Problem & Incident Management
The Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applications within
the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems and incidents. The
specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as shown below.”
COBIT DS 10: Delivery Support - Manage Problems and Incidents
DS 10.1 Management should define and implement a problem management The lack of a problem management system may lead to non-standard operational events, such as -An understanding of problem management application.
system to ensure that all non-standard operational events (incidents, incidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical IT
errors and problems) are identified, recorded, analyzed and resolved. systems to become inefficient, ineffective or unavailable.
(DS 10.1)
DS 10.2 Management should define and implement problem escalation The lack of problems escalation procedures may lead to non-standard operational events that are not - List of critical applications that immediately escalate for senior management attention for a priority
procedures to ensure that identified incidents, errors and problems are resolved in a timely manner. resolution or are reportable as critical problems.
solved in the most efficient way on a timely basis. (DS 10.2)
DS 10.3 The problem management system should provide for an adequate audit The lack of an adequate audit trail may result in difficulties in identifying the cause of problems, which - All reports used to track problems and incidents.
trail that allows tracing from incident to underlying cause and back. (DS may lead to a more lengthy and costly resolution. -List of problems reported during representative period, including date of occurrence, date escalated (if
10.3) applicable), date of resolution, and time frame to resolve.
- Sample of "problem tickets" from the Problem Management System.
DS 10.4 The problem management system should ensure that emergency and The lack of a formal plan regarding emergency and temporary IT system access for problem resolution - Policies and procedures for emergency and temporary access.
temporary access authorizations are documented, approved, may result in access to critical IT systems by an unauthorized user. - Sample of emergency and temporary access requests with appropriate management approval.
communicated (to the necessary organizations), maintained, and
terminated as soon as the business need for access no longer exists.
(DS 10.4)
DS 10.5 The problem management system should establish emergency The lack of formally established emergency processing priorities may result in emergency processing - Documentation of emergency processing priorities.
processing priorities. (DS 10.5) that does not meet or reflect the needs of the organization.
DS 8.5 Procedures should be in place that assure adequate reporting with The lack of trend analysis and reporting may result in an inefficient process for identifying repeat -Reports related to resolution of queries and performance statistics of help desk.
regard to customer queries and resolution, response times and trend problems and development of sustainable solutions.
identification. The reports should be adequately analyzed and acted -Any performance standards for help desk activities.
upon. (DS 8.5)
COBIT DS 10.1
COBIT DS 10.2
COBIT DS 10.3
COBIT DS 10.4
COBIT DS 10.5
COBIT DS 8.5
Control ID
Process
Completed
ITIL Key Activity Mitigated Risks XYZ Company Specific Control TEST by W/P Ref
Incident Management Checklist
1.1 Incidents are recorded by Service Desk and/or event management Recurring incidents are not identified or recorded. Management cannot obtain
systems and include a description of the incident, time of occurrence and appropriate data to conduct trend analysis to determine if a problem is evident
Incident Detection and Recording (ITIL 5.6.1)
person or area affected. based on the nature of multiple incidents.
(ITIL Service Support, page 80)
X X
Source: www.knowledgeleader.com 1
Problem & Incident Management
The Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applications within
the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems and incidents. The
specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as shown below.”
COBIT DS 10: Delivery Support - Manage Problems and Incidents
DS 10.1 Management should define and implement a problem management The lack of a problem management system may lead to non-standard operational events, such as -An understanding of problem management application.
system to ensure that all non-standard operational events (incidents, incidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical IT
errors and problems) are identified, recorded, analyzed and resolved. systems to become inefficient, ineffective or unavailable.
(DS 10.1)
DS 10.2 Management should define and implement problem escalation The lack of problems escalation procedures may lead to non-standard operational events that are not - List of critical applications that immediately escalate for senior management attention for a priority
procedures to ensure that identified incidents, errors and problems are resolved in a timely manner. resolution or are reportable as critical problems.
solved in the most efficient way on a timely basis. (DS 10.2)
DS 10.3 The problem management system should provide for an adequate audit The lack of an adequate audit trail may result in difficulties in identifying the cause of problems, which - All reports used to track problems and incidents.
trail that allows tracing from incident to underlying cause and back. (DS may lead to a more lengthy and costly resolution. -List of problems reported during representative period, including date of occurrence, date escalated (if
10.3) applicable), date of resolution, and time frame to resolve.
- Sample of "problem tickets" from the Problem Management System.
DS 10.4 The problem management system should ensure that emergency and The lack of a formal plan regarding emergency and temporary IT system access for problem resolution - Policies and procedures for emergency and temporary access.
temporary access authorizations are documented, approved, may result in access to critical IT systems by an unauthorized user. - Sample of emergency and temporary access requests with appropriate management approval.
communicated (to the necessary organizations), maintained, and
terminated as soon as the business need for access no longer exists.
(DS 10.4)
DS 10.5 The problem management system should establish emergency The lack of formally established emergency processing priorities may result in emergency processing - Documentation of emergency processing priorities.
processing priorities. (DS 10.5) that does not meet or reflect the needs of the organization.
