Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

IT Governance & The COBIT 5.0 Framework

IT Governance & The
COBIT 5.0 Framework
Brought to you by:
McGladrey
Introduction
Ryan C. Hay, CISA, CISSP, ITIL
- My Background
- Current role
- My views on IT governance & COBIT 5.0
- Expectations from this presentation
About McGladrey
McGladrey is the fifth largest U.S. provider of consulting, assurance and tax services, with
nearly 6,700 professionals and associates in more than 75 cities nationwide. McGladrey is a
licensed certified public accountant (CPA) firm, and is a member of RSM International, the
sixth largest global network of independent consulting, accounting, and tax firms.
As a full-service firm, McGladrey offers the scale, industry insight, thought leadership and
multidisciplinary range of services clients require.
http://mcgladrey.com/
Our Agenda
The Purpose Behind Governance
Using Frameworks & Methodologies
COBIT 5 Overview
Overview of McGladrey COBIT 5.0 Assessment
The Purpose of
Governance
The Role of Governance
http://www.youtube.com/watch?v=IGQmdoK_ZfY
How appropriate ….
The Role of Governance
The purpose of this video is to show that we all get stuck in
our day-to-day lives, and there needs to be a system in place
that can detect the “gorilla”. This is commonly referred to as
governance.
Lets see it again
http://www.youtube.com/watch?v=IGQmdoK_ZfY
The Role of Governance
The Value of Governance
• Ability to look at things holistically, see the bigger picture
• Helps ensure that the process is followed
• Removes barriers from getting activities accomplished
• Can aide in making the tough decisions
• Ensure compliance with standards and regulations
• Increases visibility and awareness to a project
Using Frameworks
& Methodologies
Pop Quiz
Does this framework look familiar to anyone?
Anyone, Anyone ….
Framework Architecture
The top layer typically refers to what is
delivered from the framework to
external groups.
The middle sections refer to internal
actions/activities/behaviors that build
upon the foundation for delivery.
The bottom indicates a “Foundation” layer –
qualities/capabilities that are key to the
framework and its success.
That’s correct:
This is the IIA Audit Competency Framework
Other Popular Frameworks
Standards
Management
SDLC
Operations
Governance
Operational frameworks focus more on
providing guidance on how to get things
done on a day-to-day basis.
Governance
frameworks typically
focus on holistic
oversight across an
organization or group.
Standards frameworks
typically provide
specific items that
must be in place to
maintain a level of
compliance.
Management frameworks typically focus on how
to manage specific activities across a lifecycle for
delivering a capability/product.
This isn’t black and white, many of these start to bleed over into other layers as each
organization tries to enhance their scope to cover just about everything.
COBIT 5 Framework
Overview
Principles of COBIT
The COBIT 5 framework
seeks to instill a number of
core principles within the
organization to enable
success.
Lets review each …
What guides each of these principles?
Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.
COBIT 5 Overview
Source: COBIT® 5, figure 15 – COBIT 5 Governance and Management Key
Areas. © 2012 ISACA® All rights reserved.
Taking a deeper dive …
COBIT Reference Model
COBIT has 37 different domains that
each focus on how to run/manage
capabilities across IT
COBIT Domains
•
•
•
•
•
Evaluate, Direct, and Monitor (EDM): These governance processes deal with the stakeholder
governance objectives (value delivery, risk optimization, and resource optimization) and include
practices and activities aimed at evaluating strategic options, providing direction to IT and monitoring
the outcome.
Align, Plan, and Organize (APO): Provides direction to solution delivery (BAI) and service delivery and
support (DSS). This domain covers strategy and tactics, and concerns identifying the best way IT can
contribute to the achievement of the business objectives. The realization of the strategic vision needs
to be planned, communicated and managed for different perspectives. A proper organization, as well as
technological infrastructure, should be put in place.
Build, Acquire, and Implement (BAI): Provides the solutions and passes them on to be turned into
services. To realize the IT strategy, IT solutions need to be identified, developed or acquired, as well as
implemented and integrated into the business process. Changes in and maintenance of existing
systems are also covered by this domain, to ensure that the solutions continue to meet business
objectives.
