COBIT 5. ISACA Malta Chapter Steven Babb Dirk Steuperaert
|
|
- Alan Freeman
- 7 years ago
- Views:
Transcription
1 COBIT 5 ISACA Malta Chapter Steven Babb Dirk Steuperaert
2 Steven Babb Education 1 st Class BSc (Hons) Computing (1996) BS7799 Lead Auditor, ITIL Service Manager Prince 2 Certified Practitioner CGEIT, CRISC Professional Career International Brewer, various roles ( ) KPMG, Head of IT Risk ( ) Betfair, Head of Governance, Risk & Assurance (2012- ) Professional Organisations RiskIT Task Force, COBIT 5 Task Force, Cloud Computing Task Force Framework Committee Chair, COBIT for Risk Chair Contact steven.babb@betfair.com
3 Dirk Steuperaert Education Master Engineering (Ugent, 1986) Master Computer Auditing (UAMS, 1995) CISA (1995), CGEIT (2009), CRISC (2011) Professional Career Software Engineer (SWIFT) ( ) IT Auditor (SWIFT, BBL, Cedel) ( ) Consultant (PwC, ) Independent Consultant (IT In Balance, ) Professional Organisations ISACA (COBIT Steering Committee, Lead Developer of Risk IT, Project Manager of COBIT 5 Development, Project Manager for COBIT 5 for Risk, COBIT 5 for Assurance) Contact dirk.steuperaert@it-in-balance.be
4 Objectives for this session To provide you with: An overview of the development approach behind COBIT 5 and a brief history of COBIT An understanding of the key principles underpinning the COBIT 5 framework Key considerations on how to implement COBIT 5 Additional COBIT 5 publications what is here now and what is coming next Thoughts on migration from legacy to COBIT 5
5 Agenda 1. COBIT 5 Drivers 2. COBIT 5 Framework COBIT 5 Principles 3. COBIT 5 Framework Enablers 4. COBIT 5 Framework Process Capability Model 5. COBIT 5 Enabling Processes Introduction 6. COBIT 5 Enabling Processes Structure 7. COBIT 5 Enabling Processes Overview of COBIT 5 Process Domains and Processes 8. COBIT 5 Implementation Guide 9. Additional Pubs: COBIT 5 for Security, COBIT 5 PAM 10. Upcoming Pubs: COBIT 5 for Assurance, COBIT 5 for Risk 11. Migrating to COBIT 5 some more things to consider 12. Q&A Steven Steven Steven Dirk Dirk Dirk Dirk Dirk Steven Steven Dirk
6 1. 1. Introduction & COBIT 5 Drivers
7 Introduction The Basic Equation 1 A Framework definition: Framework Standard Framework Complete Solution Framework Ready-to-use Solution Framework Structures and components Framework Way of thinking Framework Basis that needs customisation
8 COBIT The Word 1 The very original acronym COBIT stood for Control Objectives for Information and Related Technology The control objectives are gone now well, at least the name has But Information and Related Technology stand! Information is a key resource for all enterprises Information is created, used, retained, disclosed and destroyed Technology plays a key role in these actions Technology is becoming pervasive in all aspects of business and personal life
9 COBIT Enterprise Context and Benefits 1 Today, enterprises and their executives have to: Maintain high-quality information Generate business value from IT-enabled investments Achieve operational excellence Maintain IT-related risk at an acceptable level Optimise the cost of IT services and technology Comply with ever-increasing relevant laws, regulations, contractual agreements and policies COBIT 5 provides the framework to fulfill these requirements
10 Drivers for COBIT 5: Changing World 1 The world has moved on since COBIT 4.1 and related ISACA Guidance were published: Importance of information Role of technology Technology landscape Views on governance and standards landscape Economic context Regulatory context Need for rationalisation of various ISACA guidance
11 Drivers for COBIT 5: Stakeholder Value 1 Delivering enterprise stakeholder value requires good governance and management of information and technology (IT) assets Enterprise boards, executives and management have to embrace IT like any other significant part of the business COBIT 5 provides the comprehensive framework for enterprises to: achieve their goals deliver value through effective governance and management of enterprise IT
12 The COBIT 5 Framework 1 Simply stated: COBIT 5 helps enterprises create optimal value from IT by maintaining a balance between realising benefits and optimising risk levels and resource use COBIT 5 enables information and related technology to be governed and managed in a holistic manner for the entire enterprise The COBIT 5 principles and enablers are generic and useful for enterprises of all sizes, whether commercial, not-for-profit or in the public sector
13 Evolution of scope COBIT: Its development history 1 Governance of Enterprise IT IT Governance Management Val IT 2.0 (2008) Control Audit Risk IT (2009) COBIT1 COBIT2 COBIT3 COBIT4.0/4.1 COBIT / A business framework from ISACA, at
14 COBIT 5: Timeline 1 mei-10 First SME Development Workshop aug-10 Second SME Development Workshop sep-09 Joint FC-C5TF Kick-Off Meeting apr-10 C5TF Meeting dec-10 C5TF Meeting mei-11 C5TF Meeting nov-11 Final C5TF Meeting nov-09 Start of Design feb-10 Dev Team Meeting okt-10 Dev Team Meeting jan-11 End of Design jan-12 End of Development 1/01/2010 1/01/2011 1/01/2012 3/09/ /04/ /03/2010 Public Exposure COBIT 5 Architecture Blueprint 29/03/2011 SME Exposure COBIT 5 1/07/2011 Public Exposure COBIT 5 Framework and Process Guide 10/04/2012 Publication COBIT 5
15 1. 2. COBIT 5 Framework (1) COBIT 5 Principles
16 The COBIT 5 Framework 2 The main, overarching COBIT 5 product Contains the executive summary and the full description of all of the COBIT 5 framework components: The COBIT 5 principles there are 5 of them! The seven COBIT 5 enablers An introduction to the implementation guidance (COBIT 5 Implementation) An introduction to the COBIT Assessment Programme (not specific to COBIT 5)
17 The COBIT 5 Principles 2
18 The COBIT 5 Principles 1. Meeting Stakeholder Needs 2 Enterprises exist to create value for their stakeholders. Therefore: Governance Objective = Value Creation Governance objectives driven by stakeholder needs Value is the interaction and combination of three components 18
19 The COBIT 5 Principles 1. Meeting Stakeholder Needs 2 Enterprises exist to create value for their stakeholders Therefore: Governance objectives need to be translated into manageable goals This is the COBIT 5 goals cascade This translates stakeholder needs into specific, actionable and customised goals
20 The COBIT 5 Principles 2. Covering the Enterprise End-to-End 2 COBIT 5: Integrates governance of enterprise IT into enterprise governance Covers all functions and processes within the enterprise Key components of a governance system: Governance Enablers the organisational resources for governance Governance Scope the entity to which governance is applied
21 The COBIT 5 Principles 2. Covering the Enterprise End-to-End 2 Third component: the governance roles, activities and relationships. defines who is involved in governance, how they are involved, what they do and how they interact, within the scope of any governance system
22 The COBIT 5 Principles 3. Integrated Framework 2 COBIT 5 aligns with the latest relevant other standards and frameworks: Enterprise: COSO, COSO ERM, ISO 9000, ISO IT-related: ISO 38500, ITIL, ISO27000 series, TOGAF, PMBOK/PRINCE2, CMMI, This allows COBIT 5 to be used as the overarching governance and management framework integrator COBIT 5 also integrates all major ISACA guidance: COBIT 4.1, Risk IT, Val IT, BMIS, ITAF One consistent knowledge-base to build the COBIT 5 Product Family on
