Aligning ITIL Processes with COBIT Stages
|
|
- Joella Quinn
- 7 years ago
- Views:
Transcription
1 Aligning IL Processes with COB Stages Reg Harbeck CA Wednesday, August 15, 2007 Session 1472
2 Current Business Initiatives Six Six Sigma Sigma IIP IIP EFQM EFQM PRINCE2 PRINCE2 Various Various Local Local Initiatives Initiatives ISO ISO IL IL New New Help Help Desk Desk Solution Solution ISO 9001 ISO 9001 Gartner s Gartner s Best Best Practices Practices ASL ASL 2
3 COB Control OBjectives for Information related 3
4 COB-Background COB grew from initiative to update EDPAA s Control Objectives in 1992 New focus expected to include managerial user needs regarding control governance Global perspective added COB Steering Committee appointed control framework developed The framework became COB COB first published in April, 1996 COB implementation monitored evaluated by ISACA the COB Steering Committee COB enhancements developed, 1997 COB, 2nd edition, published in April, 1998 Governance Institute formed by ISACA ISACF in 1998 COB enhancements development of ment Guidelines, COB, 3 rd edition, ment Guidelines, published in July,
5 COB-Authority Aligned with de facto standards regulations Based on 41 international standards Professional standards for internal control auditing (COSO, IFAC, AICPA, IIA, etc) Technical standards (ISO, EDIFACT, etc.) Codes of Conduct Qualification criteria for systems processes (ISO9000, SEC, TCSEC, etc.) Industry practices requirements from industry forums (ESF, I4) Emerging industry-specific requirements from banking, e-com, manufacturing. Work closely with 150 Chapters in 100 Countries to develop standard 5
6 Plan Organize (PO (PO Process Domain) 6
7 Plan Organize (PO (PO Process Domain) Implement (AI (AI Process Domain) 7
8 Plan Organize (PO (PO Process Domain) Implement (AI (AI Process Domain) Deliver Support (DS (DS Process Domain) 8
9 Plan Organize (PO (PO Process Domain) Implement (AI (AI Process Domain) (M (M Process Domain) Deliver Support (DS (DS Process Domain) 9
10 Plan Organize Plan Organize Implement Implement Plan Plan Install Install Develop Develop Communicate Communicate Aims Investment Aims Investment Direction Direction Internal The Internal The Control Process Control Process Adequacy Adequacy s s Deliver Support Deliver Support Capacity Capacity Allocate Allocate Assist Educate Assist Provide Educate Advise Provide Advise Problems Configuration Problems Data Assurance Train Users Configuration Incidents Data Assurance Train Users Customers Incidents Customers 10
11 Plan Organize PO 1 a Information Plan PO 2 the Information Architecture PO 3 Determine the Technological Direction PO 4 the PO 5 the Investment in Information PO 6 Communicate ment Aims Directions PO 7 s PO 8 with External Requirements PO 9 PO 10 PO 11 Implement AI 1 AI 2 AI 3 AI 4 Develop AI 5 Install Deliver Support DS 1 DS 2 s DS 3 Capacity DS 4 DS 5 DS 6 Allocate DS 7 Educate Train Users DS 8 Assist Advise Customers DS 9 the Configuration DS 10 Problems Incidents DS 11 Data DS 12 DS 13 M 1 the Process M 2 Internal Control Adequacy M 3 Assurance AI 6 s M 4 Provide for 11
12 Key Process Components Purpose Control Control Objectives Key Key Goal Goal Indicators (KGIs) (KGIs) Inputs Process Outputs Information Criteria Criteria Critical Critical Success Factors Factors (CSFs) (CSFs) Key Key Indicators (KPIs) (KPIs) Maturity Model Model 12
13 Plan Organize Plan Organize Implement Implement Plan Plan Install Install Develop Develop Communicate Communicate Aims Investment Aims Investment Direction Direction Support Support Desk Desk Incident Problem Incident Problem ment ment ment ment IL IL Delivery Level Level ment ment Availability Capacity Availability Capacity ment ment ment ment Release Release ment ment ment ment Configuration Configuration ment ment ment ment ment ment Internal The Internal The Control Process Control Process Adequacy Adequacy s s Deliver Support Deliver Support Capacity Capacity Allocate Allocate Assist Educate Assist Provide Educate Advise Provide Advise Problems Configuration Problems Data Assurance Train Users Configuration Incidents Data Assurance Train Users Customers Incidents Customers 13
14 Plan Organize Plan Organize Implement Implement Plan Plan Install Install Develop Develop Communicate Communicate Aims Investment Aims Investment Direction Direction Support Support Desk Desk Incident Problem Incident Problem ment ment ment ment IL IL Delivery Level Level ment ment Availability Capacity Availability Capacity ment ment ment ment Release Release ment ment ment ment Configuration Configuration ment ment ment ment ment ment Internal The Internal The Control Process Control Process Adequacy Adequacy s s Deliver Support Deliver Support Capacity Capacity Allocate Allocate Assist Educate Assist Provide Educate Advise Provide Advise Problems Configuration Problems Data Assurance Train Users Configuration Incidents Data Assurance Train Users Customers Incidents Customers 14
15 Plan Organize Plan Organize Implement Implement Plan Plan Install Install Develop Develop Communicate Communicate Aims Investment Aims Investment Direction Direction Support Support Desk Desk Incident Problem Incident Problem ment ment ment ment IL IL Delivery Level Level ment ment Availability Capacity Availability Capacity ment ment ment ment Release Release ment ment ment ment Configuration Configuration ment ment ment ment ment ment Internal The Internal The Control Process Control Process Adequacy Adequacy s s Deliver Support Deliver Support Capacity Capacity Allocate Allocate Assist Educate Assist Provide Educate Advise Provide Advise Problems Configuration Problems Data Assurance Train Users Configuration Incidents Data Assurance Train Users Customers Incidents Customers 15
