This is the continuation of a series of articles published in COBIT Focus beginning in September 2017. The first article 1 discussed the approach for mapping COBIT 5 with the Project Management Institute (PMI’s) standards and publication A Guide to the Project Management Body of Knowledge ( PMBOK Guide). The second article discussed the differences between PMI standards and COBIT 5 at a high level. 2
PMI published the standards shown in figure 1 that have been adopted by many organizations. Each of these publications has identified and defined processes for implementing these standards. Each standard has a different number of processes, as shown in the second column of figure 1.
Figure 1—PMI Publications
| Name of Publication | Process Groups | Number of Processes |
| A Guide to the Project Management Body of Knowledge 5 th Edition (PMBOK) | 3 | 15 |
| The Standard for Portfolio Management 3 rd Edition | 5 | 36 |
| The Standard for Portfolio Management 3 rd Edition | 5 | 47 |
This article provides a mapping of the portfolio management standards with the COBIT 5 processes. The approach shown in figure 2 was developed to map the PMI standards with COBIT 5 processes.
Figure 2—Approach for Mapping PMI Standards With COBIT 5 Processes
PMI has revised the publications noted with a fourth edition, updating portfolio
3
and program management.
4
A sixth edition of PMBOK
5
was published in September 2017. However, since this mapping was undertaken prior to these publications, the standards
listed in
figure 1 are described herein. The changes in new editions shall be discussed subsequently.
Since PMI standards are in depth, there are few gaps in activities. COBIT 5 has not specifically identified these activities, but references them.
Portfolio Management
Portfolio management is the highest level of the organization that is responsible for defining, authorizing and supervising programs and projects. Considering it is the highest level in the organizational structure, it should align programs and projects with the organization’s objectives and strategies. Therefore, the portfolio management processes should include governance processes (Evaluate, Direct and Monitor).
The PMI portfolio management standard identifies 5 different knowledge areas for defining processes:
- Strategic management
- Governance management
- Performance management
- Communication management
- Risk management
Portfolio management standards emphasize that organizations need to ensure that their portfolio management processes are defined in alignment with organizational strategy. The standard recommends that organizations categorize processes into 3 groups:
- Defining processes
- Aligning processes
- Controlling and managing processes
PMI’s portfolio management standard 6 identifies 16 generic processes for portfolio management in 3 process groups ( figure 3). These processes are interlinked and need to be implemented by considering their interdependencies with the 3 process groups based on the knowledge areas. For example, the knowledge area Governance Management has processes in all 3 process groups since COBIT 5 is a framework for governance of enterprise IT (GEIT). When mapping processes related to governance, one needs to consider knowledge areas. Process groups help establish interdependencies.
Figure 3—Portfolio Management Processes
|
Process Group
|
Knowledge Area
|
Process
|
Description
|
| Defining |
Strategic Management |
Develop Portfolio Strategic Plan | Align portfolio objectives with enterprise strategic objectives and goals. |
| Develop Portfolio Charter | Define objectives, scope, deliverables, success criteria and time lines, and identify stakeholders. | ||
| Define Portfolio Roadmap | Identify portfolio components, dependencies, milestones and deliverables. | ||
| Governance Management | Develop Portfolio
Management Plan |
Develop a plan for governing and managing portfolio activities, change management, performance monitoring and reporting, processes for procurement, and compliance. | |
| Define Portfolio | Identify and list components including programs, projects, resources, cost and time lines. | ||
| Performance Management | Define Portfolio Performance Management Plan | Develop a plan to manage the performance of the portfolio and its components to ensure that the organization’s objectives are achieved. | |
| Communication Management | Define Portfolio Communication Management Plan | Identify stakeholders, determine communication requirements and develop a communication plan. | |
| Risk Management | Define Portfolio Risk Management Plan | Develop a portfolio risk management plan. | |
| Aligning | Strategic Management | Manage Strategic Change | Evaluate strategic changes within the organization and their impact on portfolio objectives and deliverables, and update the portfolio management plan as needed. |
| Governance Management | Optimize Portfolio | Continuously analyze the components to ensure that resources are effectively performing to achieve the organization’s objectives. | |
|
Performance Management |
Manage Supply and Demand | Manage the availability of resources for each component of the portfolio. | |
| Manage Portfolio Value | Capture, measure and report value creation by the portfolio. | ||
| Communication Management | Manage Portfolio Information | Execute the communication plan. | |
| Risk Management | Manage Portfolio Risks | Execute the portfolio risk management plan. | |
| Authorizing and Controlling |
Governance Management |
Authorize Portfolio | Authorize portfolio components and resources (a necessary process for governance). |
| Provide Portfolio Oversight | Monitor the performance of the portfolio relative to its alignment with defined objectives and provide directions in cases where deviation is observed. |
The portfolio management standard of PMI is for organizations that have multiple portfolios, whereas the primary focus of COBIT 5 is the IT portfolio. Considering this, the effort has been made to map PMI’s processes with those of COBIT 5. Since direct mapping is not possible, the management practices of the process reference model of COBIT 5 was considered. The ISACA publication COBIT 5: Enabling Processes provides a detailed description of processes at activity levels, hence it was used while mapping. The mapping is shown in figure 4.