Deliver, Service, and Support (DSS): Receives the solutions and makes them usable for end users. This
domain is concerned with the actual delivery and support of required services, which include service
delivery, management of security and continuity, service support for users, and management of data
and operational facilities.
Monitor, Evaluate, and Assess (MEA): Monitors all processes to ensure that the direction provided is
followed. All IT processes need to be regularly assessed over time for their quality and compliance with
control requirements. This domain addresses performance management, monitoring of internal
control, regulatory compliance and governance.
Evaluating COBIT 5
General Benefits of COBIT 5:
• Most holistic framework for
managing IT (or any other function
for that matter)
• Borrows from many other leadingpractice frameworks (PMI, ITIL,
COSO…)
• Provides a wealth of knowledge and
documentation for improving
capabilities and processes.
Potential Risks of COBIT 5:
• Is it too much?
• Has a few gaps, for instance – how to
manage data/information.
• Does it detract focus from core
capabilities of IT?
Applying COBIT to IIA
The COBIT Framework can provide the internal audit function with key tools
to making life easier.
• Provides holistic guidance for how to manage IT
• Brings consistency to how daily work and projects are managed and
delivered
• Helps identify exceptions to standard process, and address accordingly
• Provides visibility to less-mature capabilities, so mitigating controls can be
put into place
McGladrey COBIT 5
Assessment
COBIT Domain Maturity
The process is continuously improved to meet relevant current and projected
business goals.
5
Optimizing
4
Predictable The process operates within defined limits to achieve its process outcomes.
3
Established The process is implemented using a defined process that is capable of
achieving its process outcomes.
The previously described performed process is now implemented in a managed
fashion (planned, monitored, and adjusted) and its work products are
appropriately established, controlled and maintained.
2
Managed
1
Performed The implemented process achieves its process purpose.
0
The process is not implemented or fails to achieve its process purpose. At this
Incomplete level, there is little or no evidence of any systematic achievement of the process
purpose.
COBIT Assessment
McGladrey can help your organization quickly assess the IT organization across the COBIT
framework to provide a holistic view on identifying and improving the capabilities of IT.
COBIT Assessment
Our experts can help provide specific detail to the scores, findings and recommendations
across each COBIT domain – giving your organization a detailed roadmap for improving
capabilities.
Questions
ryan.hay@mcgladrey.com
Related documents
v DESIGN IT GOVERNANCE FOR PLANNING AND ORGANIZING
v DESIGN IT GOVERNANCE FOR PLANNING AND ORGANIZING
COBIT 5 Exec. Summary
COBIT 5 Exec. Summary
IT Governance and The 4 Cobit Domain Processes
IT Governance and The 4 Cobit Domain Processes
Introduction to COSO & COBIT®
Introduction to COSO & COBIT®
Chapter 8
Chapter 8
MIS5202 Syllabus F2012 v3 - Temple Fox MIS
MIS5202 Syllabus F2012 v3 - Temple Fox MIS
IT Project Profile, Governance and Leadership of the IT Function
IT Project Profile, Governance and Leadership of the IT Function
COBIT 5 for Information Security
COBIT 5 for Information Security
Information Systems Audit and Control Association
Information Systems Audit and Control Association
IT Infrastructure Library ITIL vs COBIT
IT Infrastructure Library ITIL vs COBIT
Chapter 2
Chapter 2
The bol.com approach to resource allocation and benefit
The bol.com approach to resource allocation and benefit
ISACA Releases COBIT 5: Updated Framework for the
ISACA Releases COBIT 5: Updated Framework for the
UNIT ONE
UNIT ONE
COBIT 5 overview
COBIT 5 overview
COBIT 5
COBIT 5
COBIT 5 for Risk
COBIT 5 for Risk
COBIT 5 Introduction
COBIT 5 Introduction
SOX COBIT COSO - Center for IT and e
SOX COBIT COSO - Center for IT and e
for Information Security
for Information Security
CobiT FAQs
CobiT FAQs
COBIT for IT Risk Management in a Bank
COBIT for IT Risk Management in a Bank
Download