16 Plan Organize Plan Organize Implement Implement Plan Plan Install Install Develop Develop Communicate Communicate Aims Investment Aims Investment Direction Direction Support Support Desk Desk Incident Problem Incident Problem ment ment ment ment IL IL Delivery Level Level ment ment Availability Capacity Availability Capacity ment ment ment ment Release Release ment ment ment ment Configuration Configuration ment ment ment ment ment ment Internal The Internal The Control Process Control Process Adequacy Adequacy s s Deliver Support Deliver Support Capacity Capacity Allocate Allocate Assist Educate Assist Provide Educate Advise Provide Advise Problems Configuration Problems Data Assurance Train Users Configuration Incidents Data Assurance Train Users Customers Incidents Customers 16
17 Plan Organize Plan Organize Implement Implement Plan Plan Install Install Develop Develop Communicate Communicate Aims Investment Aims Investment Direction Direction IL IL plus plus Support PRINCE2 Project Project ment Delivery Incident Problem Incident Problem Desk ment ment Desk ment ment Level Level ment ment Availability Capacity Availability Capacity ment ment ment ment Release Release ment ment ment ment Configuration Configuration ment ment ment ment ment ment Internal The Internal The Control Process Control Process Adequacy Adequacy s s Deliver Support Deliver Support Capacity Capacity Allocate Allocate Assist Educate Assist Provide Educate Advise Provide Advise Problems Configuration Problems Data Assurance Train Users Configuration Incidents Data Assurance Train Users Customers Incidents Customers 17
18 Plan Organize Plan Organize Implement Implement Plan Plan Install Install Develop Develop Communicate Communicate Aims Investment Aims Investment Direction Direction IL IL plus plus Support PRINCE2 Project Project ment Delivery Incident Problem Availability Incident Problem Level Availability Desk plus plus ment ISO ISO 9001 ment 9001 Level ment Desk ment ment ment ment ment Capacity Capacity ment ment Release Release ment ment ment ment Configuration Configuration ment ment ment ment ment ment Internal The Internal The Control Process Control Process Adequacy Adequacy s s Deliver Support Deliver Support Capacity Capacity Allocate Allocate Assist Educate Assist Provide Educate Advise Provide Advise Problems Configuration Problems Data Assurance Train Users Configuration Incidents Data Assurance Train Users Customers Incidents Customers 18
19 Plan Organize Plan Organize Implement Implement Plan Plan Install Install Develop Develop Communicate Communicate Aims Investment Aims Investment Direction Direction IL IL plus plus Support PRINCE2 Project Project ment Delivery Incident Problem Availability Incident Problem Level Availability Desk plus plus ment ISO ISO 9001 ment 9001 Level ment Desk ment ment Release Configuration Release Configuration ment ment ment ment ment ment ment ment ment ment ment ment ment Capacity Capacity ment ment plus plus s Library Library (ASL) (ASL) Internal The Internal The Control Process Control Process Adequacy Adequacy s s Deliver Support Deliver Support Capacity Capacity Allocate Allocate Assist Educate Assist Provide Educate Advise Provide Advise Problems Configuration Problems Data Assurance Train Users Configuration Incidents Data Assurance Train Users Customers Incidents Customers 19
20 Plan Organize Plan Organize Implement Implement Plan Plan Install Install Develop Develop Communicate Communicate Aims Investment Aims Investment Direction Direction IL IL plus plus Support PRINCE2 Project Project ment Delivery Incident Problem Availability Incident Problem Level Availability Desk plus plus ment ISO ISO 9001 ment 9001 Level ment Desk ment ment Release Configuration Release Configuration ment ment ment ment ment ment ment ment ment ment ment ment ment Capacity Capacity ment ment plus plus s Library Library (ASL) (ASL) plus Investors In People (IIP) plus Investors In People (IIP) Internal The Internal The Control Process Control Process Adequacy Adequacy s s Deliver Support Deliver Support Capacity Capacity Allocate Allocate Assist Educate Assist Provide Educate Advise Provide Advise Problems Configuration Problems Data Assurance Train Users Configuration Incidents Data Assurance Train Users Customers Incidents Customers 20
21 Plan Organize Plan Organize Implement Implement Plan Plan Install Install Develop Develop Communicate Communicate Aims Investment Aims Investment Direction Direction Internal The Internal The Control Process Control Process Adequacy Adequacy IL IL plus plus Support PRINCE2 Project Project ment Delivery Incident Problem Availability Capacity Incident Problem Level Availability Capacity Desk plus plus ment ISO ISO ment Level ment ment ment ment ment ment ment ment plus plus Release Configuration s Financial Library Library Continuity (ASL) (ASL) Release Configuration ment ment ment ment ment ment ment ment plus plus Investors In In People People (IIP) (IIP) plus plus ISO ISO Information Desk ment ment s s Deliver Support Deliver Support Capacity Capacity Allocate Allocate Assist Educate Assist Provide Educate Advise Provide Advise Problems Configuration Problems Data Assurance Train Users Configuration Incidents Data Assurance Train Users Customers Incidents Customers 21
