keputusan untuk setiap
program dan proyek yang dilakukan?
- Who is the stakeholder which directly
drives in every crucial project at PT
Asuransi Maipark Indonesia?
- Siapa pemangku kepentingan yang secraa
langsung menjadi penggerak pada setiap
proyek krusial pada PT Asuransi Maipark
Indonesia?
- Does the project is done and designed to
have a specific scope and have clear
objectives and results?
- Apakah setiap proyek yang dilakukan dan
dirancang untuk mempunyai ruang lingkup
yang spesifik dan memiliki tujuan dan hasil
yang jelas?
- Does the information technology projects

undertaken are designed to achieve a
desired standard in helping achieve
business goals of the company?
- apakah proyek teknologi informasi yang
dikerjakan dirancang untuk mencapai suatu
standar yang diinginkan dalam membantu
mencapai tujuan bisnis perusahaan?
- Does the infrastructure of information
technology designed to accept the required
standards?
- apakah infrastruktur teknologi informasi
dirancang untuk bisa menerima standar
yang diinginkan tersebut?
- Does in every projects, schedules and

milestones are clear defined?
- Apakah dalam setiap projek, jadwal, dan
pencapaian ditetapkan secara jelas?
- Does there is a second priority and the
third priority in each and every priority
project has a clear priod of completion?
- apakah terdapat prioritas kedua dan
prioritas ketiga dalam setiap proyek dan
setiap prioritas tersebut memiliki jangka
waktu penyelesaian yang jelas?
- Does the company conducts mature

allocations of programs and resource in any
project planning?
- apakah perusahaan melakukan alokasi
program dan sumber daya yang matang
dalam setiap perencanaan proyek?
- Does the entire project and information
technology program is designed to support
business operations and the company's
goals?
- apakah seluruh proyek dan program
teknologi informasi dirancang untuk dapat
mendukung operasional bisnis dan tujuan
perusahaan?
Level 3
PA 3.1
Level 4
PA 3.2
PA 4.1
PA 4.2
suring the value and quality of project deliverables and
Not achieved
(0-15%)
Partially
Achieved
(15% -50%)
Largely
Achieved
Fully Achieved
(50% - 85%)
(85-100%)

BAI02
Rating by
Criteria
Capability
Level Achieved
N- 0%-15%
P- 15%-50%
L- 50%-85%
N Not Achieved
L Largely Achieved
F- Fully Achieved
Define Requirements
BAI02
Purpose

Level 0
Incomplete

purpose.
Level 1
Performed

Level 2
Managed

process is managed.

controlled.
Level 3
Established

defined process.

outcomes.
Level 4
Predictable


Level 5
Optimizing.



Level 1
Level 2
PA 1.1
PA 2.1
L- 50%-85%
F- 85%-100%
Define Requirements
Create feasible optimal solutions that meet enterprise needs while minimising risk.
Criteria
At this level, there is little or no evidence of any achievement of
the process purpose.

BAI02-O1 Business functional and technical requirements reflect
enterprise needs and expectations.
Criteria Are
Met Y/N
Y
Overall ratin
BAI02-O2 The proposed solution satisfies business functional,

technical and compliance requirements.
BAI02-O3 Risk associated with the requirements has been

addressed in the proposed solution.
BAI02-O4 Requirements and proposed solutions meet business

case objectives (value expected and likely costs).

identified.
b)Performance of the process is planned and monitored.
c)Performance of the process is adjusted to meet plans.
e)Resources and information necessary for performing
the process are identified, made available, allocated and
used.

managed to ensure both effective communication and
also clear assignment of responsibility.
a)Requirements for the work products of the process are
defined.
b)Requirements for documentation and control of the
work products are defined.
d)Work products are reviewed in accordance with planned
arrangements and adjusted as necessary to meet
requirements.
elements that must be incorporated into a defined process.
b)The sequence and interaction of the standard process

with other processes is determined.
c) Required competencies and roles for performing a
process are identified as part of the standard process.
d)Required infrastructure and work environment for
standard process.
e)Suitable methods for monitoring the effectiveness and
suitability of the process are determined.
appropriately selected and/or tailored standard process.
b)Required roles, responsibilities and authorities for
performing the defined process are assigned and
communicated.
competent on the basis of appropriate education, training,
and experience.
d)Required resources and information necessary for
allocated and used.
e)Required infrastructure and work environment for
managed and maintained.
f)Appropriate data are collected and analysed as a
basis for understanding the behaviour of, and to
demonstrate the suitability and effectiveness of the
process, and to evaluate where continuous

