document10
TRANSCRIPT
Dis
co
ve
ry
13 P
AD
O P
3M
Version
1.10
Concept Phase: Control Classification & Function
Governance Controls: Establish the control culture, clarify organisational expectations, and include organisation wide policies and procedures
Management Oversight Controls: Are set at the Business unit or line management level to address achievement of business unit objectives and mitigation of
business unit risk
Process Level Controls: Are established by a process owner to ensure that the objectives of the process are achieved and that process are achieved and that
process-level risks are addressed
Transaction Level Controls: Are specific to individual transactions. They exist to ensure that the objectives of the transaction specific risks are addressed
Key Controls: Controls that must operate effectively to reduce a significant risk to an acceptable level
Secondary Controls: Controls that help the process run smoothly but are not essential – these mitigate risk
Preventative Controls: These are proactive controls that deter undesirable events from occurring
Detective Controls: These controls are reactive and detect undesirable events that have occurred
Corrective Controls: These controls are reactive designed to allow manual or automated correction of errors or irregularities discovered by detective controls
Directive Controls: These controls are proactive controls that cause or encourage a desirable event to occur
Mitigating Controls: These controls reduce the potential impact should an event occur
Compensating Controls: These controls compensate for the lack of an expected control
Redundant Controls: These backup/duplicate a control objective or a secondary control that operates only if a key control fails
Tier 1: Fundamentals Tier 2: Subject Matter Expert Tier 3: Assurance
Entity LevelProcess
Level
Transaction
LevelKey Control
Secondary
ControlPreventative Detective Corrective Directive Mitigating
Compen
satingRedundant
1 1 PDM Issues Discovery Instruction PCA Management Oversight
2 1 Standard ID Used BSM Management Oversight
3 2 Business Value Confirmed BSM Management Oversight
4 1 Business Value Signed-Off BSM Management Oversight
5 2 High Level Requirements Completed BSM Management Oversight
6 2 High Level Requirements Peer Reviewed BSM Management Oversight
7 1 High Level Requirements Signed-Off BA Management Oversight
8 2 Exemptions Formally Tabled BA Management Oversight
9 1 Exemptions Formally Mandated PGM Management Oversight
10 2 Traceability Setup BA Management Oversight
11 2 Discovery Management Plan Completed PM Management Oversight
12 1 Discovery Management Plan Approved PM Management Oversight
13 2 Discovery Management Plan Peer Reviewed PDM Management Oversight
14 1 PADO Mandated Discovery Management Plan Template Utilised PDM,PGM Management Oversight
15 3 Quality Assurance Conducted on Discovery Management Plan and Annexes PAM Management Oversight
16 3 Gate Clearance Assessment PGM,PAM Management Oversight
17 3 Gate Clearance PGM Management Oversight
NA 2 Practice Checks (Including all PCA Actions) PDM Management Oversight
NA 2 Reporting PGM Governance
NA 1,2 Communications as per PADO and DMP Communications Plans BSM,PDM,PCA Management Oversight
NA 1,2,3 Document KPI's PAM Management Oversight
DiscoveryPhase:
Concept
Control # Tier Control Control Owner
Primary ClassificationSecondary
ClassificationControl Function
Dis
co
ve
ry
14 P
AD
O P
3M
Version