22 Plan Organize Plan Organize Implement Implement Plan Plan Install Install Develop Develop Communicate Communicate Aims Investment Aims Investment Direction Direction Internal The Internal The Control Process Control Process Adequacy Adequacy IL IL plus plus Support PRINCE2 Project Project ment Delivery Incident Problem Availability Capacity Incident Problem Level Availability Capacity Desk plus plus ment ISO ISO ment Level ment ment ment ment ment ment ment ment plus plus Release Configuration s Financial Library Library Continuity (ASL) (ASL) Release Configuration ment ment ment ment ment ment ment ment plus plus Investors In In People People (IIP) (IIP) plus plus ISO ISO Information plus plus Gartner s Best Best Practices Deliver Deliver Support Desk ment ment s s Capacity Capacity Allocate Allocate Assist Educate Assist Provide Educate Advise Provide Advise Problems Configuration Problems Data Assurance Train Users Configuration Incidents Data Assurance Train Users Customers Incidents Customers 22
23 Plan Organize Plan Organize Implement Implement Plan Plan Install Install Develop Develop Communicate Communicate Aims Investment Aims Investment Direction Direction Internal The Internal The Control Process Control Process Adequacy Adequacy IL IL plus plus Support PRINCE2 Project Project ment Delivery Incident Problem Availability Incident Problem Level Availability Desk plus plus ment ISO ISO 9001 ment 9001 Level ment Desk ment ment Release Configuration Release Configuration ment ment ment ment ment ment ment ment ment Deliver Deliver plus plus Support EFQM EFQM Capacity Capacity ment ment plus plus s Financial Library Library Continuity (ASL) (ASL) ment ment ment ment plus plus Investors In In People People (IIP) (IIP) plus plus ISO ISO plus plus Gartner s Information Best Best Practices Allocate Allocate s Capacity s Capacity Assist Educate Assist Provide Educate Advise Provide Advise Problems Configuration Problems Data Assurance Train Users Configuration Incidents Data Assurance Train Users Customers Incidents Customers 23
24 Plan Organize Plan Organize Implement Implement Plan Plan Install Install Develop Develop Communicate Communicate Aims Investment Aims Investment Direction Direction Internal The Internal The Control Process Control Process Adequacy Adequacy IL IL plus plus Support PRINCE2 Project Project ment Delivery Incident Problem Availability Incident Problem Level Availability Desk plus plus ment ISO ISO 9001 ment 9001 Level ment Desk ment ment ment ment ment ment ment Capacity Capacity ment ment plus plus Release Configuration s Financial Library Library Continuity (ASL) (ASL) Release Configuration ment ment ment ment ment ment ment ment plus plus Investors In In People People (IIP) (IIP) plus plus ISO ISO plus plus Gartner s Information Best Best Practices plus plus EFQM EFQM Deliver Deliver Support plus plus SixSigma Allocate Allocate s Capacity s Capacity Assist Educate Assist Provide Educate Advise Provide Advise Problems Configuration Problems Data Assurance Train Users Configuration Incidents Data Assurance Train Users Customers Incidents Customers 24
25 Plan Organize Plan Organize Implement Implement Plan Plan Install Install Develop Develop Communicate Communicate Aims Investment Aims Investment Direction Direction Project Program EFQM EFQM PRINCE PRINCE 2 2 Six Six Sigma Sigma ISO ISO IL IL IIP IIP ASL ASL ISO ISO Gartner Gartner No No Project Project Internal The Internal The Control Process Control Process Adequacy Adequacy s s Deliver Support Deliver Support Capacity Capacity Allocate Allocate Assist Educate Assist Provide Educate Advise Provide Advise Problems Configuration Problems Data Assurance Train Users Configuration Incidents Data Assurance Train Users Customers Incidents Customers 25
26 COB and IL complement each other IL Best Practice Process COB Controls Requirements Maturity Scale PROCESS/PROCEDURE RESULTS 26
27 COB IL Mapping PO: Risk DS: DS: 3 rd Party s DS: Capacity DS: DS: Allocate DS: DS: DS: DS: Data AI: AI: AI: Install DS: Assist Advise Customers DS: Problems Incidents DS: Configuration AI: 27
28 IL Books to COB Control Objectives 28
29 Mapping to IL Support and Delivery 29
30 COB Useful Contacts: Institute of Control Association
ITIL AND COBIT EXPLAINED
ITIL AND COBIT EXPLAINED 1 AGENDA Overview of Frameworks Similarities and Differences Details on COBIT Framework (based on version 4.1) Details on ITIL Framework, focused mainly on version.2. Comparison
More informationTo improve the enterprises it serves through effective IT governance guidance
EUROSAI Seminar Vilnius, 16-17 June 2005 «COBIT Workshop» An introduction to IT Governance and its five domains: strategic alignment; value delivery; resource management; risk management; performance measurement
More informationow to use CobiT to assess the security & reliability of Digital Preservation
ow to use CobiT to assess the security & reliability of Digital Preservation Erpa WORKSHOP Antwerp 14-16 April 2004 Greet Volders Managing Consultant - VOQUALS N.V. Vice President & in charge of Education
More informationICTEC. IT Services Issues 3.4.2008. HELSINKI UNIVERSITY OF TECHNOLOGY 2007 Kari Hiekkanen
ICTEC IT Services Issues 3.4.2008 IT Services? IT Services include (for example) Consulting, IT Strategy, IT Architecture, Process, Software Software development, deployment, maintenance, operation, Custom
More informationSomewhere Today, A Project is Failing
Aligning CobiT and ITIL - The Business Benefit 2007 ISACA All rights reserved www.isaca.org Page - 1 Somewhere Today, A Project is Failing Chapter 1, Peopleware 2nd edition Tom DeMarco 2007 ISACA All rights
More informationTWO-THIRDS OF ORGANISATIONS HAVE ENGAGED WITH ITIL Is your Company an IT Service Management Laggard?