d)Measures and frequency of measurement are identified
and defined in line with process measurement objectives
and quantitative objectives for process performance.
e)Results of measurement are collected, analysed and
reported in order to monitor the extent to which the
quantitative objectives for process performance are met.
f) Measurement results are used to characterise process
performance.
c)Measurement data are analysed for special causes of
variation.
d)Corrective actions are taken to address special causes of
variation.
e)Control limits are re-established (as necessary) following
corrective action.
a) Pprocess improvement objectives for the process are
defined that support the relevant business goals.
c)Appropriate data are analysed to identify opportunities
for best practice and innovation.
e)An implementation strategy is established to achieve the
a) Impact of all proposed changes is assessed against the
objectives of the defined process and standard process.
b) Implementation of all agreed changes is managed to
ensure that any disruption to the process performance is
understood and acted upon.
evaluated against the defined product requirements and
process objectives to determine whether results are due to
common or special causes.
vel 2
PA 2.2
minimising risk.
Question
Does the Company have documentation

of for the definition of business
functional and technical requirements
and feasibility study for IT projects?
- Does the project proposals and

information technology program
outlining in detail the functions of
business and technical needs and
expectations of the company?
- apakah proposal proyek dan program
teknologi informasi menjabarkan dengan
rinci fungsi bisnis dan teknis kebutuhan
dan harapan perusahaan?
Comment
- Does all projects and programs

designed information technology has
fulfilled business functional, technical
and compliance requirement at the
company?
teknologi informasi yang dirancang telah
memenuhi fungsi bisnis, teknis, dan
kebutuhan kepatuhan di Perusahaan ?
- Does all projects and programs
designed information technology has
fulfilled business functional, technical
and compliance requirement at the
OJK/BI?
teknologi informasi yang dirancang telah
memenuhi fungsi bisnis, teknis, dan
kebutuhan kepatuhan di OJK/BI ?
- Does the company has a risk

management documentation for each
risk will occur at the company?
- apakah perusahaan memiliki
dokumentasi manajemen resiko untuk
setiap resiko yang akan terjadi di
perusahaan?
- Does the entire project proposal and
information technology program describe
the budget and the results to be
obtained?
- apakah seluruh proposal proyek dan
program teknologi informasi
menjabarkan mengenai anggaran biaya
yang dibutuhkan dan hasil yang akan
didapatkan?
Level 3
PA 3.1
Not achieved
(0-15%)
Level 4
PA 3.2
Partially
Achieved
(15% -50%)
PA 4.1
PA 4.2
Largely
Achieved
Fully Achieved
(50% - 85%)
(85-100%)

BAI03
Rating by
Criteria
Capability
Level Achieved
N- 0%-15%
P- 15%-50%
L- 50%-85%
N Not Achieved
L Largely Achieved
F- Fully Achieved
Identify and Build Solutions
BAI03
Purpose

Level 0
Incomplete

purpose.
Level 1
Performed

Level 2
Managed

process is managed.

controlled.

controlled.
Level 3
Established

defined process.

outcomes.
Level 4
Predictable

Level 4
Predictable


Level 5
Optimizing.




Level 1
Level 2
PA 1.1
PA 2.1
L- 50%-85%
F- 85%-100%
Identify and Build Solutions

Establish timely and cost-effective solutions capable of supporting enterprise strategic and operational objectives.
Criteria
At this level, there is little or no evidence of any
achievement of the process purpose.

