COBIT 2019 governance objectives and SFIA
The recent publication of COBIT 2019 included a mapping of SFIA skills to the People, Skills and Competencies component of the COBIT 2019 Governance and management objectives-detailed guidance document.
Backgound
COBIT is the globally accepted framework for optimizing enterprise IT governance.
The recent publication of COBIT 2019 included a mapping of SFIA skills to COBIT 2019 governance and management objectives ...
- this mapping is listed in component D. People, Skills and Competencies of the COBIT 2019 governance and management objectives-detailed guidance document.
Note - COBIT is a comprehensive resource. As such an explanation of its purpose, structure and content is beyond the scope of this article.
However, COBIT 2019 does not reference the most recent version of SFIA ...
- SFIA 7 published in June 2018 superseded version 6
- SFIA 7 was a significant revision including new skills and updated skill descriptions
In line with this update, here are suggestions for updating the Component D. references to SFIA 7.
- This has been shared with the online COBIT and Frameworks community at isaca.org
- This is also attached as a PDF.
This mapping was created by ...
- using the COBIT 2019 to SFIA 6 mapping as a baseline
- doing a detailed analysis of each of the governance/management objectives to derive the relevant SFIA skill. The main source is component A (process and activities).
- the rationale is that to perform the activities listed in component A requires the SFIA skills which are listed in component D.
Note - a mapping to SFIA competency levels is outside the scope of this exercise.
If you are not familiar with the SFIA skills...
- the guiding principles describe how to use SFIA
- every SFIA skill listed in the table has a full description and skill-at-a-level descriptions. You can browse the skill descriptions here.
| COBIT 2019 Governance / Management objective | SFIA Skill name | Skill code |
| EDM01 - Ensured Governance Framework Setting and Maintenance | Enterprise IT governance | GOVN |
| EDM02 - Ensured Benefits Delivery | Benefits management | BENM |
| IT management | ITMG | |
| Portfolio management | POMG | |
| Systems development management | DLMG | |
| EDM03 - Ensured Risk Optimization | Business risk management | BURM |
| EDM04 - Ensured Resource Optimization | Demand management | DEMM |
| Financial management | FMIT | |
| IT management | ITMG | |
| Portfolio management | POMG | |
| Resourcing | RESC | |
| Service level management | SLMO | |
| Systems development management | DLMG | |
| EDM05 - Ensured Stakeholder Engagement | Enterprise IT governance | GOVN |
| Relationship management | RLMT | |
| APO01 - Managed I&T Management Framework | Enterprise IT governance | GOVN |
| IT management | ITMG | |
| Organisation design and implementation | ORDI | |
| Organisational capability development | OCDV | |
| Performance management | PEMT | |
| Service level management | SLMO | |
| APO02 - Managed Strategy | Business process improvement | BPRE |
| Emerging technology monitoring | EMRG | |
| Enterprise and business architecture | STPL | |
| Organisational capability development | OCDV | |
| Strategic planning | ITSP | |
| APO03 - Managed Enterprise Architecture | Data management | DATM |
| Enterprise and business architecture | STPL | |
| Information governance | IRMG | |
| APO04 - Managed Innovation | Emerging technology monitoring | EMRG |
| Innovation | INOV | |
| Research | RSCH | |
| APO05 - Managed Portfolio | Benefits management | BENM |
| Portfolio management | POMG | |
| Portfolio, programme and project support | PROF | |
| APO06 - Managed Budget and Costs | Financial management | FMIT |
| APO07 - Managed Human Resources | Competency assessment | LEDA |
| Knowledge management | KNOW | |
| Learning and development management | ETMG | |
| Organisation design and implementation | ORDI | |
| Performance management | PEMT | |
| Professional development | PSDV | |
| Resourcing | RESC | |
| APO08 - Managed Relationships | Relationship management | RLMT |
| APO09 - Managed Service Agreements | Demand management | DEMM |
| Measurement | MEAS | |
| Service level management | SLMO | |
| APO10 - Managed Vendors | Contract management | ITCM |
| Sourcing | SORC | |
| Supplier management | SUPP | |
| APO11 - Managed Quality | Knowledge management | KNOW |
| Measurement | MEAS | |
| Organisational capability development | OCDV | |
| Quality assurance | QUAS | |
| Quality management | QUMG | |