For further information: Hilary King Dimension Data Tel: +27 11 575 6728 Cell: +27 82 414 9623 Fax: +27 11 576 6728 hilary.king@za.didata.com EMBARGOED: NOT FOR PUBLICATION UNTIL 22h00 CAT ON 28 FEBRUARY
More informationThe Future of Best Practices in IT Service Management - ITIL Version 3 Explained
The Future of Best Practices in IT Service Management - ITIL Version 3 Explained Reg Harbeck CA Monday, August 13, 2007 Session 1455 ITIL V3: The Processes Governance Processes: Service Measurement Service
More informationGobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI
Gobierno de TI Enfrentando al Reto IT Facing the Challenge Everett C. Johnson, CPA International President ISACA and ITGI 1 Add titles Agenda Agenda IT governance keys IT governance focus areas: theory
More informationApril 20, 2006. Integrating COBIT into the IT Audit Process (Planning, Scope Development, Practices)
Integrating COBIT into the IT Audit Process (Planning, Scope Development, Practices) April 20, 2006 San Francisco ISACA Chapter Luncheon Seminar Presented By Lance M. Turcato, CISA, CISM, CPA Deputy City
More informationA FRAMEWORK FOR INTEGRATING SARBANES-OXLEY COMPLIANCE INTO THE SOFTWARE DEVELOPMENT PROCESS
A FRAMEWORK FOR INTEGRATING SARBANES-OXLEY COMPLIANCE INTO THE SOFTWARE DEVELOPMENT PROCESS Sushma Mishra Virginia Commonwealth University mishras@vcu.edu Heinz Roland Weistroffer Virginia Commonwealth
More informationINFORMATION TECHNOLOGY FLASH REPORT
INFORMATION TECHNOLOGY FLASH REPORT ISACA Releases COBIT 5: Updated Framework for the Governance and Management of IT May 18, 2012 In April, ISACA released COBIT 5 as a replacement for its current globally
More informationsample exam ITMP.EN IT Management Principles (ITMP.EN) edition 2010 content introduction 3 exam 4 answer key 9 evaluation 16
sample exam ITMP.EN IT Management Principles (ITMP.EN) edition 2010 content introduction 3 exam 4 answer key 9 evaluation 16 EXIN International B.V. Examination Institute for Information Science Janssoenborch,
More informationCOBIT 5 Introduction. 28 February 2012
COBIT 5 Introduction 28 February 2012 COBIT 5 Executive Summary 2012 ISACA. All rights reserved. 2 Information! Information is a key resource for all enterprises. Information is created, used, retained,
More informationSample Exam. IT Service Management Foundation based on ISO/IEC 20000
Sample Exam IT Service Management Foundation based on ISO/IEC 20000 Edition April 2011 Copyright 2011 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored
More informationG11 EFFECT OF PERVASIVE IS CONTROLS
IS AUDITING GUIDELINE G11 EFFECT OF PERVASIVE IS CONTROLS The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply specifically
More informationComply, Improve, Transform: Regulatory Compliance Management for Software Development. Jim Duggan
Comply, Improve, Transform: Regulatory Compliance Management for Software Development Jim Duggan You Can Offset the Costs of Compliance! Complexity Drives Cost UP Sarbanes-Oxley HIPAA EPA Basel II M&A
More informationRoles, Activities and Relationships
and in COBIT 5 Objective: Value Creation Benefits Realisation Risk Resource Enablers Scope Roles, Activities and Relationships Source: COBIT 5, figure 8 Key Roles, Activities and Relationships Roles, Activities
More informationITIL & PROCESSES. Basic Training
ITIL & PROCESSES Basic Training ITIL ITIL = IT Infrastructure Library The ITIL describes the processes that need to be implemented in an organization in the area of management, operations and maintenance
More informationDallas IIA Chapter / ISACA N. Texas Chapter. January 7, 2010
Dallas IIA Chapter / ISACA N. Texas Chapter Auditing Tuesday, October Project 20, 2009 Management Controls January 7, 2010 Table of Contents Contents Page # Project Management Office Overview 3 Aligning
More informationPractical perspectives in advancing data governance to create improved data quality frameworks
Practical perspectives in advancing data governance to create improved data quality frameworks Presented by: Micheal Axelsen Director Applied Insight Pty Ltd INTRODUCTION About this presentation Purpose
More informationGeoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com
COBIT 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com 1 Copyright Notice COBIT is 1996, 1998, 2000, 2005 2012 ISACA and IT Governance Institute.
