CobiT Strategy and Long Term Vision

Transcription

1 CobiT Strategy and Long Term Vision Urs Fischer VP Head IT Risk Mgmt, Security & ICS SwissLife Seite 2 1

2 Seite 3 Seite 4 2

3 Session Objective Provide those interested stakeholders with a clear and single consensus view of CobiT goals, products and activities Seite 5 COBIT - Global Status Some findings of the ITGI survey of over 500 executives COBIT is the preferred way to implement effective IT governance 18% 27% Executive awareness is up Perception that it is difficult to implement Executive awareness of COBIT More than half of those who know it, know its contents IT Governance Global Status Report More than 1/3rd of those who know the content, know it very well Seite 6 3

4 COBIT - the organisation The COBIT strategy depends on the organisational structure, processes and ing mechanisms established by ISACA and ITGI to support the goals of COBIT through: Attracting thought leaders, Resourcing projects, product support and volunteer development groups, Marketing and selling the products, and Providing effective oversight and governance Seite 7 COBIT - the organisation Core Team Strategy Execution ITG Committee CobiT Steering Committee Development Lab Development Lab Development Lab Ad Hoc Brussels London Chicago Canberra Copen- hagen DC Cape Town San Francisco Regional Teams Los Angeles Atlanta Seite 8 4

5 CobiT : An IT control framework Evolution Governance Management Control Audit COBIT1 COBIT2 COBIT3 COBIT An open standard at Seite 9 COBIT - Value Is internationally accepted Maps to all major related frameworks and standards and is recognised as an integrator for such frameworks, standards and best practices Supports the IT-related component of existing and emerging regulations, particularly those related to corporate governance and compliance Is a complete family of products that evolves continuously Is supported by tools and training Is maintained by a reputable not for profit organisation Is technology / platform neutral and independent Is based on expert volunteer input Is both management and assurance oriented Appeals to a broad IT community Seite 10 5

6 COBIT - Value and Limitations Seite 11 CobiT Mission Statements CobiT to remain the de-facto standard of IT governance ITGI to be the recognized global leader in IT Governance, control and assurance, and to provide the organisational support and thought leadership for sustaining COBIT developments ISACA to enhance the reputation, independence and professionalism of ISACA and provide member benefits, while leveraging the knowledge of the membership, volunteers, subject matter experts (SME) and other advisors as appropriate Seite 12 6

7 CobiT Mission Statements Focus on the target group as identified by the IT Governance global Status Report 2006, that is aware of the IT governance concept, knows IT governance solution providers, prefers CobiT for it but has not implemented it. Seite 13 CobiT Strategic Goals CONTENT Ensure currency and quality of the CobiT knowledge base SUPPORT Enable individual and enterprise users to get value out of the CobiT products ADOPTION Achieve wide global adoption amongst all audiences -- Board and Executive, IT management and professionals, in the domains of IT Governance, Assurance and Security REVENUE Operate a business model that makes access to CobiT products and services non-prohibitive while being financially prudent and able to sustain. Seite 14 7

8 Support ISACA/ITGI Strategy Seite 15 COBIT - product portfolio An open standard at Seite 16 8

9 COBIT - product hierarchy An open standard at Seite 17 Research and Development Current Development Resourcing the development of CobiT is an immense challenge CobiT 4.0 has been a 2 year effort with many interconnected projects Future Research Empirical Analysis to prove return on IT governance practices Mapping to other standards Support for regulatory compliance Workbench IT Management Processes IT Governance Processes Seite 18 9

10 CobiT Certification Strategic Direction Trainer accreditation CobiT Implementer Certification Education Certificates YES Enterprise compliance Product certification People capability and experience NO Seite 19 CobiT Education Education Strategy Implementation Foundation Assurance Implementation being aligned to CobiT4.0 Assurance design done, under development Foundation rolled out COBIT FOUNDATION Internet based training for CobiT Foundation level 3rd party development, volunteer design, ISACA s IP Rolled out July 2005 Course delivered via network of Distributors; ISACA site advertises and provides click-through Business model is based on royalty to ISACA and a discount to its members (350$ for 3 months) Individuals: 500 sold, 100 exams and 500 prospects Corporates: 8 sold and 100+ prospects Seite 20 10

11 Current Development Activity CobiT Online now has CobiT 4.0 content included; 3.2 still available to support transition Updated Implementation Guide, Control Practices, and Assurance Guide (replaces Audit Guidelines) will be published Updating Quickstart, Security Baseline and others to reflect new CobiT Framework Updating/expanding CobiT Mapping research papers and will include maps to CMM, PMBOK, Prince 2, NIST FISMA standards, and others Improving alignment of CobiT to Val IT content Seite 21 Conclusion ISACA is our name. IT Governance is our brand. CobiT is our product. Urs Fischer CobiT Steering Committee Seite 22 11

12 Outlook to the Future Seite 23 Background The IT Governance Framework dates back to 1998 and is only very high level and IT Governance guidance is not completely covered (yet). The current frameworks, CobiT and ValIT, being owned and having grown organically through different committees contain a mix of Management and Governance guidance. The tendency of each new initiative to develop its own framework can be an obstacle for alignment. There is the perception that the target audience for the current frameworks is not well defined or too broad in some instances or only audit and control focused. Seite 24 12

