Professional Documents
Culture Documents
COBIT2019 - Foundation Course - PG - V1.1
COBIT2019 - Foundation Course - PG - V1.1
Participant Guide
1
COBIT 2019 Foundation Course
Participant Guide
Course Overview 4
Course Delivery ........................................................................................................................ 4
Course Description ................................................................................................................... 4
Target Audience ....................................................................................................................... 4
Training and Certification Scheme ........................................................................................... 5
Exam Requirements ................................................................................................................. 5
Learning Objectives.................................................................................................................. 5
Framework Introduction 7
Topics and Objectives .............................................................................................................. 7
Group Discussion Questions .................................................................................................... 7
Principles 8
Topics and Objectives .............................................................................................................. 8
Performance Management 14
Topics and Objectives ............................................................................................................ 14
2
COBIT 2019 Foundation Course
Participant Guide
Course Summary 17
3
COBIT 2019 Foundation Course
Participant Guide
Course Overview
COURSE DELIVERY
This is a two-day instructor led course.
COURSE DESCRIPTION
COBIT ® is a framework for the enterprise governance and management of information and technology
(I&T) that supports enterprise goal achievement.
This Foundation Course is intended for current COBIT 5 Foundation Certificate holders as well as those
new to COBIT who are interested in achieving the latest foundation certificate.
This two-day course highlights the concepts, models and key definitions of the COBIT framework and
helps prepare learners to take the COBIT 2019 Foundation Exam.
TARGET AUDIENCE
Current COBIT 5 Foundation Certificate holders who are interested in achieving the COBIT 2019
Foundation Certificate.
Individuals with no previous COBIT training or certifications interested in learning the COBIT 2019
framework essentials.
4
COBIT 2019 Foundation Course
Participant Guide
EXAM REQUIREMENTS
This COBIT Foundation exam is designed to test the candidate’s knowledge of the framework as
opposed to memorization.
• Online proctored exam
• 75 multiple-choice questions
• Closed-book
• One correct answer for each question, using three choices (A, B or C)
• Two-hour duration
• Pass rate is 65% or 49 correct answers out of 75
LEARNING OBJECTIVES
When participants complete this course, they will be able to:
• Recognize the target audience of COBIT 2019.
• Recognize the context, benefits and key reasons COBIT is used as an information and technology
governance framework.
• Recognize the descriptions and purposes of the COBIT product architecture.
• Recall the alignment of COBIT with other applicable frameworks, standards and bodies of knowledge.
• Understand and describe the governance “system” and governance “framework” principles.
• Describe the components of a governance system.
• Understand the overall structure and contents of the Goals Cascade.
• Recall the 40 Governance and Management Objectives and their purpose statements.
5
COBIT 2019 Foundation Course
Participant Guide
• Understand the relationship between Governance and Management Objectives and Governance
Components.
• Differentiate COBIT based performance management using maturity and capability perspectives.
• Discover how to design a tailored governance system using COBIT.
• Explain the key points of the COBIT business case.
• Understand and recall the phases of the COBIT implementation approach.
• Describe the relationships between the COBIT Design and Implementation Guides.
• Prepare for the COBIT 2019 Foundation exam.
6
COBIT 2019 Foundation Course
Participant Guide
Framework Introduction
TOPICS AND OBJECTIVES
Topics
• Enterprise Governance of I&T
• Intended Audience for the COBIT 2019 Framework
• COBIT as an I&T Framework
• COBIT format and product architecture
• Major differences
• COBIT and other standards
• Training and certification
Learning Objectives
• Recognize the target audience of COBIT 2019.
• Recognize the context, benefits and key reasons COBIT is used as an information and technology
governance framework.
• Recognize the descriptions and purposes of the COBIT product architecture.
• Recall the alignment of COBIT with other applicable frameworks, standards and bodies of knowledge.
• Prepare for the COBIT 2019 Foundation exam.
Pick one or more questions to discuss as a group or pick additional topics/questions that are relevant to
this module.
7
COBIT 2019 Foundation Course
Participant Guide
Principles
In this module, we will be discussing principles, which is one of the changes we see in COBIT 2019.
In COBIT5, there were COBIT5 principles, and COBIT 2019 expands to these.
8
COBIT 2019 Foundation Course
Participant Guide
GROUP EXERCISE
NAMECO is an IT Managed Service Provider in North America. They are an aggressive, for profit
organization that strives to aggressively grow revenues while providing a stable client base. NAMECO is
considered one of the top five MSPs in the industry and operates in a high threat environment with
multiple competitors who are constantly attempting to challenge their position in the market.