More informationCOBIT 5 Process Assessment Method (PAM) Debra Mallette, CGEIT, CISA, CSSBB Governance Risk and Compliance -G22
COBIT 5 Process Assessment Method (PAM) Debra Mallette, CGEIT, CISA, CSSBB Governance Risk and Compliance -G22 Session Objectives Why Assess Process Capability COBIT 5 Process Assessment Model Relationship
More informationCriticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3
Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Outline What is IT Service Management What is ISO 20000 Step by step implementation
More informationITIL's IT Service Lifecycle - The Five New Silos of IT
The workable, practical guide to Do IT Yourself Vol. 4.01 January 1, 2008 ITIL's IT Service Lifecycle - The Five New Silos of IT By Rick Lemieux In my last article I spoke about IT s evolution from its
More informationClassification of IT Governance Tools for Selecting the Suitable One in an
Classification of IT Governance Tools for Selecting the Suitable One in an Enterprise F. NasserEslami*, M. Fasanghari*, H.R. Khodabandeh* 3, A. Abdollahi* *, *, *3, * Iran Telecommunication Research Center,
More informationEffectively Assessing IT General Controls
Effectively Assessing IT General Controls Tommie Singleton UAB AGENDA Introduction Five Categories of ITGC Control Environment/ELC Change Management Logical Access Controls Backup/Recovery Third-Party
More informationCobiT Strategy and Long Term Vision
CobiT Strategy and Long Term Vision Urs Fischer VP Head IT Risk Mgmt, Security & ICS SwissLife Seite 2 1 Seite 3 Seite 4 2 Session Objective Provide those interested stakeholders with a clear and single
More informationISO 27001:2005 & ISO 9001:2008
ISO 27001:2005 & ISO 9001:2008 September 2011 1 Main Topics SFA ISO Certificates ISO 27000 Series used in the organization ISO 27001:2005 - Benefits for the organization ISO 9001:2008 - Benefits for the
More informationTutorial: Towards better managed Grids. IT Service Management best practices based on ITIL
Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL EGI Technical Forum 2011, Lyon (France) September 22, 2011 Dr. Thomas Schaaf www.gslm.eu EMERGENCE TECH LTD. The
More informationPlease feel free to call on our organizations if we can be of assistance in any way on further deliberations, task forces or committees.
17 May 2012 International Internal Audit Standards Board Via e-mail: Lily.Bi@theiia.org Re: Definition of Internal Auditing Ms. Lily Bi, CIA, CISA, CGEIT Director, Standards and Guidance The Institute
More informationFormulating and Implementing an HP IT program strategy using CobiT and HP ITSM
Formulating and Implementing an HP IT program strategy using CobiT and HP ITSM Mathias Sallé HP Research Laboratories mathias.salle@hp.com Steve Rosenthal Management Software Organization steve.rosenthal@hp.com
More informationHow To Use Risk It
Risk IT A set of guiding principles and the first framework to help enterprises identify, govern and effectively manage IT risk. In business today, risk plays a critical role. Almost every business decision
More informationITIL Introduction and Overview & ITIL Process Map
ITIL Introduction and Overview & ITIL Process Map Barbara Re 1 Where we are? IT organization has a long trouble to improve service level to their customers without adding cost, reducing quality or introducing
More information2005 Kasse Initiatives, LLC version 1.2. ITIL Overview - 1
ITIL IT Infrastructure Library Overview ITIL Overview - 1 Vocabulary Incident - any event which is not part of the standard operation of a service and which causes or may cause an interruption to or reduction
More informationHow To Compare Itil To Togaf
ITSM vs EA KAOS ITSM vs EA SH Needs Business Goals 2 GOVERNANCE EVALUATE PLANNING ITSM IMPROVING OPERATING Business Programs Projects DEVELOPING EA IMPLEMENTING IT service - ITIL 3 Lifecycle approach Service
More informationSUMMARY OF AUDIT FINDINGS
SUMMARY OF AUDIT FINDINGS EXECUTIVE SUMMARY Citizens' Office of Internal Infrastructure - July 2010 The audit determined the overall effectiveness of the controls over the processes for the acquisition,
More informationUsing QUalysgUard to Meet sox CoMplianCe & it Control objectives
WHITE PAPER Using QualysGuard to Meet SOX Compliance & IT Objectives Using QualysGuard To Meet SOX Compliance and IT Objectives page 2 CobIT 4.0 is a significant improvement on the third release, making
More informationStrategic IT audit. Develop an IT Strategic IT Assurance Plan
Strategic IT audit Develop an IT Strategic IT Assurance Plan Speaker Biography Hans Henrik Berthing is Partner at Verifica and Senior Advisor & Associated Professor at Aalborg University. He is specialized
More informationISEB MANAGER S CERTIFICATE IN ITIL INFRASTRUCTURE MANAGEMENT. Guidelines for candidates who are taking the ICT Infrastructure Examination
ISEB MANAGER S CERTIFICATE IN ITIL INFRASTRUCTURE MANAGEMENT Guidelines for candidates who are taking the ICT Infrastructure Examination This qualification is based on ITIL Infrastructure Management as
More informationEVALUATION FRAMEWORK FOR SERVICE CATALOG MATURITY IN INFORMATION TECHNOLOGY ORGANIZATIONS
EVALUATION FRAMEWORK FOR SERVICE CATALOG MATURITY IN INFORMATION TECHNOLOGY ORGANIZATIONS Carlos Moreno Martínez Information Systems Department, Universidad Europea de Madrid Spain Email: 20839394@live.uem.es
More informationBCS Specialist Certificate in Change Management Syllabus
BCS Specialist Certificate in Change Management Syllabus Version 1.9 March 2015 BCS Specialist Certificate in Change Management Syllabus Contents Change History... 2 Rationale... 3 Aims and Objectives...
