CHAPTER 5
COBIT 5 PROCESS REFERENCE GUIDE CONTENTS
APO02 Manage Strategy
Process Description
Provide a holistic view of the current business and IT environment, the future direction, and the initiatives required to migrate to the desired future
environment. Leverage enterprise architecture building blocks and components, including externally provided services and related capabilities to enable
NIMBLE, RELIABLE AND EFFICIENT RESPONSE TO STRATEGIC OBJECTIVES.
Process Purpose Statement
!LIGN STRATEGIC )4 PLANS WITH BUSINESS OBJECTIVES. #LEARLY COMMUNICATE THE OBJECTIVES AND ASSOCIATED ACCOUNTABILITIES SO THEY ARE UNDERSTOOD BY ALL, WITH
the IT strategic options identified, structured and integrated with the business plans.
The process supports the achievement of a set of primary IT-related goals:
IT-related Goal
01 Alignment of IT and business strategy
07 Delivery of IT services in line with business requirements
17 Knowledge, expertise and initiatives for business innovation
Process Goals and Metrics
Process Goal
1. All aspects of the IT strategy are aligned with the enterprise strategy.
2. The IT strategy is cost-effective, appropriate, realistic, achievable,
enterprise-focussed and balanced.
3. Clear and concrete short-term goals can be derived from, and traced
back to, specific long-term initiatives, and can then be translated into
operational plans.
4. IT is a value driver for the enterprise.
5. There is awareness of the IT strategy and a clear assignment of
accountability for delivery.
Personal Copy of: Prof. Miguel L.B. Mira da Silva
Area: Management
Domain: Align, Plan and Organise
Related Metrics
s 0ERCENT OF ENTERPRISE STRATEGIC GOALS AND REQUIREMENTS SUPPORTED BY
IT strategic goals
Align, Plan and Organise
s ,EVEL OF STAKEHOLDER SATISFACTION WITH SCOPE OF THE PLANNED PORTFOLIO OF
programmes and services
s 0ERCENT OF )4 VALUE DRIVERS MAPPED TO BUSINESS VALUE DRIVERS
s .UMBER OF BUSINESS DISRUPTIONS DUE TO )4 SERVICE INCIDENTS
s 0ERCENT OF BUSINESS STAKEHOLDERS SATISFIED THAT )4 SERVICE DELIVERY MEETS
agreed-on service levels
s 0ERCENT OF USERS SATISFIED WITH THE QUALITY OF )4 SERVICE DELIVERY
s ,EVEL OF BUSINESS EXECUTIVE AWARENESS AND UNDERSTANDING OF )4
innovation possibilities
s ,EVEL OF STAKEHOLDER SATISFACTION WITH LEVELS OF )4 INNOVATION EXPERTISE
and ideas
s .UMBER OF APPROVED INITIATIVES RESULTING FROM INNOVATIVE )4 IDEAS
Related Metrics
s 0ERCENT OF OBJECTIVES IN THE )4 STRATEGY THAT SUPPORT THE
enterprise strategy
s 0ERCENT OF ENTERPRISE OBJECTIVES ADDRESSED IN THE )4 STRATEGY
s 0ERCENT OF INITIATIVES IN THE )4 STRATEGY THAT ARE SELF-FUNDING (FINANCIAL
benefits in excess of costs)
s 4RENDS IN 2/) OF INITIATIVES INCLUDED IN THE )4 STRATEGY
s ,EVEL OF ENTERPRISE STAKEHOLDER SATISFACTION SURVEY FEEDBACK ON THE
IT strategy
s 0ERCENT OF PROJECTS IN THE )4 PROJECT PORTFOLIO THAT CAN BE DIRECTLY TRACED
back to the IT strategy
s 0ERCENT OF STRATEGIC ENTERPRISE OBJECTIVES OBTAINED AS A RESULT OF STRATEGIC
IT initiatives
s .UMBER OF NEW ENTERPRISE OPPORTUNITIES REALISED AS A DIRECT RESULT OF
IT developments
s 0ERCENT OF )4 INITIATIVES/PROJECTS CHAMPIONED BY BUSINESS OWNERS
s !CHIEVEMENT OF MEASURABLE )4 STRATEGY OUTCOMES PART OF STAFF
performance goals
s &REQUENCY OF UPDATES TO THE )4 STRATEGY COMMUNICATION PLAN
s 0ERCENT OF STRATEGIC INITIATIVES WITH ACCOUNTABILITY ASSIGNED
57
 : ENABLING PROCESSES