BAI03-O1 The solution design, including relevant
components, meets enterprise needs, aligns with
standards and addresses all identified risk.
Criteria Are
Met Y/N
Y
Overall rating fo
BAI03-O2 The solution conforms to the design, is in

accordance with organisational standards, and has
appropriate control, security and auditability.
BAI03-O3 The solution is of acceptable quality and has

been successfully tested.
BAI03-O4 Approved changes to requirements are

correctly incorporated into the solution.
BAI03-O5 Maintenance activities successfully address

business and technological needs.

a)Objectives for the performance of the process
are identified.
b)Performance of the process is planned and
monitored.
c)Performance of the process is adjusted to meet
plans.
d)Responsibilities and authorities for performing
the process are defined, assigned and
communicated.
e)Resources and information necessary for
performing the process are identified, made
available, allocated and used.
managed to ensure both effective
communication and also clear assignment of
responsibility.
a)Requirements for the work products of the
process are defined.
b)Requirements for documentation and control of
the work products are defined.

d)Work products are reviewed in accordance with
planned arrangements and adjusted as necessary to
meet requirements.
a)A standard process, including appropriate
tailoring guidelines, is defined that describes the
fundamental elements that must be incorporated
into a defined process.
b)The sequence and interaction of the standard
process with other processes is determined.
c) Required competencies and roles for
standard process.
d)Required infrastructure and work
environment for performing a process are
identified as part of the standard process.
e)Suitable methods for monitoring the
effectiveness and suitability of the process are
determined.
appropriately selected and/or tailored standard
process.
b)Required roles, responsibilities and
authorities for performing the defined process
are assigned and communicated.
competent on the basis of appropriate education,
training, and experience.
d)Required resources and information
necessary for performing the defined process are
made available, allocated and used.
e)Required infrastructure and work
environment for performing the defined process
are made available, managed and maintained.
f)Appropriate data are collected and analysed
as a basis for understanding the behaviour of,
and to demonstrate the suitability and
effectiveness of the process, and to evaluate
where continuous improvement of the process can
be made.
b)Process measurement objectives are derived

from process information needs.
c)Quantitative objectives for process performance
in support of relevant business goals are
established.
d)Measures and frequency of measurement are
identified and defined in line with process
measurement objectives and quantitative objectives
for process performance.
e)Results of measurement are collected, analysed
and reported in order to monitor the extent to which
the quantitative objectives for process performance
are met.
f) Measurement results are used to characterise
a) Analysis and control techniques are determined
and applied where applicable.
b)Control limits of variation are established for
normal process performance.
c)Measurement data are analysed for special
causes of variation.
d)Corrective actions are taken to address special
e)Control limits are re-established (as necessary)
following corrective action.
a) Pprocess improvement objectives for the process
are defined that support the relevant business goals.
c)Appropriate data are analysed to identify
opportunities for best practice and innovation.
e)An implementation strategy is established to
achieve the process improvement objectives.

a) Impact of all proposed changes is assessed
against the objectives of the defined process and
standard process.
b) Implementation of all agreed changes is
managed to ensure that any disruption to the
process performance is understood and acted upon.
c)Basedonactualperformance,effectiveness of process change

is evaluated against the defined product
requirements and process objectives to determine
whether results are due to common or special
causes.
vel 2
PA 2.2
rting enterprise strategic and operational objectives.
Question
Does the Company have existing process, or

policies and procedures, for the design and
development of IT solutions?
- Does the company have written SOP and

build solution for manage the Exist project and
aligns with standards and addressess all
identified risk?
- Apakah perusahaan mempunyai SOP tertulis
dan pembuatan solusi untuk memelihara
proyek yang ada dan sejalan dengan standar
dan mengidentifikasi seluruh resiko yang ada?
Comment
- Does the company have written SOP and

build solution in accordance with
organisational standard, and has appropriate
control, security, and auditability?
- Apakah perusahaan mempunyai SOP tertulis
dan pembuatan solusi yang sesuai dengan
standar organisasi, pengendalian yang tepat,
keamanan dan auditability?
- Does the existing SOP has been approved by
the authorities and conducted an adequate
test?
- Apakah SOP yang ada sudah disetujui oleh
pihak berwenang dan dilakukan test yang
memadai?
- Does designed solution has been through

testing by the R & D section, so the quality is
in accordance with the desired?
- Apakah solusi yang dirancang sudah melalui
pengujian oleh bagian R&D sehingga
kualitasnya sudah sesuai dengan yang
diinginkan?
- Does any solution is used regularly and
properly maintained by the company?
- Apakah setiap solusi digunakan secara rutin
dan dipelihara dengan baik oleh perusahaan?
Level 3
PA 3.1
Not achieved
(0-15%)
Level 4
PA 3.2
Partially
Achieved
(15% -50%)
PA 4.1
PA 4.2
Largely
Achieved
Fully Achieved
(50% - 85%)
(85-100%)