With over 400 tenet clients and 15,000 end users, each one has a very unique set of compliance
requirements: 1) 30% of their clients are publicly traded entities, 2) 7% are heath care related, 3) 87%
process credit cards, and 4) 6% have private information regarding EU citizens.
The enterprise risk management group has identified multiple risk scenarios that have the potential of
inhibiting the aggressive growth goals identified by the governing body. These include: 1) recruiting and
maintaining qualified and skilled staff, 2) the threat of competitors, 3) complex compliance requirements
from multiple requirements (NAMECO has private information from users across the globe, including EU
citizens), and 4) the unknown risks of vendors who provide critical services to NAMECO.
The IT organization also supports the company’s staff of 300 FTEs and is currently considered a
“necessity” which has caused some issues. Due to the nature of its business, NAMECO cannot continue
with its strategy unless IT is seen as a key success factor. Most of the services provided by IT are a mix
of insourced, cloud, and outsourced services and IT generally adopts new technologies once they have
been proven in the market. Although the organization is primarily a waterfall model for delivery, there are
two full time agile teams that support the core applications of the business. This model has worked up to
this point, but there are pressures from the business to deploy services faster.
With the aggressive growth of the company, the IT organization has experienced multiple issues that
have resulted in unsatisfactory client reviews. The key concerns include: 1) failure to meet Service Level
Agreements (many of these failures are due to suppliers), 2) multiple audit findings of non-compliance of
data privacy, and 3) Insufficient IT resources/knowledge required to support the goals of the enterprise.
Other key observations include: 1) there are no documented or well-understood decision matrices in the
organization, 2) policies exist, but have not been updated in the last 3 years, 3) the leadership of the
organization endorse a ‘risk taking’ culture, but do not support risky decisions that fail, 4) no skills matrix
exists that identifies the skills and competencies required to support IT services, 5) an IT service catalog
exists, but is not acknowledged or followed, 6) there is no formal recognition of IT processes, they are ad
hoc and not well documented, and 7) there is no real understanding of the data/information architectures
or flows and there is an absence of information classification.
9
COBIT 2019 Foundation Course
Participant Guide
Using the NAMECO scenario, discuss which COBIT Design Factors would be relevant for the governance
system of NAMECO, and identify which values you would assign to the relevant design factors.
10
COBIT 2019 Foundation Course
Participant Guide
PRACTICAL WALKTHROUGH
Have the students open up to chapter 4 of the COBIT Governance and Management Objectives -Detailed
Guidance book. Review the examples in the section highlighting the importance of each section of the
table.
Refer to Chapter 4 in the COBIT Governance and Management Objectives – Detailed Guidance.
11
COBIT 2019 Foundation Course
Participant Guide
For each Alignment Goal, circle the appropriate Governance or Management Objective that has a
PRIMARY relationship.
Match each purpose statement with the appropriate Governance or Management objective.
Match each description with the appropriate Governance Component as it applies to Governance and
Management Objectives.
12
COBIT 2019 Foundation Course
Participant Guide
GROUP SCENARIO
This is an optional exercise.
NAMECO is an IT Managed Service Provider in North America. They are an aggressive, for profit
organization that strives to aggressively grow revenues while providing a stable client base. NAMECO is
considered one of the top five MSPs in the industry and operates in a high threat environment with
multiple competitors who are constantly attempting to challenge their position in the market.
With over 400 tenet clients and 15,000 end users, each one has a very unique set of compliance
requirements: 1) 30% of their clients are publicly traded entities, 2) 7% are heath care related, 3) 87%
process credit cards, and 4) 6% have private information regarding EU citizens.
The enterprise risk management group has identified multiple risk scenarios that have the potential of
inhibiting the aggressive growth goals identified by the governing body. These include: 1) recruiting and
maintaining qualified and skilled staff, 2) the threat of competitors, 3) complex compliance requirements
from multiple requirements (NAMECO has private information from users across the globe, including EU
citizens), and 4) the unknown risks of vendors who provide critical services to NAMECO.
The IT organization also supports the company’s staff of 300 FTEs and is currently considered a
“necessity” which has caused some issues. Due to the nature of its business, NAMECO cannot continue
with its strategy unless IT is seen as a key success factor. Most of the services provided by IT are a mix
of insourced, cloud, and outsourced services and IT generally adopts new technologies once they have
been proven in the market. Although the organization is primarily a waterfall model for delivery, there are
two full time agile teams that support the core applications of the business. This model has worked up to
this point, but there are pressures from the business to deploy services faster.
With the aggressive growth of the company, the IT organization has experienced multiple issues that
have resulted in unsatisfactory client reviews. The key concerns include: 1) failure to meet Service Level
Agreements (many of these failures are due to suppliers), 2) multiple audit findings of non-compliance of
data privacy, and 3) Insufficient IT resources/knowledge required to support the goals of the enterprise.
