COBIT 5 An Overview. 12 th June, COBIT is a registered trademark of the Information Systems Audit and Control Association

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "COBIT 5 An Overview. 12 th June, COBIT is a registered trademark of the Information Systems Audit and Control Association"

Transcription

1 COBIT 5 An Overview 12 th June, 2012 COBIT is a registered trademark of the Information Systems Audit and Control Association

2 Agenda Organizational Concerns COBIT 5 An Introduction COBIT 4.1 Vs. COBIT 5 Implementation Considerations

3 Current Business Scenario Information is the business currency of the 21 st Century Information has a life cycle: it is created, used, retained, disclosed and destroyed Technology plays a key role in these actions. Technology is becoming pervasive in all aspects of business and personal life Every form of enterprise needs to be able to rely on quality information to support quality executive decisions!

4 Current Business Scenario Enterprises are under constant pressure to: Increase benefits realization through effective and innovative use of enterprise IT Maintain IT related risk at an acceptable level Contain cost of IT services and technology Ensure business and IT collaboration, leading to business user satisfaction with IT engagement and services Comply with ever increasing relevant laws, regulations and policies

5 Organizations Concern Management Concerns CIO s Priorities Inadequate view of IT functioning Operational failures of IT Increase in number of security incidents reported High cost of IT and low ROI IT staffing issues Lack of knowledge of critical systems Disconnect between IT strategy and business strategy IT not meeting compliance Delivering projects to meet business growth Demonstrating value to business Tightening security and privacy controls Improving business continuity readiness Improving quality of IT service delivery Applying metrics to IS organization and services 5

6 IT Concerns and Issues Aligning IT with Business Delivering Value Managing Costs Managing Complexity Ensuring IT Availability Organizations invests significant amount of money in IT The dependence of business on IT has increased considerably Managing business requirement and adopting to technology growth is a major challenge Manage Regulatory Compliance Information Security Does this mean that we shall remain as-is? Is there a remedy? 6

7 Drivers for Enterprise IT Governance A need for the enterprise to: Achieve increased value creation Obtain business user satisfaction Achieve compliance with relevant laws, regulations and policies Improve the relation between business and IT Increase the return on Investment on Enterprise IT 2012 ISACA. All Rights Reserved. 7

8 What is Governance? Governance is a balancing act between: Performance Improving profitability, efficiency, effectiveness, and growth Conformance Adhering to legislation, internal policies, and audit requirements So, What is IT Governance to do with? 8

9 What is IT Governance? IT Governance: It s about organization leadership Decision making that leads to better alignment of the business IT delivering more business value IT resources are used responsibly IT risks are managed appropriately COBIT 5 provides an excellent guidance in this area! 9

10 COBIT 5 An Introduction 10

11 COBIT 5: Now One Complete IT - Business Framework Governance of Enterprise IT Evolution of scope IT Governance Management Control Audit Val IT 2.0 (2008) Risk IT (2009) COBIT1 COBIT2 COBIT3 COBIT4.0/4.1 COBIT / An business framework from ISACA, at ISACA All rights reserved

12 So, what does COBIT 5 guide? End to end business and IT responsibilities Controls for user-initiated and user-controlled IT solutions Provide guidance in: Enterprise architecture Asset and service management Emerging sourcing and organization models Innovation and emerging technologies Connect and align with other major frameworks and standards 2012 ISACA. All Rights Reserved. 12

13 COBIT 5 Premises Defines the starting point of governance and management activities with the stakeholder needs related to enterprise IT Creates a more holistic, integrated and complete view of enterprise governance and management of IT that is consistent, provides an end-to-end view on all IT-related matters Creates a common language between IT and business for the enterprise governance and management of IT Is consistent with generally accepted corporate governance standards, and thus helps to meet regulatory requirements 2012 ISACA. All Rights Reserved. 13

14 The COBIT 5 Format Simplified COBIT 5 directly addresses the needs of the viewer from different perspectives Development continues with specific practitioner guides COBIT 5 is initially in 3 volumes: 1. The Framework Free Download 2. Process Reference Guide Free to Members 3. Implementation Guide - Free to Members COBIT 5 is based on: 5 principles and 7 enablers 2012 ISACA. All Rights Reserved. 14

15 COBIT 5 Principles 1. Meeting Stakeholder Needs 2. Covering the Enterprise Endto-end 3. Applying a Single Integrated Framework 4. Enabling a Holistic Approach 5. Separating Governance From Management 15