DS 8.5 Procedures should be in place that assure adequate reporting with The lack of trend analysis and reporting may result in an inefficient process for identifying repeat -Reports related to resolution of queries and performance statistics of help desk.
regard to customer queries and resolution, response times and trend problems and development of sustainable solutions.
identification. The reports should be adequately analyzed and acted -Any performance standards for help desk activities.
upon. (DS 8.5)
COBIT DS 10.1
COBIT DS 10.2
COBIT DS 10.3
COBIT DS 10.4
COBIT DS 10.5
COBIT DS 8.5
Control ID
Process
Completed
ITIL Key Activity Mitigated Risks XYZ Company Specific Control TEST by W/P Ref
1.2 Unresolved and critical incidents should be alerted to higher levels of Critical incidents are not resolved in a timely manner to meet SLA requirements
Service Management to ensure the incident is addressed to meet SLA Incident Management Checklist
impacting the ability to meet customer needs.
Incident Detection and
Recording (ITIL 5.6.1)
requirements.
(ITIL Service Support, page 81)
X
1.3 Unresolved and critical incidents should be alerted to higher levels of Critical incidents are not resolved in a timely manner to meet SLA requirements
Incident Detection and Recording
Service Management to ensure the incident is addressed to meet SLA impacting the ability to meet customer needs.
requirements.
(ITIL Service Support, page 81)
(ITIL 5.6.1)
X
Source: www.knowledgeleader.com 2
Problem & Incident Management
The Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applications within
the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems and incidents. The
specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as shown below.”
COBIT DS 10: Delivery Support - Manage Problems and Incidents
DS 10.1 Management should define and implement a problem management The lack of a problem management system may lead to non-standard operational events, such as -An understanding of problem management application.
system to ensure that all non-standard operational events (incidents, incidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical IT
errors and problems) are identified, recorded, analyzed and resolved. systems to become inefficient, ineffective or unavailable.
(DS 10.1)
DS 10.2 Management should define and implement problem escalation The lack of problems escalation procedures may lead to non-standard operational events that are not - List of critical applications that immediately escalate for senior management attention for a priority
procedures to ensure that identified incidents, errors and problems are resolved in a timely manner. resolution or are reportable as critical problems.
solved in the most efficient way on a timely basis. (DS 10.2)
DS 10.3 The problem management system should provide for an adequate audit The lack of an adequate audit trail may result in difficulties in identifying the cause of problems, which - All reports used to track problems and incidents.
trail that allows tracing from incident to underlying cause and back. (DS may lead to a more lengthy and costly resolution. -List of problems reported during representative period, including date of occurrence, date escalated (if
10.3) applicable), date of resolution, and time frame to resolve.
- Sample of "problem tickets" from the Problem Management System.
DS 10.4 The problem management system should ensure that emergency and The lack of a formal plan regarding emergency and temporary IT system access for problem resolution - Policies and procedures for emergency and temporary access.
temporary access authorizations are documented, approved, may result in access to critical IT systems by an unauthorized user. - Sample of emergency and temporary access requests with appropriate management approval.
communicated (to the necessary organizations), maintained, and
terminated as soon as the business need for access no longer exists.
(DS 10.4)
DS 10.5 The problem management system should establish emergency The lack of formally established emergency processing priorities may result in emergency processing - Documentation of emergency processing priorities.
processing priorities. (DS 10.5) that does not meet or reflect the needs of the organization.
DS 8.5 Procedures should be in place that assure adequate reporting with The lack of trend analysis and reporting may result in an inefficient process for identifying repeat -Reports related to resolution of queries and performance statistics of help desk.
regard to customer queries and resolution, response times and trend problems and development of sustainable solutions.
identification. The reports should be adequately analyzed and acted -Any performance standards for help desk activities.
upon. (DS 8.5)
COBIT DS 10.1
COBIT DS 10.2
COBIT DS 10.3
COBIT DS 10.4
COBIT DS 10.5
COBIT DS 8.5
Control ID
Process
Completed
ITIL Key Activity Mitigated Risks XYZ Company Specific Control TEST by W/P Ref
1.4 Incidents are classified and categorized logically to help define common Incidents are not categorized or logically organized, impacting the ability to easily
Incident Management Checklist
Classification and Initial Support
reasons for recurring incidents and to provide an organized mechanism match incidents to known errors or problems. Management cannot identify
to match incidents to known errors or existing problems. problems if incidents are not categorized to depict common issues.
(ITIL Service Support, page 81)
(ITIL 5.6.2)
X X
Source: www.knowledgeleader.com 3
Problem & Incident Management
The Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applications within
the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems and incidents. The
specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as shown below.”
COBIT DS 10: Delivery Support - Manage Problems and Incidents
DS 10.1 Management should define and implement a problem management The lack of a problem management system may lead to non-standard operational events, such as -An understanding of problem management application.
system to ensure that all non-standard operational events (incidents, incidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical IT
errors and problems) are identified, recorded, analyzed and resolved. systems to become inefficient, ineffective or unavailable.