23 The COBIT 5 Principles 3. Integrated Framework 2
24 The COBIT 5 Principles 4. Enabling a Holistic Approach 2 Enablers are factors that, individually and collectively, influence whether something will work Enablers are driven by the goals cascade The COBIT 5 framework describes seven categories of enablers
25 The COBIT 5 Principles 5. Separating Governance from Management 2 Governance: Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed direction and objectives [EDM] Management: Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives [PBRM]
26 The COBIT 5 Principles 5. Separating Governance from Management 2
27 1. 3. COBIT 5 Framework (2) COBIT 5 Enablers and the Enabler Model
28 The COBIT 5 Enablers 3
29 The COBIT 5 Enabler Model 3
30 The COBIT 5 Enabler Model 3 This generic enabler model is repeated for each of the seven enablers, adding more specific details, guidance and some simple examples
31 The COBIT 5 Enabler Model Performance Management 3
32 1. 4. COBIT 5 Framework (3) COBIT 5 Process Capability Model
33 The COBIT 5 Framework Process Capability Model 4 COBIT 5 is supported by a new process capability assessment approach based on ISO/IEC 15504: the COBIT Assessment Programme. The COBIT 4.1, Val IT and Risk IT CMM-based approaches are not considered compatible with the ISO/IEC approach as the methods use different attributes and measurement scales In Practice In general, ratings of a process will be lower with the new capability assessment approach (but are not comparable anyway) COBIT 5 does not include a specific maturity model per process
34 Recap of Process Evaluation Methods: COBIT 4.1 4
35 Recap of Process Evaluation Methods: Risk IT 4
36 The COBIT 5 Framework Process Capability Model 4
37 Recap of Process Evaluation Methods Rationale for change 4 The COBIT Assessment Programme approach is considered by ISACA to be more robust, reliable and repeatable as a process capability assessment method The COBIT Assessment Programme supports formal assessments by accredited assessors (assessor training is being developed) less rigorous self-assessments for internal gap analysis and process improvement planning The COBIT Assessment Programme, in the future, will also potentially enable an enterprise to obtain an independent and certified assessments aligned to the ISO standard
38 Recap of Process Evaluation Methods Rationale for change 4 COBIT4.1, Val IT and Risk IT users wishing to move to the new COBIT Assessment Programme approach: realign their previous ratings, adopt and learn the new method, and initiate a new set of assessments in order to gain the benefits of the new approach Information gathered from previous assessments may be reusable, but needed as there are significant differences in requirements COBIT 4.1, Val IT and Risk IT users wishing to continue with the CMM-based approach, either as an interim or on-going approach, can use the COBIT 5 guidance, but must use the COBIT4.1 generic attribute table without the high-level maturity models
39 Recap of Enabler Performance Management
40 Assessing Other Enablers 4 The ISO15504 based approach is a process assessment scheme The generic enabler performance model aligns quite well with the approach same basic questions asked So performance of other enablers can be assessed in a similar manner BUT: COBIT 5 as it stands does not elaborate this explicitly as it does for processes
41 1. 5. COBIT 5 Enabling Processes Introduction
42 COBIT 5 Enabling Processes Detailed Process Guidance 5 COBIT 5 goals cascade complemented with example metrics for the enterprise goals and the IT-related goals COBIT 5 process model is explained and its components defined Process reference model of 37 processes with detailed information for all processes
43 COBIT 5 Enabling Processes COBIT 5 Process Model 5
44 COBIT 5 Enabling Processes Process Reference Model 5
45 1. 6. COBIT 5 Enabling Processes Structure
46 COBIT 5 Enabling Processes Detailed Process Guidance 6
47 COBIT 5 Enabling Processes Detailed Process Guidance 6 COBIT 5 provides a revised goals cascade based on Enterprise goals (previously: Business Goals) driving IT-related goals (previously: IT Goals) and then supported by critical Enablers (previously: Processes) COBIT 5 provides examples of goals and metrics at the enterprise, IT related and process levels This is a change to COBIT 4.1, Val IT and Risk IT which went down one level lower but did not have the higher level
48 COBIT 5 Enabling Processes Detailed Process Guidance 6 Each process starts with: Header information Process description Process Purpose Statement
49 COBIT 5 Enabling Processes Detailed Process Guidance 6 Goals cascade information: IT Related goals supported by this process + related metrics Process Goals + related metrics
50 COBIT 5 Enabling Processes Detailed Process Guidance 6
51 COBIT 5 Enabling Processes Detailed Process Guidance 6 Process Practices, with Inputs & outputs Process activities RACI chart
52 COBIT 5 Enabling Processes Detailed Process Guidance 6
53 COBIT 5 Enabling Processes Detailed Process Guidance 6
54 COBIT 5 Enabling Processes Detailed Process Guidance 6 Related guidance
55 1. 7. COBIT 5 Enabling Processes Process Domains and Processes
56 The COBIT 5 Process Reference Guide Process Reference Model 7
57 The COBIT 5 Process Reference Guide Process Reference Model EDM 7 Evaluate, Direct & Monitor Processes for Governance of Enterprise IT EDM1 Ensure Governance Framework Setting and Maintenance EDM2 Ensure Benefits Delivery EDM3 Ensure Risk Optimisation EDM4 Ensure Resource Optimisation EDM5 Ensure Stakeholder Transparency Process Process Purpose EDM01 Ensure Governance Framework Setting and Maintenance EDM02 Ensure Benefits Delivery Provide a consistent approach integrated and aligned with the enterprise governance approach. To ensure that IT-related decisions are made in line with the enterprise s strategies and objectives, IT-related processes are overseen effectively and transparently, compliance with legal and regulatory requirements are confirmed, and the governance requirements for board members are met Secure optimal value from IT-enabled initiatives services and assets, cost-efficient delivery of solutions and services, and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently
58 The COBIT 5 Process Reference Guide Process Reference Model EDM 7 Evaluate, Direct & Monitor Processes for Governance of Enterprise IT EDM1 Ensure Governance Framework Setting and Maintenance EDM2 Ensure Benefits Delivery EDM3 Ensure Risk Optimisation EDM4 Ensure Resource Optimisation EDM5 Ensure Stakeholder Transparency Process Process Purpose EDM03 Ensure Risk Optimisation EDM04 Ensure Resource Optimisation EDM05 Ensure Stakeholder Transparency Ensure that IT-related enterprise risk does not exceed risk appetite and risk tolerance, the impact of IT risk to enterprise value is identified and managed, and the potential for compliance failures is minimised Ensure that the resource needs of the enterprise are met in the most optimal manner, IT costs are optimised, and there is an increased likelihood of benefit realisation and readiness for future change Make sure that the communication to stakeholders is effective and timely and the basis for reporting is established to increase performance, identify areas for improvement, and confirm that IT-related objectives and strategies are in line with the enterprise s strategy
