Add to collection(s) Add to saved
  1. Business
  2. Finance

COBIT 5 overview

advertisement 
COBIT 5 Framework
Patrick Soenen
Presentation based on COBIT 5 Exposure Draft – ©2011 ISACA
ISACA has designed COBIT 5 : The Framework as an educational resource for control professionals
Reproduction only for academic non –commercial use
CobiT® is a trademark of the ISACA.
1
A governance and management framework for information and related technology that
starts from stakeholder needs with regard to information and technology.
The COBIT 5 framework is intended for all enterprises, including non-profit and public sector.
Today enterprises need to achieve increased:
• Value creation through enterprise IT;
• Business user satisfaction with IT engagement and services;
• Compliance with relevant laws, regulations and policies.
CobiT® is a trademark of the ISACA.
2
COBIT evolution
Enterprise Governance of IT
COBIT 5 ties together all ISACA
knowledge assets, i.e.
Governance
•COBIT 4.1
•Val IT™
•Risk IT
•Business Model for Information
Security™ (BMIS™)
•IT Assurance Framework™ (ITAF™),
•Taking Governance Forward (TGF),
•Board Briefing on IT Governance,
2nd Edition.
Evolution
Management
Control
Audit
COBIT 1
COBIT 2
COBIT 3
COBIT 4
1996
1998
2000
2005
CobiT® is a trademark of the ISACA.
COBIT 5
2011
3
ISACA Frameworks Included
CobiT® is a trademark of the ISACA.
4
COBIT 5 Principles
The COBIT 5 Framework is based on 5 principles
CobiT® is a trademark of the ISACA.
5
COBIT 5 Principles
Value creation
Stakeholder
needs
1. Integrator Framework
COBIT 5 is complete in enterprise
coverage, providing a basis to
integrate effectively other
frameworks, standards and
practices used.
Governance
objectives
Enablers
Knowledge
base
Content filter
Product
family
CobiT® is a trademark of the ISACA.
6
COBIT 5 Principles
2. The Governance Objective:
Stakeholder Value
Enterprises exist to create value for their
stakeholders, so the governance objective for
any enterprise is value creation.
Value creation means realising benefits at an
optimal resource cost whilst optimising risk
CobiT® is a trademark of the ISACA.
7
COBIT 5 Principles
3. Business and Context Focus
 focussing on enterprise goals and objectives,
by covering all of the critical business elements.
 Every organisation has its own context
determined by external and internal factors
 Goals cascade to translate into specific IT goals
CobiT® is a trademark of the ISACA.
8
COBIT 5 Principles
4. Governance Approach— Enabler Based
Main elements of the governance approach :
Governance enablers are the organisational
resources for governance, such as frameworks,
principles, structure, processes and practices,
toward which or through which action is
directed and objectives can be attained
Governance scope: Governance can be applied
to the whole enterprise, an entity, a tangible or
intangible asset, etc.
Roles, Activities and Relationships: It defines
• who is involved in governance,
• how they are involved,
• what they do and
• how they interact
CobiT® is a trademark of the ISACA.
9
COBIT 5 Principles
5. Governance- and Management structured
A clear distinction between governance and
management.
These two disciplines
• include different types of activities,
• require different organisational structures,
• serve different purposes
CobiT® is a trademark of the ISACA.
10
COBIT 5 Architecture
Value creation
Stakeholder
needs
Governance
objectives
Enablers
CobiT 5
Architecture
Knowledge
base
Content filter
Product
family
Stakeholder value is based
on the stakeholder needs
The governance objectives take into account
• ISACA Guidance
• Other standards
By structuring guidance around enablers
Building a consistent knowledge base
for all the guidance
Filter to build
•
•
•
•
Framework
Process reference guide
Implementation guide
Practice guide
CobiT® is a trademark of the ISACA.
