COBIT 2019 governance objectives and SFIA

The recent publication of COBIT 2019 included a mapping of SFIA skills to the People, Skills and Competencies component of the COBIT 2019 Governance and management objectives-detailed guidance document.

Backgound

COBIT is the globally accepted framework for optimizing enterprise IT governance.

The recent publication of COBIT 2019 included a mapping of SFIA skills to COBIT 2019 governance and management objectives ...

  • this mapping is listed in component D. People, Skills and Competencies of the COBIT 2019 governance and management objectives-detailed guidance document.

Note - COBIT is a comprehensive resource. As such an explanation of its purpose, structure and content is beyond the scope of this article.

However, COBIT 2019 does not reference the most recent version of SFIA ...

  • SFIA 7 published in June 2018 superseded version 6
  • SFIA 7 was a significant revision including new skills and updated skill descriptions

In line with this update, here are suggestions for updating the Component D. references to SFIA 7.

This mapping was created by ...

  • using the COBIT 2019 to SFIA 6 mapping as a baseline
  • doing a detailed analysis of each of the governance/management objectives to derive the relevant SFIA skill. The main source is component A (process and activities).
  • the rationale is that to perform the activities listed in component A requires the SFIA skills which are listed in component D.

Note - a mapping to SFIA competency levels is outside the scope of this exercise.

If you are not familiar with the SFIA skills...
COBIT 2019 Governance / Management objective SFIA Skill name Skill code
EDM01 - Ensured Governance Framework Setting and Maintenance Enterprise IT governance GOVN
EDM02 - Ensured Benefits Delivery Benefits management BENM
IT management ITMG
Portfolio management POMG
Systems development management DLMG
EDM03 - Ensured Risk Optimization Business risk management BURM
EDM04 - Ensured Resource Optimization Demand management DEMM
Financial management FMIT
IT management ITMG
Portfolio management POMG
Resourcing RESC
Service level management SLMO
Systems development management DLMG
EDM05 - Ensured Stakeholder Engagement Enterprise IT governance GOVN
Relationship management RLMT
APO01 - Managed I&T Management Framework Enterprise IT governance GOVN
IT management ITMG
Organisation design and implementation ORDI
Organisational capability development OCDV
Performance management PEMT
Service level management SLMO
APO02 - Managed Strategy Business process improvement BPRE
Emerging technology monitoring EMRG
Enterprise and business architecture STPL
Organisational capability development OCDV
Strategic planning ITSP
APO03 - Managed Enterprise Architecture Data management DATM
Enterprise and business architecture STPL
Information governance IRMG
APO04 - Managed Innovation Emerging technology monitoring EMRG
Innovation INOV
Research RSCH
APO05 - Managed Portfolio Benefits management BENM
Portfolio management POMG
Portfolio, programme and project support PROF
APO06 - Managed Budget and Costs Financial management FMIT
APO07 - Managed Human Resources Competency assessment LEDA
Knowledge management KNOW
Learning and development management ETMG
Organisation design and implementation ORDI
Performance management PEMT
Professional development PSDV
Resourcing RESC
APO08 - Managed Relationships Relationship management RLMT
APO09 - Managed Service Agreements Demand management DEMM
Measurement MEAS
Service level management SLMO
APO10 - Managed Vendors Contract management ITCM
Sourcing SORC
Supplier management SUPP
APO11 - Managed Quality Knowledge management KNOW
Measurement MEAS
Organisational capability development OCDV
Quality assurance QUAS
Quality management QUMG
APO12 - Managed Risk Business risk management BURM
Information assurance INAS
APO13 - Managed Security Enterprise and business architecture STPL
Information security SCTY
Security administration SCAD
APO14 - Managed Data Data modelling and design DTAN
Data management DATM
Enterprise and business architecture STPL
Information assurance INAS
Information governance IRMG
Quality management QUMG
Storage management STMG
BAI01 - Managed Programs Benefits management BENM
Programme management PGMG
Relationship management RLMT
BAI02 - Managed Requirements Definition Asset management ASMG
Business analysis BUAN
Business process improvement BPRE
Requirements definition and management REQM
Solution architecture ARCH
Systems design DESN
User experience analysis UNAN
User experience design HCEV
User research URCH
BAI03 - Managed Solutions Identification and Build Business process testing BPTS
Configuration management CFMG
Database design DBDS
Data modelling and design DTAN
Information assurance INAS
Information security SCTY
Network design NTDS
Measurement MEAS
Methods and tools METL
Programming/software development PROG
Quality assurance QUAS
Quality management QUMG
Real time/embedded systems development RESD
Release and deployment RELM
Solution architecture ARCH
Sourcing SORC
Storage management STMG
Systems design DESN
Systems development management DLMG
Systems integration and build SINT
Testing TEST
BAI04 - Managed Availability and Capacity Availability management AVMT
Capacity management CPMG
Measurement MEAS
BAI05 - Managed Organizational Change Change implementation planning and management CIPM
Knowledge management KNOW
Learning and development management ETMG
Organisation design and implementation ORDI
Relationship management RLMT
BAI06 - Managed IT Changes Change management CHMG
Configuration management CFMG
BAI07 - Managed IT Change Acceptance and Transitioning Business process testing BPTS
Release and deployment RELM
Service acceptance SEAC
Testing TEST
User experience evaluation USEV
BAI08 - Managed Knowledge Knowledge management KNOW
Information governance IRMG
Information content authoring INCA
Information content publishing INCP
BAI09 - Managed Assets Asset management ASMG
Systems installation /decommissioning HSIN
BAI10 - Managed Configuration Configuration management CFMG
BAI11 - Managed Projects Portfolio, programme and project support PROF
Project management PRMG
Relationship management RLMT
DSS01 - Managed Operations Application support ASUP
Database administration DBAD
Facilities management DCMA
IT infrastructure ITOP
Network support NTAS
Storage management STMG
Supplier management SUPP
DSS02 - Managed Service Requests and Incidents Application support ASUP
Customer service support CSMG
Incident management USUP
Network support NTAS
DSS03 - Managed Problems Application support ASUP
Knowledge management KNOW
Problem management PBMG
Network support NTAS
DSS04 - Managed Continuity Continuity management COPL
Storage management STMG
DSS05 - Managed Security Services Facilities management DCMA
Information security SCTY
IT infrastructure ITOP
Learning delivery ETDL
Methods and tools METL
Penetration testing PENT
Security administration SCAD
DSS06 - Managed Business Process Controls Information assurance INAS
Information security SCTY
Security administration SCAD
MEA01 - Managed Performance and Conformance Monitoring Quality assurance QUAS
Conformance review CORE
Measurement MEAS
MEA02 - Managed System of Internal Control Conformance review CORE
MEA03 - Managed Compliance With External Requirements Conformance review CORE
Information security SCTY
MEA04 - Managed Assurance Conformance review CORE
Quality assurance QUAS