59 The COBIT 5 Process Reference Guide Process Reference Model APO 7 Align, Plan & Organise APO1 Manage the IT Management Framework APO2 - Manage Strategy APO3 Manage Enterprise Architecture APO4 Manage Innovation APO5 - Manage Portfolio APO6 Manage Budget & Costs APO7 Manage Human Resources APO8 Manage Relationships APO9 Manage Service Agreements APO10 - Manage Suppliers APO11 - Manage Quality APO12 Manage Risk APO13 Manage Security Processes for Management of Enterprise IT Process Process Purpose APO01 Manage the IT Management Framework APO02 Manage Strategy APO03 Manage Enterprise Architecture Provide a consistent management approach to enable the enterprise governance requirements to be met, covering management processes, organisational structures, roles and responsibilities, reliable and repeatable activities, and skills and competencies Align strategic IT plans with business objectives, clearly communicate the objectives and associated accountabilities so they are understood by all, with the IT strategic options identified, structured and integrated with the business plans Represent the different building blocks that make up the enterprise and their interrelationships as well as the principles guiding their design and evolution over time, enabling a standard, responsive and efficient delivery of operational and strategic objectives
60 The COBIT 5 Process Reference Guide Process Reference Model APO 7 Align, Plan & Organise APO1 Manage the IT Management Framework APO2 - Manage Strategy APO3 Manage Enterprise Architecture APO4 Manage Innovation APO5 - Manage Portfolio APO6 Manage Budget & Costs APO7 Manage Human Resources APO8 Manage Relationships APO9 Manage Service Agreements APO10 - Manage Suppliers APO11 - Manage Quality APO12 Manage Risk APO13 Manage Security Processes for Management of Enterprise IT Process APO04 Manage Innovation APO05 Manage Portfolio APO06 Manage Budget and Costs Process Purpose Achieve competitive advantage, business innovation, and improved operational effectiveness and efficiency by exploiting information technology developments Optimise the performance of the overall portfolio of programmes in response to programme and service performance and changing enterprise priorities and demands Enable the effective and efficient use of IT-related resources and provide transparency and accountability of the cost and business value of solutions and services. Enable the enterprise to make informed decisions regarding the use of IT solutions and services
61 The COBIT 5 Process Reference Guide Process Reference Model APO 7 Align, Plan & Organise APO1 Manage the IT Management Framework APO2 - Manage Strategy APO3 Manage Enterprise Architecture APO4 Manage Innovation APO5 - Manage Portfolio APO6 Manage Budget & Costs APO7 Manage Human Resources APO8 Manage Relationships APO9 Manage Service Agreements APO10 - Manage Suppliers APO11 - Manage Quality APO12 Manage Risk APO13 Manage Security Processes for Management of Enterprise IT Process APO07 Manage Human Resources APO08 Manage Relationships APO09 Manage Service Agreements Process Purpose Optimise human resources capabilities to meet enterprise objectives Create improved outcomes, increased confidence, and trust in IT and effective use of resources IT services and service levels meet current and future enterprise needs
62 The COBIT 5 Process Reference Guide Process Reference Model APO 7 Align, Plan & Organise APO1 Manage the IT Management Framework APO2 - Manage Strategy APO3 Manage Enterprise Architecture APO4 Manage Innovation APO5 - Manage Portfolio APO6 Manage Budget & Costs APO7 Manage Human Resources APO8 Manage Relationships APO9 Manage Service Agreements APO10 - Manage Suppliers APO11 - Manage Quality APO12 Manage Risk APO13 Manage Security Processes for Management of Enterprise IT Process APO10 Manage Suppliers APO11 Manage Quality APO12 Manage Risk APO13 Manage Security Process Purpose Minimise the risk associated with non-performing suppliers and ensure competitive pricing Consistent delivery of solutions and services to meet the quality requirements of the enterprise and satisfy stakeholder needs Integrate the management of IT-related enterprise risk with overall ERM, and balance the costs and benefits of managing IT-related enterprise risk Keep the impact and occurrence of information security incidents within the enterprise s risk appetite levels
63 The COBIT 5 Process Reference Guide Process Reference Model BAI 7 Build, Acquire & Implement BAI1 Manage Programmes And Projects BAI2 Manage Requirements Definition BAI3 Manage Solutions Identification & Build BAI4 Manage Availability & Capacity BAI5 Manage Organisational Change Enablement BAI6 Manage Changes BAI7 Manage Changes Acceptance and Transitioning BAI8 Manage Knowledge BAI9 Manage Assets BAI10 Manage Configuration Processes for Management of Enterprise IT Process BAI01 Manage Programmes and Projects BAI02 Manage Requirements Definition BAI03 Manage Solutions Identification and Build Process Purpose Realise business benefits and reduce the risk of unexpected delays, costs and value erosion, ensuring the value and quality of project deliverables, and maximising their contribution to the investment and services portfolio Create feasible optimal solutions that meet enterprise needs while minimising risk Establish timely and cost-effective solutions capable of supporting enterprise strategic and operational objectives
64 The COBIT 5 Process Reference Guide Process Reference Model BAI 7 Build, Acquire & Implement BAI1 Manage Programmes And Projects BAI2 Manage Requirements Definition BAI3 Manage Solutions Identification & Build BAI4 Manage Availability & Capacity BAI5 Manage Organisational Change Enablement BAI6 Manage Changes BAI7 Manage Changes Acceptance and Transitioning BAI8 Manage Knowledge BAI9 Manage Assets BAI10 Manage Configuration Processes for Management of Enterprise IT Process BAI04 Manage Availability and Capacity BAI05 Manage Organisational Change Enablement BAI06 Manage Changes Process Purpose Maintain service availability, efficient management of resources and optimisation of system performance through prediction of future performance and capacity requirements Prepare and commit stakeholders for business change and reduce the risk of failure Enable fast and reliable delivery of change to the business and mitigation of the risk of negatively impacting the stability or integrity of the changed environment
65 The COBIT 5 Process Reference Guide Process Reference Model BAI 7 Build, Acquire & Implement BAI1 Manage Programmes And Projects BAI2 Manage Requirements Definition BAI3 Manage Solutions Identification & Build BAI4 Manage Availability & Capacity BAI5 Manage Organisational Change Enablement BAI6 Manage Changes BAI7 Manage Changes Acceptance and Transitioning BAI8 Manage Knowledge BAI9 Manage Assets BAI10 Manage Configuration Processes for Management of Enterprise IT Process BAI07 Manage Changes, Acceptance and Transitioning BAI08 Manage Knowledge BAI09 Manage Assets BAI10 Manage Configuration Process Purpose Implement solutions safely and in line with the agreed-on expectations and outcomes Provide the knowledge required to support all staff in their work activities and for informed decision making and enhanced productivity Account for all IT assets and optimise the value provided by these assets Provide sufficient information about service assets to enable the service to be effectively managed, to assess the impact of changes and to deal with service incidents.