16 COBIT 5 Enablers Source: COBIT 5 Framework 16 16

17 Principle 1: Meeting Stakeholder Needs Stakeholder needs have to be transformed into an enterprise s actionable strategy. The COBIT 5 goals cascade translates stakeholder needs into specific, actionable and customized goals within the context of the enterprise, IT-related goals and enabler goals. 17

18 Principle 2: Covering the Enterprise End-to-end Covers all functions and processes within the enterprise COBIT 5 does not focus only on the IT function, but treats information and related technologies as assets that need to be dealt with just like any other asset by everyone in the enterprise. 18

19 Principle 3: Applying a Single Integrated Framework COBIT 5 aligns with the latest relevant other standards and frameworks used by enterprises: Enterprise Standards / Frameworks: COSO, COSO ERM, ISO/IEC 9000, ISO/IEC (Risk Management) IT-related: ISO/IEC (IT Governance), ITIL (IT Service Management), ISO/IEC series (Information Security), TOGAF (Enterprise Architecture), PMBOK/PRINCE2 (Project Management). 19

20 COBIT 5 Where does it fit in? 20

21 Principle 4: Enabling a Holistic Approach COBIT 5 enablers are: Factors that, individually and collectively, influence whether something will work Driven by the goals cascade, i.e., higher-level IT-related goals define what the different enablers should achieve 21

22 COBIT 5 Processes 22

23 Principle 5 : Separating Governance from Management Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed-on direction and objectives (EDM). Management Plans, Builds, Runs and Monitors (PBRM).activities in alignment with the direction set by the governance body to achieve the enterprise objectives 23

24 In Summary COBIT 5 brings together the five principles that allow the enterprise to build an effective governance and management framework based on a holistic set of seven enablers that optimises information and technology investment and use for the benefit of stakeholders. 24

25 COBIT 4.1 vs. COBIT 5 25

26 Primary Transition COBIT 5 builds on previous versions of COBIT 4.1 (including Val IT and Risk IT), so enterprises can also build on what they have developed using earlier versions. COBIT 5 clarifies management level processes and integrated COBIT 4.1, Val IT and Risk IT content into one process reference model. 26

27 Practices & Activities Control Objectives Val IT & Risk IT Processes Governance & Management Practices Control Practices Activities Practices in Risk IT & Val IT 27

28 Renewed focus on Enablers Effectiveness Efficiency Confidentiality Integrity Availability Compliance Criteria COBIT 4.1 CUBE Reliability Applications Information Infrastructure People IT Resources Domains Processes Activities IT Processes 28

29 Process Reference Model 29

30 New / Modified Processes COBIT 5 introduces five new governance processes that have leveraged and improved COBIT 4.1, Val IT and Risk IT governance approaches. Below are the new / modified processes to reflect this: APO03 Manage enterprise architecture (deviation from Information to Enterprise) APO04 Manage innovation New governance process APO05 Manage portfolio (Val IT) APO08 Manage relationships (BRM from ISO 20000) APO13 Manage security Segregation from typical security (covered in DSS) BAI05 Manage organizational change enablement. BAI08 Manage knowledge. BAI09 Manage assets. DSS05 Manage security service. DSS06 Manage business process controls. 30

31 RACI Charts provides more detailed and range of typical business and IT roles and charts than COBIT 4.1 for each management practice. 31

32 Process Maturity Assessments COBIT 5 discontinues the COBIT 4.1, Val IT and Risk IT CMM-based capability maturity modeling approach (based on CMM) Adopts COBIT Process Assessment Model (PAM) PAM is based on ISO/IEC (Standard for Process Assessment) PAM currently unavailable for COBIT 5 32

33 Process Maturity Assessments The PAM uses a measurement framework that is similar in terminology to the existing maturity models in COBIT 4.1 While the words are similar the scales are NOT the same: The COBIT PAM uses the capability scale from ISO/IEC 15504, whereas the existing COBIT maturity models uses a scale derived from SEI\CMM A PAM level 3 is NOT the same as a CMM level 3 Assessments done under the PAM are likely to result in lower scores COBIT 4.1 Process ISO/IEC Process Maturity Level Capability Level Attribute 5 Optimised 5 Optimizing PA 5.1 Process innovation PA 5.2 Process optimization 4 Managed and measurable 4 Predictable PA 4.1 Process measurement PA 4.2 Process control 3 Defined 3 Established PA 3.1 Process definition PA 3.2 Process deployment 2 Repeatable but intuitive 2 Managed PA 2.1Performance management PA 2.2 Work product management 1 Initial/ad hoc 1 Performed PA 1.1 Process performance 0 Non-existent 0 Incomplete 33

34 COBIT 5 Implementation 34

35 Recommended Implementation Cycle Program approach - most appropriate Reporting is a continual thread through all of the phases and iterations 35

