This article provides an overview and summary of the COBIT 5 process Manage Business Process Controls, which is part of the Management – Run (Deliver, Service, Support) domain.

The purpose of this COBIT 5 process to manage organisation process controls ensuring that information related to and processed by in-house or outsourced organisation processes meet the information control requirements. The goal is to manage information integrity and the security of information assets handled within organisation processes in the organisation or outsourced.

The following sub-governance processes are further supported by a list of control activities:

  1. Align control activities embedded in organisation processes with enterprise objectives. Continually assess and monitor the execution of the organisation process activities and related controls.
  2. Control the processing of information. Operate the execution of the organisation process activities and related controls.
  3. Manage roles, responsibilities, access privileges and levels of authority. Manage the organisation roles, responsibilities, levels of authority and segregation of duties needed to support the organisation process objectives.
  4. Manage errors and exceptions. Manage organisation process exceptions and errors and facilitate their correction
  5. Ensure traceability of Information events and accountabilities. Ensure that organisation information can be traced to the originating organisation event and accountable parties.
  6. Secure information assets. Secure information assets accessible by the organisation through approved methods.

For more information please contact Morland-Austin at