1.10 ……… Concept Phase: Due Diligence & Controls
Tier 1: Fundamentals Tier 2: Subject Matter Expert Tier 3: Assurance
Control # Tier Control Control OwnerProcess Step KPI
ApplicationGate KPI
Exemption
Possible
Deferment
Possible
1 1 PDM Issues Discovery Instruction PCA 2,16 P O O
2 1 Standard ID Used BSM 1,5 O P O
3 2 Business Value Confirmed BSM 5,9,13,16 P O P
4 1 Business Value Signed-Off BSM 5,6,7,9,13,16 P O P
5 2 High Level Requirements Completed BSM 5,9,13,16 P O P
6 2 High Level Requirements Peer Reviewed BSM 6,13,16 P P P
7 1 High Level Requirements Signed-Off BA 6,7,13,16 P P P
8 2 Exemptions Formally Tabled BA 8,9,10,13,16 O P P
9 1 Exemptions Formally Mandated PGM 9,10,13,16 P O P
10 2 Traceability Setup BA 11,13,14,16 P O P
11 2 Discovery Management Plan Completed PM 12,13,14,15,16,17,18 P O P
12 1 Discovery Management Plan Approved PM 12,13,14,15,16,17,18 P O P
13 2 Discovery Management Plan Peer Reviewed PDM 14,15,16,17,18 P O P
14 1 PADO Mandated Discovery Management Plan Template Utilised PDM,PGM All Phases P O P
15 3 Quality Assurance Conducted on Discovery Management Plan and Annexes PAM 14,17,18 P O P
16 3 Gate Clearance Assessment PGM,PAM 17,18 P O P
17 3 Gate Clearance PGM 18 O O P
NA 2 Practice Checks (Including all PCA Actions) PDM NA O O
NA 2 Reporting PGM NA O O
NA 1,2 Communications as per PADO and DMP Communications Plans BSM,PDM,PCA NA O O
NA 1,2,3 Document KPI's PAM All Phases P O
DiscoveryConcept
Phase:
Dis
co
ve
ry
15 P
AD
O P
3M
Version
1.10 ……… Concept Phase: Alignment to COBIT
Tier 1: Fundamentals Tier 2: Subject Matter Expert Tier 3: Assurance
0 1 0 2 0 3 0 4 0 5 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0 9 0 10 0 11 0 12 0 13 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0 9 0 10 0 1 0 2 0 3 0 4 0 5 0 6 0 1 0 2 0 3
Ensu
re G
ove
rnan
ce F
ram
ew
ork
Sett
ing
& M
ain
ten
ance
Ensu
re B
en
efi
ts D
eli
very
Ensu
re R
isk
Op
tim
isat
ion
Ensu
re R
eso
urc
e O
pti
mis
atio
n
Ensu
re S
take
ho
lde
r Tr
ansp
are
ncy
Man
age
th
e I
T Fr
ame
wo
rk
Man
age
Str
ate
gy
Man
age
En
terp
rise
Arc
hit
ect
ure
Man
age
In
no
vati
on
Man
age
Po
rtfo
lio
Man
age
Bu
dge
t &
Co
sts
Man
age
Hu
man
Re
sou
rce
s
Man
age
Re
lati
on
ship
s
Man
age
Se
rvic
e A
gre
em
en
ts
Man
age
Su
pp
lie
rs
Man
age
Qu
alit
y
Man
age
Ris
k
Man
age
Se
curi
ty
Man
age
Pro
gram
s an
d P
roje
cts
Man
age
Re
qu
ire
me
nts
De
fin
itio
n
Man
age
So
luti
on
s Id
en
tifi
cati
on
&
Bu
ild
Man
age
Ava
ilab
ilit
y &
Cap
acit
y
Man
age
Org
anis
atio
nal
Ch
ange
Enab
lem
en
t
Man
age
Ch
ange
s
Man
age
Ch
ange
Acc
ep
tan
ce &
Tran
siti
on
ing
Man
age
Kn
ow
led
ge
Man
age
Ass
ets
Man
age
Co
nfi
gura
tio
n
Man
age
Op
era
tio
ns
Man
age
Se
rvie
Re
qu
est
s &
In
cid
en
ts
Man
age
Pro
ble
ms
Man
age
Co
nti
nu
ity
Man
age
Se
curi
ty S
erv
ice
s
Man
age
Bu
sin
ess
Pro
cess
Co
ntr
ols
Mo
nit
or,
Eva
luat
e,
& A
sse
ss
Pe
rfo
rman
ce &
Co
nfo
rman
ce
Mo
nit
or,
Eva
luat
e &
Ass
ess
Th
e
Syst
em
of
Inte
rnal
Co
ntr
ol
Mo
nit
or,
Eva
luat
e,
& A
sse
ss
Co
mp
lian
ce w
ith
Ext
ern
al
1 Issue Discovery Instruction P P P P P P P P P P P P P
2 Assign Sol A, BA, SA, &PM P P P P P P P
3 PCA Transacting P P
4 Appoint DE, Internal Supplier, & Senior User P P P P P P P
5Identify Primary Benefits, Perform High Level
Requirements, & Define Scope P P P P P P P P P P P P P P
6 Documents Peer Review P P P P P P P P P P P P
7 Documents Approval P P P P P P P P P P P P P P
8Define Business Expectations / Approach &