66 The COBIT 5 Process Reference Guide Process Reference Model DSS 7 Deliver, Service & Support DSS1 Manage Operations DSS2 Manage Service Requests & Incidents DSS3 Manage Problems DSS4 Manage Continuity DSS5 Manage Security Services DSS6 Manage Business Process Controls Processes for Management of Enterprise IT Process DSS01 Manage Operations DSS02 Manage Service Requests and Incidents DSS03 Manage Problems Process Purpose Deliver IT operational service outcomes as planned Achieve increased productivity and minimise disruptions through quick resolution of user queries and incidents Increase availability, improve service levels, reduce costs, and improve customer convenience and satisfaction, by reducing the number of operational problems
67 The COBIT 5 Process Reference Guide Process Reference Model DSS 7 Deliver, Service & Support DSS1 Manage Operations DSS2 Manage Service Requests & Incidents DSS3 Manage Problems DSS4 Manage Continuity DSS5 Manage Security Services DSS6 Manage Business Process Controls Processes for Management of Enterprise IT Process DSS04 Manage Continuity DSS05 Manage Security Services DSS06 Manage Business Process Controls Process Purpose Continue critical business operations and maintain availability of information at a level acceptable to the enterprise in the event of a significant disruption Maintain information integrity and the security of information assets handled within business processes in the enterprise or outsourced
68 The COBIT 5 Process Reference Guide Process Reference Model MEA 7 Monitor, Evaluate & Assess MEA1 Monitor, Evaluate and Assess Performance and Conformance MEA2 Monitor, Evaluate and Assess the System of Internal Control MEA3 Monitor, Evaluate and Assess Compliance with External Requirements Processes for Management of Enterprise IT Process MEA01 Monitor, Evaluate and Assess Performance and Conformance MEA02 Monitor, Evaluate and Assess the System of Internal Control MEA03 Monitor, Evaluate and Assess Compliance with External Requirements Process Purpose Provide transparency of performance and conformance and drive achievement of goals Obtain transparency for key stakeholders on the adequacy of the system of internal controls and thus provide trust in operations, confidence in the achievement of enterprise objectives and an adequate understanding of residual risk The enterprise is compliant with all applicable external requirements
69 1. 8. COBIT 5 Implementation Guide
70 COBIT 5 Implementation 8 COBIT 5: Implementation covers the following subjects: Positioning GEIT within an enterprise Taking the first steps towards improving GEIT Implementation challenges and success factors Enabling GEIT-related organisational and behavioural change Implementing continual improvement that includes change enablement and programme management Using COBIT 5 and its components
71 Migrate to COBIT 5 or stay with COBIT 4? Some considerations... 8 COBIT 4.1 COBIT 5
72 Migrate to COBIT 5 or stay with COBIT 4? Some considerations 8 COBIT 5 because we have to do it COBIT 5 because we want to do it
73 Roadmap to COBIT 5 If you adopt COBIT 5: It s the enablers 8 Recap: it s the enablers that make governance work. So: roadmap to COBIT implies working on all these enablers: Defining and implementing processes Putting in place effective organisational structures Defining the right information streams Developing the right culture and associated behaviours Having the right skills, competences and (number of) people
74 COBIT 5 Implementation Roadmap 8
75 Roadmap to COBIT 5 Step 1: Why would we do it? 8 What are the drivers for a COBIT 5 implementation? Are there any existing pains? Lack of control? Growing number of loose ends? Uncertain ROI of investments? Any important trigger events Major new project? External pressure? Regulatory pressure? Questions: Are these issues real? If not, in theory no need to act urgently If real issues exist, is the Board convinced that something needs to be done here?
76 Roadmap to COBIT 5 Step 2: Where are we now? 8 Assess the Current Situation: Determine based on existing pains, the relevant areas for you in COBIT 5 Diagnosis/High-Level Review of selected governance enablers should be made, resulting in Capability score of processes Evaluations of other enablers
77 Roadmap to COBIT 5 Step 3: Where do we want to be? 8 Express target levels for capability of enablers This applies to processes, but also to other enablers Remember: Raising your level of governance capability: Requires resources, including time Has to be subject to a business case!
78 Success Factors 8 Some key success factors, without which failure is guaranteed Continuous top management support and committment Resources Regular success stories & quick wins Understanding key objectives (see next slide)
79 Governance often perceived as this Before 5 After Benefits Risk Resources 0 Benefits Risk Resources
80 Governance could also result (preferably) in this 8 5 Before 5 After Benefits Risk Resources 0 Benefits Risk Resources
81 Some quotes recorded during COBIT 5 development 8
82 Some quotes recorded during COBIT 5 development 8 Quote 1 COBIT 5 is not a framework for the IT people Quote 2 Organisations have the IT they deserve
83 1. 9. Additional COBIT 5 Publications - COBIT 5 for Information Security - COBIT Assessment Programme
84 Additional Publications COBIT 5 for Information Security 9 This is an extended view of COBIT 5 It explains each component of COBIT 5 from an information security perspective It provides security professionals detailed guidance for using COBIT 5 as they establish, implement and maintain information security in the business policies, processes and structures of an enterprise
85 Additional Publications COBIT Assessment Programme 9 This enables the evaluation of selected IT processes a view on process capability Process improvement, delivering business value, measuring the achievement of business goals, benchmarking, consistent reporting, etc Processes can be assessed individually or alternatively in groups. Scoping areas include: Capability of processes to support cloud services Capability of processes to support achievement of IT and business goals Capability of processes to support SOX compliance Capability of processes to support the enterprise governance of IT
86 Upcoming COBIT 5 Publications - COBIT 5 for Assurance - COBIT 5 for Risk
87 COBIT 5 for Assurance 10 This creates an information assurance view of COBIT 5 It provides guidance for ISACA s information assurance constituents It should be considered as the assurance equivalent of COBIT 5 for Information Security It is scheduled to be available in the second quarter of 2013 currently proposed to be launched at Insights 2013
88 COBIT 5 for Assurance 10 In COBIT 5, governance/management practices are the replacements for the COBIT 4.1 control objectives The Val IT and Risk IT practices In COBIT 5, the focus is on enabler goals Achievement of enabler goals can be assessed: Are goals achieved associated metrics at various levels in the cascade Is appropriate good practice applied (design question) Are process activities (which include control activities) adequately performed? Is the process capability level adequate or fit for purpose?
