COBIT 5 Framework Patrick Soenen

Similar documents
COBIT 5 Introduction. 28 February 2012

Roles, Activities and Relationships

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP

COBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

INFORMATION TECHNOLOGY FLASH REPORT

Chayuth Singtongthumrongkul

Revised October 2013

COBIT Helps Organizations Meet Performance and Compliance Requirements

ISACA Roundtable. Cobit and 7 september 2015

for Information Security

Auditors Need to Know June 13th, ISACA COBIT 5 for Assurance

CLOUD SECURITY THROUGH COBIT, ISO ISMS CONTROLS, ASSURANCE AND COMPLIANCE

Was muss ein Unternehmen im Griff haben, wenn es IT einsetzt? Jimmy Heschl

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process

Governance. as a tool for Architects. Tuesday, 6 November, 12

COBIT 5 Foundation Workshop. COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute

AN APPROACH TO DESIGN SERVICES KEY PERFORMANCE INDICATOR USING COBIT5 AND ITIL V3

Understanding COBIT 5. based on ISACA Materials Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant

PwC Luxembourg. Models for the governance of your investments with Portfolio Management September 2009

White Paper. COBIT 5 & BiSL

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

Sound Transit Internal Audit Report - No

EA vs ITSM. itsmf

COBIT 5 Process Assessment Method (PAM) Debra Mallette, CGEIT, CISA, CSSBB Governance Risk and Compliance -G22

Setting goals and measuring the value of Enterprise IT Architecture using COBIT 5 framework

Information System Project Management Context (IS PM 2. lecture, 2012)

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

Course Catalogue 2015

The IT Infrastructure Library (ITIL)

Founda'onal IT Governance A Founda'onal Framework for Governing Enterprise IT Adapted from the ISACA COBIT 5 Framework

WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER

CONCEPTUAL MODEL OF IT GOVERNANCE FOR HIGHER EDUCATION BASED ON COBIT 5 FRAMEWORK

An Implementation Roadmap

Company size matters: Perspectives on IT Governance

How To Compare Itil To Togaf

Director: Improvement and Corporate Services. Improvement & Corporate Services

Integrated Information Management Systems

BCS Specialist Certificate in Business Relationship Management Syllabus. Version 1.9 March 2015

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA

An IT Governance Framework for Universities in Spain

2009 Solvay Brussels School and IT Governance institute

IT Governance. What is it and how to audit it. 21 April 2009

Preliminary Reference Guide for Software as a Service (SaaS)

The Governance of Enterprise Information and Information Technology Challenges and Approaches

Quality Manual ISO 9001:2015 Quality Management System

iso20000templates.com

IS Audit and Assurance Guideline 2202 Risk Assessment in Planning

ITAG RESEARCH INSTITUTE

Increasing IT Value and Reducing Risk. More for Less with COBIT5. IT Governance and Strategy

IT Governance Implementation Workshop

Strategic IT audit. Develop an IT Strategic IT Assurance Plan

HOW COBIT CAN COMPLEMENT ITIL TO ACHIEVE BIT

Somewhere Today, A Project is Failing

Enterprise Architecture at Work

IT Governance Regulatory. P.K.Patel AGM, MoF

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

JOB PROFILE. For more detailed information about Internal Affairs, go to our website:

IS Audit and Assurance Guideline 2402 Follow-up Activities

An Enterprise Architecture and Data quality framework

The linchpin between Corporate Governance and IT Governance

Advanced Topics for TOGAF Integrated Management Framework

Principles of IT Governance

Ann Geyer Tunitas Group. CGEIT Domains

Enterprise Architecture: A Governance Framework

RMBC s Governance Framework for Significant Partnerships

S11 - Implementing IT Governance An Introduction Debra Mallette

WHITE PAPER IT SERVICE MANAGEMENT IT SERVICE DESIGN 101

COBIT 4.1 TABLE OF CONTENTS

Intelligent Customer Function (ICF)

Governing and optimising the design, build and run of new generation IT services

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

IT Governance Charter

Governance and Management of Information Security

Beyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist

Quick Guide: Meeting ISO Requirements for Asset Management

Introduction to ITIL for Project Managers

The Asset Management Landscape

Manchester City Council Role Profile. Enterprise Architect, Grade 12

IT Governance: framework and case study. 22 September 2010

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

INTRODUCTION TO ISO 9001 REVISION - COMMITTEE DRAFT

Point of sale 22 Success Secrets - 22 Most Asked Questions On Point of sale - What You Need To Know. Copyright by Henry Alford