13 Our Need is for A simple and complete framework for IT Governance that enhances our ability to communicate about the IT Governance BOK enables adoption by Boards enterprise management IT management Seite 25 IT Goveranance We should be providing a Governance Framework or a clear generic model of the processes required so that enterprises can develop and implement a governance architecture suitable for their requirements.. But which is aligned to needs of IT Seite 26 13

14 Boundaries We need to draw loose boundaries between Enterprise (corporate) governance IT governance IT management.. in order to subsequently define the structure of the ITGF Seite 27 Enterprise Governance Value Governance drive Enterprise Governance & Strategy drive Risk Governance Enterprise governance Systematic IT IT Value framework and Risk drives Performance Governance Management Value drives and overall Risk drives Measurement tools IT value service Management and delivery risk as essential feedback governance in IT direct Value Management (investments & benefits) set Portfolio Management Performance Measurement set Enterprise Architecture direct Risk Management (operational & compliance) IT Management Plan Deliver Operate Seite 28 14

15 Governance and Management ENTERPRISE GOVERNANCE Evaluate Set Objectives Set enterprise objectives and directions Build control environment Establish decision rights and responsibilities Manage Enterprise Risk Fulfil compliance requirements Provide direction Evaluate IT GOVERNANCE Set Objectives Align business and IT Enable the business and maximise benefits Ensure effective and efficient use of resources Manage IT risk as part of ERM Fulfil compliance requirements Provide direction Measure and Translate strategy into action Make the business more effective and efficient Make IT more effective and efficient Manage risks (security, reliability & compliance) Manage service delivery consistency IT MANAGEMENT Translate direction into strategy Seite 29 IT Governance Framework An IT Governance Framework is a defined conceptual structure to support governance expectations by organising IT tasks and activities into discrete processes while providing a business focus. It supplies a common language for IT activities and key management practices involved and is consistent with generally accepted IT good practices and corporate governance standards. Seite 30 15

16 Where we are now ITGI has developed Guidance Board Briefings Frameworks CobiT Val IT and more to come? Both frameworks contain components at Governance layer and Management layer Frameworks overlap to certain degree Seite 31 View 1 Board Briefing IT Governance Board Briefing IT Management Seite 32 16

17 View 2 - CobiT IT Governance PO Plan and Organise IT Management AI Acquire and Implement DS Deliver and Support ME Monitor and Evaluate Seite 33 View 3a Val IT IT Governance IT Management Seite 34 17

18 View 3b Val IT IT Governance IT Management Seite 35 View 4 Board Briefing, CobiT & ValIT IT Governance Board Briefing VG Value Governance PO Plan and Organise IM Investment Management AI Acquire and Implement PM Portfolio Management IT Management DS Deliver and Support ME Monitor and Evaluate Seite 36 18

19 Alternative 1 As Is Maintain and develop all frameworks in a loosely coupled way Evaluate ValIT IT GOVERNANCE Set Objectives Align business and IT Enable the business and maximise benefits Ensure effective and efficient use of resources Manage IT risk as part of ERM Fulfil compliance requirements RiskIT Provide direction Measure and Translate strategy into action Make the business effective Make the business efficient Manage risks (security, reliability & compliance) Manage service delivery consistency CobiT IT MANAGEMENT Translate direction into strategy Seite 37 Alternative 2 Integrated Framework Integrate existing frameworks into a new ITGF IT GOVERNANCE IT Governance Set Objectives Framework Align business and IT Enable the business and maximise benefits Ensure effective and efficient use of resources Evaluate Manage IT risk as part of ERM Provide Fulfil compliance requirements direction Measure and Translate strategy into action Make the business effective Make the business efficient Manage risks (security, reliability & compliance) Manage service delivery consistency IT MANAGEMENT Translate direction into strategy Seite 38 19

20 Alternative 3 - Two Frameworks - Build new IT Governance Framework - Reposition CobiT as an IT Management Framework IT GOVERNANCE IT Governance Set Objectives Framework Align business and IT Enable the business and maximise benefits Ensure effective and efficient use of resources Evaluate Manage IT risk as part of ERM Provide Fulfil compliance requirements direction Measure and Translate strategy into action Make the business effective Make the business efficient Manage risks (security, reliability & compliance) Manage service delivery consistency CobiT IT MANAGEMENT Translate direction into strategy Seite 39 Alternative 4-3 Frameworks Combined - Build ITGV set of principles as an integrating tool - Reposition VAlIT and CobiT - Build out RiskIT IT Governance Framework IT GOVERNANCE ValIT RiskIT Evaluate Set Objectives Align business and IT Enable the business and maximise benefits Ensure effective and efficient use of resources Manage IT risk as part of ERM Fulfil compliance requirements Provide direction Measure and Translate strategy into action Make the business effective Make the business efficient Manage risks (security, reliability & compliance) Manage service delivery consistency CobiT IT MANAGEMENT Translate direction into strategy Seite 40 20

21 CobiT Strategy and Long Term Vision Zürich, CH March 27, Urs Fischer CobiT Steering Committee For more information Information Systems Audit and Control Association (ISACA) IT Governance Institute (ITGI) 3701 Algonquin Road, Suite 1010 Rolling Meadows, IL USA Phone (ISACA) (ITGI) Fax (both) ISACA ISACA Web Site ITGI ITGI Web Site Thank You Swiss Life Urs Fischer, Vice President Head IT Risk Management, Security & ICS General-Guisan-Quai 40 P.O. Box, 8022 Zurich T F urs.fischer@swisslife.ch Seite 42 21