89 COBIT 5 for Risk 10 This creates an information risk view of COBIT 5 It will serve as the information risk specific guidance for ISACA s information risk constituents It should be considered as the risk focused equivalent of COBIT 5 for Information Security It is scheduled to be available in the second quarter of 2013 currently proposed to be launched at Insights 2013
90 Some more migrating implementation considerations. How to put COBIT 5 to use in practice?
91 COBIT 5 Has Arrived Now What? Meeting Stakeholder Needs Are they? 11 Example Stakeholder question: How do I get value from IT? Do I get value from IT? COBIT 5: Value is the key driver for all enablers; COBIT 5 describes the organisational structures, processes, behaviours, information flows etc. that are needed to have IT deliver value to the enterprise; COBIT 5 also describes the mechanisms to analyse performance of all enablers, and includes a roadmap for a Governance improvement project COBIT 5 contains specific processes and other enablers for value management, e.g.. EDM02, APO05 and the linked organisational structures, information flows etc.
92 COBIT 5 Has Arrived Now What? Meeting Stakeholder Needs Are they? 11 Example Stakeholder question: How do I manage performance of IT? Am I running an efficient and resilient IT operation? How do I best build and structure my IT department? COBIT 5 defines a set of interacting enablers that when working and interacting well provide a performing IT for the enterprise; COBIT 5 includes a generic enabler model with a performance management module. Using this model to assess all enablers systematically will provide accurate and useful performance data; COBIT 5 contains metrics associated with goals at various levels these metrics can be included in a performance mgmnt system Dealing with the efficiency and resilience questions can be done by putting appropriate emphasis and priority on specific processes and other enablers
93 COBIT 5 Has Arrived Now What? Meeting Stakeholder Needs Are they? 11 Example Stakeholder question: How do I know if I m compliant with all applicable regulations? Am I? COBIT 5 includes a number of processes that specifically deal with compliance from identifying compliance requirements, over implementing appropriate controls to (independent) evaluation of compliance; the goals cascade include several compliance related goals at various levels COBIT 5 extends towards business processes, ensuring that compliance requirements are taken care of consistently throughout the enterprise The mechanisms to assess performance of these processes and other enablers can be used to manage performance of the compliance system
94 COBIT 5 Has Arrived Now What? Meeting Stakeholder Needs Are they? 11 Example Stakeholder question: Did I address all IT related risks? COBIT 5 includes several IT risk related goals at various levels, which when prioritised correctly will identify relevant processes and other enablers to manage risk Specific processes at governance and management level deal with risk management, e.g. EDM03, APO12, APO13, MEA domain Same for organisational structures, specific skills etc. Again, the built-in performance system allows to monitor performance and outcome of all enablers, providing an accurate view on current status In case improvements are needed, the Implementation Guide provides a roadmap towards enhanced governance practices
95 Finally one word on complexity 11 >32 definitions of complexity exist Is COBIT 5 complex? YES, because: It covers a complex matter and provides a model to deal with this complexity! Models are a simplification of reality to the level where the model still is relevant simplification but not simplistic! Is COBIT 5 complex? NO, because: If complex is defined as time needed to understand (for normal person) then we could argue that it is not very complex 5 principles, seven enablers with each four dimensions
96 Some final advice The Basic equation A Framework is a Framework COBIT 5 is comprehensive in its vision on governance BUT: a lot remains to be done by yourselves, based on individual circumstances We already posess the most important tool required for that shown at the right
97 Q & A
Presented by. Denis Darveau CISM, CISA, CRISC, CISSP
Presented by Denis Darveau CISM, CISA, CRISC, CISSP Las Vegas ISACA Chapter, February 19, 2013 2 COBIT Definition Control Objectives for Information and Related Technology (COBIT) is an IT governance framework
More informationCOBIT 5 Introduction. 28 February 2012
COBIT 5 Introduction 28 February 2012 COBIT 5 Executive Summary 2012 ISACA. All rights reserved. 2 Information! Information is a key resource for all enterprises. Information is created, used, retained,
More informationGeoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com
COBIT 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com 1 Copyright Notice COBIT is 1996, 1998, 2000, 2005 2012 ISACA and IT Governance Institute.
More informationChayuth Singtongthumrongkul
IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional
More informationRevised October 2013
Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience
More informationINFORMATION TECHNOLOGY FLASH REPORT
INFORMATION TECHNOLOGY FLASH REPORT ISACA Releases COBIT 5: Updated Framework for the Governance and Management of IT May 18, 2012 In April, ISACA released COBIT 5 as a replacement for its current globally
More informationIT Governance Implementation Workshop
IT Governance Implementation Workshop 3 Full day power packed workshop facilitated by Mr. Gary Allan Banister and Mr. Sreechith Radhakrishnan About the Programme Information is created, used, retained,
More informationRoles, Activities and Relationships
and in COBIT 5 Objective: Value Creation Benefits Realisation Risk Resource Enablers Scope Roles, Activities and Relationships Source: COBIT 5, figure 8 Key Roles, Activities and Relationships Roles, Activities
More informationCOBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)
COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA
More informationCOBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.
COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that
More informationfor Information Security
for Information Security The following pages provide a preview of the information contained in COBIT 5 for Information Security. The publication provides guidance to help IT and Security professionals
More informationCOBIT 5 Foundation Workshop. COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute
COBIT 5 Foundation Workshop COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute COBIT 5: A Business Framework for the Governance and Management
More informationCOBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview
COBIT 5 IACA s new framework for IT Governance, Risk, ecurity and Auditing An overview M. Garsoux COBIT 5 Licensed Training rovider Introduction rinciples rocesses Implementation upporting roducts Questions
More informationCOBIT Helps Organizations Meet Performance and Compliance Requirements
DISCUSS THIS ARTICLE COBIT Helps Organizations Meet Performance and Compliance Requirements By Sreechith Radhakrishnan, COBIT Certified Assessor, ISO/IEC 20000 LA, ISO/IEC 27001 LA, ISO22301 LA, ITIL Expert,
More informationIS Audit and Assurance Guideline 2202 Risk Assessment in Planning
IS Audit and Assurance Guideline 2202 Risk Assessment in Planning The specialised nature of information systems (IS) audit and assurance and the skills necessary to perform such engagements require standards
More informationSound Transit Internal Audit Report - No. 2014-3
Sound Transit Internal Audit Report - No. 2014-3 IT Project Management Report Date: Dec. 26, 2014 Table of Contents Page Background 2 Audit Approach and Methodology 2 Summary of Results 4 Findings & Management
More informationAuditors Need to Know June 13th, 2012. ISACA COBIT 5 for Assurance
COBIT 5 What s New, What Auditors Need to Know June 13th, 2012 Anthony Noble Viacom Inc. ISACA COBIT 5 for Assurance Task Force Chair Special thanks to Derek Oliver & ISACA for supplying material for this
More informationCLOUD SECURITY THROUGH COBIT, ISO 27001 ISMS CONTROLS, ASSURANCE AND COMPLIANCE
CLOUD SECURITY THROUGH COBIT, ISO 27001 ISMS CONTROLS, ASSURANCE AND COMPLIANCE Indranil Mukherjee Singapore ISC Pte Ltd Session ID: CLD T02 Session Classification: Intermediate Cloud Computing from a
More informationGovernance and Management of Information Security
Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information
More informationUnderstanding COBIT 5. based on ISACA Materials www.isaca.org/cobit. Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant
Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant Understanding COBIT 5 based on ISACA Materials www.isaca.org/cobit ISACA Silicon Valley Chapter Spring 1 Why COBIT is important
More informationCOBIT 5 Implementation Certification Course
COBIT 5 Implementation Certification Course About COBIT 5.0 Information is created, used, retained, disclosed and destroyed. Technology plays a key role in these actions and technology is becoming pervasive
More informationWhite Paper. COBIT 5 & BiSL
White Paper COBIT 5 & BiSL This paper compares the scope and perspective of COBIT 5 and BiSL and shows how these two frameworks can be used in conjunction to assure that business information management
More informationS11 - Implementing IT Governance An Introduction Debra Mallette
S11 - Implementing IT Governance An Introduction Debra Mallette S11 - Introduction to IT Governance Implementation using COBIT and Val IT Speaker: Debra Mallette, CGEIT, CISA, CSSBB Session Objectives
More informationCOBIT 5 Process Assessment Method (PAM) Debra Mallette, CGEIT, CISA, CSSBB Governance Risk and Compliance -G22
COBIT 5 Process Assessment Method (PAM) Debra Mallette, CGEIT, CISA, CSSBB Governance Risk and Compliance -G22 Session Objectives Why Assess Process Capability COBIT 5 Process Assessment Model Relationship
More informationCOBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30
COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net
More informationCOBIT 4.1 TABLE OF CONTENTS
COBIT 4.1 TABLE OF CONTENTS Executive Overview....................................................................... 5 COBIT Framework.........................................................................
More informationMapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA
Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT
More informationApplying Integrated Risk Management Scenarios for Improving Enterprise Governance
Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used
More informationIncreasing IT Value and Reducing Risk. More for Less with COBIT5. IT Governance and Strategy
Increasing IT Value and Reducing Risk More for Less with COBIT5 Copyright 2012 ITpreneurs. All rights reserved. 1 COBIT 5 the Next Evolution 2 COBIT 5 Released in April 2012 COBIT5 is the eagerly awaited
More informationIS Audit and Assurance Guideline 2402 Follow-up Activities
IS Audit and Assurance Guideline 2402 Activities The specialised nature of information systems (IS) audit and assurance and the skills necessary to perform such engagements require standards that apply
More informationAssessing & Managing IT Risks: Using ISACA's CobiT & Risk IT Frameworks
Assessing & Managing IT Risks: Using ISACA's CobiT & Risk IT Frameworks 2ο InfoCom Security Conference Anestis Demopoulos, Vice President ISACA Athens Chapter, & Senior Manager, Advisory Services, Ernst
More informationInformation Security Management Systems
Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector
More information2009 Solvay Brussels School and IT Governance institute
IT Governance Masterclass Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA International VP, IT Governance Institute Professor, Solvay Business School Managing Partner, ICT Control NV 1 Georges Ataya
More informationRisk Management & Business Continuity Manual 2011-2014
ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page
More informationConfident in our Future, Risk Management Policy Statement and Strategy
Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents
More informationWEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER
WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER MAY 2012 INDEX 1 Introduction... 1 2 Contextual background... 3 2.1 The CobiT 5 framework (2012)... 4 2.2 The ISO 27000 series (2005,
More informationAN APPROACH TO DESIGN SERVICES KEY PERFORMANCE INDICATOR USING COBIT5 AND ITIL V3
AN APPROACH TO DESIGN SERVICES KEY PERFORMANCE INDICATOR USING COBIT5 AND ITIL V3 1 Retno Ayu Widiyaningrum, 2 Kudang B Sminar, 3 Husniteja Sukmana Department of Computer Science, Bogor Agricultural University,
More informationStrategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013
Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013 AGENDA IT s Changing Landscape ISACA s Response Vision and Mission COBIT 5
More informationCOBIT 5 Implementation Certifi cate. Training Course & Exam
COBIT 5 Implementation Certifi cate Training Course & Exam Introduction The COBIT 5 Implementation Certifi cate is a Practitioner Level Training Course that focuses on how to apply COBIT 5 (The Framework
More informationIT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE
1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH
More informationEnabling Information PREVIEW VERSION
Enabling Information These following pages provide a preview of the information contained in COBIT 5: Enabling Information. The main benefit of this publication is that it provides COBIT 5 users with a
More informationCONCEPTUAL MODEL OF IT GOVERNANCE FOR HIGHER EDUCATION BASED ON COBIT 5 FRAMEWORK
CONCEPTUAL MODEL OF IT GOVERNANCE FOR HIGHER EDUCATION BASED ON COBIT 5 FRAMEWORK HERU NUGROHO Telkom University, Telkom Applied Science School, Department of Information Technology, Bandung E-mail: herunugroho@telkomuniversity.ac.id,
More informationA Managed Storage Service on a Hybrid Cloud
A Managed Storage on a Hybrid Cloud Business Context Sustainability Improve procurement & contract management Embrace and optimise advances in technology Environmental improvement & carbon reduction Global
More informationTITOLO V - Capitolo 9 - LA CONTINUITÀ OPERATIVA Accountable: Board 3 8 14
TITOLO V - Capilo 9 - LA CONTINUITÀ OPERATIVA 3 8 14 GdR BI 263 TITOLO V - Capilo 9 - LA CONTINUITÀ OPERATIVA Mappatura COBIT 5 Elenco per Accountability 1 TITOLO V - Capilo 9 - LA CONTINUITÀ OPERATIVA
More informationKPMG Advisory. Microsoft Dynamics CRM. Advisory, Design & Delivery Services. A KPMG Service for G-Cloud V. April 2014
KPMG Advisory Microsoft Dynamics CRM Advisory, Design & Delivery Services A KPMG Service for G-Cloud V April 2014 Table of Contents Service Definition Summary (What s the challenge?)... 3 Service Definition
More informationCriticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3
Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Outline What is IT Service Management What is ISO 20000 Step by step implementation
More informationISO 21500: Did we need it? A Consultant's Point of View after a first experience. Session EM13TLD04
ISO 21500: Did we need it? A Consultant's Point of View after a first experience Session EM13TLD04 Maria Cristina Barbero, MBA, PMI-ACP, PMP Nexen SPA PMI is a registered trade and service mark of the
More informationA&CS Assurance Review. Accounting Policy Division Rule Making Participation in Standard Setting. Report
A&CS Assurance Review Accounting Policy Division Rule Making Participation in Standard Setting Report April 2010 Table of Contents Background... 1 Engagement Objectives, Scope and Approach... 1 Overall
More informationThe Cadence Partnership Service Definition
The Cadence Partnership Service Definition About Cadence The Cadence Partnership is an independent management consultancy, specialising in working with a wide range of organisations, solving complex issues
More informationISACA Roundtable. Cobit and Grab@Pizza 7 september 2015
1 ISACA Roundtable 7 september 2015 ISACA Roundtable Cobit and Grab@Pizza 7 september 2015 2015 KPN Corporate Market B.V. ISACA, is a registered trademark of the Information Systems Audit and Control Association
More informationINFORMATION SECURITY & GOVERNANCE SYSTEMS AND IT INFRASTRUCTURE INFOSEC & TECHNOLOGY TRAINING. forebrook
INFORMATION SECURITY & GOVERNANCE SYSTEMS AND IT INFRASTRUCTURE INFOSEC & TECHNOLOGY TRAINING forebrook Forebrook offers a range of information security, governance, IT systems and infrastructure related
More informationWas muss ein Unternehmen im Griff haben, wenn es IT einsetzt? Jimmy Heschl
Was muss ein Unternehmen im Griff haben, wenn es IT einsetzt? COBIT is a registered trademark of the Information Systems Audit and Control Association (ISACA ). This product includes COBIT 5, used by permission
More informationGobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI
Gobierno de TI Enfrentando al Reto IT Facing the Challenge Everett C. Johnson, CPA International President ISACA and ITGI 1 Add titles Agenda Agenda IT governance keys IT governance focus areas: theory
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving
More informationJOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK
JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK INDEX 1 Introduction... 2 Contextual background... 2.1 The CobiT 5 framework (2012)... 2.2 The ISO 27000 series (2005, 2011)... 2.3 The Risk IT
More informationThis article describes how these seven enablers have contributed towards better information security management at HDFC Bank.
Information Security Management at HDFC Bank: Contribution of Seven Enablers By Vishal Salvi, CISM, and Avinash W. Kadam, CISA, CISM, CGEIT, CRISC, CBCP, CISSP, CSSLP HDFC Bank was incorporated in August
More informationWINS QMS Quality Management System Manual. WINS PROPRIETARY INFORMATION Rev.12.0
WINS QMS Quality Management System Manual WINS PROPRIETARY INFORMATION Rev.12.0 1 WINS QMS Quality Management System Manual As the Executive Director of WINS, I acknowledge my responsibility to uphold
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationIS Management, ITIL, ISO, COBIT...
IS Management, ITIL, ISO, COBIT... Orsys, with 30 years of experience, is providing high quality, independant State of the Art seminars and hands-on courses corresponding to the needs of IT professionals.
More informationPwC Luxembourg. Models for the governance of your investments with Portfolio Management September 2009
PwC Luxembourg Models for the governance of your investments with Portfolio Management Agenda Welcome The Portfolio Management Concept Portfolio Management in PMI Portfolio Management in Val IT Portfolio
More informationCopyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen.
COBIT 5 A Management Guide Other publications by Van Haren Publishing Van Haren Publishing (VHP) specializes in titles on Best Practices, methods and standards within four domains: - IT and IT Management
More informationNeed to protect your business from potential disruption? Prepare for the unexpected with ISO 22301.
Need to protect your business from potential disruption? Prepare for the unexpected with. Why BSI? Keep your business running with and BSI. Our knowledge can transform your organization. For more than
More informationAPPENDIX 50. Enterprise risk management - Risk management overview
APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...
More informationAn Implementation Roadmap
An Implementation Roadmap The 2nd Abu Dhabi IT s Forum P J Corum, CSQA, CSTE, ITSM Managing Director Quality Assurance Institute Middle East and Africa Dubai, UAE Quality Assurance Institute Middle East
More informationHow To Use Risk It
Risk IT A set of guiding principles and the first framework to help enterprises identify, govern and effectively manage IT risk. In business today, risk plays a critical role. Almost every business decision
More informationLESSONS LEARNED REPORT
Demystifying Quality in a Project Environment Best Practice User Group Workshop LESSONS LEARNED REPORT Purpose This document summarises the results of a workshop looking at Quality in a Project Environment,
More informationINTERMEDIATE QUALIFICATION
PROFESSIONAL QUALIFICATION SCHEME INTERMEDIATE QUALIFICATION SERVICE LIFECYCLE CONTINUAL SERVICE IMPROVEMENT CERTIFICATE SYLLABUS Page 2 of 18 Document owner The Official ITIL Accreditor Contents CONTINUAL
More informationfmswhitepaper Why community-based financial institutions should practice enterprise risk management.