| APO12 - Managed Risk | Business risk management | BURM |
| Information assurance | INAS | |
| APO13 - Managed Security | Enterprise and business architecture | STPL |
| Information security | SCTY | |
| Security administration | SCAD | |
| APO14 - Managed Data | Data modelling and design | DTAN |
| Data management | DATM | |
| Enterprise and business architecture | STPL | |
| Information assurance | INAS | |
| Information governance | IRMG | |
| Quality management | QUMG | |
| Storage management | STMG | |
| BAI01 - Managed Programs | Benefits management | BENM |
| Programme management | PGMG | |
| Relationship management | RLMT | |
| BAI02 - Managed Requirements Definition | Asset management | ASMG |
| Business analysis | BUAN | |
| Business process improvement | BPRE | |
| Requirements definition and management | REQM | |
| Solution architecture | ARCH | |
| Systems design | DESN | |
| User experience analysis | UNAN | |
| User experience design | HCEV | |
| User research | URCH | |
| BAI03 - Managed Solutions Identification and Build | Business process testing | BPTS |
| Configuration management | CFMG | |
| Database design | DBDS | |
| Data modelling and design | DTAN | |
| Information assurance | INAS | |
| Information security | SCTY | |
| Network design | NTDS | |
| Measurement | MEAS | |
| Methods and tools | METL | |
| Programming/software development | PROG | |
| Quality assurance | QUAS | |
| Quality management | QUMG | |
| Real time/embedded systems development | RESD | |
| Release and deployment | RELM | |
| Solution architecture | ARCH | |
| Sourcing | SORC | |
| Storage management | STMG | |
| Systems design | DESN | |
| Systems development management | DLMG | |
| Systems integration and build | SINT | |
| Testing | TEST | |
| BAI04 - Managed Availability and Capacity | Availability management | AVMT |
| Capacity management | CPMG | |
| Measurement | MEAS | |
| BAI05 - Managed Organizational Change | Change implementation planning and management | CIPM |
| Knowledge management | KNOW | |
| Learning and development management | ETMG | |
| Organisation design and implementation | ORDI | |
| Relationship management | RLMT | |
| BAI06 - Managed IT Changes | Change management | CHMG |
| Configuration management | CFMG | |
| BAI07 - Managed IT Change Acceptance and Transitioning | Business process testing | BPTS |
| Release and deployment | RELM | |
| Service acceptance | SEAC | |
| Testing | TEST | |
| User experience evaluation | USEV | |
| BAI08 - Managed Knowledge | Knowledge management | KNOW |
| Information governance | IRMG | |
| Information content authoring | INCA | |
| Information content publishing | INCP | |
| BAI09 - Managed Assets | Asset management | ASMG |
| Systems installation /decommissioning | HSIN | |
| BAI10 - Managed Configuration | Configuration management | CFMG |
| BAI11 - Managed Projects | Portfolio, programme and project support | PROF |
| Project management | PRMG | |
| Relationship management | RLMT | |
| DSS01 - Managed Operations | Application support | ASUP |
| Database administration | DBAD | |
| Facilities management | DCMA | |
| IT infrastructure | ITOP | |
| Network support | NTAS | |
| Storage management | STMG | |
| Supplier management | SUPP | |
| DSS02 - Managed Service Requests and Incidents | Application support | ASUP |
| Customer service support | CSMG | |
| Incident management | USUP | |
| Network support | NTAS | |
| DSS03 - Managed Problems | Application support | ASUP |
| Knowledge management | KNOW | |
| Problem management | PBMG | |
| Network support | NTAS | |
| DSS04 - Managed Continuity | Continuity management | COPL |
| Storage management | STMG | |
| DSS05 - Managed Security Services | Facilities management | DCMA |
| Information security | SCTY | |
| IT infrastructure | ITOP | |
| Learning delivery | ETDL | |
| Methods and tools | METL | |
| Penetration testing | PENT | |
| Security administration | SCAD | |
| DSS06 - Managed Business Process Controls | Information assurance | INAS |
| Information security | SCTY | |
| Security administration | SCAD | |
| MEA01 - Managed Performance and Conformance Monitoring | Quality assurance | QUAS |
| Conformance review | CORE | |
| Measurement | MEAS | |
| MEA02 - Managed System of Internal Control | Conformance review | CORE |
| MEA03 - Managed Compliance With External Requirements | Conformance review | CORE |
| Information security | SCTY | |
| MEA04 - Managed Assurance | Conformance review | CORE |
| Quality assurance | QUAS |