36 Discussions / Q&A 2009 Protiviti Inc. An Equal Opportunity Employer.

37 Protiviti Inc. An Equal Opportunity Employer.

COBIT 5 Introduction. 28 February 2012

COBIT 5 Introduction. 28 February 2012 COBIT 5 Introduction 28 February 2012 COBIT 5 Executive Summary 2012 ISACA. All rights reserved. 2 Information! Information is a key resource for all enterprises. Information is created, used, retained,

More information

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP Presented by Denis Darveau CISM, CISA, CRISC, CISSP Las Vegas ISACA Chapter, February 19, 2013 2 COBIT Definition Control Objectives for Information and Related Technology (COBIT) is an IT governance framework

More information

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA

More information

Revised October 2013

Revised October 2013 Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience

More information

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com COBIT 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com 1 Copyright Notice COBIT is 1996, 1998, 2000, 2005 2012 ISACA and IT Governance Institute.

More information

INFORMATION TECHNOLOGY FLASH REPORT

INFORMATION TECHNOLOGY FLASH REPORT INFORMATION TECHNOLOGY FLASH REPORT ISACA Releases COBIT 5: Updated Framework for the Governance and Management of IT May 18, 2012 In April, ISACA released COBIT 5 as a replacement for its current globally

More information

Chayuth Singtongthumrongkul

Chayuth Singtongthumrongkul IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional

More information

Roles, Activities and Relationships

Roles, Activities and Relationships and in COBIT 5 Objective: Value Creation Benefits Realisation Risk Resource Enablers Scope Roles, Activities and Relationships Source: COBIT 5, figure 8 Key Roles, Activities and Relationships Roles, Activities

More information

CLOUD SECURITY THROUGH COBIT, ISO 27001 ISMS CONTROLS, ASSURANCE AND COMPLIANCE

CLOUD SECURITY THROUGH COBIT, ISO 27001 ISMS CONTROLS, ASSURANCE AND COMPLIANCE CLOUD SECURITY THROUGH COBIT, ISO 27001 ISMS CONTROLS, ASSURANCE AND COMPLIANCE Indranil Mukherjee Singapore ISC Pte Ltd Session ID: CLD T02 Session Classification: Intermediate Cloud Computing from a

More information

COBIT 5 Foundation Workshop. COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute

COBIT 5 Foundation Workshop. COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute COBIT 5 Foundation Workshop COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute COBIT 5: A Business Framework for the Governance and Management

More information

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net

More information

Understanding COBIT 5. based on ISACA Materials www.isaca.org/cobit. Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant

Understanding COBIT 5. based on ISACA Materials www.isaca.org/cobit. Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant Understanding COBIT 5 based on ISACA Materials www.isaca.org/cobit ISACA Silicon Valley Chapter Spring 1 Why COBIT is important

More information

COBIT Helps Organizations Meet Performance and Compliance Requirements

COBIT Helps Organizations Meet Performance and Compliance Requirements DISCUSS THIS ARTICLE COBIT Helps Organizations Meet Performance and Compliance Requirements By Sreechith Radhakrishnan, COBIT Certified Assessor, ISO/IEC 20000 LA, ISO/IEC 27001 LA, ISO22301 LA, ITIL Expert,

More information

2.1 MBI Framework 2.2 ITIL 2.3 COBIT

2.1 MBI Framework 2.2 ITIL 2.3 COBIT Extending MBI Model using ITIL and COBIT Processes DOI: 10.20470/jsi.v6i4.244 Sona Karkoskova 1, George Feuerlicht 1,2 1 Faculty of Informatics and Statistics University of Economics, Prague 2 Unicorn

More information

COBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview

COBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview COBIT 5 IACA s new framework for IT Governance, Risk, ecurity and Auditing An overview M. Garsoux COBIT 5 Licensed Training rovider Introduction rinciples rocesses Implementation upporting roducts Questions

More information

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE 1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH

More information

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT

More information

for Information Security

for Information Security for Information Security The following pages provide a preview of the information contained in COBIT 5 for Information Security. The publication provides guidance to help IT and Security professionals

More information

White Paper. COBIT 5 & BiSL

White Paper. COBIT 5 & BiSL White Paper COBIT 5 & BiSL This paper compares the scope and perspective of COBIT 5 and BiSL and shows how these two frameworks can be used in conjunction to assure that business information management

More information

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell. COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that

More information

Frameworks and related products that help professionals attain value from information systems.