(DS 10.1)
DS 10.2 Management should define and implement problem escalation The lack of problems escalation procedures may lead to non-standard operational events that are not - List of critical applications that immediately escalate for senior management attention for a priority
procedures to ensure that identified incidents, errors and problems are resolved in a timely manner. resolution or are reportable as critical problems.
solved in the most efficient way on a timely basis. (DS 10.2)
DS 10.3 The problem management system should provide for an adequate audit The lack of an adequate audit trail may result in difficulties in identifying the cause of problems, which - All reports used to track problems and incidents.
trail that allows tracing from incident to underlying cause and back. (DS may lead to a more lengthy and costly resolution. -List of problems reported during representative period, including date of occurrence, date escalated (if
10.3) applicable), date of resolution, and time frame to resolve.
- Sample of "problem tickets" from the Problem Management System.
DS 10.4 The problem management system should ensure that emergency and The lack of a formal plan regarding emergency and temporary IT system access for problem resolution - Policies and procedures for emergency and temporary access.
temporary access authorizations are documented, approved, may result in access to critical IT systems by an unauthorized user. - Sample of emergency and temporary access requests with appropriate management approval.
communicated (to the necessary organizations), maintained, and
terminated as soon as the business need for access no longer exists.
(DS 10.4)
DS 10.5 The problem management system should establish emergency The lack of formally established emergency processing priorities may result in emergency processing - Documentation of emergency processing priorities.
processing priorities. (DS 10.5) that does not meet or reflect the needs of the organization.
DS 8.5 Procedures should be in place that assure adequate reporting with The lack of trend analysis and reporting may result in an inefficient process for identifying repeat -Reports related to resolution of queries and performance statistics of help desk.
regard to customer queries and resolution, response times and trend problems and development of sustainable solutions.
identification. The reports should be adequately analyzed and acted -Any performance standards for help desk activities.
upon. (DS 8.5)
COBIT DS 10.1
COBIT DS 10.2
COBIT DS 10.3
COBIT DS 10.4
COBIT DS 10.5
COBIT DS 8.5
Control ID
Process
Completed
ITIL Key Activity Mitigated Risks XYZ Company Specific Control TEST by W/P Ref
Incidents are classified and categorized logically to help define common Incidents are not categorized or logically organized, impacting the ability to easily
Classification and Initial Support Classification and Initial Support (ITIL
1.5
reasons for recurring incidents and to provide an organized mechanism Incident Management Checklist
match incidents to known errors or problems. Management cannot identify
to match incidents to known errors or existing problems. problems if incidents are not categorized to depict common issues.
(ITIL Service Support, page 81)
5.6.2)
X X
1.6 Appropriate definition of incident prioritization is documented to clearly Incorrect prioritization of incidents may cause an increase in similar incidents.
define what incidents are required to be addressed immediately or Management may not be aware of critical production problems without knowledge
escalated to the correct service support level. of high-priority incidents. High-priority incidents may impact production if not
identified upon initial incident recognition.
(ITIL Service Support, page 80)
(ITIL 5.6.2)
X
Source: www.knowledgeleader.com 4
Problem & Incident Management
The Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applications within
the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems and incidents. The
specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as shown below.”
COBIT DS 10: Delivery Support - Manage Problems and Incidents
DS 10.1 Management should define and implement a problem management The lack of a problem management system may lead to non-standard operational events, such as -An understanding of problem management application.
system to ensure that all non-standard operational events (incidents, incidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical IT
errors and problems) are identified, recorded, analyzed and resolved. systems to become inefficient, ineffective or unavailable.
(DS 10.1)
DS 10.2 Management should define and implement problem escalation The lack of problems escalation procedures may lead to non-standard operational events that are not - List of critical applications that immediately escalate for senior management attention for a priority
procedures to ensure that identified incidents, errors and problems are resolved in a timely manner. resolution or are reportable as critical problems.
solved in the most efficient way on a timely basis. (DS 10.2)
DS 10.3 The problem management system should provide for an adequate audit The lack of an adequate audit trail may result in difficulties in identifying the cause of problems, which - All reports used to track problems and incidents.
trail that allows tracing from incident to underlying cause and back. (DS may lead to a more lengthy and costly resolution. -List of problems reported during representative period, including date of occurrence, date escalated (if
10.3) applicable), date of resolution, and time frame to resolve.
- Sample of "problem tickets" from the Problem Management System.
DS 10.4 The problem management system should ensure that emergency and The lack of a formal plan regarding emergency and temporary IT system access for problem resolution - Policies and procedures for emergency and temporary access.
temporary access authorizations are documented, approved, may result in access to critical IT systems by an unauthorized user. - Sample of emergency and temporary access requests with appropriate management approval.
communicated (to the necessary organizations), maintained, and
terminated as soon as the business need for access no longer exists.
(DS 10.4)
DS 10.5 The problem management system should establish emergency The lack of formally established emergency processing priorities may result in emergency processing - Documentation of emergency processing priorities.
processing priorities. (DS 10.5) that does not meet or reflect the needs of the organization.
