COBIT for IT Governance

Similar documents
COBIT 5 Introduction. 28 February 2012

Chayuth Singtongthumrongkul

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP

COBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK

INFORMATION TECHNOLOGY FLASH REPORT

Understanding COBIT 5. based on ISACA Materials Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant

Roles, Activities and Relationships

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.

IT Governance Implementation Workshop

COBIT 5 Foundation Workshop. COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute

CLOUD SECURITY THROUGH COBIT, ISO ISMS CONTROLS, ASSURANCE AND COMPLIANCE

How To Use Risk It

Increasing IT Value and Reducing Risk. More for Less with COBIT5. IT Governance and Strategy

Enabling Information PREVIEW VERSION

for Information Security

COBIT Helps Organizations Meet Performance and Compliance Requirements

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

White Paper. COBIT 5 & BiSL

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30

COBIT 4.1 TABLE OF CONTENTS

Revised October 2013

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process

2009 Solvay Brussels School and IT Governance institute

IS Audit and Assurance Guideline 2202 Risk Assessment in Planning

GLOBAL STANDARD FOR INFORMATION MANAGEMENT

IT Compliance After Hours Seminar September 2007 Zurich. Improving IT Risk & Compliance Management (RCM)

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA

PwC Luxembourg. Models for the governance of your investments with Portfolio Management September 2009

Setting goals and measuring the value of Enterprise IT Architecture using COBIT 5 framework

Somewhere Today, A Project is Failing

This article describes how these seven enablers have contributed towards better information security management at HDFC Bank.

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

Presentation on COBIT Education

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

Assessing & Managing IT Risks: Using ISACA's CobiT & Risk IT Frameworks

CONCEPTUAL MODEL OF IT GOVERNANCE FOR HIGHER EDUCATION BASED ON COBIT 5 FRAMEWORK

2. Alignment. 3. Financial Benefits. 4. Non-financial Benefits. 5. Risk

Enterprise Security Architecture

Internal Control Integrated Framework. May 2013

IT Governance Regulatory. P.K.Patel AGM, MoF

ESKISP Conduct security testing, under supervision

S11 - Implementing IT Governance An Introduction Debra Mallette

Strategic IT audit. Develop an IT Strategic IT Assurance Plan

The IT Infrastructure Library (ITIL)

Overview TECHIS Carry out security testing activities

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA

Auditors Need to Know June 13th, ISACA COBIT 5 for Assurance

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

Governance and Management of Information Security

U.S. CFO Program The Four Faces of the CFO Deloitte Touche Tohmatsu

Using COSO Small Business Guidance for Assessing Internal Financial Controls

Certified Information Security Manager (CISM)

Public Service Corporate Governance of Information and Communication Technology Policy Framework

Supply chain maturity study Comparator report HSCNI

Enterprise Architecture at Work

Information Security and Risk Management

CobiT Strategy and Long Term Vision

IS Audit and Assurance Guideline 2402 Follow-up Activities

COBIT 5 Implementation Certifi cate. Training Course & Exam

ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT

COBIT 5 Process Assessment Method (PAM) Debra Mallette, CGEIT, CISA, CSSBB Governance Risk and Compliance -G22

ITIL : the basics. Valerie Arraj, Compliance Process Partners LLC. White Paper July 2013

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

AN APPROACH TO DESIGN SERVICES KEY PERFORMANCE INDICATOR USING COBIT5 AND ITIL V3

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013

ENTERPRISE RISK MANAGEMENT FRAMEWORK WHAT IS ERM? JOIN. ENGAGE. LEAD.