Frameworks and related products that help professionals attain value from information systems. Frameworks and related products that help professionals attain value from information systems. Dear valued professional, In today s business landscape, executives must ensure that their IT is working as

More information

COBIT 5: an evolutionary framework and only framework to address the governance and management of enterprise IT

COBIT 5: an evolutionary framework and only framework to address the governance and management of enterprise IT COBIT 5: an evolutionary framework and only framework to address the governance and management of enterprise IT Slindile Khanyile 64 Jasper Hill, 309 1 st Road Midrand, 1686 +2772 026 2656 41998669@mylife.unisa.ac.za

More information

IT Governance Implementation Workshop

IT Governance Implementation Workshop IT Governance Implementation Workshop 3 Full day power packed workshop facilitated by Mr. Gary Allan Banister and Mr. Sreechith Radhakrishnan About the Programme Information is created, used, retained,

More information

COBIT & ITIL usage for SOX current and future

COBIT & ITIL usage for SOX current and future COBIT & ITIL usage for SOX current and future Robert E Stroud International Vice President ISACA Evangelist ITSM & IT Governance CA, Inc. Japan, November 8, 2007 Trademark Notice ITIL is a registered trademark

More information

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013 Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities

More information

Presentation on COBIT Education

Presentation on COBIT Education http://www.itpreneurs.com Presentation on COBIT Education Mastering COBIT with effective learning solutions Arjan Woertman ITpreneurs This COBIT product suite includes COBIT 4.0, which is used by permission

More information

Risk IT A set of guiding principles and. the first framework to help enterprises identify, govern and effectively manage IT risk.

Risk IT A set of guiding principles and. the first framework to help enterprises identify, govern and effectively manage IT risk. Risk IT A set of guiding principles and the first framework to help enterprises identify, govern and effectively manage IT risk. In business today, risk plays a critical role. Almost every business decision

More information

ITIL AND COBIT EXPLAINED

ITIL AND COBIT EXPLAINED ITIL AND COBIT EXPLAINED 1 AGENDA Overview of Frameworks Similarities and Differences Details on COBIT Framework (based on version 4.1) Details on ITIL Framework, focused mainly on version.2. Comparison

More information

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process Proceedings of FIKUSZ 13 Symposium for Young Researchers, 2013, 67-76 pp The Author(s). Conference Proceedings compilation Obuda University Keleti Faculty of Business and Management 2013. Published by

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI Gobierno de TI Enfrentando al Reto IT Facing the Challenge Everett C. Johnson, CPA International President ISACA and ITGI 1 Add titles Agenda Agenda IT governance keys IT governance focus areas: theory

More information

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2

More information

CONCEPTUAL MODEL OF IT GOVERNANCE FOR HIGHER EDUCATION BASED ON COBIT 5 FRAMEWORK

CONCEPTUAL MODEL OF IT GOVERNANCE FOR HIGHER EDUCATION BASED ON COBIT 5 FRAMEWORK CONCEPTUAL MODEL OF IT GOVERNANCE FOR HIGHER EDUCATION BASED ON COBIT 5 FRAMEWORK HERU NUGROHO Telkom University, Telkom Applied Science School, Department of Information Technology, Bandung E-mail: herunugroho@telkomuniversity.ac.id,

More information

EA vs ITSM. itsmf 15.4.2014

EA vs ITSM. itsmf 15.4.2014 EA vs ITSM itsmf 15.4.2014 EA vs ITSM SH Needs Business Goals 2 GOVERNANCE EVALUATE PLANNING ITSM IMPROVING OPERATING Business Programs Projects DEVELOPING EA IMPLEMENTING What is an enterprise in the

More information

Sound Transit Internal Audit Report - No. 2014-3

Sound Transit Internal Audit Report - No. 2014-3 Sound Transit Internal Audit Report - No. 2014-3 IT Project Management Report Date: Dec. 26, 2014 Table of Contents Page Background 2 Audit Approach and Methodology 2 Summary of Results 4 Findings & Management

More information

IT Management & Governance Diagnostic Program

IT Management & Governance Diagnostic Program IT & Governance Diagnostic Program Prepared for Sample IT Company This report was prepared by Info-Tech Research Group for Sample IT Company on 2015-05-20. Data is comprised of 6 responses. IT & Governance

More information

IT Governance: framework and case study. 22 September 2010

IT Governance: framework and case study. 22 September 2010 IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT

More information

Enabling Information PREVIEW VERSION

Enabling Information PREVIEW VERSION Enabling Information These following pages provide a preview of the information contained in COBIT 5: Enabling Information. The main benefit of this publication is that it provides COBIT 5 users with a

More information

2009 Solvay Brussels School and IT Governance institute

2009 Solvay Brussels School and IT Governance institute IT Governance Masterclass Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA International VP, IT Governance Institute Professor, Solvay Business School Managing Partner, ICT Control NV 1 Georges Ataya

More information

Auditors Need to Know June 13th, 2012. ISACA COBIT 5 for Assurance

Auditors Need to Know June 13th, 2012. ISACA COBIT 5 for Assurance COBIT 5 What s New, What Auditors Need to Know June 13th, 2012 Anthony Noble Viacom Inc. ISACA COBIT 5 for Assurance Task Force Chair Special thanks to Derek Oliver & ISACA for supplying material for this

More information

COBIT The comprehensive IT governance. framework that addresses every aspect of IT and integrates all of the main global IT standards.

