Design factors are based on generic components of a governance system but are tailored for a specific purpose or context within a focus area. Design factors are the characteristics or aspects of an enterprise that influence the design and implementation of a governance system. They include factors such as enterprise size, industry sector, risk profile, regulatory environment, sourcing model, etc. Focus areas are topics or issues that can be addressed by governance objectives, such as digital transformation, cybersecurity, privacy, etc.COBIT provides guidance on how to use design factors and focus areas to customize a governance system.13Reference:COBIT 2019 Framework: Introduction and Methodology,COBIT 2019 Design Guide: Designing an Information and Technology Governance Solution

The EGIT implementation program plan is a document that describes the rationale, objectives, scope, approach, benefits, costs, risks, and timeline of the EGIT implementation program. The EGIT implementation program plan provides the basis for obtaining approval, funding, resources, and support for the program from the stakeholders. The best time to acquire or develop solutions for implementing process improvement projects defined by the EGIT implementation program plan is when developing the EGIT implementation program plan. This means that before finalizing and submitting the EGIT implementation program plan for approval, the enterprise should identify or create the solutions that will enable it to achieve its process improvement goals and objectives. These solutions could include tools, methods, frameworks, standards, guidelines, best practices, etc., that will help to design and implement the desired processes in accordance with stakeholder requirements and expectations.By acquiring or developing solutions during the development of the EGIT implementation program plan, the enterprise can ensure that the solutions are aligned with the program scope and approach, that they are realistic and achievable within the program budget and timeline, that they are integrated with other program components such as change management and communication plans, and that they are approved by relevant stakeholders before execution5Reference:5: COBIT 2019 Implementation Guide: page 39-40 : COBIT 2019 Implementation Guide: page 49-50

The risk profile of an enterprise is a design factor that describes how an enterprise identifies, assesses, responds to, monitors, and reports on information and technology risks. The risk profile helps to determine the level of risk appetite and tolerance that an enterprise has for its information and technology activities, as well as the level of control and assurance that is required for its governance framework. When reviewing the risk profile of an enterprise during the governance design phase, one of the prerequisites that must be established prior to conducting a high-level risk analysis is the enterprise's risk appetite. The risk appetite is the amount and type of risk that an enterprise is willing to accept in pursuit of its objectives. The risk appetite provides a basis for defining the risk criteria, thresholds, indicators, and responses that will be used in the risk analysis process. The risk appetite also helps to align the governance framework with the enterprise's strategy and objectives. Reference:: COBIT 2019 Design Guide, page 41-43 : COBIT 2019 Framework: Introduction and Methodology, page 28-29

Within the COBIT goals cascade, stakeholder drivers are transformed into the enterprise's actionable strategy. The COBIT goals cascade is a mechanism that helps enterprises to align their governance objectives with their stakeholder needs. It consists of four levels: stakeholder drivers, enterprise goals, alignment goals, and governance and management objectives. Stakeholder drivers are the needs or expectations of the internal or external stakeholders of the enterprise. Enterprise goals are the specific targets or outcomes that the enterprise sets to achieve its vision and mission. Alignment goals are the intermediate goals that link the enterprise goals with the governance and management objectives. Governance and management objectives are the desired outcomes of the governance system for information and technology. Stakeholder drivers are transformed into enterprise goals through a process of analysis, prioritization, and validation.Enterprise goals form the basis of the enterprise's actionable strategy.12Reference:COBIT 2019 Framework: Introduction and Methodology,COBIT 2019 Framework: Governance System

The risk profile is a design factor that describes how an enterprise identifies, assesses, responds to, monitors, and reports on information and technology risks. The risk profile helps to determine the level of risk appetite and tolerance that an enterprise has for its information and technology activities, as well as the level of control and assurance that is required for its governance framework. When tailoring COBIT 2019 to enterprise requirements, the primary objective of preparing a risk profile is to identify areas of risk that exceed risk appetite. The risk appetite is the amount and type of risk that an enterprise is willing to accept in pursuit of its objectives. The risk appetite provides a basis for defining the risk criteria, thresholds, indicators, and responses that will be used in the risk profile process. By identifying areas of risk that exceed risk appetite, an enterprise can prioritize its governance objectives, processes, practices, roles, structures, and metrics according to the level of risk exposure and impact. This will also help to align the governance framework with the enterprise's strategy and objectives. Reference:: COBIT 2019 Design Guide: page 41-43 : COBIT 2019 Framework: Introduction and Methodology: page 28-29