Share on:


Portfolio, Program and Project Management Using COBIT 5, Part 3

By Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP, and Eswar Muthukrishnan, CISA, CPISI, MCA, PGDM

COBIT Focus | 29 January 2018

Sunil BakshiEswar Muthukrishnan This is the continuation of a series of articles published in COBIT Focus beginning in September 2017. The first article1 discussed the approach for mapping COBIT 5 with the Project Management Institute (PMI’s) standards and publication A Guide to the Project Management Body of Knowledge (PMBOK Guide). The second article discussed the differences between PMI standards and COBIT 5 at a high level.2


PMI published the standards shown in figure 1 that have been adopted by many organizations. Each of these publications has identified and defined processes for implementing these standards. Each standard has a different number of processes, as shown in the second column of figure 1.


Figure 1—PMI Publications

Name of Publication
Process Groups
Number of Processes
A Guide to the Project Management Body of Knowledge 5th Edition (PMBOK)
3
15


This article provides a mapping of the portfolio management standards with the COBIT 5 processes. The approach shown in figure 2 was developed to map the PMI standards with COBIT 5 processes.


Figure 2—Approach for Mapping PMI Standards With COBIT 5 Processes
Figure 2; View large graphic
View large graphic.


PMI has revised the publications noted with a fourth edition, updating portfolio3 and program management.4 A sixth edition of PMBOK5 was published in September 2017. However, since this mapping was undertaken prior to these publications, the standards listed in figure 1 are described herein. The changes in new editions shall be discussed subsequently.


Since PMI standards are in depth, there are few gaps in activities. COBIT 5 has not specifically identified these activities, but references them.


Portfolio Management

Portfolio management is the highest level of the organization that is responsible for defining, authorizing and supervising programs and projects. Considering it is the highest level in the organizational structure, it should align programs and projects with the organization’s objectives and strategies. Therefore, the portfolio management processes should include governance processes (Evaluate, Direct and Monitor).


The PMI portfolio management standard identifies 5 different knowledge areas for defining processes:

  1. Strategic management
  2. Governance management
  3. Performance management
  4. Communication management
  5. Risk management

Portfolio management standards emphasize that organizations need to ensure that their portfolio management processes are defined in alignment with organizational strategy. The standard recommends that organizations categorize processes into 3 groups:

  1. Defining processes
  2. Aligning processes
  3. Controlling and managing processes

PMI’s portfolio management standard6 identifies 16 generic processes for portfolio management in 3 process groups (figure 3). These processes are interlinked and need to be implemented by considering their interdependencies with the 3 process groups based on the knowledge areas. For example, the knowledge area Governance Management has processes in all 3 process groups since COBIT 5 is a framework for governance of enterprise IT (GEIT). When mapping processes related to governance, one needs to consider knowledge areas. Process groups help establish interdependencies.


Figure 3—Portfolio Management Processes

Process Group
Knowledge Area
Process
Description
Defining

Strategic Management

Develop Portfolio Strategic Plan
Align portfolio objectives with enterprise strategic objectives and goals.
Develop Portfolio Charter
Define objectives, scope, deliverables, success criteria and time lines, and identify stakeholders.
Define Portfolio Roadmap
Identify portfolio components, dependencies, milestones and deliverables.
Governance Management
Develop Portfolio
Management Plan 
Develop a plan for governing and managing portfolio activities, change management, performance monitoring and reporting, processes for procurement, and compliance.
Define Portfolio
Identify and list components including programs, projects, resources, cost and time lines.
Performance Management
Define Portfolio Performance Management Plan
Develop a plan to manage the performance of the portfolio and its components to ensure that the organization’s objectives are achieved.
Communication Management
Define Portfolio Communication Management Plan
Identify stakeholders, determine communication requirements and develop a communication plan.
Risk Management
Define Portfolio Risk Management Plan
Develop a portfolio risk management plan.
Aligning
Strategic Management
Manage Strategic Change
Evaluate strategic changes within the organization and their impact on portfolio objectives and deliverables, and update the portfolio management plan as needed.
Governance Management
Optimize Portfolio
Continuously analyze the components to ensure that resources are effectively performing to achieve the organization’s objectives.