More informationIT Governance A Framework for Performance and Compliance
IT Governance A Framework for Performance and Compliance Ron Saull Great-West Life IGM Financial Senior Vice-President and CIO Information Services Organisation ITGI Japan Opening Celebration Conference
More informationIntegrating CMMI with COBIT and ITIL
Integrating with COBIT and ITIL Dr. Bill Curtis Chief Process Officer 2005 Agenda 1) The IT Space 3 2) and COBIT 7 3) and ITIL 27 C M M IT T I O B C L CMM and are registered with the US Patent and Trademark
More informationIT Process Architectures for Enterprises Development: A Survey from a Maturity Model Perspective
IT Process Architectures for Enterprises Development: A Survey from a Maturity Model Perspective Roberto Santana Tapia 1 Department of Computer Science University of Twente E-mail: r.santanatapia@utwente.nl
More informationThe State of Tennessee. Category: Enterprise IT Management Initiatives. Managing by Metrics, A Process Improvement Initiative
The State of Tennessee Category: Enterprise IT Management Initiatives Managing by Metrics, A Process Improvement Initiative 2009 NASCIO Recognition Award Nomination For work performed in 2008 Executive
More informationLife Cycle Models, CMMI, Lean, Six Sigma Why use them?
Life Cycle Models, CMMI, Lean, Six Sigma Why use them? John Walz IEEE Computer Society, VP for Standards QuEST Forum Best Practices Conference Track 3 What, Where, How & Why Monday, 24-Sep-07, 4:30 5:30
More information2. Encourage the private sector to develop ITIL-related services and products (training, consultancy and tools).
ITIL Primer [ITIL understanding and implementing - A guide] ITIL - The Framework ITIL is the IT Infrastructure Library, a set of publications providing descriptive (i.e., what to do, for what purpose and
More informationArticle 4 IT Physician Heal Thyself Building Bridges and Breaking Boundaries
Article 4 Physician Heal Thyself Building Bridges and Breaking Boundaries End to End Service Management A Case Study The Unified Process Framework (UPF) Governance By John Gibert Southcourt This is the
More informationPreparation Guide. IT Service Management Foundation Bridge based on ISO/IEC 20000
Preparation Guide IT Service Management Foundation Bridge based on ISO/IEC 20000 Edition April 2011 Copyright 2011 EXIN All rights reserved. No part of this publication may be published, reproduced, copied
More informationBuilding a Service Catalog: A Practical Approach to get to an Actionable State with your Service Catalog - Part 2 16 October 2008
Building a Service Catalog: A Practical Approach to get to an Actionable State with your Service Catalog - Part 2 16 October 2008 Agenda 9:30 9:45 Introductions and Overview 9:45 10:15 Service Catalog
More informationNavigating the Standards for Information Technology Controls
Navigating the Standards for Information Technology Controls By Joseph B. O Donnell and Yigal Rechtman JULY 2005 - Pervasive use of computers, along with recent legislation such as the Sarbanes- Oxley
More informationITIL V3 for Small and Medium Business. Michael O Mara IBM Service Management Executive Tivoli Asia Pacific
ITIL V3 for Small and Medium Business Michael O Mara IBM Service Management Executive Tivoli Asia Pacific The current situation at an SMB client in the ASEAN region There is no integrated process framework
More informationCopyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen.