11
Value creation
Value creation
The governance objective is value creation =
Realising benefits at optimal resource cost whilst optimising risk
Stakeholder
needs
Governance
objectives
Enablers
Knowledge
base
Content filter
Product
family
The stakeholders for enterprise IT can be
• internal (Board, CEO, CFO, business executives, process
owners, risk managers, IT users, IT managers, etc… ) and
• External (business partners, suppliers, shareholders,
customers, regulators… )
They can have different and even conflicting needs
CobiT® is a trademark of the ISACA.
12
Governance Objectives
Value creation
Stakeholder
needs
Governance Objectives
Governance
objectives
Enablers
Knowledge
base
Content filter
Product
family
• Governance objectives are based on the stakeholders needs
and the value creation i.e. benefits, resources and risks
• The existing ISACA guidance is used : CobiT, Val IT, Risk IT,
BMIS, ITAF, TGF and Board Briefing
• Other relevant frameworks : ITIL, TOGAF
CobiT® is a trademark of the ISACA.
13
Goals Cascade
Value creation
Governance Objectives
Stakeholder
needs
Governance
objectives
Enablers
Mapping
Governance objectives
translate into enterprise goals
Mapping
Realising enterprise goals
requires IT related goals
Enterprise Goals
IT Goals
Knowledge
base
Mapping
Content filter
For IT related goals to be
achieved, enablers are
required
Product
family
CobiT® is a trademark of the ISACA.
14
Goals cascade
Entreprise goals mapped to Governance Objectives
Value creation
Stakeholder
needs
Governance
objectives
Enablers
Knowledge
base
Content filter
Product
family
BSC
F
I
N
A
N
C
I
A
L
C
U
S
T
O
M
E
R
I
N
T
E
R
N
A
L
L
&G
Governance objectives
Description
Benefits Risk Resource
1.Stakeholder value of business investments
P
2.Portfolio of competitive products/services
P
S
3.Managed business risks
P
S
4.Compliance with ext. laws and regulations
P
5.Financial transparency
P
S
S
6.Customer oriented service culture
P
S
7.Business service continuity & availability
P
8.Agile responses to changing environment
P
S
9.Information based strategic decision making
P
P
P
10.Optimisation of service delivery costs
P
S
11.Optimisat.of business process functionality
P
P
12.Optimisation of business process costs
P
P
13.Managed business process changes
P
P
S
14.Operational and staff productivity
P
P
15.Compliance with internal policies
P
16.Skilled and motivated people
S
S
P
17.Product and business innovation culture
P
CobiT® is a trademark of the ISACA.
15
Goals cascade
IT related goals
Value creation
Stakeholder
needs
Governance
objectives
Enablers
Knowledge
base
Content filter
Product
family
BSC
F
I
N
A
N
C
I
A
L
Description
1. Alignment of IT and business strategy
2. IT compliance and support for business compliance with ext. laws & reg.
3. Commitment of executive management for making IT related decisions
4. Managed IT related business risks
5. Realised benefits form IT-enabled investments and services portfolio
6. Transparency of IT costs, benefits and risks
C
U 7. Delivery of IT services in line with business requirements
S 8. Adequate use of applications, information and technology structure
T
I
N 9. IT agility
T 10. Security of information, processing infrastructure and applications
E
R 11. Optimisation of IT assets, resources and capabilities
N
A 12. Enablement and support of business processes by integration
L
13. Delivery of programme on time, on budget et on business requirements
14. Availability of reliable and useful information
15. IT compliance with internal policies
L 16. Competent and motivated IT personnel
&G 17. Knowledge, expertise and initiatives of business motivation
CobiT® is a trademark of the ISACA.
16
Enablers
Value creation
Stakeholder
needs
Governance
objectives
Enablers
Knowledge
base
Processes
Culture,
Ethics,
Behaviour
Service
Capabilities
Skills &
Competencies
Principles &
Policies
Organisational
Structures
Information
Content filter
Product
family
Enablers are tangible and intangible elements that make
governance and management over enterprise IT work.
The enablers are driven by the goal cascade
CobiT® is a trademark of the ISACA.