Moving Forward with IT Governance and COBIT

ESKITP Implement procedures and standards relating to metrics for IT service delivery

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK

Patrick Bossert Director of Asset Information September

Reputation and the Board. Guidance for PR Consultants and Board Directors

ITIL Service Lifecycles and the Project Manager

Universal Service Definition in the Context of Service

SITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre

Job No. (Office Use) Directorate Corporate Services Department Programme Management Office Reports to (Job Title) If No state reason

A Managed Storage Service on a Hybrid Cloud

Benchmark of controls over IT activities Report. ABC Ltd

Transcription:

COBIT 5 Framework Patrick Soenen Presentation based on COBIT 5 Exposure Draft 2011 ISACA ISACA has designed COBIT 5 : The Framework as an educational resource for control professionals Reproduction only for academic non commercial use 1

A governance and management framework for information and related technology that starts from stakeholder needs with regard to information and technology. The COBIT 5 framework is intended for all enterprises, including non-profit and public sector. Today enterprises need to achieve increased: Value creation through enterprise IT; Business user satisfaction with IT engagement and services; Compliance with relevant laws, regulations and policies. 2

COBIT evolution Enterprise of IT Evolution Audit Management Control COBIT 5 ties together all ISACA knowledge assets, i.e. COBIT 4.1 Val IT Risk IT Business Model for Information Security (BMIS ) IT Assurance Framework (ITAF ), Taking Forward (TGF), Board Briefing on IT, 2nd Edition. COBIT 1 COBIT 2 COBIT 3 COBIT 4 COBIT 5 1996 1998 2000 2005 2011 3

ISACA Frameworks Included 4

COBIT 5 Principles The COBIT 5 Framework is based on 5 principles 5

COBIT 5 Principles Value creation Stakeholder needs 1. Integrator Framework COBIT 5 is complete in enterprise coverage, providing a basis to integrate effectively other frameworks, standards and practices used. objectives Knowledge base Content filter Product family 6

COBIT 5 Principles 2. The Objective: Stakeholder Value Enterprises exist to create value for their stakeholders, so the governance objective for any enterprise is value creation. Value creation means realising benefits at an optimal resource cost whilst optimising risk 7

COBIT 5 Principles 3. Business and Context Focus focussing on enterprise goals and objectives, by covering all of the critical business elements. Every organisation has its own context determined by external and internal factors Goals cascade to translate into specific IT goals 8

COBIT 5 Principles 4. Approach Enabler Based Main elements of the governance approach : enablers are the organisational resources for governance, such as frameworks, principles, structure, processes and practices, toward which or through which action is directed and objectives can be attained scope: can be applied to the whole enterprise, an entity, a tangible or intangible asset, etc. Roles, Activities and Relationships: It defines who is involved in governance, how they are involved, what they do and how they interact 9

COBIT 5 Principles 5. - and Management structured A clear distinction between governance and management. These two disciplines include different types of activities, require different organisational structures, serve different purposes 10

COBIT 5 Architecture Value creation Stakeholder needs objectives Stakeholder value is based on the stakeholder needs The governance objectives take into account ISACA Guidance Other standards By structuring guidance around enablers CobiT 5 Architecture Knowledge base Content filter Product family Building a consistent knowledge base for all the guidance Filter to build Framework Process reference guide Implementation guide Practice guide 11

Value creation Value creation The governance objective is value creation = Realising benefits at optimal resource cost whilst optimising risk Stakeholder needs objectives Knowledge base Content filter Product family The stakeholders for enterprise IT can be internal (Board, CEO, CFO, business executives, process owners, risk managers, IT users, IT managers, etc ) and External (business partners, suppliers, shareholders, customers, regulators ) They can have different and even conflicting needs 12

Objectives Value creation Stakeholder needs Objectives objectives Knowledge base Content filter Product family objectives are based on the stakeholders needs and the value creation i.e. benefits, resources and risks The existing ISACA guidance is used : CobiT, Val IT, Risk IT, BMIS, ITAF, TGF and Board Briefing Other relevant frameworks : ITIL, TOGAF 13

Goals Cascade Value creation Objectives Stakeholder needs objectives Enterprise Goals IT Goals Mapping Mapping objectives translate into enterprise goals Realising enterprise goals requires IT related goals Knowledge base Content filter Mapping For IT related goals to be achieved, enablers are required Product family 14