BAI04
Rating by
Criteria
Capability
Level Achieved
N- 0%-15%
P- 15%-50%
L- 50%-85%
N Not Achieved
L Largely Achieved
F- Fully Achieved
Manage Availability & Capacity
BAI04
Purpose

Level 0
Incomplete

purpose.
Level 1
Performed

Level 2
Managed

process is managed.

controlled.
Level 3
Established

defined process.

outcomes.
Level 4
Predictable


Level 5
Optimizing.



Level 1
Level 2
PA 1.1
PA 2.1
L- 50%-85%
F- 85%-100%
Manage Availability & Capacity
Maintain service availability, efficient management of resources, and optimisation of system performance through predic
Criteria

BAI04-O1 The availability plan anticipates the business
expectation of critical capacity requirements.
Criteria Are
Met Y/N
Y
Overall rating for
BAI04-O2 Capacity, performance and availability meet

requirements.
BAI04-O3 Availability, performance and capacity issues are

identified and routinely resolved.

identified.
monitored.
c)Performance of the process is adjusted to meet
plans.
performing the process are identified, made available,
allocated and used.
managed to ensure both effective communication
and also clear assignment of responsibility.
a)Requirements for the work products of the process
are defined.
b)Requirements for documentation and control of
the work products are defined.
d)Work products are reviewed in accordance with
planned arrangements and adjusted as necessary to
meet requirements.
elements that must be incorporated into a defined
process.
c) Required competencies and roles for performing

a process are identified as part of the standard
process.
d)Required infrastructure and work environment
for performing a process are identified as part of
the standard process.
e)Suitable methods for monitoring the effectiveness
and suitability of the process are determined.
process.
b)Required roles, responsibilities and authorities
for performing the defined process are assigned
and communicated.
d)Required resources and information necessary
for performing the defined process are made
e)Required infrastructure and work environment
for performing the defined process are made
available, managed and maintained.
f)Appropriate data are collected and analysed as
a basis for understanding the behaviour of, and
to demonstrate the suitability and effectiveness of
the process, and to evaluate where continuous

measurement objectives and quantitative objectives
for process performance.
e)Results of measurement are collected, analysed
and reported in order to monitor the extent to which
the quantitative objectives for process performance
are met.

c)Measurement data are analysed for special causes
of variation.
a) Pprocess improvement objectives for the process
are defined that support the relevant business goals.

a) Impact of all proposed changes is assessed against
the objectives of the defined process and standard
process.
b) Implementation of all agreed changes is managed
to ensure that any disruption to the process
performance is understood and acted upon.
evaluated against the defined product requirements
and process objectives to determine whether results
are due to common or special causes.
vel 2
PA 2.2
, and optimisation of system performance through prediction of future performance and capacity requirements.
Question
Does the Company have existing

process, or policies and procedures, for
the assessment of the availability,
performance and capacity of services
and resources?
- Does the company has SOP regarding

capacity planning?
- Apakah Perusahaan memiliki SOP
mengenai perencanaan kapasitas ?
- Does the company have plan for
anticipate availability of capacity when in
the critical condition?
- Apakah Perusahaan memiliki rencana
antisipasi ketersediaan kapasitas pada
saat kondisi kritis?
Comment
- Does the IT Infrastructure adequately

support the business application ?
- Apakah infrastrutur IT secara memadai
mendukung aplikasi bisnis?
- Does the company conducts periodic

maintenance availability, performance
and capacity of IT Infrastructure?
- Apakah perusahaan melakukan
pemeliharaan berkala terhadap
ketersediaan, kinerja, dan kapasitas dari
infrastruktur IT?
Level 3
PA 3.1
Level 4
PA 3.2
PA 4.1
PA 4.2
uirements.
Not achieved
(0-15%)
Partially
Achieved
(15% -50%)
Largely
Achieved
Fully Achieved
(50% - 85%)
(85-100%)

BAI06
Rating by
Criteria
Capability
Level Achieved
N- 0%-15%
P- 15%-50%
L- 50%-85%
N Not Achieved
L Largely Achieved
F- Fully Achieved
Manage Changes
BAI06
Purpose

Level 0
Incomplete

purpose.
Level 1
Performed

Level 1
Performed
Level 2
Managed

process is managed.

controlled.
Level 3
Established

defined process.
Level 3
Established

defined process.

outcomes.
Level 4
Predictable



Level 5
Optimizing.