17
Enablers
Value creation
Stakeholder
needs
Governance
objectives
To achieve objectives
and to produce output
Include infrastructure,
technology and
applications
Enablers
Knowledge
base
Required for successful
completion of activities
and for taking correct
decisions
Content filter
Product
family
To translate desired
behaviour into guidance
for day-to-day mgt
CobiT® is a trademark of the ISACA.
Of individuals and
of the organisation
Key decision
making entities
Required for keeping the
organisation running
and well governed
18
Generic enabler model
Value creation
Stakeholder
needs
The generic enabler model applies to all CobiT enabler.
The generic model has been applied to the Process enabler
Governance
objectives
Enablers
Knowledge
base
Content filter
Product
family
CobiT® is a trademark of the ISACA.
19
Enabler capability levels
The process maturity model of COBIT 4.1 has been replaced with a
capability model based on ISO/IEC 15504
Value creation
Stakeholder
needs
Governance
objectives
Enablers
Knowledge
base
Content filter
Product
family
COBIT 4.1
Maturity Model
Levels
COBIT 5 ISO/IEC
15504 Based
Capability
Levels
5. Optimised
5. Optimised
Continuously improved to meet relevant current and
projected enterprise goals.
4. Managed and
Measurable
4. Predictable
Operates within defined limits to achieve its process
outcomes.
3. Defined
3. Established
Implemented using a defined process that is capable
of achieving its process outcomes.
2. Managed
Implemented in a managed fashion (planned,
monitored and adjusted) and its work products are
appropriately established, controlled and
maintained.
N/A
Meaning of the COBIT 5 ISO/IEC 15504
Based Capability Levels
N/A
1. Performed
Process achieves its process purpose.
2. Repeatable
1. Ad Hoc
0. Non-existent
0. Incomplete
Not implemented or little or no evidence of any
systematic achievement of the process purpose.
CobiT® is a trademark of the ISACA.
Context
Enterprise view/
corporate
knowledge
Instance view/
individual
knowledge
20
Knowledge base & products
Value creation
Stakeholder
needs
Governance
objectives
The knowledge base contains all guidance and content
Enablers
Series of products built
from the knowledge base
Knowledge
base
Content filter
Product
family
CobiT® is a trademark of the ISACA.
21
Governance & management processes
COBIT 5 advocates that organisation implement governance and
management processes, such that the key areas below are covered
1 governance
domain
4 management
domains
CobiT® is a trademark of the ISACA.
22
Process reference model
• The process reference model is divided into 5 domains :
1 governance domain : EDM
• 4 management domains : APO,BAI, DSS & MEA
Evaluate, Direct & Monitor (EDM)
Align, Plan & Organise (APO)
Build, Acquire & Implement (BAI)
Monitor,
Evaluate
& Assess
(MEA)
Deliver, Service & Support (DSS)
Processes for Management of Enterprise IT
Processes for Governance of Enterprise IT
CobiT® is a trademark of the ISACA.
23
Process reference model
The complete set of 36 processes :
5 governance and 31 management processes
CobiT® is a trademark of the ISACA.
24
Implementation
The 7 phases of
the implementation life cycle
CobiT® is a trademark of the ISACA.
25
Related documents
v DESIGN IT GOVERNANCE FOR PLANNING AND ORGANIZING
v DESIGN IT GOVERNANCE FOR PLANNING AND ORGANIZING
COBIT 5 Exec. Summary
COBIT 5 Exec. Summary
IT Governance and The 4 Cobit Domain Processes
IT Governance and The 4 Cobit Domain Processes
IT Project Profile, Governance and Leadership of the IT Function
IT Project Profile, Governance and Leadership of the IT Function
COBIT 5 for Information Security
COBIT 5 for Information Security
Introduction to COSO & COBIT®
Introduction to COSO & COBIT®
IT Governance & The COBIT 5.0 Framework
IT Governance & The COBIT 5.0 Framework
Chapter 8
Chapter 8
COBIT 5 and GRC
COBIT 5 and GRC
COBIT 5 and GRC
COBIT 5 and GRC
Download
advertisement