Excemptions Application P P P P P P P P P P P P
9 Approval of Exemptions & Approach P P P P P P P P P P P P P P P
10 Expectations & Approach Approval P P P P P P P P P P P P
11 Establish Discovery Board P P P P P P P P P P
12 Develop DMP P P P P P P P P P P P P P P P P P
13 Documents Peer Review P P P P P P P P P P P P
14 Documents QA P P P P P P P P P P P P P P P P P P
15 Documents Approval P P P P P P P P P P P P P P
16 Gate Clearance Preparation & Application P P P P P P P
17 Gate Clearance Assessment P P P P P P P P P P P P P P P P
18 Definition Gate P P P P P P P P P P P P P P P P
`
All Project Boards P P P P P P P P P P P P P P P P P P P P P P P
All Reporting P P P P P P P P P P P P P P P P
All PCA Checks P P P P P P P
AllCommunications as per PADO & DMP Comms
PlansP P P P P P P P P P P P P P P P
All Document KPI's P P P P P P P P P P P P
Discovery Concept
Step Description
COBIT Control Objectives
Evaluate, Direct, and Monitor (EDM) Align, Plan, & Organise (AP) Build, Acquire, & Implement (BAI) Deliver, Service, & Support (DSS)Monitor, Evaluate,
& Assess (MEA)
Dis
co
ve
ry
16 P
AD
O P
3M
Version
1.10 ……… Concept Phase: Alignment to PMBOK (Supporting)
Tier 1: Fundamentals Tier 2: Subject Matter Expert Tier 3: Assurance
0 1 0 2 0 3 0 4 0 5 0 1 0 2 0 3 0 1 0 2 0 3 0 4 0 5 0 1 0 2 0 3 0 1 0 2 0 3 0 1 0 2 0 1 0 2 0 3 0 1 0 2 0 3 0 1 0 2 0 3 0 4 0 1 0 2 0 3
De
velo
p M
anag
em
en
t
Pla
n
Dir
ect
& M
anag
e W
ork
Mo
nit
or
& C
on
tro
l
Wo
rk
Pe
rfo
rm I
nte
grat
ed
Ch
ange
Co
ntr
ol
Clo
sure
Act
ivit
ies
Co
ntr
oll
ing
Sco
pe
Re
qu
ire
me
nts
Man
age
me
nt
WB
S A
lign
me
nt
Sch
ed
ule
Man
age
me
nt
Esti
mat
ion
Act
ivit
y M
anag
em
en
t
Du
rati
on
Man
age
me
nt
Sch
ed
ule
Co
ntr
ol
Co
st E
stim
atio
n
Co
st C
on
tro
l
Bu
dge
t M
anag
em
en
t
Qu
alit
y P
lan
nin
g
Pe
rfo
rm Q
ual
ity
Ass
ura
nce
Qu
alit
y C
on
tro
l
Re
sou
rce
Pla
nn
ing
Man
age
Pro
ject
Te
am
Pla
n C
om
mu
nic
atio
ns
Man
age
Co
mm
un
icat
ion
s
Co
ntr
ol
Co
mm
un
icat
ion
s
Ide
nti
fy R
isks
Pe
rfo
rm R
isk
An
alys
is
Co
ntr
ol
Ris
ks
Pla
n P
rocu
rem
en
t
Co
nd
uct
Pro
cure
me
nt
Co
ntr
ol
Pro
cure
me
nt
Clo
se P
rocu
rem
en
t
Stak
eh
old
er
Ide
nti
fica
tio
n
Stak
eh
old
er
Enga
gem
en
t
Co
ntr
ol
Stak
eh
old
er
Enga
gem
en
t
1 Issue Discovery Instruction P P P P
2 Assign BA, SA, Sol A, & PM P P
3 PCA Transacting P P P P
4Appoint DE, Internal Supplier, & Senior
User P P
5Identify Business VAlue, Perform High
Level Requirements, & Define Scope P P P P P P P P P P P P P P P
6 Documents Peer Review P P P P P P
7 Documents Approval P P P P P
8Define Business Expectations / Approach
& Excemptions ApplicationP P P P P P P
9 Approval of Exemptions & Approach P P P
10 Expectations & Approach Approval P P
11 Establish Discovery Board P P P P P P P
12 Develop DMP P P P P P P P P P P P P P P P P P P
13 Documents Peer Review P P P P P P P P
14 Documents QA P P P P P P
15 Documents Approval P P P P P
16Gate Clearance Preparation &
Application P
17 Gate Clearance Assessment P P P P P
18 Definition Gate P P P P P P P
All Project Boards P P P P P P P P P P P P P
All Reporting P P P P P P P P P
All PCA Checks P P P P P
All Communications as per PADO & DMP
Comms Plans P P P
All Document KPI's P P P P P
Discovery Concept
Step Description
PMBOK Knowledge Areas
Integration Management Scope Management Time Management Cost ManagementQuality
Management
HR
Managemen
t
Communications
ManagementRisk Management Procurement Management
Stakeholder
Management