DS 8.5 Procedures should be in place that assure adequate reporting with The lack of trend analysis and reporting may result in an inefficient process for identifying repeat -Reports related to resolution of queries and performance statistics of help desk.
regard to customer queries and resolution, response times and trend problems and development of sustainable solutions.
identification. The reports should be adequately analyzed and acted -Any performance standards for help desk activities.
upon. (DS 8.5)
COBIT DS 10.1
COBIT DS 10.2
COBIT DS 10.3
COBIT DS 10.4
COBIT DS 10.5
COBIT DS 8.5
Control ID
Process
Completed
ITIL Key Activity Mitigated Risks XYZ Company Specific Control TEST by W/P Ref
1.7 Appropriate definition of incident prioritization is documented to clearly Incorrect prioritization of incidents may cause an increase in similar incidents.
define what incidents are required to be addressed immediately or Incident Management Checklist
Management may not be aware of critical production problems without knowledge
Classification and Initial
escalated to the correct service support level. of high-priority incidents. High-priority incidents may impact production if not
Support (ITIL 5.6.2)
identified upon initial incident recognition.
(ITIL Service Support, page 80)
X
1.9 The status of incidents are regularly updated and reviewed against Incidents are not resolved in a timely manner to meet SLA requirements. Users
Investigation and
Diagnosis (ITIL
known errors, problems, solutions, planned changes to identify if the are not provided a solution for unresolved incidents, increasing the impact on the
incident can be resolved. business and the ability to continue work.
5.6.3)
X
(ITIL Service Support, page 84)
Source: www.knowledgeleader.com 5
Problem & Incident Management
The Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applications within
the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems and incidents. The
specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as shown below.”
COBIT DS 10: Delivery Support - Manage Problems and Incidents
DS 10.1 Management should define and implement a problem management The lack of a problem management system may lead to non-standard operational events, such as -An understanding of problem management application.
system to ensure that all non-standard operational events (incidents, incidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical IT
errors and problems) are identified, recorded, analyzed and resolved. systems to become inefficient, ineffective or unavailable.
(DS 10.1)
DS 10.2 Management should define and implement problem escalation The lack of problems escalation procedures may lead to non-standard operational events that are not - List of critical applications that immediately escalate for senior management attention for a priority
procedures to ensure that identified incidents, errors and problems are resolved in a timely manner. resolution or are reportable as critical problems.
solved in the most efficient way on a timely basis. (DS 10.2)
DS 10.3 The problem management system should provide for an adequate audit The lack of an adequate audit trail may result in difficulties in identifying the cause of problems, which - All reports used to track problems and incidents.
trail that allows tracing from incident to underlying cause and back. (DS may lead to a more lengthy and costly resolution. -List of problems reported during representative period, including date of occurrence, date escalated (if
10.3) applicable), date of resolution, and time frame to resolve.
- Sample of "problem tickets" from the Problem Management System.
DS 10.4 The problem management system should ensure that emergency and The lack of a formal plan regarding emergency and temporary IT system access for problem resolution - Policies and procedures for emergency and temporary access.
temporary access authorizations are documented, approved, may result in access to critical IT systems by an unauthorized user. - Sample of emergency and temporary access requests with appropriate management approval.
communicated (to the necessary organizations), maintained, and
terminated as soon as the business need for access no longer exists.
(DS 10.4)
DS 10.5 The problem management system should establish emergency The lack of formally established emergency processing priorities may result in emergency processing - Documentation of emergency processing priorities.
processing priorities. (DS 10.5) that does not meet or reflect the needs of the organization.
DS 8.5 Procedures should be in place that assure adequate reporting with The lack of trend analysis and reporting may result in an inefficient process for identifying repeat -Reports related to resolution of queries and performance statistics of help desk.
regard to customer queries and resolution, response times and trend problems and development of sustainable solutions.
identification. The reports should be adequately analyzed and acted -Any performance standards for help desk activities.
upon. (DS 8.5)
COBIT DS 10.1
COBIT DS 10.2
COBIT DS 10.3
COBIT DS 10.4
COBIT DS 10.5
COBIT DS 8.5
Control ID
Process
Completed
ITIL Key Activity Mitigated Risks XYZ Company Specific Control TEST by W/P Ref
1.10 Incidents that have been resolved or circumvented should have a work Incidents that have been resolved are not documented to inform Service Level
Incident Management Checklist
Resolution and Recovery
around in place and possibly a request for change (RFC). support of the correct resolution process.
(ITIL 5.6.4)
(ITIL Service Support, page 85)
X
X
1.11 Resolved incidents should be clearly documented to: 1) define the steps Customer is unsatisfied with resolution and incident continues to occur. Time
Incident Closure (ITIL
taken to resolve the incident. 2) ensure the incident is classified spent on incidents is not accurately recorded to ensure cost to resolve the
completely and accurately 3) resolution or action is communicated to incident is beneficial to business needs.
the user to validate the resolution satisfies the user's requirements and
5.6.5)
4) time spent on the incident is recorded accurately. X X
(ITIL Service Support, page 85)
Source: www.knowledgeleader.com 6
Problem & Incident Management
The Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applications within
the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems and incidents. The
specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as shown below.”