COBIT The comprehensive IT governance. framework that addresses every aspect of IT and integrates all of the main global IT standards. COBIT The comprehensive IT governance framework that addresses every aspect of IT and integrates all of the main global IT standards. COBIT4.1 Does your enterprise s IT support the business? Is it aligned

More information

COBIT 5 Implementation Certification Course

COBIT 5 Implementation Certification Course COBIT 5 Implementation Certification Course About COBIT 5.0 Information is created, used, retained, disclosed and destroyed. Technology plays a key role in these actions and technology is becoming pervasive

More information

Moving Forward with IT Governance and COBIT

Moving Forward with IT Governance and COBIT Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around

More information

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen.

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen. COBIT 5 A Management Guide Other publications by Van Haren Publishing Van Haren Publishing (VHP) specializes in titles on Best Practices, methods and standards within four domains: - IT and IT Management

More information

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization Outside View of Increased Regulatory Requirements Regulatory compliance is often seen as sand in the gears requirements

More information

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Outline What is IT Service Management What is ISO 20000 Step by step implementation

More information

Strategic IT audit. Develop an IT Strategic IT Assurance Plan

Strategic IT audit. Develop an IT Strategic IT Assurance Plan Strategic IT audit Develop an IT Strategic IT Assurance Plan Speaker Biography Hans Henrik Berthing is Partner at Verifica and Senior Advisor & Associated Professor at Aalborg University. He is specialized

More information

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used

More information

Setting goals and measuring the value of Enterprise IT Architecture using COBIT 5 framework

Setting goals and measuring the value of Enterprise IT Architecture using COBIT 5 framework Setting goals and measuring the value of Enterprise IT Architecture using COBIT 5 framework Karoline Westerlund, IT-strategist Umeå University, Sweden retirement Service Catalogue Defined framework Formalized

More information

Impact of New Internal Control Frameworks

Impact of New Internal Control Frameworks Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com

More information

ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT

ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT Accounting and Management Information Systems Vol. 11, No. 1, pp. 44 55, 2012 ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT Pavel NĂSTASE 1 and Simona Felicia UNCHIAŞU

More information

TOGAF TOGAF & Major IT Frameworks, Architecting the Family

TOGAF TOGAF & Major IT Frameworks, Architecting the Family Fall 08 TOGAF TOGAF & Major IT Frameworks, Architecting the Family Date: February 2013 Prepared by: Danny Greefhorst, MSc., Director of ArchiXL TOGAF is a registered trademark of The Open Group. TOGAF

More information

TOGAF. TOGAF & Major IT Frameworks, Architecting the Family. by Danny Greefhorst, MSc., Director of ArchiXL. IT Governance and Strategy

TOGAF. TOGAF & Major IT Frameworks, Architecting the Family. by Danny Greefhorst, MSc., Director of ArchiXL. IT Governance and Strategy TOGAF TOGAF & Major IT Frameworks, Architecting the Family by Danny Greefhorst, MSc., Director of ArchiXL TOGAF is a registered trademark of The Open Group. Copyright 2013 ITpreneurs. All rights reserved.

More information

ITSM vs EA KAOS 10.3.2014

ITSM vs EA KAOS 10.3.2014 ITSM vs EA KAOS ITSM vs EA SH Needs Business Goals 2 GOVERNANCE EVALUATE PLANNING ITSM IMPROVING OPERATING Business Programs Projects DEVELOPING EA IMPLEMENTING IT service - ITIL 3 Lifecycle approach Service

More information

COBIT 4.1 TABLE OF CONTENTS

COBIT 4.1 TABLE OF CONTENTS COBIT 4.1 TABLE OF CONTENTS Executive Overview....................................................................... 5 COBIT Framework.........................................................................