Figure 4—Portfolio Management Standard and COBIT 5 Process Mapping
|
PMI's Portfolio Standard Processes
|
Process Group
|
COBIT 5 Process
|
COBIT 5 Management Practices
|
| Develop Portfolio Strategic Plan | Defining | APO02 Manage Strategy | APO02.05 Define the strategic plan and road map. |
| EDM02 Ensure Benefits Delivery | EDM02.03 Monitor value optimization.
EDM02.02 Direct value optimization. EDM02.03 Monitor value optimization. |
||
| Develop Portfolio Charter | Defining | APO02 Manage Strategy | APO02.05 (Indirect) Define the strategic plan and road map. |
| APO05 Manage Portfolio | APO05.05 Maintain portfolios. | ||
| Define Portfolio Roadmap | Defining | APO02 Manage Strategy | APO02.05 Define the strategic plan and road map. |
| APO05 Manage Portfolio | APO05.01 Establish the target investment mix.
APO05.02 Determine the availability and sources of funds. APO05.03 Evaluate and select programs to fund. |
||
| Develop Portfolio Management Plan | Defining | APO02 Manage Strategy | APO02.05 Define the strategic plan and road map. |
| APO05 Manage Portfolio | APO05.03 Evaluate and select programs to fund.
APO05.05 Maintain portfolios. |
||
| Define Portfolio | Defining | APO02 Manage Strategy | APO02.05 Define the strategic plan and road map. |
| Define Portfolio Performance Management Plan | Defining | APO02 Manage Strategy | APO02.05 Define the strategic plan and road map. |
| APO05 Manage Portfolio | APO05.01 Establish the target investment mix.
APO05.04 Monitor, optimize and report on investment portfolio performance. APO05.06 Manage benefits achievement. |
||
| Define Portfolio Communication Management Plan | Defining | APO05 Manage Portfolio | APO05.01 Establish the target investment mix.
APO05.02 Determine the availability and sources of funds. APO05.03 Evaluate and select programs to fund. APO05.04 Monitor, optimize and report on investment portfolio performance. APO05.05 Maintain portfolios. APO05.06 Manage benefits achievement. |
| APO02 Manage Strategy | APO02.06 Communicate the IT strategy and direction. | ||
| Define Portfolio Risk Management Plan | Defining | APO05 Manage Portfolio | APO05.01 Establish the target investment mix. |
| APO12 Manage Risk | APO12.01 Collect data.
APO12.02 Analyze risk. APO12.03 Maintain a risk profile. APO12.04 Articulate risk. APO12.05 Define a risk management action portfolio. APO12.06 Respond to risk. |
||
| Manage Strategic Change | Aligning | APO02 Manage Strategy | APO02.01 Understand enterprise direction. |
| APO05 Manage Portfolio | APO05.04 Monitor, optimize and report on investment portfolio performance.
APO05.05 Maintain portfolios. |
||
| Optimize Portfolio | Aligning | APO05 Manage Portfolio | APO05.01 Establish the target investment mix.