Assessing & Managing IT Risk

IT Governance A Framework for Performance and Compliance

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

Moving Forward with IT Governance and COBIT

Preliminary Reference Guide for Software as a Service (SaaS)

ISACA Roundtable. Cobit and 7 september 2015

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization

Information Security Management Systems

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see

IT Governance: framework and case study. 22 September 2010

Trends in Information Technology (IT) Auditing

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

BUSINESS CONTINUITY MANAGEMENT POLICY

WHITE PAPER IT SERVICE MANAGEMENT IT SERVICE DESIGN 101

TOGAF. TOGAF & Major IT Frameworks, Architecting the Family. by Danny Greefhorst, MSc., Director of ArchiXL. IT Governance and Strategy

TITOLO V - Capitolo 9 - LA CONTINUITÀ OPERATIVA Accountable: Board

WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER

COBIT 5 Implementation Certification Course

Focus. The newsletter dedicated to the COBIT user community. Applying COBIT With Limited Resources. By Matthew Altman

INFORMATION SECURITY & GOVERNANCE SYSTEMS AND IT INFRASTRUCTURE INFOSEC & TECHNOLOGY TRAINING. forebrook

EA vs ITSM. itsmf

COBIT 5 IMPLEMENTATION SYLLABUS

Transcription:

COBIT for IT Governance -Sanjiv Agarwala, CISSP,CISA,CISM,CGEIT,ITIL,MBCI Director, Trainer and Principal Consultant Oxygen Consulting Services Pvt. Ltd. sanjiv.agarwala@o2csv.com ska262001@yahoo.co.in

IT Governance issue in Banking environment: Major IT development projects need to be aligned with business strategy IT-enabled investment programmes and other IT assets and services to ascertain that they deliver the greatest possible value in supporting the bank's strategy and objectives IT function supports robust and comprehensive Management Information System in respect of various business functions as per the needs of the business that facilitate decision making by management Tools such as IT balanced scorecard may be considered for implementation, with approval from key stakeholders

Project management and quality assurance steps should be implemented to ensure systems are delivered on time, to cost and with the necessary level of functionality Periodical review of all non-performing or irrelevant IT projects in the bank, if any, and taking suitable actions IT management needs to assess IT risks and suitably mitigate them. Bank s risk management processes for its e-banking activities are integrated into its overall risk management approach. Note: RBI has made a reference to COBIT as a framework that can be considered for IT Governance (page 6 of the RBI guidelines on Information security, Electronic Banking, Technology risk management and cyber frauds)

COBIT: Governance of Enterprise IT (GEIT) Evolution of scope IT Governance Management Control Audit Val IT 2.0 (2008) Risk IT (2009) COBIT1 COBIT2 COBIT3 COBIT4.0/4.1 1996 1998 2000 2005/7 2012 A business framework from ISACA, at www.isaca.org/cobit Source: COBIT 5 Introduction Presentation 2012 ISACA All rights reserved.

COBIT5 Framework and Overview COBIT stands for Control OBjectives for IT and related standards COBIT 5 enables information and related technology to be governed and managed in a holistic manner for the entire enterprise, taking in the full end-toend business and functional areas of responsibility, considering the IT-related interests of internal and external stakeholders. The COBIT 5 principles and enablers are generic and useful for enterprises of all sizes, whether commercial, not-for-profit or in the public sector. Simply stated, COBIT 5 helps enterprises create optimal value from IT by maintaining a balance between realising benefits and optimising risk levels and resource use. COBIT 5 brings together the five principles that allow the enterprise to build an effective governance and management framework based on a holistic set of seven enablers that optimises information and technology investment and use for the benefit of stakeholders.

COBIT5 Principles Source: COBIT 5, figure 12. 2012 ISACA All rights reserved.

Principle 1. Meeting Stakeholder Needs Enterprises exist to create value for their stakeholders. Source: COBIT 5, figure 3. 2012 ISACA All rights reserved. 7

1. Meeting Stakeholder Needs (cont.) Principle 1. Meeting Stakeholder Needs: Stakeholder needs have to be transformed into an enterprise s practical strategy. The COBIT 5 goals cascade translates stakeholder needs into specific, practical and customised goals within the context of the enterprise, IT-related goals and enabler goals. Source: COBIT 5, figure 4. 2012 ISACA All rights reserved. 8