More information

Somewhere Today, A Project is Failing

Somewhere Today, A Project is Failing Aligning CobiT and ITIL - The Business Benefit 2007 ISACA All rights reserved www.isaca.org Page - 1 Somewhere Today, A Project is Failing Chapter 1, Peopleware 2nd edition Tom DeMarco 2007 ISACA All rights

More information

Increasing IT Value and Reducing Risk. More for Less with COBIT5. IT Governance and Strategy

Increasing IT Value and Reducing Risk. More for Less with COBIT5. IT Governance and Strategy Increasing IT Value and Reducing Risk More for Less with COBIT5 Copyright 2012 ITpreneurs. All rights reserved. 1 COBIT 5 the Next Evolution 2 COBIT 5 Released in April 2012 COBIT5 is the eagerly awaited

More information

Governance and Management of Information Security

Governance and Management of Information Security Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information

More information

AN APPROACH TO DESIGN SERVICES KEY PERFORMANCE INDICATOR USING COBIT5 AND ITIL V3

AN APPROACH TO DESIGN SERVICES KEY PERFORMANCE INDICATOR USING COBIT5 AND ITIL V3 AN APPROACH TO DESIGN SERVICES KEY PERFORMANCE INDICATOR USING COBIT5 AND ITIL V3 1 Retno Ayu Widiyaningrum, 2 Kudang B Sminar, 3 Husniteja Sukmana Department of Computer Science, Bogor Agricultural University,

More information

This article describes how these seven enablers have contributed towards better information security management at HDFC Bank.

This article describes how these seven enablers have contributed towards better information security management at HDFC Bank. Information Security Management at HDFC Bank: Contribution of Seven Enablers By Vishal Salvi, CISM, and Avinash W. Kadam, CISA, CISM, CGEIT, CRISC, CBCP, CISSP, CSSLP HDFC Bank was incorporated in August

More information

Introduction to ITIL for Project Managers

Introduction to ITIL for Project Managers CSC NORTH AMERICAN PUBLIC SECTOR Introduction to ITIL for Project Managers May Chantilly Luncheon Linda Budiman, PMP ITILv2 & ITILv3 Process Architect ITIL Service Manager, CobiT certified 5/13/2008 8:08:45

More information

IT Compliance 24.09.2007. After Hours Seminar September 2007 Zurich. Improving IT Risk & Compliance Management (RCM)

IT Compliance 24.09.2007. After Hours Seminar September 2007 Zurich. Improving IT Risk & Compliance Management (RCM) IT Compliance 24.09. AHS After Hours Seminar Zurich Improving IT Risk & Compliance Management (RCM) Bruno J. Wiederkehr Member of the Board ISACA Switzerland Chapter Agenda 1. Understanding the RCM Requirements

More information

ITIL Foundation Course 2 - Introduction to ITSM

ITIL Foundation Course 2 - Introduction to ITSM ITIL Foundation Course 2 - Introduction to ITSM Lesson Slide 1 ITSM as a Practice Topics Discussed The Practice of IT Service Management Good Practice Service Service Management Process Model Practice

More information

Building A Framework-based Compliance Program. Richard E. Mackey, Jr. Vice President, SystemExperts Corp. dick.mackey@systemexperts.

Building A Framework-based Compliance Program. Richard E. Mackey, Jr. Vice President, SystemExperts Corp. dick.mackey@systemexperts. Building A Framework-based Compliance Program Richard E. Mackey, Jr. Vice President, SystemExperts Corp. dick.mackey@systemexperts.com Agenda The compliance process Assembling requirements Useful frameworks

More information

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013 Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013 AGENDA IT s Changing Landscape ISACA s Response Vision and Mission COBIT 5

More information

Certified Information Security Manager (CISM)

Certified Information Security Manager (CISM) Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security

More information

Trends in Information Technology (IT) Auditing

Trends in Information Technology (IT) Auditing Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan

More information

Information Technology Auditing for Non-IT Specialist

Information Technology Auditing for Non-IT Specialist Information Technology Auditing for Non-IT Specialist IIA Pittsburgh Chapter October 4, 2010 Agenda Introductions What are General Computer Controls? Auditing IT processes controls Understanding and evaluating

More information

ISACA Roundtable. Cobit and Grab@Pizza 7 september 2015

ISACA Roundtable. Cobit and Grab@Pizza 7 september 2015 1 ISACA Roundtable 7 september 2015 ISACA Roundtable Cobit and Grab@Pizza 7 september 2015 2015 KPN Corporate Market B.V. ISACA, is a registered trademark of the Information Systems Audit and Control Association

More information

Software Quality Standards and. from Ontological Point of View SMEF. Konstantina Georgieva

Software Quality Standards and. from Ontological Point of View SMEF. Konstantina Georgieva SMEF 10-11 June, 2010 Software Quality Standards and Approaches from Ontological Point of View Konstantina Georgieva Otto-von-Guericke University Magdeburg Department of Computer Science, Software Engineering