COBIT DS 10: Delivery Support - Manage Problems and Incidents
DS 10.1 Management should define and implement a problem management The lack of a problem management system may lead to non-standard operational events, such as -An understanding of problem management application.
system to ensure that all non-standard operational events (incidents, incidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical IT
errors and problems) are identified, recorded, analyzed and resolved. systems to become inefficient, ineffective or unavailable.
(DS 10.1)
DS 10.2 Management should define and implement problem escalation The lack of problems escalation procedures may lead to non-standard operational events that are not - List of critical applications that immediately escalate for senior management attention for a priority
procedures to ensure that identified incidents, errors and problems are resolved in a timely manner. resolution or are reportable as critical problems.
solved in the most efficient way on a timely basis. (DS 10.2)
DS 10.3 The problem management system should provide for an adequate audit The lack of an adequate audit trail may result in difficulties in identifying the cause of problems, which - All reports used to track problems and incidents.
trail that allows tracing from incident to underlying cause and back. (DS may lead to a more lengthy and costly resolution. -List of problems reported during representative period, including date of occurrence, date escalated (if
10.3) applicable), date of resolution, and time frame to resolve.
- Sample of "problem tickets" from the Problem Management System.
DS 10.4 The problem management system should ensure that emergency and The lack of a formal plan regarding emergency and temporary IT system access for problem resolution - Policies and procedures for emergency and temporary access.
temporary access authorizations are documented, approved, may result in access to critical IT systems by an unauthorized user. - Sample of emergency and temporary access requests with appropriate management approval.
communicated (to the necessary organizations), maintained, and
terminated as soon as the business need for access no longer exists.
(DS 10.4)
DS 10.5 The problem management system should establish emergency The lack of formally established emergency processing priorities may result in emergency processing - Documentation of emergency processing priorities.
processing priorities. (DS 10.5) that does not meet or reflect the needs of the organization.
DS 8.5 Procedures should be in place that assure adequate reporting with The lack of trend analysis and reporting may result in an inefficient process for identifying repeat -Reports related to resolution of queries and performance statistics of help desk.
regard to customer queries and resolution, response times and trend problems and development of sustainable solutions.
identification. The reports should be adequately analyzed and acted -Any performance standards for help desk activities.
upon. (DS 8.5)
COBIT DS 10.1
COBIT DS 10.2
COBIT DS 10.3
COBIT DS 10.4
COBIT DS 10.5
COBIT DS 8.5
Control ID
Process
Completed
ITIL Key Activity Mitigated Risks XYZ Company Specific Control TEST by W/P Ref
1.12 Resolved incidents should be clearly documented to: 1) define the steps Customer is unsatisfied with resolution and incident continues to occur. Time
taken to resolve the incident. 2) ensure the incident is classified Incident Management Checklist
spent on incidents is not accurately recorded to ensure cost to resolve the
completely and accurately 3) resolution or action is communicated to incident is beneficial to business needs.
the user to validate that the resolution satisfies the user's requirements
Incident Closure (ITIL 5.6.5)
and 4) time spent on the incident is recorded accurately.
(ITIL Service Support, page 85)
X X
Source: www.knowledgeleader.com 7
Problem & Incident Management
The Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applications within
the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems and incidents. The
specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as shown below.”
COBIT DS 10: Delivery Support - Manage Problems and Incidents
DS 10.1 Management should define and implement a problem management The lack of a problem management system may lead to non-standard operational events, such as -An understanding of problem management application.
system to ensure that all non-standard operational events (incidents, incidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical IT
errors and problems) are identified, recorded, analyzed and resolved. systems to become inefficient, ineffective or unavailable.
(DS 10.1)
DS 10.2 Management should define and implement problem escalation The lack of problems escalation procedures may lead to non-standard operational events that are not - List of critical applications that immediately escalate for senior management attention for a priority
procedures to ensure that identified incidents, errors and problems are resolved in a timely manner. resolution or are reportable as critical problems.
solved in the most efficient way on a timely basis. (DS 10.2)
DS 10.3 The problem management system should provide for an adequate audit The lack of an adequate audit trail may result in difficulties in identifying the cause of problems, which - All reports used to track problems and incidents.
trail that allows tracing from incident to underlying cause and back. (DS may lead to a more lengthy and costly resolution. -List of problems reported during representative period, including date of occurrence, date escalated (if
10.3) applicable), date of resolution, and time frame to resolve.
- Sample of "problem tickets" from the Problem Management System.
DS 10.4 The problem management system should ensure that emergency and The lack of a formal plan regarding emergency and temporary IT system access for problem resolution - Policies and procedures for emergency and temporary access.
temporary access authorizations are documented, approved, may result in access to critical IT systems by an unauthorized user. - Sample of emergency and temporary access requests with appropriate management approval.
communicated (to the necessary organizations), maintained, and
terminated as soon as the business need for access no longer exists.
(DS 10.4)
DS 10.5 The problem management system should establish emergency The lack of formally established emergency processing priorities may result in emergency processing - Documentation of emergency processing priorities.
processing priorities. (DS 10.5) that does not meet or reflect the needs of the organization.
