Was muss ein Unternehmen im Griff haben, wenn es IT einsetzt? Jimmy Heschl

Transcription

1 Was muss ein Unternehmen im Griff haben, wenn es IT einsetzt? COBIT is a registered trademark of the Information Systems Audit and Control Association (ISACA ). This product includes COBIT 5, used by permission of ISACA ISACA. All rights reserved.

2 Some Personal Information!bwin.party: Process Analytics and Control!Homeopathic Consultant!Previous (KPMG / Ernst & Young)! Implementation of IT processes, based on COSO, COBIT, ITIL, 27002, )! IT Assurance work!isaca / ITGI! Board member of ISACA Austria! Member of Framework Committee, COL Task Force! Involved in developing COBIT as member of the COBIT Steering Committee and COBIT 5.0 Task Forces! Responsible for COBIT Mapping Programme! ISACA accredited COBIT Trainer!Author of (excerpt)! Book: IT Governance (German language)! COBIT 4.0, 4.1 and 5 (co-author and German translations)! Aligning COBIT, ITIL and for Business Benefit (co-author)! COBIT for Service Management (co-author)! COBIT Mappings: Overview, ISO/IEC 17799:2000/5, ITIL v2, ITIL v3, TOGAF,!CISA, CISM, CGEIT, ITIL Expert,... 2

3 Why Develop COBIT 5? COBIT 5:! ISACA Board of Directors directive: Tie together and reinforce all ISACA knowledge assets with COBIT.! Provide a renewed and authoritative governance and management framework for enterprise information and related technology.! Integrate all other major ISACA frameworks and guidance.! Align with other major frameworks and standards. 3

4 COBIT 5 - Development! Units! Task Force Future Framework ( )! COBIT 5 Task Force ! Core Development Team! Professional Support Team (PwC)! Researcher! Approach! Design by Task Force! Documentation by development team! Development Workshops! Public Exposure Drafts! Stress Tests! SME Reviews! Publication 4

5 Was muss ich im Griff haben? COBIT 5 Enablers Processes Organisational Structures Culture, Ethics & Behaviour Frameworks, Policies and Procedures Information Services Infrastructure Applications Resources People, Skills & Competences 22

6 Contact: LinkedIn, Xing, 24

7 Prozesse für die Chefs Behaupten, bestimmen, motzen (Evaluate, Direct & Monitor) Wohin, sog I. (EDM1 - Set and Maintain the Governance Framework) Wos bringts? (EDM2 - Ensure Benefits Delivery) Aufpassen! (EDM3 - Ensure Risk Optimisation) Des geht mit weniger! (EDM4 - Ensure Resource Optimisation) Vastehst? (EDM5 - Ensure Stakeholder Transparency) Prozesse für die Hackler Hinbiegen, raunzen und amoi schau n (Align, Plan & Organise) Grafik: Jimmy Heschhl Wia, sog I. (APO1 - Define the Management Framework for IT) Heats zua. (APO2 - Manage Strategy) Wos, des ois? (APO3 - Manage Enterprise Architecture) Wos neigs. (APO4 - Manage Innovation) So vü arbeit! (APO5 - Manage Portfolio) Vü z teia! (APO6 - Manage Budget & Costs) G frasta. (APO7 - Manage Human Resources) Motzen, raunzen, g scheit reden (Monitor, Evaluate & Assess) De scho wieder! (APO8 - Manage Relationships) So weit und mehr ned. (APO9 - Manage Service Agreements) Mehr G frasta. (APO10 - Manage Suppliers) Bla Bla. (APO11 - Manage Quality) Feig! (APO12 - Manage Risks) Finger weg! (APO13 - Manage Security) Passt scho. (MEA1 - Monitor & Evaluate Performance and Conformance) Probieren, erschleichen, hinstell n (Build, Acquire & Implement) Wo fang ma an? (BAI1 - Manage Programmes and Projects) Sog I da ned! (BAI8 - Manage Knowledge) Gleich selber machen, helf n und wurscht ln (Deliver, Service & Support) Auf geht s. (DSS1 - Manage Operations) Wos woits? (BAI2 - Define Requirements) Meins! (BAI9 - Manage Assets) Gschamster Diener. (DSS2 - Manage Service Requests & Incidents) Schau ma moi! (BAI3 - Identify & Build Solutions) A Meins! (BAI10 - Manage Configuration) Ned scho wieder. (DSS3 - Manage Problems) Wie vü denn no? (BAI4 - Manage Availability & Capacity) Oha! (DSS4 - Manage Continuity) Tats ihr amoi wos! (BAI5 - Enable organisational Change) Finger weg, wirkli! (DSS5 - Manage Security Administration) Fang ma uns net an! (BAI6 - Manage Changes) s Eingmochte. (DSS6 - Manage Business Process Controls) Fang! (BAI7 - Accept & Transition Changes) COBIT 5 - Österreich-Ausgabe 25 Na geh! (MEA2 - Monitor System of Internal Control) Jo eh! (MEA3 - Monitor and Assess Compliance with External Requirements) 25