Performance Management

Manage Supply and Demand
Manage the availability of resources for each component of the portfolio.
Manage Portfolio Value
Capture, measure and report value creation by the portfolio.
Communication Management
Manage Portfolio Information
Execute the communication plan.
Risk Management
Manage Portfolio Risks
Execute the portfolio risk management plan.
Authorizing and Controlling

Governance Management

Authorize Portfolio
Authorize portfolio components and resources (a necessary process for governance).
Provide Portfolio Oversight
Monitor the performance of the portfolio relative to its alignment with defined objectives and provide directions in cases where deviation is observed.


The portfolio management standard of PMI is for organizations that have multiple portfolios, whereas the primary focus of COBIT 5 is the IT portfolio. Considering this, the effort has been made to map PMI’s processes with those of COBIT 5. Since direct mapping is not possible, the management practices of the process reference model of COBIT 5 was considered. The ISACA publication COBIT 5: Enabling Processes provides a detailed description of processes at activity levels, hence it was used while mapping. The mapping is shown in figure 4.


Figure 4—Portfolio Management Standard and COBIT 5 Process Mapping

PMI's Portfolio Standard Processes
Process Group
COBIT 5 Process
COBIT 5 Management Practices
Develop Portfolio Strategic Plan
Defining
APO02 Manage Strategy
APO02.05 Define the strategic plan and road map.
EDM02 Ensure Benefits Delivery
EDM02.03 Monitor value optimization.
EDM02.02 Direct value optimization.
EDM02.03 Monitor value optimization.
Develop Portfolio Charter
Defining
APO02 Manage Strategy
APO02.05 (Indirect) Define the strategic plan and road map.
APO05 Manage Portfolio
APO05.05 Maintain portfolios.
Define Portfolio Roadmap
Defining
APO02 Manage Strategy
APO02.05 Define the strategic plan and road map.
APO05 Manage Portfolio
APO05.01 Establish the target investment mix.
APO05.02 Determine the availability and sources of funds.
APO05.03 Evaluate and select programs to fund.
Develop Portfolio Management Plan
Defining
APO02 Manage Strategy
APO02.05 Define the strategic plan and road map.
APO05 Manage Portfolio
APO05.03 Evaluate and select programs to fund.
APO05.05 Maintain portfolios.
Define Portfolio
Defining
APO02 Manage Strategy
APO02.05 Define the strategic plan and road map.
Define Portfolio Performance Management Plan
Defining
APO02 Manage Strategy
APO02.05 Define the strategic plan and road map.
APO05 Manage Portfolio
APO05.01 Establish the target investment mix.
APO05.04 Monitor, optimize and report on investment portfolio performance.
APO05.06 Manage benefits achievement.
Define Portfolio Communication Management Plan
Defining
APO05 Manage Portfolio
APO05.01 Establish the target investment mix.
APO05.02 Determine the availability and sources of funds.
APO05.03 Evaluate and select programs to fund.
APO05.04 Monitor, optimize and report on investment portfolio performance.
APO05.05 Maintain portfolios.
APO05.06 Manage benefits achievement.
APO02 Manage Strategy
APO02.06 Communicate the IT strategy and direction.
Define Portfolio Risk Management Plan
Defining
APO05 Manage Portfolio
APO05.01 Establish the target investment mix.
APO12 Manage Risk
APO12.01 Collect data.
APO12.02 Analyze risk.
APO12.03 Maintain a risk profile.
APO12.04 Articulate risk.
APO12.05 Define a risk management action portfolio.
APO12.06 Respond to risk.
Manage Strategic Change
Aligning
APO02 Manage Strategy
APO02.01 Understand enterprise direction.
APO05 Manage Portfolio
APO05.04 Monitor, optimize and report on investment portfolio performance.
APO05.05 Maintain portfolios.
Optimize Portfolio
Aligning
APO05 Manage Portfolio
APO05.01 Establish the target investment mix.
APO05.02 Determine the availability and sources of funds.
APO05.03 Evaluate and select programs to fund.
APO05.04 Monitor, optimize and report on investment portfolio performance.
APO05.05 Maintain portfolios.
APO05.06 Manage benefits achievement.
Manage Supply and Demand
Aligning
APO05 Manage Portfolio
APO05.01 Establish the target investment mix.
APO05.02 Determine the availability and sources of funds.
APO05.03 Evaluate and select programs to fund.
APO05.04 Monitor, optimize and report on investment portfolio performance.
APO05.05 Maintain portfolios.
APO05.06 Manage benefits achievement.
Manage Portfolio Value
Aligning
APO05 Manage Portfolio
APO05.06 Manage benefits achievement.
EDM02 Ensure Benefit Delivery
EDM02.01 Evaluate value optimization.
EDM02.02 Direct value optimization.
EDM02.03 Monitor value optimization.
Manage Portfolio Information
Aligning
APO05 Manage Portfolio
APO05.04 Monitor, optimize and report on investment portfolio performance.
APO05.05 Maintain portfolios.
Manage Portfolio Risks
Aligning
APO05 Manage Portfolio
APO05.01 Establish the target investment mix.
APO12 Manage Risk
APO12.01 Collect data.
APO12.02 Analyze risk.
APO12.03 Maintain a risk profile.
APO12.04 Articulate risk.
APO12.05 Define a risk management action portfolio.
APO12.06 Respond to risk.
Authorize Portfolio
Authorizing and Controlling
APO02 Manage Strategy
APO02.04 Conduct a gap analysis
Provide Portfolio Oversight
Authorizing and Controlling
APO02 Manage Strategy
APO02.01 Understand enterprise direction.
APO05 Manage Portfolio
APO05.04 Monitor, optimize and report on investment portfolio performance.
APO05.06 Manage benefits achievement.
MEA01 Monitor, Evaluate and Assess Performance and Conformance
MEA01.01 Establish a monitoring approach.
MEA01.02 Set performance and conformance targets.
MEA01.03 Collect and process performance and conformance data.
MEA01.04 Analyze and report performance.
MEA01.05 Ensure the implementation of corrective actions.