DS 8.5 Procedures should be in place that assure adequate reporting with The lack of trend analysis and reporting may result in an inefficient process for identifying repeat -Reports related to resolution of queries and performance statistics of help desk.
regard to customer queries and resolution, response times and trend problems and development of sustainable solutions.
identification. The reports should be adequately analyzed and acted -Any performance standards for help desk activities.
upon. (DS 8.5)
COBIT DS 10.1
COBIT DS 10.2
COBIT DS 10.3
COBIT DS 10.4
COBIT DS 10.5
COBIT DS 8.5
Control ID
Process
Completed
ITIL Key Activity Mitigated Risks XYZ Company Specific Control TEST by W/P Ref
1.13 The status of open Incidents are regularly monitored to assess progress Incidents are not resolved in the agreed timeframe. The lack of formally
Incident Management Checklist
Ownership, Monitoring, Tracking
and Communication (ITIL 5.6.6)
towards resolution and against service level agreements. documented escalation procedures could directly affect the ability to resolve
incidents against SLA requirements.
(ITIL Service Support, page 86)
X X
1.14 Users are informed of the status of open incidents to the point of Incidents are not resolved in the agreed timeframe. The lack of formally
Ownership, Monitoring, Tracking
and Communication (ITIL 5.6.6)
resolution. documented escalation procedures could directly affect the ability to resolve
incidents against SLA requirements.
(ITIL Service Support, page 86)
X X
Source: www.knowledgeleader.com 8
Problem & Incident Management
The Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applications within
the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems and incidents. The
specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as shown below.”
COBIT DS 10: Delivery Support - Manage Problems and Incidents
DS 10.1 Management should define and implement a problem management The lack of a problem management system may lead to non-standard operational events, such as -An understanding of problem management application.
system to ensure that all non-standard operational events (incidents, incidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical IT
errors and problems) are identified, recorded, analyzed and resolved. systems to become inefficient, ineffective or unavailable.
(DS 10.1)
DS 10.2 Management should define and implement problem escalation The lack of problems escalation procedures may lead to non-standard operational events that are not - List of critical applications that immediately escalate for senior management attention for a priority
procedures to ensure that identified incidents, errors and problems are resolved in a timely manner. resolution or are reportable as critical problems.
solved in the most efficient way on a timely basis. (DS 10.2)
DS 10.3 The problem management system should provide for an adequate audit The lack of an adequate audit trail may result in difficulties in identifying the cause of problems, which - All reports used to track problems and incidents.
trail that allows tracing from incident to underlying cause and back. (DS may lead to a more lengthy and costly resolution. -List of problems reported during representative period, including date of occurrence, date escalated (if
10.3) applicable), date of resolution, and time frame to resolve.
- Sample of "problem tickets" from the Problem Management System.
DS 10.4 The problem management system should ensure that emergency and The lack of a formal plan regarding emergency and temporary IT system access for problem resolution - Policies and procedures for emergency and temporary access.
temporary access authorizations are documented, approved, may result in access to critical IT systems by an unauthorized user. - Sample of emergency and temporary access requests with appropriate management approval.
communicated (to the necessary organizations), maintained, and
terminated as soon as the business need for access no longer exists.
(DS 10.4)
DS 10.5 The problem management system should establish emergency The lack of formally established emergency processing priorities may result in emergency processing - Documentation of emergency processing priorities.
processing priorities. (DS 10.5) that does not meet or reflect the needs of the organization.
DS 8.5 Procedures should be in place that assure adequate reporting with The lack of trend analysis and reporting may result in an inefficient process for identifying repeat -Reports related to resolution of queries and performance statistics of help desk.
regard to customer queries and resolution, response times and trend problems and development of sustainable solutions.
identification. The reports should be adequately analyzed and acted -Any performance standards for help desk activities.
upon. (DS 8.5)
COBIT DS 10.1
COBIT DS 10.2
COBIT DS 10.3
COBIT DS 10.4
COBIT DS 10.5
COBIT DS 8.5
Control ID
Process
Completed
ITIL Key Activity Mitigated Risks XYZ Company Specific Control TEST by W/P Ref
1.15 High-impact incidents are monitored to determine if a known error exists Incidents are not resolved in the agreed timeframe. The lack of formally
Incident Management Checklist
Ownership, Monitoring, Tracking
and Communication (ITIL 5.6.6)
that will remediate both the incident itself and similar incidents. documented escalation procedures could directly affect the ability to resolve
incidents against SLA requirements.
(ITIL Service Support, page 86)
X X
1.16 Incidents that have been escalated are recorded and communicated to Incidents are not resolved in the agreed timeframe. The lack of formally
Ownership, Monitoring, Tracking
and Communication (ITIL 5.6.6)
the business owners and appropriate support staff. documented escalation procedures could directly affect the ability to resolve
incidents against SLA requirements.
(ITIL Service Support, page 86)
X X
Source: www.knowledgeleader.com 9
Problem & Incident Management
The Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applications within
the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems and incidents. The
specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as shown below.”