Level 1
Level 2
PA 1.1
PA 2.1
L- 50%-85%
F- 85%-100%
Manage Changes
Enable fast and reliable delivery of change to the business and mitigation of the risk of negatively impacting the stability
Criteria
Criteria Are
Met Y/N
Y
Overall rating for t
BAI06-O1 Authorised changes are made in a timely

manner and with minimal errors.
BAI06-O2 Impact assessments reveal the effect of the

change on all affected components.
BAI06-O3 All emergency changes are reviewed and

authorised after the change.
BAI06-O4 Key stakeholders are kept informed of all

aspects of the change.

a)Objectives for the performance of the process
are identified.
monitored.
c)Performance of the process is adjusted to
meet plans.
d)Responsibilities and authorities for performing
the process are defined, assigned and
communicated.
performing the process are identified, made
f)Interfaces between the involved parties
are managed to ensure both effective
communication and also clear assignment of
responsibility.
a)Requirements for the work products of the
process are defined.
b)Requirements for documentation and control
of the work products are defined.
d)Work products are reviewed in accordance
with planned arrangements and adjusted as
necessary to meet requirements.
a)A standard process, including appropriate

tailoring guidelines, is defined that describes the
fundamental elements that must be incorporated
into a defined process.
c) Required competencies and roles for
standard process.
d)Required infrastructure and work
environment for performing a process are
identified as part of the standard process.
e)Suitable methods for monitoring the
effectiveness and suitability of the process are
determined.
process.
b)Required roles, responsibilities and
authorities for performing the defined process
are assigned and communicated.
d)Required resources and information
necessary for performing the defined process
are made available, allocated and used.
e)Required infrastructure and work
environment for performing the defined
process are made available, managed and
maintained.
f)Appropriate data are collected and
analysed as a basis for understanding the
behaviour of, and to demonstrate the
suitability and effectiveness of the process,
and to evaluate where continuous
a)Process information needs in support of
relevant defined business goals are established.
b)Process measurement objectives are derived
from process information needs.
c)Quantitative objectives for process
performance in support of relevant business goals
are established.

measurement objectives and quantitative
objectives for process performance.
e)Results of measurement are collected,
analysed and reported in order to monitor the
extent to which the quantitative objectives for
process performance are met.
a) Analysis and control techniques are determined
and applied where applicable.
b)Control limits of variation are established for
normal process performance.
c)Measurement data are analysed for special
a) Pprocess improvement objectives for the
process are defined that support the relevant
business goals.
b) Appropriate data are analysed to identify
common causes of variations in process
performance.

a) Impact of all proposed changes is assessed
against the objectives of the defined process and
standard process.
b) Implementation of all agreed changes is
managed to ensure that any disruption to the
process performance is understood and acted
upon.
c)Basedonactualperformance,effectiveness of process
change is evaluated against the defined product
requirements and process objectives to determine
whether results are due to common or special
causes.
vel 2
PA 2.2
and mitigation of the risk of negatively impacting the stability or integrity of the changed environment.
Question
Does the Company have existing process, or

policies and procedures, on change
management for both standard changes and
emergency maintenance relating to business
processes, application and architecture? This
covers change standards and procedures,
impact assessment, prioritization and
authorization, emergency changes, tracking,
reporting, closure and documentation.
Comment
- Does there is a SOP regarding changes

activity are made by the company?
- Apakah terdapat SOP mengenai aktivitas
perubahan yang dibuat oleh Perusahaan?
- Does there is application changes or
hardware changes are made in this year?
- Apakah terdapat perubahan aplikasi atau
perubahan hardware yang dibuat dalam
tahun ini?
- If Yes, Does that changes are approved by
authorized party?
- Jika ya, apakah perubahan tersebut
disetujui oleh pihak yang berwenang?
- Does there is documentation of the impact