fmswhitepaper Why community-based financial institutions should practice enterprise risk management. By Michael D. Cohn, CPA, CISA, CGEIT Director, WolfPAC Solutions Group Unique Insights Implementation
More informationSetting goals and measuring the value of Enterprise IT Architecture using COBIT 5 framework
Setting goals and measuring the value of Enterprise IT Architecture using COBIT 5 framework Karoline Westerlund, IT-strategist Umeå University, Sweden retirement Service Catalogue Defined framework Formalized
More informationG13 USE OF RISK ASSESSMENT IN AUDIT PLANNING
IS AUDITING GUIDELINE G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply
More informationthe role of the head of internal audit in public service organisations 2010
the role of the head of internal audit in public service organisations 2010 CIPFA Statement on the role of the Head of Internal Audit in public service organisations The Head of Internal Audit in a public
More informationCRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data
CRISC Glossary Term Access control Access rights Application controls Asset Authentication The processes, rules and deployment mechanisms that control access to information systems, resources and physical
More informationPreparing yourself for ISO/IEC 27001 2013
Preparing yourself for ISO/IEC 27001 2013 2013 a Vintage Year for Security Prof. Edward (Ted) Humphreys (edwardj7@msn.com) [Chair of the ISO/IEC and UK BSI Group responsible for the family of ISMS standards,
More informationV1.0 - Eurojuris ISO 9001:2008 Certified
Risk Management Manual V1.0 - Eurojuris ISO 9001:2008 Certified Section Page No 1 An Introduction to Risk Management 1-2 2 The Framework of Risk Management 3-6 3 Identification of Risks 7-8 4 Evaluation
More informationInformation Security Management Systems
Information Security Management Systems Information Security Management Systems Conformity Assessment Scheme ISO/IEC 27001:2005 (JIS Q 27001:2006) ITMangement Center Japan Information Processing Development
More informationTOGAF. TOGAF & Major IT Frameworks, Architecting the Family. by Danny Greefhorst, MSc., Director of ArchiXL. IT Governance and Strategy
TOGAF TOGAF & Major IT Frameworks, Architecting the Family by Danny Greefhorst, MSc., Director of ArchiXL TOGAF is a registered trademark of The Open Group. Copyright 2013 ITpreneurs. All rights reserved.
More informationPresentation on COBIT Education
http://www.itpreneurs.com Presentation on COBIT Education Mastering COBIT with effective learning solutions Arjan Woertman ITpreneurs This COBIT product suite includes COBIT 4.0, which is used by permission
More informationEnabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013
Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities
More informationThe Future of Best Practices in IT Service Management - ITIL Version 3 Explained
The Future of Best Practices in IT Service Management - ITIL Version 3 Explained Reg Harbeck CA Monday, August 13, 2007 Session 1455 ITIL V3: The Processes Governance Processes: Service Measurement Service
More informationBoard of Member States ERN implementation strategies
Board of Member States ERN implementation strategies January 2016 As a result of discussions at the Board of Member States (BoMS) meeting in Lisbon on 7 October 2015, the BoMS set up a Strategy Working
More informationGovernance. as a tool for Architects. Tuesday, 6 November, 12
Governance as a tool for Architects Governance is the act of governing. It relates to decisions that define expectations, grant power, or verify performance. It consists of either a separate process or
More informationGoverning and optimising the design, build and run of new generation IT services
Governing and optimising the design, build and run of new generation IT services harold.petersen@uxcconsulting.com.au www.uxcconsulting.com.au Leadit Conference, Melbourne 13-15 August 2014 Harold Petersen
More informationEnterprise Security Architecture
Enterprise Architecture -driven security April 2012 Agenda Facilities and safety information Introduction Overview of the problem Introducing security architecture The SABSA approach A worked example architecture
More informationEnhancing IT Governance, Risk and Compliance Management (IT GRC)
Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT
More informationPhil Marshall Black Duck Software. 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved.
Open Source Component Governance and Management Using COBIT Phil Marshall Black Duck Software 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved. Welcome Type in questions using the Ask A Question
More informationThe ITIL v.3. Foundation Examination
The ITIL v.3. Foundation Examination ITIL v. 3 Foundation Examination: Sample Paper 3, version 3.0 Multiple Choice Instructions 1. All 40 questions should be attempted. 2. There are no trick questions.
More informationRISK BASED AUDITING: A VALUE ADD PROPOSITION. Participant Guide
RISK BASED AUDITING: A VALUE ADD PROPOSITION Participant Guide About This Course About This Course Adding Value for Risk-based Auditing Seminar Description In this seminar, we will focus on: The foundation
More informationISO 27001 Gap Analysis - Case Study
ISO 27001 Gap Analysis - Case Study Ibrahim Al-Mayahi, Sa ad P. Mansoor School of Computer Science, Bangor University, Bangor, Gwynedd, UK Abstract This work describes the initial steps taken toward the
More information<Business Case Name> <Responsible Entity> <Date>
(The entity Chief Information Officer, Chief Financial Officer and Business Area programme Lead must sign-off the completed business case) Signed: Date:
More informationHow To Transform It Risk Management
The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help
More informationIntegration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand
Integration of Risk Management and Internal Audit Chartered Institute of Management Accountants, New Zealand Contents Understanding the three lines of defense governance model What is Risk? Risk Management
More informationSound Transit Internal Audit Report - No. 2014-6
Sound Transit Internal Audit Report - No. 2014-6 Maturity Assessment: Information Technology Division Disaster Recovery Planning Report Date: June 5, 2015 Table of Contents Page Executive Summary 2 Background
More informationSomewhere Today, A Project is Failing
Aligning CobiT and ITIL - The Business Benefit 2007 ISACA All rights reserved www.isaca.org Page - 1 Somewhere Today, A Project is Failing Chapter 1, Peopleware 2nd edition Tom DeMarco 2007 ISACA All rights
More informationIT risk management discussion 2013 PIAA Leadership Camp May 15, 2013
IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2
More informationRelationship Manager (Banking) Assessment Plan
Relationship Manager (Banking) Assessment Plan ST0184/AP03 1. Introduction and Overview The Relationship Manager (Banking) is an apprenticeship that takes 3-4 years to complete and is at a Level 6. It
More informationAnatomy of an Enterprise Software Delivery Project
Chapter 2 Anatomy of an Enterprise Software Delivery Project Chapter Summary I present an example of a typical enterprise software delivery project. I examine its key characteristics and analyze specific
More informationIT Governance Regulatory. P.K.Patel AGM, MoF
IT Governance Regulatory Perspective P.K.Patel AGM, MoF Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation
More informationTHE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK
THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date
More informationCourse: Information Security Management in e-governance. Day 1. Session 3: Models and Frameworks for Information Security Management
Course: Information Security Management in e-governance Day 1 Session 3: Models and Frameworks for Information Security Management Agenda Introduction to Enterprise Security framework Overview of security
More informationContents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.
iii Contents List of figures List of tables OGC s foreword Chief Architect s foreword Preface Acknowledgements v vii viii 1 Introduction 1 1.1 Overview 4 1.2 Context 4 1.3 Purpose 8 1.4 Usage 8 2 Management
More information