COBIT DS 10: Delivery Support - Manage Problems and Incidents
DS 10.1 Management should define and implement a problem management The lack of a problem management system may lead to non-standard operational events, such as -An understanding of problem management application.
system to ensure that all non-standard operational events (incidents, incidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical IT
errors and problems) are identified, recorded, analyzed and resolved. systems to become inefficient, ineffective or unavailable.
(DS 10.1)
DS 10.2 Management should define and implement problem escalation The lack of problems escalation procedures may lead to non-standard operational events that are not - List of critical applications that immediately escalate for senior management attention for a priority
procedures to ensure that identified incidents, errors and problems are resolved in a timely manner. resolution or are reportable as critical problems.
solved in the most efficient way on a timely basis. (DS 10.2)
DS 10.3 The problem management system should provide for an adequate audit The lack of an adequate audit trail may result in difficulties in identifying the cause of problems, which - All reports used to track problems and incidents.
trail that allows tracing from incident to underlying cause and back. (DS may lead to a more lengthy and costly resolution. -List of problems reported during representative period, including date of occurrence, date escalated (if
10.3) applicable), date of resolution, and time frame to resolve.
- Sample of "problem tickets" from the Problem Management System.
DS 10.4 The problem management system should ensure that emergency and The lack of a formal plan regarding emergency and temporary IT system access for problem resolution - Policies and procedures for emergency and temporary access.
temporary access authorizations are documented, approved, may result in access to critical IT systems by an unauthorized user. - Sample of emergency and temporary access requests with appropriate management approval.
communicated (to the necessary organizations), maintained, and
terminated as soon as the business need for access no longer exists.
(DS 10.4)
DS 10.5 The problem management system should establish emergency The lack of formally established emergency processing priorities may result in emergency processing - Documentation of emergency processing priorities.
processing priorities. (DS 10.5) that does not meet or reflect the needs of the organization.
DS 8.5 Procedures should be in place that assure adequate reporting with The lack of trend analysis and reporting may result in an inefficient process for identifying repeat -Reports related to resolution of queries and performance statistics of help desk.
regard to customer queries and resolution, response times and trend problems and development of sustainable solutions.
identification. The reports should be adequately analyzed and acted -Any performance standards for help desk activities.
upon. (DS 8.5)
COBIT DS 10.1
COBIT DS 10.2
COBIT DS 10.3
COBIT DS 10.4
COBIT DS 10.5
COBIT DS 8.5
Control ID
Process
Completed
ITIL Key Activity Mitigated Risks XYZ Company Specific Control TEST by W/P Ref
1.17 Regular meetings and communication with key support staff, vendor User community is continuously impacted by Major Incidents that have not been
Handling of Major Incidents
support staff, and IT services management should take place to address Incident Management Checklist
investigated or discussed by the appropriate IT personnel.
Major Incidents and possible resolutions to reduce the impact on the
business.
(ITIL 5.7)
(ITIL Service Support, page 87) X
1.18 Roles and responsibilities are defined for an Incident Manager. The The Incident Management process is not controlled by different levels of roles
Roles of the Incident Management
Process - Incident Manager (ITIL
Incident Manager should ensure efficiency and effectiveness of the and responsibility, leaving room for inefficiencies and the lack of management
Incident Management process, produce management information, reporting and monitoring to assess the progress of the incident management
manage support staff, monitor effectiveness of the Incident Management process and applicable systems.
process, develop and maintain Incident Management systems.
(ITIL Service Support, page 87)
5.8.1)
X
Source: www.knowledgeleader.com 10
Problem & Incident Management
The Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applications within
the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems and incidents. The
specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as shown below.”
COBIT DS 10: Delivery Support - Manage Problems and Incidents
DS 10.1 Management should define and implement a problem management The lack of a problem management system may lead to non-standard operational events, such as -An understanding of problem management application.
system to ensure that all non-standard operational events (incidents, incidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical IT
errors and problems) are identified, recorded, analyzed and resolved. systems to become inefficient, ineffective or unavailable.
(DS 10.1)
DS 10.2 Management should define and implement problem escalation The lack of problems escalation procedures may lead to non-standard operational events that are not - List of critical applications that immediately escalate for senior management attention for a priority
procedures to ensure that identified incidents, errors and problems are resolved in a timely manner. resolution or are reportable as critical problems.
solved in the most efficient way on a timely basis. (DS 10.2)
DS 10.3 The problem management system should provide for an adequate audit The lack of an adequate audit trail may result in difficulties in identifying the cause of problems, which - All reports used to track problems and incidents.
trail that allows tracing from incident to underlying cause and back. (DS may lead to a more lengthy and costly resolution. -List of problems reported during representative period, including date of occurrence, date escalated (if
10.3) applicable), date of resolution, and time frame to resolve.
- Sample of "problem tickets" from the Problem Management System.
DS 10.4 The problem management system should ensure that emergency and The lack of a formal plan regarding emergency and temporary IT system access for problem resolution - Policies and procedures for emergency and temporary access.
temporary access authorizations are documented, approved, may result in access to critical IT systems by an unauthorized user. - Sample of emergency and temporary access requests with appropriate management approval.
communicated (to the necessary organizations), maintained, and
terminated as soon as the business need for access no longer exists.