More information

Based on 2008 Survey of 255 Non-IT CEOs/Executives

Based on 2008 Survey of 255 Non-IT CEOs/Executives Based on 2008 Survey of 255 Non-IT CEOs/Executives > 50% Ranked ITG as very important > 75% of businesses consider ITG to be an integral part of enterprise governance, but the overall maturity level is

More information

ITIL 2011 Lifecycle Roles and Responsibilities UXC Consulting

ITIL 2011 Lifecycle Roles and Responsibilities UXC Consulting ITIL 2011 Lifecycle Roles and Responsibilities UXC Consulting Date November 2011 Company UXC Consulting Version Version 1.5 Contact info@uxcconsulting.com.au http://www.uxcconsulting.com.au This summary

More information

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction Contents Acknowledgments Introduction 1. Governance Overview How Do We Do It? What Do We 1 Get Out of It? 1.1 What Is It? 1 1.2 Back to Basics 2 1.3 Origins of Governance 3 1.4 Governance Definition 5

More information

SITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre

SITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre SITA Service Management Strategy Implementation Presented by: SITA Service Management Centre Contents What is a Service? What is Service Management? SITA Service Management Strategy Methodology Service

More information

The IT Infrastructure Library (ITIL)

The IT Infrastructure Library (ITIL) IT service management is often equated with the Information Technology Infrastructure Library (ITIL), even though there are a variety of standards and frameworks contributing to the overall ITSM discipline.

More information

CORPORATE INFORMATION AND TECHNOLOGY STRATEGY

CORPORATE INFORMATION AND TECHNOLOGY STRATEGY Version 1.1 CORPORATE INFORMATION AND TECHNOLOGY STRATEGY The City of Edmonton s Information and Technology Plan, 2013-2016 Bringing the Ways to Life through Information and Technology June 2013 2 Copyright

More information

D4.3 Professional training material foundation level

D4.3 Professional training material foundation level D4.3 Professional training material foundation level Internal Deliverable Document ID FedSM- D4.3 Status Deliverable Version Version 1.01 Author(s) Michael Brenner, Stefanie Grois Due M10 (30 Jun 2013)

More information

Global Technology Audit Guide. Auditing IT Governance

Global Technology Audit Guide. Auditing IT Governance Global Technology Audit Guide Auditing IT Governance Global Technology Audit Guide (GTAG ) 17 Auditing IT Governance July 2012 GTAG Table of Contents Executive Summary... 1 1. Introduction... 2 2. IT

More information

Information Security Management Systems

Information Security Management Systems Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector

More information

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey A Comparison of IT Governance & Control Frameworks in Cloud Computing Jack D. Becker ITDS Department, UNT & Elana Bailey ITDS Department, UNT MS in IS AMCIS 2014 August, 2014 Savannah, GA Presentation

More information

Project Management and ITIL Transitions

Project Management and ITIL Transitions Project Management and ITIL Transitions April 30 th 2012 Linda Budiman Director CSC 1 Agenda Thought Leadership: Linda Budiman What is ITIL & Project Management: Applied to Transitions Challenges & Successes:

More information

IT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP

IT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP IT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP 1 An executive view of governance Based on 2009 Survey of 255 Non-IT CEOs/Executives 50% Ranked ITG as very important 75% of

More information

Assessing & Managing IT Risk

Assessing & Managing IT Risk Assessing & Managing IT Risk ISACA Pittsburgh Chapter Meeting October 18, 2010 Agenda Introductions IT Risk Assessment An Approach That Makes Sense to IT Measuring Risk Determining Results Audit Planning

More information

Assessing & Managing IT Risks: Using ISACA's CobiT & Risk IT Frameworks

Assessing & Managing IT Risks: Using ISACA's CobiT & Risk IT Frameworks Assessing & Managing IT Risks: Using ISACA's CobiT & Risk IT Frameworks 2ο InfoCom Security Conference Anestis Demopoulos, Vice President ISACA Athens Chapter, & Senior Manager, Advisory Services, Ernst

More information

Best Practices. Dr. Gerald R. Gray Principal Technical Leader

Best Practices. Dr. Gerald R. Gray Principal Technical Leader Utility Enterprise Architecture: Best Practices Dr. Gerald R. Gray Principal Technical Leader Agenda Background Case Studies APQC-based Survey Application / Use 2 Background 2012 Utility CIO report While

More information

WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER

WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER MAY 2012 INDEX 1 Introduction... 1 2 Contextual background... 3 2.1 The CobiT 5 framework (2012)... 4 2.2 The ISO 27000 series (2005,

More information

IT Risk Management Life Cycle and enabling it with GRC Technology

IT Risk Management Life Cycle and enabling it with GRC Technology IT Risk Management Life Cycle and enabling it with GRC Technology Debbie Lew (debbie.lew@ey.com), Senior Manager, E&Y Steven Jones (steven.jones@ey.com), Senior Manager, E&Y Overview 1. What is risk management?