APO02 RACI Chart

3TEERING (0ROGRAMMES/0ROJECTS) #OMMITTEE

Chief Information Security Officer

Strategy Executive Committee

Information Security Manager

Business Continuity Manager
Enterprise Risk Committee
Business Process Owners

Chief Information Officer

Head Human Resources
Chief Operating Officer
Chief Executive Officer

Head IT Administration
0ROJECT -ANAGEMENT /FFICE
Chief Financial Officer

6ALUE -ANAGEMENT /FFICE

Business Executives

Architecture Board

Head IT Operations
Head Development
Chief Risk Officer

Service Manager
Head Architect

Privacy Officer
Compliance
Board

Audit
Key Management Practice
APO02.01
Align, Plan and Organise

C C C A C C C C C R C R R R R R
Understand enterprise direction.
APO02.02
Assess the current environment, C C C R C C C C C A R R R C C C C
capabilities and performance.
APO02.03
A C C C I R I C C C C R C C C C C C C
Define the target IT capabilities.
APO02.04
R R C C C R R A R R R R R R C
Conduct a gap analysis.
APO02.05
Define the strategic plan and C I C C C R C C C C A C C C C C C C
road map.
APO02.06
Communicate the IT strategy I R I I R I A I I I I I I I I I I R I I I I I I I I
and direction.

APO02 Process Practices, Inputs/Outputs and Activities

Management Practice Inputs Outputs
APO02.01 Understand enterprise direction. From Description Description To
Consider the current enterprise environment and
EDM04.01 Guiding principles for Sources and priorities Internal
business processes, as well as the enterprise strategy
allocation of resources for changes
AND FUTURE OBJECTIVES. #ONSIDER ALSO THE EXTERNAL
and capabilities
environment of the enterprise (industry drivers, relevant
regulations, basis for competition). APO04.02 Innovation opportunities
linked to business drivers
Outside COBIT Enterprise strategy and
enterprise strengths,
weaknesses, opportunities,
threats (SWOT) analysis
Activities
1. $EVELOP AND MAINTAIN AN UNDERSTANDING OF ENTERPRISE STRATEGY AND OBJECTIVES, AS WELL AS THE CURRENT ENTERPRISE OPERATIONAL ENVIRONMENT AND CHALLENGES.
2. Develop and maintain an understanding of the external environment of the enterprise.
3. Identify key stakeholders and obtain insight on their requirements.
4. Identify and analyse sources of change in the enterprise and external environments.
5. Ascertain priorities for strategic change.
6. Understand the current enterprise architecture and work with the enterprise architecture process to determine any potential architectural gaps.

58
Personal Copy of: Prof. Miguel L.B. Mira da Silva
 CHAPTER 5
COBIT 5 PROCESS REFERENCE GUIDE CONTENTS

APO02 Process Practices, Inputs/Outputs and Activities (cont.)

Management Practice Inputs Outputs
APO02.02 Assess the current environment, From Description Description To
capabilities and performance.
APO06.05 Cost optimisation Baseline of current Internal
Assess the performance of current internal business
opportunities capabilities
and IT capabilities and external IT services, and develop
an understanding of the enterprise architecture in APO08.05 Definition of potential Gaps and risk related to APO12.01
relation to IT. Identify issues currently being experienced IMPROVEMENT PROJECTS current capabilities
and develop recommendations in areas that could
APO09.01 Identified gaps in IT Capability SWOT analysis Internal
benefit from improvement. Consider service provider
services to the business
differentiators and options and the financial impact and
potential costs and benefits of using external services. APO09.04 Improvement action plans
and remediations
APO12.01 Emerging risk issues and