(DS 10.4)
DS 10.5 The problem management system should establish emergency The lack of formally established emergency processing priorities may result in emergency processing - Documentation of emergency processing priorities.
processing priorities. (DS 10.5) that does not meet or reflect the needs of the organization.
DS 8.5 Procedures should be in place that assure adequate reporting with The lack of trend analysis and reporting may result in an inefficient process for identifying repeat -Reports related to resolution of queries and performance statistics of help desk.
regard to customer queries and resolution, response times and trend problems and development of sustainable solutions.
identification. The reports should be adequately analyzed and acted -Any performance standards for help desk activities.
upon. (DS 8.5)
COBIT DS 10.1
COBIT DS 10.2
COBIT DS 10.3
COBIT DS 10.4
COBIT DS 10.5
COBIT DS 8.5
Control ID
Process
Completed
ITIL Key Activity Mitigated Risks XYZ Company Specific Control TEST by W/P Ref
Roles of the Incident Management Process -
1.19 Incident handling support staff have been defined to include first level, Without different levels of incident handling support groups, incidents may not be
Incident Handling Support Staff (ITIL 5.8.2)
second level, and incident owners. Each of these roles have specific Incident Management Checklist
addressed in an effective and efficient manner, leaving users and customers
objectives and functions to ensure incidents are registered, assigned to unsatisfied with IT support services.
support owners, escalated properly, and closed when resolved.
(ITIL Service Support, page 87)
X X X
Source: www.knowledgeleader.com 11
Problem & Incident Management
The Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applications within
the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems and incidents. The
specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as shown below.”
COBIT DS 10: Delivery Support - Manage Problems and Incidents
DS 10.1 Management should define and implement a problem management The lack of a problem management system may lead to non-standard operational events, such as -An understanding of problem management application.
system to ensure that all non-standard operational events (incidents, incidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical IT
errors and problems) are identified, recorded, analyzed and resolved. systems to become inefficient, ineffective or unavailable.
(DS 10.1)
DS 10.2 Management should define and implement problem escalation The lack of problems escalation procedures may lead to non-standard operational events that are not - List of critical applications that immediately escalate for senior management attention for a priority
procedures to ensure that identified incidents, errors and problems are resolved in a timely manner. resolution or are reportable as critical problems.
solved in the most efficient way on a timely basis. (DS 10.2)
DS 10.3 The problem management system should provide for an adequate audit The lack of an adequate audit trail may result in difficulties in identifying the cause of problems, which - All reports used to track problems and incidents.
trail that allows tracing from incident to underlying cause and back. (DS may lead to a more lengthy and costly resolution. -List of problems reported during representative period, including date of occurrence, date escalated (if
10.3) applicable), date of resolution, and time frame to resolve.
- Sample of "problem tickets" from the Problem Management System.
DS 10.4 The problem management system should ensure that emergency and The lack of a formal plan regarding emergency and temporary IT system access for problem resolution - Policies and procedures for emergency and temporary access.
temporary access authorizations are documented, approved, may result in access to critical IT systems by an unauthorized user. - Sample of emergency and temporary access requests with appropriate management approval.
communicated (to the necessary organizations), maintained, and
terminated as soon as the business need for access no longer exists.
(DS 10.4)
DS 10.5 The problem management system should establish emergency The lack of formally established emergency processing priorities may result in emergency processing - Documentation of emergency processing priorities.
processing priorities. (DS 10.5) that does not meet or reflect the needs of the organization.
DS 8.5 Procedures should be in place that assure adequate reporting with The lack of trend analysis and reporting may result in an inefficient process for identifying repeat -Reports related to resolution of queries and performance statistics of help desk.
regard to customer queries and resolution, response times and trend problems and development of sustainable solutions.
identification. The reports should be adequately analyzed and acted -Any performance standards for help desk activities.
upon. (DS 8.5)
COBIT DS 10.1
COBIT DS 10.2
COBIT DS 10.3
COBIT DS 10.4
COBIT DS 10.5
COBIT DS 8.5
Control ID
Process
Completed
ITIL Key Activity Mitigated Risks XYZ Company Specific Control TEST by W/P Ref
1.20 Incident Manager's create and distribute Key Performance Indicator Without evaluating the performance of the incident management process,
reports to service desk personnel, IT service management, and Incident Management Checklist
management is unaware of the business value the process offers. Also, a
Key Performance Indicators
specialist support groups. KPI reports should also be shared with users potential increase in problems may occur if incidents are not being managed
and customers. These reports should capture information that can be effectively and efficiently.
analyzed to assess the performance of the incident management
process. Examples of such indicators are the following:
1. Total number of incidents
2. Average time to resolve incidents X
3. Incidents resolved on the first call to the service desk
4. Average cost incurred per incident
5. Automatic vs. manual incident recording
(ITIL Service Support, page 88)
Source: www.knowledgeleader.com 12