The sequence processes are considered based on relevance to the PMI’s process, to which the COBIT 5 process gets mapped. For example, since Defining Strategic Plan directly relates to APO02 Manage Strategy and indirectly relates to EDM 02 Ensure Benefits Delivery, the sequence is not as it appears in PRM of COBIT 5.


Conclusion

Mapping of COBIT 5 with PMI standards is useful in providing assurance that the COBIT 5 framework can be used as a “single integrated framework” across organizations. This is the third article covering a high-level mapping of the portfolio management standard. Future articles will discuss mapping of PMI’s program management standard and project management standard (PMBOK) processes with the COBIT 5 process reference model.


Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP

Is a freelance consultant and visiting faculty member at the National Institute of Bank Management, India. He has worked in IT, IT governance, IS audit, information security and IT risk management. He has 40 years of experience in various positions in different industries.


Eswar Muthukrishnan, CISA, CPISI, MCA, PGDM

Is a freelance consultant with more than 24 years of experience in IT and IT services in the telecommunications industry. He has held roles such as chief information officer and vice president of service delivery of IT and ITES, program management, transition management.


Endnotes

1 Bakshi, S.; “Portfolio, Program and Project Management Using COBIT 5,” COBIT Focus, 11 September 2017
2 Bakshi, S.; E. Muthukrishnan; “Portfolio, Program and Project Management Using COBIT 5, Part 2,” COBIT Focus, 2 January 2018
3 Project Management Institute, The Standard for Portfolio Management 4th Edition, USA, 2017
4 Project Management Institute, The Standard for Program Management 4th Edition, USA, 2017
5 Project Management Institute, A Guide to the Project Management Body of Knowledge (PMBOK Guide) 6th Edition, USA, 2017
6 Project Management Institute, The Standard for Portfolio Management, 3rd Edition, USA, 2013