Align, Plan and Organise

factors
APO12.02 Risk analysis results
APO12.03 Aggregated risk profile,
including status of risk
management actions
APO12.05 0ROJECT PROPOSALS FOR
reducing risk
BAI04.03 s 0ERFORMANCE AND
capacity plans
s 0RIORITISED IMPROVEMENTS
BAI04.05 Corrective actions
BAI09.01 Results of fit-for-purpose
reviews
BAI09.04 s /PPORTUNITIES TO REDUCE
asset costs or increase
value
s 2ESULTS OF COST
optimisation reviews
Activities
1. Develop a baseline of the current business and IT environment, capabilities and services against which future requirements can be compared. Include
the relevant high-level detail of the current enterprise architecture (business, information, data, applications and technology domains), business
processes, IT processes and procedures, the IT organisation structure, external service provision, governance of IT, and enterprisewide IT related skills
and competencies.
2. Identify risk from current, potential and declining technologies.
3. Identify gaps between current business and IT capabilities and services and reference standards and good practices, competitor business and IT
capabilities, and comparative benchmarks of good practice and emerging IT service provision.
4. Identify issues, strengths, opportunities and threats in the current environment, capabilities and services to understand current performance. Identify
AREAS FOR IMPROVEMENT IN TERMS OF )4'S CONTRIBUTION TO ENTERPRISE OBJECTIVES.

59
Personal Copy of: Prof. Miguel L.B. Mira da Silva
 : ENABLING PROCESSES

APO02 Process Practices, Inputs/Outputs and Activities (cont.)

Management Practice Inputs Outputs
APO02.03 Define the target IT capabilities. From Description Description To
Define the target business and IT capabilities and
APO04.05 s !NALYSIS OF REJECTED High-level IT-related goals Internal
required IT services. This should be based on the
initiatives
understanding of the enterprise environment and Required business and Internal
s 2ESULTS AND
requirements; the assessment of the current IT capabilities
recommendations
business process and IT environment and issues;
from proof-of-concept Proposed enterprise APO03.03
and consideration of reference standards, good
initiatives architecture changes
practices and validated emerging technologies or
innovation proposals.
Activities
1. Consider validated emerging technology or innovation ideas.
Align, Plan and Organise

2. Identify threats from declining, current and newly acquired technologies.

3. $EFINE HIGH-LEVEL )4 OBJECTIVES/GOALS AND HOW THEY WILL CONTRIBUTE TO THE ENTERPRISE'S BUSINESS OBJECTIVES.
4. Define required and desired business process and IT capabilities and IT services and describe the high-level changes in the enterprise architecture
(business, information, data, applications and technology domains), business and IT processes and procedures, the IT organisation structure, IT service
providers, governance of IT, and IT skills and competencies.
5. Align and agree with the enterprise architect on proposed enterprise architecture changes.
6. Demonstrate traceability to the enterprise strategy and requirements.
Management Practice Inputs Outputs
APO02.04 Conduct a gap analysis. From Description Description To
Identify the gaps between the current and target
EDM02.01 Evaluation of strategic Gaps and changes EDM04.01
environments and consider the alignment of assets
alignment required to realise target APO13.02
(the capabilities that support services) with business
capability BAI03.11
outcomes to optimise investment in and utilisation of the
internal and external asset base. Consider the critical APO04.06 Assessments of using 6ALUE BENEFIT STATEMENT FOR BAI03.11
success factors to support strategy execution. innovative approaches target environment
APO05.02 Investment return
expectations
BAI01.05 Results of programme goal
achievement monitoring
BAI01.06 Stage-gate review results
BAI01.13 Post-implementation
review results
Activities
1. Identify all gaps and changes required to realise the target environment.
2. Consider the high-level implications of all gaps. Consider the value of potential changes to business and IT capabilities, IT services and enterprise
architecture, and the implications if no changes are realised.
3. Assess the impact of potential changes on the business and IT operating models, IT research and development capabilities, and
IT investment programmes.
4. Refine the target environment definition and prepare a value statement with the benefits of the target environment.

60
Personal Copy of: Prof. Miguel L.B. Mira da Silva
 CHAPTER 5
COBIT 5 PROCESS REFERENCE GUIDE CONTENTS

APO02 Process Practices, Inputs/Outputs and Activities (cont.)