of the effect of the changes made on the IT
component?
- apakah terdapat dokumentasi mengenai
dampak pengaruh terhadap perubahan yang
dilakukan atas komponen IT?
- Does there is a SOP regarding emergency

changes activity are made by the company?
- Apakah terdapat SOP mengenai aktivitas
perubahan darurat yang dibuat oleh
Perusahaan?
- If Yes, Does that changes are approved by
authorized party?
- Jika ya, apakah perubahan tersebut
disetujui oleh pihak yang berwenang?
- Does the company conduct a review of the
changes made?
- Apakah perusahaan melakukan review
terhadap perubahan yang dilakukan?
- Does the changes made by the company

communicated to stakeholders?
- Apakah perubahan yang dilakukan oleh
perusahaan diinformasikan kepada para
pemangku kepentingan?
- If yes, through what media the information
given to stakeholders?
- Jika ya, melalui media apa informasi
tersebut diberikan kepada para pemangku
kepentingan ?
- Does the stakeholders are given the
opportunity to give feedback on the changes
made by the Company?
- Apakah para pemangku kepentingan
diberikan kesempatan untuk dapat
memberikan masukan terhadap perubahan
yang dilakukan oleh Perusahaan?
Level 3
PA 3.1
Not achieved
(0-15%)
Level 4
PA 3.2
Partially
Achieved
(15% -50%)
PA 4.1
PA 4.2
Largely
Achieved
Fully Achieved
(50% - 85%)
(85-100%)

COBIT 5-Self-Assessment Templates - BAI - 25 August 2015

Cargado por

Información del documento

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

COBIT 5-Self-Assessment Templates - BAI - 25 August 2015

Cargado por

Copyright:

Formatos disponibles

The Self-assessment Guide is provided as a stand-alone guide, which can

1. It is recommended that the assessment be undertaken by a small team or reviewed by a team of IT

PROCESS ASSESSMENT RESULTS

Processes for Governance of Enterprise IT Evaluate, Direct and Monitor

Ensure Governance Framework Setting and

Align, Plan and Organise

the IT Management Framework

Build, Acquire and Implement

Manage Programmes and Projects

Manage Availability and Capacity

Deliver, Service and Support

Monitor, Evaluate and Assess

Monitor, Evaluate and Assess Performance and

Monitor, Evaluate and Assess the System of Internal

Monitor, Evaluate and Assess Compliance with

Self-assessmentTemplate (Appendix D of the Self-assessment Guide)

Manage Programmes and Projects

Assess whether the following

The process is not implemented,

PA 1.1 The implemented process

PA 2.1 Performance Management

PA 2.2 Work Product Management

PA 2.2 Work Product Management

PA 3.1 Process Definition - A

PA 3.2 Process Deployment - A

PA 4.1 Process Measurement - A

achievement of relevant process

PA 4.2 Process Control - A

PA 5.1 Process innovation - A

PA 5.2 Process optimisation - A

mplate (Appendix D of the Self-assessment Guide)

Manage Programmes and Projects

The following process outcomes are being achieved:

BAI01-O1 Relevant stakeholders are engaged in the

BAI01-O2 The scope and outcomes of programmes and projects

BAI01-O3 Programme and project plans are likely to achieve the

BAI01-O4 The programme and project activities are executed

BAI01-O5 There are sufficient programme and project resources

BAI01-O6 The programme and project expected benefits are

As a result of full achievement of this attribute:

b)Requirements for documentation and control of the

b)The sequence and interaction of the standard process

d)Measures and frequency of measurement are identified

Does the Company have policies and

Overall rating for the process

- Does the stakeholder involved in work and

- Does the information technology projects

- Does in every projects, schedules and

- Does the company conducts mature

suring the value and quality of project deliverables and

Self-assessmentTemplate (Appendix D of the Self-assessment Guide)

Assess whether the following

The process is not implemented,

PA 1.1 The implemented process

PA 2.1 Performance Management

PA 2.2 Work Product Management

PA 3.1 Process Definition - A

PA 3.2 Process Deployment - A

PA 4.1 Process Measurement - A

PA 4.2 Process Control - A

PA 5.1 Process innovation - A

PA 5.2 Process optimisation - A

mplate (Appendix D of the Self-assessment Guide)