Add to collection(s) Add to saved
  1. Business
  2. Finance

Presentation IT Governance

advertisement 
Chief Information Officers
(CIO)
1
Module 5
IT Governance COBIT Framework
2
Objectives of Module 5
To enhance the basic understanding of the CIOs to
the IT Governance concepts and techniques using
the COBIT Framework and explore their applicability
in Iraq
3
Scope of Module 5
 IT Governance Concepts
 IT Governance vis-a-vis Enterprise Governance
 IT Governance life cycle
 IT Domains, Processes and Activities
 IT Monitoring Evaluation and Control
4
Enterprise Governance and IT Governance
ENTERPRISE
GOVERNANCE
ENTERPRISE
ACTIVITIES
Drives and Sets
Require Information From
INFORMATION
TECHNOLOGY
GOVERNANCE
INFORMATION
TECHNOLOGY
ACTIVITIES
5
Enterprise IT Governance Cycle
DIRECT
OBJECTIVES
IT is aligned with the
business, enables the
Business and maximises
benefits.
IT resources are used
responsibly. IT-related
risks are managed
appropriately
Plan
Do
Check
Correct
Plan & Organize
Acquire & Implement
Deliver & Support
Monitor & Evaluate
CONTROL
Manage Risk
Security
Reliability
Compliance
Realise Benefits
Increase
Automationeffective
Decrease
Cost- be
efficient
REPORT
6
COBIT- IT Governance Concept
BUSINESS
REQUIREMENTS
IT PROCESSES
IT RESOURCES
7
IT RESOURCES
● Data-
Objects in their widest sense (i.e., external and
internal), structured and non structured, graphics, sound, etc.
• Application Systems
• Technology- Hardware, operating system, database management
systems, networking, multimedia, etc.
• Facilities
• People- Staff skills, awareness and productivity to plan,
organise, acquire, deliver, support, monitor and
information systems and services
evaluate
8
IT Resources and Delivery of Services
EVENTS
Business
objectives
Business
opportunities
External
requirements
Regulations
Risks
DATA
APPLICATION
SYSTEM
FACILITIES
PEOPLE
TECHNOLOGY
INFORMATION
Effectiveness
Efficiency
Confidentiality
Integrity
Availability
Compliance
Reliability
9
Framework IT Control objects
BUSINESS
PROCCESSES
What you GET
INFORMATION
INFORMATION RESOURCES
• People
• Application Systems
• Technology
• Facilities
• Data
What you Need
Information Criteria
•effectiveness
• Efficiency
• Confidentiality
• Integrity
• Availability
• Compliance
• Reliability
DO They Match?
10
IT Domain, Processes and Activities
DOMAIN
PROCESSES
ACTIVITIES /
TASKS
11
Processes, Information & Resources Criteria
INFORMATION CRITERIA
DATA
Quality
Fiduciary Security
FACILITIES
Domain
TECHNOLOGY
Application Sys
IT
PROCESSES
Processes
PEOPLE
ACTIVITIES
IT RESOURCES
12
IT Governance Framework
BUSINESS OBJECTIVES
M&E PROCESSES
PLAN AND
ORGANISE
INFORMATION
IT
MONITOR
AND EVALUATE
IT RESOURCES
DELIVER
AND
SUPPORT
ACQUIRE AND
IMPLEMENT
13
Plan and Organize Processes
PO1 define a strategic IT plan
PO2 define the information architecture
PO3 determine the technological direction
PO4 define the IT organisation and relationships
PO5 manage the IT investment
PO6 communicate management aims and direction
PO7 manage human resources
PO8 ensure compliance with external requirements
PO9 assess risks
PO10 manage projects
PO11 manage quality
14
Acquire and Implement Processes
•AI1 identify automated solutions
•AI2 acquire and maintain application software
•AI3 acquire and maintain technology infrastructure
•AI4 develop and maintain procedures
•AI5 install and accredit systems
•AI6 manage changes
15
Deliver and Support Processes
DS1 define and manage service levels
DS2 manage third-party services
DS3 manage performance and capacity
DS4 ensure continuous service
DS5 ensure systems security
DS6 identify and allocate costs
DS7 educate and train users
DS8 assist and advise customers
DS9 manage the configuration
DS10 manage problems and incidents
DS11 manage data
DS12 manage facilities
DS13 manage operations
16
Monitoring and Evaluation Processes
M1 monitor the processes
M2 assess internal control adequacy
M3 obtain independent assurance
M4 provide for independent audit
17
Maturity Model
Non Existent
Initial
Repeatable
LEGEND FOR SYMBOLS USED
Enterprise Current Status
International Standard Guidelines
Industry Best Practice
Enterprise Strategy
Defined
Managed
Optimized
LEGEND FOR RANKINGS USED
0 Nonexistent – Management processes are not
applied at all.
1 Initial – Processes are ad hoc and disorganised.
2 Repeatable – Processes follow a regular pattern.
3 Defined – Processes are documented and
communicated.
4 Managed – Processes are monitored and
measured.
5 Optimised – Best practices are followed and
automated.
18
Related documents
IT Project Profile, Governance and Leadership of the IT Function
IT Project Profile, Governance and Leadership of the IT Function
Governance template
Governance template
Presenters - e-Health Conference
Presenters - e-Health Conference
Chapter 8 - Controlling Information Systems
Chapter 8 - Controlling Information Systems
PowerPoint - The BC Assembly of First Nations
PowerPoint - The BC Assembly of First Nations
Please click here for presentation materials
Please click here for presentation materials
COBIT Presentation - Office of the Vice
COBIT Presentation - Office of the Vice
The disciplinary & contextual outlook(s) - twoeam
The disciplinary & contextual outlook(s) - twoeam
Good Governance
Good Governance
Open - Progetto Mattone Internazionale
Open - Progetto Mattone Internazionale
Democracy and Good Governance
Democracy and Good Governance
Chapter 5
Chapter 5
COBIT 5 and GRC
COBIT 5 and GRC
Stefan Kuhlmann, Peter Stegmaier, Vincent Visser - 2012 Eu
Stefan Kuhlmann, Peter Stegmaier, Vincent Visser - 2012 Eu
Download
advertisement