Understanding COBIT 5. based on ISACA Materials Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant

Transcription

1 Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant Understanding COBIT 5 based on ISACA Materials ISACA Silicon Valley Chapter Spring 1

2 Why COBIT is important What COBIT 5 is n n n n Framework Implementation Life Cycle Process Reference Model Process Assessment Method How to use COBIT Session Objectives What is different about COBIT 5 vs. COBIT 4.1 ISACA Silicon Valley Chapter Spring 2

3 ISACA Silicon Valley Chapter Spring 3

4 Why is COBIT important to Your Enterprise? IT audit and assurance de-facto standard Governance, Risk and Compliance Information Security Business value focused IT Process Framework ITIL, CMMI and PMBOK synergies Governance and Management processes How to monitor, evaluate, assess and improve business process performance ISACA Silicon Valley Chapter Spring 4

5 Achieve Operational Excellence COBIT Framework to Achieve Business Goals Generate Business Value Optimize Costs Make Quality Business Decisions Maintain acceptable level of IT-related risk Information Technology ISACA Silicon Valley Chapter Spring 5

6 A Business Framework for the Governance and Management of Enterprise IT Five Principles Seven Enablers Governance and Management Implementation Lifecycle Assessment Approach ISACA Silicon Valley Chapter Spring Page:6

7 Evolution of scope Now a Complete Framework! Governance of Enterprise IT IT Governance Management Val IT 2.0 (2008) Control Risk IT (2009) Audit COBIT 1 COBIT 2 COBIT 3 COBIT 4.0/4.1 COBIT /7 ww.isaca.org/cobit 2012 ISACA Silicon Valley Chapter Spring Page:7

8 1. Meeting Stakeholder Needs COBIT 5 Five Principles 5. Separating Governance From Management COBIT 5 Principles 2. Covering the Enterprise End-to-End 4. Enabling a Holistic Approach 3. Applying a Single Integrated Framework ISACA Silicon Valley Chapter Spring 8

9 Stakeholder Needs Principle 1. Meeting Stakeholder Needs Drive Governance Objective: Create Value Benefits Realization Risk Optimization Resource Optimization ISACA Silicon Valley Chapter Spring 9

10 Stakeholder Needs Drive Influences Governance Objective: Create Value Benefits Realization Risk Optimization Resource Optimization Enterprise Goals IT Related Goals Enabler Goals Cascades to Cascades to ISACA Silicon Valley Chapter Spring 10

11 Benefits Realization Principle 2. Covering the Enterprise End-to-End Governance Objective: Create Value Risk Optimization Resource Optimization Governance Enablers Governance Scope Roles, Activities and Relationships ISACA Silicon Valley Chapter Spring 11

12 Owners and Stakeholders Accountable Delegate Governing Body Monitor Management Report Principle 2: Roles, Activities and Relationships Set Direction ISACA Silicon Valley Chapter Spring Instruct and Align Operations and Execution 12

13 Principle 3: Applying a Single Integrated Framework Diagram excerpt from COBIT 5 Essential Facts - Fact 4: COBIT 5 brings order to complex standards, regulations and frameworks ISACA Silicon Valley Chapter Spring 13

14 Principle 4. Enabling a Holistic Approach Processes Organizational Structures Culture, Ethics and Behavior Principles, Policies and Frameworks Information Services Infrastructure Applications RESOURCES ISACA Silicon Valley Chapter Spring People, Skills and Competencies 14

15 Enablers and Performance Stakeholders Internal External Goals Intrinsic Context Accessibility and Security Life Cycle Plan Design Build Use Evaluate Dispose Good Practices Practices Work Products Addressed? Achieved? Goal Indicator Metrics Managed? ISACA Silicon Valley Chapter Spring Applied? Practice Indicator Metrics 15

16 Governance Direct Business Needs Evaluate Management Feedback Principle 5: Monitor Management Plan (Align, Plan, Organize) Build (Build, Acquire Implement) Run (Deliver, Service, Support) Monitor (Monitor, Evaluate, Assess) ISACA Silicon Valley Chapter Spring 16

17 Implementation Lifecycle ISACA Silicon Valley Chapter Spring Page:17

18 Process Capability Assessment Approach Detailed guidance for COBIT 5 ISO/IEC Compliant method COBIT 5 Enabling Processes are defined as ISO/IEC compliant process reference model Raises bar incomplete process if there is not evidence (metrics and work products) that purpose/goals are largely achieved Aligns with ITIL TIPA Assessment method ISACA Silicon Valley Chapter Spring 18

19 COBIT 5 PAM Optimizing Predictable Established Managed Performed Incomplete Capability Measurement System PRM Purpose Outcomes Base Practices Work Products

20 ISACA Silicon Valley Chapter Spring COBIT 5 Enabling Processes Goals Cascade Process model explanation Diagram of Model Details for 37 Processes: n Purpose n Practices n Goals & Metrics n Activities & RACI n Work Products Page:20

21 COBIT 5 Domains and Processes ISACA Silicon Valley Chapter Spring 21

22 COBIT4.1 Framework Slide 22

23 COBIT 4.1 v.s COBIT 5 COBIT 4.1 COBIT 5.0 Governance embedded No Val IT and Risk IT 5 Principles Principle-driven approach IT Management and Audit focus Bridge from COBIT 4.1 Enablers developed as Pulled ISACA Silicon Valley Chapter Spring 23

24 Summary ISACA Silicon Valley Chapter Spring 24

25 ISACA Silicon Valley Chapter Spring Page:25

26 Thanks! Great ideas need landing gear as well as wings. ~C.D. Jackson ISACA Silicon Valley Chapter Spring Page:26