Principle 2. Covering the Enterprise End-to-end: COBIT 5 addresses the governance and management of information and related technology from an enterprisewide, end-to-end perspective. This means that COBIT 5: Integrates governance of enterprise IT into enterprise governance, i.e., the governance system for enterprise IT proposed by COBIT 5 integrates seamlessly in any governance system because COBIT 5 aligns with the latest views on governance. Covers all functions and processes within the enterprise; COBIT 5 does not focus only on the IT function, but treats information and related technologies as assets that need to be dealt with just like any other asset by everyone in the enterprise. Source: COBIT 5 Introduction Presentation 2012 ISACA All rights reserved. 9

Principle 3. Applying a Single Integrated Framework: COBIT 5 aligns with the latest relevant other standards and frameworks used by enterprises: Enterprise: COSO, COSO ERM, ISO/IEC 9000, ISO/IEC 31000 IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, PMBOK/PRINCE2, CMMI This allows the enterprise to use COBIT 5 as the overarching governance and management framework integrator. ISACA plans a capability to facilitate COBIT user mapping of practices and activities to third-party references. Source: COBIT 5 Introduction Presentation 2012 ISACA All rights reserved. 10

Principle 4. Enabling a Holistic Approach COBIT 5 enablers are: Factors that, individually and collectively, influence whether something will work in the case of COBIT, governance and management over enterprise IT Driven by the goals cascade, i.e., higher-level IT-related goals define what the different enablers should achieve Described by the COBIT 5 framework in seven categories Source: COBIT 5 Introduction Presentation 2012 ISACA All rights reserved. 11

Principle 4. Enabling a Holistic Approach Source: COBIT 5, figure 12. 2012 ISACA All rights reserved. 12

Principle 5. Separating Governance From Management: The COBIT 5 framework makes a clear distinction between governance and management. These two disciplines: Encompass different types of activities Require different organisational structures Serve different purposes Governance In most enterprises, governance is the responsibility of the board of directors under the leadership of the chairperson. Management In most enterprises, management is the responsibility of the executive management under the leadership of the CEO. Source: COBIT 5 Introduction Presentation 2012 ISACA All rights reserved. 13

COBIT5 Difference between Governance and Management Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed-on direction and objectives (EDM). Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM). Source: COBIT 5 Introduction Presentation 2012 ISACA All rights reserved.

COBIT 5: Enabling Processes COBIT 5: Enabling Processes complements COBIT 5 and contains a detailed reference guide to the processes that are defined in the COBIT 5 process reference model: In Chapter 2, the COBIT 5 goals cascade is recapitulated and complemented with a set of example metrics for the enterprise goals and the IT-related goals. In Chapter 3, the COBIT 5 process model is explained and its components defined. Chapter 4 shows the diagram of this process reference model. Chapter 5 contains the detailed process information for all 37 COBIT 5 processes in the process reference model. Source: COBIT 5 Introduction Presentation 2012 ISACA All rights reserved. 15

COBIT 5: Enabling Processes (cont.) Source: COBIT 5, figure 16. 2012 ISACA All rights reserved. 16

Governance in COBIT 5 The COBIT 5 process reference model subdivides the ITrelated practices and activities of the enterprise into two main areas governance and management with management further divided into domains of processes The GOVERNANCE domain contains five governance processes; within each process, evaluate, direct and monitor (EDM) practices are defined. 01 Ensure governance framework setting and maintenance. 02 Ensure benefits delivery. 03 Ensure risk optimisation. 04 Ensure resource optimisation. 05 Ensure stakeholder transparency. The four MANAGEMENT domains are in line with the responsibility areas of plan, build, run and monitor (PBRM).

References: 1. Guidelines on Information security, Electronic Banking, Technology risk management and cyber frauds (RBI) 2. COBIT: www.isaca.org

COBIT for IT Governance -Sanjiv Agarwala, CISSP,CISA,CISM,CGEIT,ITIL,MBCI Director, Trainer and Principal Consultant Oxygen Consulting Services Pvt. Ltd. sanjiv.agarwala@o2csv.com ska262001@yahoo.co.in

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information