Management Practice Inputs Outputs
APO02.05 Define the strategic plan and road map. From Description Description To
Create a strategic plan that defines, in co-operation
EDM04.01 Approved resources plan Definition of strategic APO05.01
with relevant stakeholders, how IT-related goals will
initiatives
CONTRIBUTE TO THE ENTERPRISE'S STRATEGIC GOALS. )NCLUDE
how IT will support IT-enabled investment programmes, EDM04.03 s &EEDBACK ON ALLOCATION Risk assessment APO05.01
business processes, IT services and IT assets. Direct IT and effectiveness APO12.01
to define the initiatives that will be required to close the of resources and
gaps, the sourcing strategy and the measurements to be capabilities
used to monitor achievement of goals, then prioritise the s 2EMEDIAL ACTIONS
initiatives and combine them in a high-level road map. to address resource
management deviations
APO03.01 s $EFINED SCOPE Strategic road map EDM02.01

Align, Plan and Organise

of architecture APO01.03
s !RCHITECTURE CONCEPT APO03.01
business case and APO05.01
value proposition APO08.01
APO03.02 Information architecture
model
APO03.03 s 4RANSITION ARCHITECTURES
s (IGH-LEVEL
implementation and
migration strategy
APO05.01 Feedback on strategy
and goals
APO05.02 Funding options
APO06.02 Budget allocations
APO06.03 s )4 BUDGET AND PLAN
s "UDGET COMMUNICATIONS
APO13.02 Information security
business cases
BAI09.05 !CTION PLAN TO ADJUST
licence numbers
and allocations
DSS04.02 Approved strategic options
Activities
1. $EFINE THE INITIATIVES REQUIRED TO CLOSE GAPS AND MIGRATE FROM THE CURRENT TO THE TARGET ENVIRONMENT, INCLUDING INVESTMENT/OPERATIONAL BUDGET, FUNDING
sources, sourcing strategy and acquisition strategy.
2. Identify and adequately address risk, costs and implications of organisational changes, technology evolution, regulatory requirements, business
process re-engineering, staffing, insourcing and outsourcing opportunities, etc., in the planning process.
3. Determine dependencies, overlaps, synergies and impacts amongst initiatives, and prioritise the initiatives.
4. )DENTIFY RESOURCE REQUIREMENTS, SCHEDULE AND INVESTMENT/OPERATIONAL BUDGETS FOR EACH OF THE INITIATIVES.
5. Create a road map indicating the relative scheduling and interdependencies of the initiatives.
6. 4RANSLATE THE OBJECTIVES INTO OUTCOME MEASURES REPRESENTED BY METRICS (WHAT) AND TARGETS (HOW MUCH) THAT CAN BE RELATED TO ENTERPRISE BENEFITS.
7. Formally obtain support from stakeholders and obtain approval for the plan.

61
Personal Copy of: Prof. Miguel L.B. Mira da Silva
 : ENABLING PROCESSES

APO02 Process Practices, Inputs/Outputs and Activities (cont.)

Management Practice Inputs Outputs
APO02.06 Communicate the IT strategy From Description Description To
and direction.
EDM04.02 Communication of Communication plan Internal
Create awareness and understanding of the business
resourcing strategies
AND )4 OBJECTIVES AND DIRECTION, AS CAPTURED IN THE Communication package All APO
IT strategy, through communication to appropriate All BAI
stakeholders and users throughout the enterprise. All DSS
All MEA
Activities
1. Develop and maintain a network for endorsing, supporting and driving the IT strategy.
2. $EVELOP A COMMUNICATION PLAN COVERING THE REQUIRED MESSAGES, TARGET AUDIENCES, COMMUNICATION MECHANISMS/CHANNELS AND SCHEDULES.
3. Prepare a communication package that delivers the plan effectively using available media and technologies.
Align, Plan and Organise

4. Obtain feedback and update the communication plan and delivery as required.

APO02 Related Guidance

Related Standard Detailed Reference
)3//)%# 20000 s 4.0 0LANNING AND IMPLEMENTING SERVICE MANAGEMENT
s 5.0 0LANNING AND IMPLEMENTING NEW OR CHANGED SERVICES
)4), 63 2011 Service Strategy, 4.1 Strategy Management for IT Services

62
Personal Copy of: Prof. Miguel L.B. Mira da Silva