Value creation Stakeholder needs objectives Knowledge base Content filter Product family Goals cascade Entreprise goals mapped to Objectives objectives BSC Description Benefits Risk Resource F I 1.Stakeholder value of business investments P N 2.Portfolio of competitive products/services P S A N 3.Managed business risks P S CI 4.Compliance with ext. laws and regulations P A L 5.Financial transparency P S S C U 6.Customer oriented service culture P S ST 7.Business service continuity & availability P O 8.Agile responses to changing environment P S M ER 9.Information based strategic decision making P P P I N TE R N AL L &G 10.Optimisation of service delivery costs P S 11.Optimisat.of business process functionality P P 12.Optimisation of business process costs P P 13.Managed business process changes P P S 14.Operational and staff productivity P P 15.Compliance with internal policies P 16.Skilled and motivated people S S P 17.Product and business innovation culture P 15

Value creation Stakeholder needs objectives Knowledge base Content filter Product family IT related goals Goals cascade BSC Description F I 1. Alignment of IT and business strategy N A 2. IT compliance and support for business compliance with ext. laws & reg. N 3. Commitment of executive management for making IT related decisions CI 4. Managed IT related business risks A L 5. Realised benefits form IT-enabled investments and services portfolio C U ST I N TE R N AL L &G 6. Transparency of IT costs, benefits and risks 7. Delivery of IT services in line with business requirements 8. Adequate use of applications, information and technology structure 9. IT agility 10. Security of information, processing infrastructure and applications 11. Optimisation of IT assets, resources and capabilities 12. Enablement and support of business processes by integration 13. Delivery of programme on time, on budget et on business requirements 14. Availability of reliable and useful information 15. IT compliance with internal policies 16. Competent and motivated IT personnel 17. Knowledge, expertise and initiatives of business motivation 16

Value creation Stakeholder needs objectives Service Capabilities Processes Culture, Ethics, Behaviour Skills & Competencies Organisational Structures Knowledge base Principles & Policies Information Content filter Product family are tangible and intangible elements that make governance and management over enterprise IT work. The enablers are driven by the goal cascade 17

Value creation Stakeholder needs objectives To achieve objectives and to produce output Include infrastructure, technology and applications Knowledge base Required for successful completion of activities and for taking correct decisions Content filter Product family To translate desired behaviour into guidance for day-to-day mgt CobiT is a trademark of the ISACA. Of individuals and of the organisation Key decision making entities Required for keeping the organisation running and well governed 18

Generic enabler model Value creation Stakeholder needs The generic enabler model applies to all CobiT enabler. The generic model has been applied to the Process enabler objectives Knowledge base Content filter Product family CobiT is a trademark of the ISACA. 19

Enabler capability levels The process maturity model of COBIT 4.1 has been replaced with a capability model based on ISO/IEC 15504 Value creation Stakeholder needs objectives Knowledge base Content filter Product family COBIT 4.1 Maturity Model Levels COBIT 5 ISO/IEC 15504 Based Capability Levels 5. Optimised 5. Optimised Continuously improved to meet relevant current and projected enterprise goals. 4. Managed and Measurable 4. Predictable Operates within defined limits to achieve its process outcomes. 3. Defined 3. Established Implemented using a defined process that is capable of achieving its process outcomes. 2. Managed Implemented in a managed fashion (planned, monitored and adjusted) and its work products are appropriately established, controlled and maintained. N/A Meaning of the COBIT 5 ISO/IEC 15504 Based Capability Levels N/A 1. Performed Process achieves its process purpose. 2. Repeatable 1. Ad Hoc 0. Non-existent 0. Incomplete Not implemented or little or no evidence of any systematic achievement of the process purpose. CobiT is a trademark of the ISACA. Context Enterprise view/ corporate knowledge Instance view/ individual knowledge 20

Knowledge base & products Value creation Stakeholder needs objectives The knowledge base contains all guidance and content Series of products built from the knowledge base Knowledge base Content filter Product family CobiT is a trademark of the ISACA. 21

& management processes COBIT 5 advocates that organisation implement governance and management processes, such that the key areas below are covered 1 governance domain 4 management domains CobiT is a trademark of the ISACA. 22

Process reference model The process reference model is divided into 5 domains : 1 governance domain : EDM 4 management domains : APO,BAI, DSS & MEA Evaluate, Direct & Monitor (EDM) Align, Plan & Organise (APO) Build, Acquire & Implement (BAI) Monitor, Evaluate & Assess (MEA) Deliver, Service & Support (DSS) Processes for Management of Enterprise IT Processes for of Enterprise IT CobiT is a trademark of the ISACA. 23

Process reference model The complete set of 36 processes : 5 governance and 31 management processes CobiT is a trademark of the ISACA. 24

Implementation The 7 phases of the implementation life cycle CobiT is a trademark of the ISACA. 25

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information