Metrics for Service Management Governance Strategy Risk Architecture + Infrastructure Design CSF KPI Metrics Transition SDP Requirements CSI Tools Services Operation Processes + ITSM Processes Value Other
More informationIT Governance Dr. Michael Shaw Term Project
IT Governance Dr. Michael Shaw Term Project IT Auditing Framework and Issues Dealing with Regulatory and Compliance Issues Submitted by: Gajin Tsai gtsai2@uiuc.edu May 3 rd, 2007 1 Table of Contents: Abstract...3
More informationIT Customer Relationship Management supported by ITIL
Page 170 of 344 IT Customer Relationship supported by ITIL Melita Kozina, Tina Crnjak Faculty of Organization and Informatics University of Zagreb Pavlinska 2, 42000 {melita.kozina, tina.crnjak}@foi.hr
More informationIT Audit in the Cloud
IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust
More informationClassification of IT Governance Tools for Selecting the Suitable One in an Enterprise
Classification of IT Governance Tools for Selecting the Suitable One in an Enterprise Fatemeh NasserEslami 1 *, Mehdi Fasanghari 1 and Ali Abdollahi 1 ABSTRACT The Information Technology (IT) governance
More informationBADM 590 IT Governance, Information Trust, and Risk Management
BADM 590 IT Governance, Information Trust, and Risk Management Information Technology Infrastructure Library (ITIL) Spring 2007 By Po-Kun (Dennis), Tseng Abstract: This report is focusing on ITIL framework,
More informationISO 20000-1:2005 Requirements Summary
Contents 3. Requirements for a Management System... 3 3.1 Management Responsibility... 3 3.2 Documentation Requirements... 3 3.3 Competence, Awareness, and Training... 4 4. Planning and Implementing Service
More informationIntroduction to ITIL for Project Managers
CSC NORTH AMERICAN PUBLIC SECTOR Introduction to ITIL for Project Managers May Chantilly Luncheon Linda Budiman, PMP ITILv2 & ITILv3 Process Architect ITIL Service Manager, CobiT certified 5/13/2008 8:08:45
More informationEXIN Foundation in IT Service Management based on ISO/IEC 20000
Preparation Guide EXIN Foundation in IT Service Management based on ISO/IEC 20000 Edition June 2015 Copyright 2015 EXIN All rights reserved. No part of this publication may be published, reproduced, copied
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationCombine ITIL and COBIT to Meet Business Challenges
Combine ITIL and COBIT to Meet Business Challenges By Peter Hill, Director, IT Governance Network, and Ken Turbitt, Best Practices Director, BMC Software BEST PRACTICES WHITE PAPER Table of Contents ABSTRACT...
More informationInternal Control Integrated Framework. May 2013
Internal Control Integrated Framework May 2013 0 Table of Contents COSO & Project Overview Internal Control-Integrated Framework Illustrative Documents Illustrative Tools for Assessing Effectiveness of
More informationInformation Security Governance:
Information Security Governance: Designing and Implementing Security Effectively 2 nd Athens International Forum on Security 15 16 Jan 2009 Anestis Demopoulos, CISA, CISSP, CIA President of ISACA Athens
More informationThe Value of ITIL to IT Audit
The Value of ITIL to IT Audit HP Suen Chairman 9 August 2005 IT Infrastructure Library 1 ITIL Best practice in IT Service management, developed by Office of Government Commerce (OGC), UK in the late 1980s.
More informationAn Implementation Roadmap
An Implementation Roadmap The 2nd Abu Dhabi IT s Forum P J Corum, CSQA, CSTE, ITSM Managing Director Quality Assurance Institute Middle East and Africa Dubai, UAE Quality Assurance Institute Middle East
More informationBusiness Excellence and ROI based process maturity
Business Excellence and ROI based process maturity SPEG North America 2014 KK Raman, KPMG 6th of May 2014 2014 KPMG, an Indian Partnership and a member firm of the KPMG network of independent member firms
More informationAN OVERVIEW OF INFORMATION SECURITY STANDARDS
AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationBlackhawk Technical College. Information Technology Services. Process Improvement Visioning Document
Blackhawk Technical College Information Technology Services Process Improvement Visioning Document December 12, 2008 Steven Davidson Chief Information Officer Blackhawk Technical College sdavidson@blackhawk.edu
More informationWhat s New In ITIL V3?
What s New In ITIL V3? George Spalding VP, Global Events Pink Elephant Pink Elephant Leading The Way In IT Management Best Practices The ITIL Books (V2) T h e B u s i n e s s Planning To Implement Service
More informationIT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE
1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH
More informationTerms of Reference for an IT Audit of
National Maritime Safety Authority (NMSA) TASK DESCRIPTION PROJECT/TASK TITLE: EXECUTING AGENT: IMPLEMENTING AGENT: PROJECT SPONSOR: PROJECT LOCATION: To engage a professional and qualified IT Auditor
More informationCommunications Manager
Job details Job title: Communications Manager Responsible to: Head of Communications Responsible for: Posts in the Communications Location: Liverpool with travel across all locations Overview of the role
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationRoles & Grades Rate Cards and Applicable SFIA Skills
Roles & s Rate Cards and Applicable Consultant Day Rate Card Consultant Day Rate Lead 900.00 Senior 800.00 Junior 0.00 CLAS Consultant and Competencies Lead CLAS Consultant Lead CLAS Consultant IT Governance
More informationUsing COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister
Using COBiT For Sarbanes Oxley Japan November 18 th 2006 Gary A Bannister Who Am I? Who am I & What I Do? I am an accountant with 28 years experience working in various International Control & IT roles.