More information

ISO 21500: Did we need it? A Consultant's Point of View after a first experience. Session EM13TLD04

ISO 21500: Did we need it? A Consultant's Point of View after a first experience. Session EM13TLD04 ISO 21500: Did we need it? A Consultant's Point of View after a first experience Session EM13TLD04 Maria Cristina Barbero, MBA, PMI-ACP, PMP Nexen SPA PMI is a registered trade and service mark of the

More information

How To Deploy And Sustain Data Governance by John Ladley

How To Deploy And Sustain Data Governance by John Ladley How To Deploy And Sustain Data Governance by John Ladley All rights reserved. Reproduction in whole or part prohibited except by written permission. Product and company names mentioned herein may be trademarks

More information

IT Governance Regulatory. P.K.Patel AGM, MoF

IT Governance Regulatory. P.K.Patel AGM, MoF IT Governance Regulatory Perspective P.K.Patel AGM, MoF Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation

More information

Phil Marshall Black Duck Software. 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved.

Phil Marshall Black Duck Software. 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved. Open Source Component Governance and Management Using COBIT Phil Marshall Black Duck Software 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved. Welcome Type in questions using the Ask A Question

More information

The MSS Approach to BPM

The MSS Approach to BPM The MSS Approach to BPM Ryan McMahon, PMP MSS Management Consulting Agenda BPM defined MSS BPM Offerings and Approach Key BPM Benefits Q&A - Improve the Big Picture - Identify Problem Areas and Bottlenecks

More information

Practical Approaches to Achieving Sustainable IT Governance

Practical Approaches to Achieving Sustainable IT Governance Practical Approaches to Achieving Sustainable IT Governance Beyond Mandates: Getting to Sustainable IT Governance Best Practices Agenda IT Governance Definition IT Governance Principles IT Governance Decisions

More information

Proceedings of the 34th Hawaii International Conference on System Sciences - 2001

Proceedings of the 34th Hawaii International Conference on System Sciences - 2001 Aligning Business and Information Technology through the Balanced Scorecard at a Major Canadian Financial Group: its Status Measured with an IT BSC Maturity Model Wim Van Grembergen University of Antwerp

More information

IS Audit and Assurance Guideline 2202 Risk Assessment in Planning

IS Audit and Assurance Guideline 2202 Risk Assessment in Planning IS Audit and Assurance Guideline 2202 Risk Assessment in Planning The specialised nature of information systems (IS) audit and assurance and the skills necessary to perform such engagements require standards

More information

Company size matters: Perspectives on IT Governance

Company size matters: Perspectives on IT Governance www.pwc.com/ca/technology-consulting Company size matters: Perspectives on IT Governance versus large Canadian organizations and IT Governance PwC conducted research for the 4th edition of the IT Governance

More information

Auditing IT Governance Steve Hunt October 11, 2012

Auditing IT Governance Steve Hunt October 11, 2012 Auditing IT Governance Steve Hunt October 11, 2012 Agenda What is IT Governance Benefits of IT Governance IIA Governance Model IIA Standards and Strategic Value Role of Internal Audit 2 What is IT Governance

More information

COBIT 5 Process Assessment Method (PAM) Debra Mallette, CGEIT, CISA, CSSBB Governance Risk and Compliance -G22

COBIT 5 Process Assessment Method (PAM) Debra Mallette, CGEIT, CISA, CSSBB Governance Risk and Compliance -G22 COBIT 5 Process Assessment Method (PAM) Debra Mallette, CGEIT, CISA, CSSBB Governance Risk and Compliance -G22 Session Objectives Why Assess Process Capability COBIT 5 Process Assessment Model Relationship

More information

itsmf USA Problem Management Community of Interest

itsmf USA Problem Management Community of Interest itsmf USA Problem Management Community of Interest How to Assess and Improve Your Problem Management Process Moderator John Clipp Speaker Ted Gaughan Problem Management SIG President ITSM Practice Lead

More information

ITIL Introduction and Overview & ITIL Process Map

ITIL Introduction and Overview & ITIL Process Map ITIL Introduction and Overview & ITIL Process Map Barbara Re 1 Where we are? IT organization has a long trouble to improve service level to their customers without adding cost, reducing quality or introducing

More information