Professional Documents
Culture Documents
COBIT 5 DMM Practices Pathway Tool
COBIT 5 DMM Practices Pathway Tool
Combined Effects of
COBIT® 5 and DMMSM:
A Guide to Using the
Practices Pathway Tool
Introduction
When designing or improving a governance program for enterprise IT, you
must be comprehensive in your approach; for example, you will likely need
to consult a number of frameworks and standards to guarantee that all
contingencies have been considered. After all, no one framework or standard
is 100-percent comprehensive for all of an enterprise’s needs. However, the
challenge for practitioners is further complicated by the fact that differing
governance frameworks and standards do not always integrate together—they
are often developed independently and use different definitions, concepts,
idioms, and terminology. They are oftentimes also written for different audiences
and from different perspectives.
“Mapping tools” have often been a helpful way to bridge the “communication
gap” among various frameworks and standards. These tools help establish
which areas in one standard or framework correlate to areas within another.
Usually these tools map only in one direction: translating topical areas from
framework or standard A to framework or standard B. While this can be useful,
it limits the ability to get full insight from – and to harness the combined power
of — both sources of information. What practitioners truly need is a way to tap
the power of multiple resources simultaneously.
Practitioners familiar with either COBIT 5 or DMM can use the Practices
Pathway Tool to learn more about – and gain value from – a framework they
might not already be familiar with. This not only enhances the value they
can derive from the framework they’re already using by providing additional
perspectives and guidance on topics where the other framework excels, but it
allows them to leverage additional guidance, supporting documentation, and
best practices in those areas. COBIT 5 users may find further insights into
data-centric aspects of their governance approach via specific DMM practices,
while DMM users may find COBIT 5 guidance enhances DMM application
by providing additional insights into the risk and assurance areas of the
organization’s data management capability.
Scope of Alignment and The COBIT 5/DMM Practices Pathway Tool is available in
Alignment Criteria Microsoft Excel to serve practitioners who report that they
typically use Excel over enterprise solutions or mobile
applications. The tool takes advantage of Excel features,
Practices are the most relevant connection between the DMM
such as sorting and filtering, to make it easier to view and find
and COBIT 5. Synergies certainly exist at higher levels, but
information. To get started, practitioners can open the tool, sort
the harmonization of practices provides the greatest benefit
practices in the framework they are more familiar with, and
for practitioners. Accordingly, the practices pathway tool
discover corresponding related practices in the other framework.
identifies practices in one product that clarify or enhance
practices in the other. The tool assumes that the practitioner has a working knowledge
of COBIT 5 and at least a cursory understanding of DMM. The
When connections between frameworks are not addressed, the
tool permits identification of guidance in one model based on
practices pathway tool indicates ‘Not Covered’ as the value for
input from the other; practitioners can start from DMM or from
the assignment of that practice. A practice in one product can
COBIT. This feature makes the tool bi-directional, but also
align with multiple practices in the other. To identify one-to-many
requires some knowledge of the source materials.
FIGURE 1
FIGURE 2
DMM guidance 1. From the drop-down arrow in cell E6 select “BAI.” The tool
will display 106 records. A small portion of the result set is
Start with COBIT 5 management practice BAI01.10 (Manage
displayed in the following Figure 3.
programme and project risk.) and look for all related DMM
practices. The end result should include: 2. Narrow results by clicking on the drop-down arrow in cell F6.
Select “BAI01.10.” The tool will update and display 3 records
1. DMM COM 1.1 Communications are managed locally. as shown in the following Figure 4.
2. DMM COM 2.1 The communications plan for data
management is defined, documented, approved by
stakeholders, and scheduled.
3. DMM COM 2.2 Data management standards, policies,
and processes are communicated and adjusted based
upon feedback.
FIGURE 3
FIGURE 4
Provide feedback:
www.isaca.org/COBIT-DMM- Disclaimer
Connections ISACA has designed and created “Maximizing the Combined Effects of COBIT® 5 and DMMSM: A Guide to Using the
Practices Pathway Tool” (the “Work”) primarily as an educational resource for professionals. ISACA makes no claim that
Participate in the ISACA use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of all proper
Knowledge Center: information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed
www.isaca.org/knowledge-center to obtaining the same results. In determining the propriety of any specific information, procedure or test, professionals
should apply their own professional judgment to the specific circumstances presented by the particular systems or
Follow ISACA on Twitter: information technology environment.
https://twitter.com/ISACANews