More informationIPMA 2006 ITIL in Practice The Alignability Process Model and HP OpenView Service Desk
IPMA 2006 ITIL in Practice The Alignability Process Model and HP OpenView Service Desk Presented by and Lilien Systems ITIL is a Registered Trade Mark, and a Registered Community Trade Mark of the Office
More informationGOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
1 GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001 Tolga MATARACIOGLU 1 and Sevgi OZKAN 2 1 TUBITAK National Research Institute of Electronics and Cryptology (UEKAE), Department of
More informationFrameworks for IT Management
Frameworks for IT ment 14 BiSL Business Information Services Library The Business Information Services Library (BiSL) has a focus on how business organizations can improve control over their information
More informationBest Practice ITIL (Information Technology Infrastructure Library)
Best Practice ITIL (Information Technology Infrastructure Library) To achieve G H Bank s overall objectives, the Information Technology Group must provide excellent cutting-edge IT services to all stakeholders
More informationP.O. box 1796 Atlas, Fes, 30000, Morocco 2 ENSA, Ibn Tofail University, P.O 141, Kenitra, 14000, Morocco
Volume 5, Issue 6, June 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Information Technology
More informationWhat the heck does internal audit know about IT? Daniel Adams Director of Internal Audit
What the heck does internal audit know about IT? Daniel Adams Director of Internal Audit not that much (at least in comparison to many of you) What about information systems? internal auditing information
More informationCorrelation matrices between 9100:2009 and 9100:2016
Correlation matrices between 9100:2009 and 9100:2016 This document gives correlation matrices from 9100:2009 to 9100:2016. This document can be used to highlight where the new and revised clauses are located.
More informationIs ITIL All Theory and No Practice?
Is ITIL All Theory and No Practice? Carolyn M. Hennings PMP, IT Service Manager ITIL is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered
More informationHow to Design and Manage ITIL
www.ijcsi.org 185 Towards a pooling of ITIL V3 and COBIT Samir BAHSANI 1, Abdelaali HIMI 2, Hassan MOUBTAKIR 3 and Alami SEMMA 4 1 Department of Mathematics and Computer Science, Faculty of Science and
More informationIntroduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA
Quality and security in application development Round Table Meeting/Discussion Group Wednesday 23rd May 2007 Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA 1 The International
More informationIT Governance & Performance Management Using Public Domain Best Practice Frameworks
IT Governance & Performance Management Using Public Domain Best Practice Frameworks January 2008 Prepared For: Our Valued Clients Agenda Introduction IT Performance Improvement Framework COBIT ITIL/ITSM
More informationIT Service Management ITIL, COBIT
IT Service Management ITIL, COBIT Bülent Ekuklu Business Development Executive IBM Global Services Global Conditions are Changing 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% Agriculture Manufacturing Service
More informationA Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey
A Comparison of IT Governance & Control Frameworks in Cloud Computing Jack D. Becker ITDS Department, UNT & Elana Bailey ITDS Department, UNT MS in IS AMCIS 2014 August, 2014 Savannah, GA Presentation
More informationWINS QMS Quality Management System Manual. WINS PROPRIETARY INFORMATION Rev.12.0
WINS QMS Quality Management System Manual WINS PROPRIETARY INFORMATION Rev.12.0 1 WINS QMS Quality Management System Manual As the Executive Director of WINS, I acknowledge my responsibility to uphold
More informationITIL Service Management Practices V3 Qualifications Scheme
ITIL Service Management Practices V3 Qualifications Scheme Contents 1. Scope and purpose of document 1 1.1. Synopsis 1 1.2. Suggested reading 1 2. ITIL Overview 1 2.1. What is ITIL? 1 2.2. What does official
More informationIT Governance using COBIT implemented in a High Public Educational Institution A Case Study
IT Governance using COBIT implemented in a High Public Educational Institution A Case Study JORGE RIBEIRO 1, RUI GOMES 2 School of Technology and Management Polytechnic Institute of Viana do Castelo Avenida
More informationMapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA
Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT
More information2007 Follow-Up Report on the Audit of Information Technology January 2005
2007 Follow-Up Report on the Audit of Information Technology January 2005 Natural Sciences & Engineering Research Council of Canada & Social Sciences & Humanities Research Council of Canada October 2007
More informationIS SCA ALLIGNED? BUSINESS APPROACH TO SDR DEVELOPMENT. Rafael Aguado Muñoz (Indra Sistemas S.A., Aranjuez, Madrid, Spain; ramunoz@indra.
IS SCA ALLIGNED? BUSINESS APPROACH TO SDR DEVELOPMENT Rafael Aguado Muñoz (Indra Sistemas S.A., Aranjuez, Madrid, Spain; ramunoz@indra.es) ABSTRACT if you can t measure it you can t control it, and if
More informationInformation Technology Auditing for Non-IT Specialist
Information Technology Auditing for Non-IT Specialist IIA Pittsburgh Chapter October 4, 2010 Agenda Introductions What are General Computer Controls? Auditing IT processes controls Understanding and evaluating
More informationSecurity & IT Governance: Strategies to Building a Sustainable Model for Your Organization
Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization Outside View of Increased Regulatory Requirements Regulatory compliance is often seen as sand in the gears requirements
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from
More information