APO05.02 Determine the availability and sources of funds. APO05.03 Evaluate and select programs to fund. APO05.04 Monitor, optimize and report on investment portfolio performance. APO05.05 Maintain portfolios. APO05.06 Manage benefits achievement. |
| Manage Supply and Demand | Aligning | APO05 Manage Portfolio | APO05.01 Establish the target investment mix.
APO05.02 Determine the availability and sources of funds. APO05.03 Evaluate and select programs to fund. APO05.04 Monitor, optimize and report on investment portfolio performance. APO05.05 Maintain portfolios. APO05.06 Manage benefits achievement. |
| Manage Portfolio Value | Aligning | APO05 Manage Portfolio | APO05.06 Manage benefits achievement. |
| EDM02 Ensure Benefit Delivery | EDM02.01 Evaluate value optimization.
EDM02.02 Direct value optimization. EDM02.03 Monitor value optimization. |
||
| Manage Portfolio Information | Aligning | APO05 Manage Portfolio | APO05.04 Monitor, optimize and report on investment portfolio performance.
APO05.05 Maintain portfolios. |
| Manage Portfolio Risks | Aligning | APO05 Manage Portfolio | APO05.01 Establish the target investment mix. |
| APO12 Manage Risk | APO12.01 Collect data.
APO12.02 Analyze risk. APO12.03 Maintain a risk profile. APO12.04 Articulate risk. APO12.05 Define a risk management action portfolio. APO12.06 Respond to risk. |
||
| Authorize Portfolio | Authorizing and Controlling | APO02 Manage Strategy | APO02.04 Conduct a gap analysis |
| Provide Portfolio Oversight | Authorizing and Controlling | APO02 Manage Strategy | APO02.01 Understand enterprise direction. |
| APO05 Manage Portfolio | APO05.04 Monitor, optimize and report on investment portfolio performance.
APO05.06 Manage benefits achievement. |
||
| MEA01 Monitor, Evaluate and Assess Performance and Conformance | MEA01.01 Establish a monitoring approach.
MEA01.02 Set performance and conformance targets. MEA01.03 Collect and process performance and conformance data. MEA01.04 Analyze and report performance. MEA01.05 Ensure the implementation of corrective actions. |
The sequence processes are considered based on relevance to the PMI’s process, to which the COBIT 5 process gets mapped. For example, since Defining Strategic Plan directly relates to APO02 Manage Strategy and indirectly relates to EDM 02 Ensure Benefits Delivery, the sequence is not as it appears in PRM of COBIT 5.
Conclusion
Mapping of COBIT 5 with PMI standards is useful in providing assurance that the COBIT 5 framework can be used as a “single integrated framework” across organizations. This is the third article covering a high-level mapping of the portfolio management standard. Future articles will discuss mapping of PMI’s program management standard and project management standard (PMBOK) processes with the COBIT 5 process reference model.
Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP
Is a freelance consultant and visiting faculty member at the National Institute of Bank Management, India. He has worked in IT, IT governance, IS audit, information security and IT risk management. He has 40 years of experience in various positions in different industries.
Eswar Muthukrishnan, CISA, CPISI, MCA, PGDM
Is a freelance consultant with more than 24 years of experience in IT and IT services in the telecommunications industry. He has held roles such as chief information officer and vice president of service delivery of IT and ITES, program management, transition management.
Endnotes
1
Bakshi, S.; “
Portfolio, Program and Project Management Using COBIT 5,”
COBIT Focus, 11 September 2017
2
Bakshi, S.; E. Muthukrishnan; “
Portfolio, Program and Project Management Using COBIT 5, Part 2,”
COBIT Focus, 2 January 2018
3
Project Management Institute,
The Standard for Portfolio Management 4
th Edition
, USA, 2017
4
Project Management Institute,
The Standard for Program Management 4
th Edition
, USA, 2017
5
Project Management Institute,
A Guide to the Project Management Body of Knowledge (PMBOK Guide) 6
th Edition
, USA, 2017
6
Project Management Institute,
The Standard for Portfolio Management, 3
rd Edition
, USA, 2013