How to enhance Trust and Value by using COBIT:

Transcription

1 How to enhance Trust and Value by using COBIT: Governance and Management Framework CA A.Rafeq, FCA, CISA, CGEIT, CIA, CCSA Managing Director, Wincer Infotech Limited Past President, ISACA, Bangalore Chapter Bangalore, 23 rd July

2 Session Agenda Need for integrator framework encompassing Management and Governance of IT What are key principles, drivers, business benefits and key features of COBIT 5? How COBIT 5 enablers meets stakeholder needs? How COBIT 5 integrates Governance and Management to enhance Trust and value? How to implement COBIT 5/migrate from COBIT 4.1 to COBIT 5. 2

3 Need for integrator framework encompassing Management and Governance of IT 3

4 COBIT 5 Objectives COBIT 5 will: Provide a renewed and authoritative governance and management framework for enterprise information and related technology, building on the current widely recognized and accepted COBIT framework, linking together and reinforcing all other major ISACA frameworks and guidance such as: Val IT Risk IT BMIS ITAF Board Briefing Taking Governance Forward Connect to other major frameworks and standards in the marketplace (ITIL, ISO standards, etc.) 4 4

5 What Will Be Delivered? An enterprisewide, end-to-end framework addressing governance and management of information and related technology The framework structure will include familiar components such as a domain/process model and other components such as governance/management practices, RACI charts and inputs/outputs. An initial COBIT 5 product architecture, identifying the types of products and other guidance that could be developed for specific IT professional audiences (e.g., assurance, security, risk) in support of enterprise business needs 5

6 What are key principles, drivers, business benefits and key features of COBIT 5? 6

7 COBIT 5 Principles 7

8 COBIT 5 Architecture 8

9 Governance Objective 9

10 Enabler-based COBIT 5 Enablers Systemic Model With Interacting Enablers 10

11 Process Enabler Model 11

12 How COBIT 5 enablers meets stakeholder needs? 12

13 INTERNAL STAKEHOLDERS Board, CEO, Chief financial officer (CFO), Chief information officer (CIO), Business executives, Business process owners, Business managers, Risk managers, Security managers, Service managers, HR managers, Internal audit, Privacy officers, IT users, IT managers, etc. INTERNAL STAKEHOLDER NEEDS Did I address all IT-related risks? Am I running an efficient and resilient IT operation? How do I control cost of IT? How do I use IT resources in the most effective and efficient manner? What are the most effective and efficient sourcing options? Do I have enough people for IT? How do I develop and maintain their skills, and how do I manage their performance? How do I get assurance over IT? Is the information I am processing well secured? How do I improve business agility through a more flexible IT environment? Is it clear what IT is doing? How often do IT projects fail to deliver what they promised? How critical is IT to sustaining the enterprise? 13

14 EXTERNAL STAKEHOLDERS Business partners Suppliers Shareholders Regulators/Government External users Customers Standard Setters External auditors Consultants, etc. EXTERNAL STAKEHOLDER NEEDS How do I know my business partner s operations are secure and reliable? How do I know the organisation is compliant with applicable rules and regulations? How do I know the enterprise is maintaining an effective system of internal control? 14

15 Benefits of Using COBIT 5 Enterprise-wide benefits: Increased value creation through effective governance and management of enterprise information and technology assets Increased business user satisfaction with IT engagement and services IT seen as a key enabler. Increased compliance with relevant laws, regulations and policies IT function becomes more business focused Increases the COBIT 5 users contribution to the enterprise 15

16 Benefits to different stakeholders Enterprise Leadership Boards Executive Management Enterprise Management Other Stakeholders IT Professionals Consultants Assurance Auditors Security Risk and Control Risk and Control Finance Enterprise Functional Department Management Business Analysts Compliance Finance HR Operations Quality Regulators or Legislators Risk Others 16