Other key observations include: 1) there are no documented or well-understood decision matrices in the
organization, 2) policies exist, but have not been updated in the last 3 years, 3) the leadership of the
organization endorse a ‘risk taking’ culture, but do not support risky decisions that fail, 4) no skills matrix
exists that identifies the skills and competencies required to support IT services, 5) an IT service catalog
exists, but is not acknowledged or followed, 6) there is no formal recognition of IT processes, they are ad
hoc and not well documented, and 7) there is no real understanding of the data/information architectures
or flows and there is an absence of information classification.
Using information from the NAMECO scenario, use the goals cascade to determine the most appropriate
Governance or Management Objectives.
NAMECO has determined that the two most critical enterprise goals for the upcoming year include the
following:
• Enterprise goal 2 (EG02) Managed business risk
• Enterprise goal 3 (EG03) Compliance with external laws and regulations
• Enterprise goal 8 (EG08) Optimization of internal business process functionality
• Enterprise goal 10 (EG10) Staff skills, motivation and productivity
13
COBIT 2019 Foundation Course
Participant Guide
Performance Management
Building on the previous versions COBIT 2019 has updated the performance management aspect of the
framework.
14
COBIT 2019 Foundation Course
Participant Guide
NAMECO is an IT Managed Service Provider in North America. They are an aggressive, for profit
organization that strives to aggressively grow revenues while providing a stable client base. NAMECO is
considered one of the top five MSPs in the industry and operates in a high threat environment with
multiple competitors who are constantly attempting to challenge their position in the market.
With over 400 tenet clients and 15,000 end users, each one has a very unique set of compliance
requirements: 1) 30% of their clients are publicly traded entities, 2) 7% are heath care related, 3) 87%
process credit cards, and 4) 6% have private information regarding EU citizens.
The enterprise risk management group has identified multiple risk scenarios that have the potential of
inhibiting the aggressive growth goals identified by the governing body. These include: 1) recruiting and
maintaining qualified and skilled staff, 2) the threat of competitors, 3) complex compliance requirements
15
COBIT 2019 Foundation Course
Participant Guide
from multiple requirements (NAMECO has private information from users across the globe, including EU
citizens), and 4) the unknown risks of vendors who provide critical services to NAMECO.
The IT organization also supports the company’s staff of 300 FTEs and is currently considered a
“necessity” which has caused some issues. Due to the nature of its business, NAMECO cannot continue
with its strategy unless IT is seen as a key success factor. Most of the services provided by IT are a mix
of insourced, cloud, and outsourced services and IT generally adopts new technologies once they have
been proven in the market. Although the organization is primarily a waterfall model for delivery, there are
two full time agile teams that support the core applications of the business. This model has worked up to
this point, but there are pressures from the business to deploy services faster.
With the aggressive growth of the company, the IT organization has experienced multiple issues that
have resulted in unsatisfactory client reviews. The key concerns include: 1) failure to meet Service Level
Agreements (many of these failures are due to suppliers), 2) multiple audit findings of non-compliance of
data privacy, and 3) Insufficient IT resources/knowledge required to support the goals of the enterprise.
Other key observations include: 1) there are no documented or well-understood decision matrices in the
organization, 2) policies exist, but have not been updated in the last 3 years, 3) the leadership of the
organization endorse a ‘risk taking’ culture, but do not support risky decisions that fail, 4) no skills matrix
exists that identifies the skills and competencies required to support IT services, 5) an IT service catalog
exists, but is not acknowledged or followed, 6) there is no formal recognition of IT processes, they are ad
hoc and not well documented, and 7) there is no real understanding of the data/information architectures
or flows and there is an absence of information classification.
16
COBIT 2019 Foundation Course
Participant Guide
Course Summary
Here is a summary of what we have learned:
• Recognize the context, benefits and key reasons COBIT is used as an information and technology
governance framework.
• Recognize the descriptions and purposes of the COBIT product architecture.
• Recall the alignment of COBIT with other applicable frameworks, standards and bodies of knowledge.
• Understand and describe the governance “system” and governance “framework” principles.
• Describe the components of a governance system.
• Understand the overall structure and contents of the Goals Cascade.
• Recall the 40 Governance and Management Objectives and their purpose statements.
• Understand the relationship between Governance and Management Objectives and Governance
Components.
• Differentiate COBIT based performance management using maturity and capability perspectives.
• Discover how to design a tailored governance system using COBIT
• Explain the key points of the COBIT business case.
• Understand and recall the phases of the COBIT implementation approach.
• Describe the relationships between the COBIT Design and Implementation Guides.
• Prepare for the COBIT 2019 Foundation exam.
17