17 Enterprise Leadership COBIT 5 is a major renovation of the only globally accepted IT governance framework available, and allows you to create optimal value from enterprise IT. COBIT 5 provides complete, consistent and easily navigable guidance to help enterprises effectively govern their IT, as well as comply with increasing legal, regulatory and contractual obligations. COBIT 5 helps enterprises manage IT-related risk and ensures compliance, continuity, security and privacy. COBIT 5 enables clear policy development and good practice for IT management including increased business user satisfaction. 17

18 IT Professionals COBIT 5 has a complete, consistent and easily navigable format that promotes access of information, functionality and user satisfaction. COBIT 5 consolidates all major ISACA frameworks and research, and aligns with other major frameworks and standards in the marketplace, becoming one single overarching framework enabling greater efficiencies with time and utilization. COBIT 5 gives you the tools necessary to help you understand, utilize, implement and direct important ITrelated activities, and make more informed decisions through simplified navigation and use. 18

19 Enterprise Functional Department Management COBIT 5 helps functional business areas be the drivers for change as the IT function has become more business-focused. COBIT 5 helps in your job and your career by improving your ability to deal with IT-related business issues. COBIT 5 provides opportunities to learn; facilitating interaction and collaboration with IT professionals within your enterprise. 19

20 How COBIT 5 integrates Governance and Management to enhance Trust and value? 20

21 Governance and Management Processes 21

22 The COBIT 5 Framework An initial publication introduces, defines and describes the components that make up the COBIT Framework Principles Architecture Enablers Introduction to implementation guidance and the COBIT process assessment approach 22

23 Process Reference Guide A separate publication that expands on the processenabler model Contains full details of the COBIT processes in a similar way to the process documentation in COBIT

24 Process Reference Model How many processes now? 36! 24

25 Structure of COBIT 5 1. Process identification On the first page of each process description, the following information is identified: Process label, consisting of the domain prefix (EDM, APO, BAI, DSS, MEA) and the process number Process name A short description, indicating the main subject of the process Area of the process Governance or management Domain name 2. Process description Describes the process in more detail. A short paragraph, containing an: Overview of what the process does, i.e., the purpose of the process Overview at a very high level of how the process accomplishes the purpose 3. Process purpose statement Describes the overall purpose of the process in a short paragraph 4. Goals cascade information, represented by two tables containing the following information: IT related goals Reference and description of the IT related goals that are supported by the process, an indicator (P/S) of the extent to which the process is a P(rimary) or S(econdary) support for the IT related goal, and metrics to measure the achievement of the IT related goals Process goals and metrics For each process a limited number of process goals is included, and for each process goal a limited number of example metrics is listed, meaning that there is a clear relationship between the goals and the metrics. 5. RACI chart, containing a suggested assignment of level of responsibility for process practices to different roles and structures. The different levels of involvement are represented by the characters R(esponsible), A(ccountable), C(onsulted) and I(nformed). 6. Detailed description of the process practices, containing for each practice: Practice title and description Practice inputs and outputs, with indication of origin and destination Process activities 25

26 26

27 27

28 28

29 29

30 How to implement COBIT 5/ migrate from COBIT 4.1 to COBIT 5? 30

31 Implementation Guidance Making a business case for the implementation and improvement of the governance and management of IT Recognising typical pain points and trigger events The creation of the right environment for implementation Leveraging COBIT to identify gaps and guide the development of enablers such as policies, processes, principles, organisationalstructures and roles and responsibilities 31

32 Consider the Enterprise Context Ethics and culture Applicable laws, regulations and policies Mission, vision and values Governance policies and practices Business plan and strategic intentions Operating model and level of maturity Management style Risk appetite Capabilities and available resources Industry practices 32

33 Adapt A Life Cycle Approach 1. The core continual improvement life cycle this is not a one-off project 2. The enablement of change (addressing the behavioural and cultural aspects) 3. The management of the programme 33

34 Implementation Phases A separate publication Based on the current implementation guidance publication 34

35 The Road Ahead As COBIT 5 initiative progresses throughout 2011 and 2012 there will be periodic updates provided: On the ISACA web site: In the COBIT Focus newsletter 35 35

36 36