10/7/2015 COBIT5 Primer Mark Thomas, CGEIT, CRISC, ITIL Expert Mark Thomas, CGEIT, CRISC Areas of expertise Governance of Enterprise IT (CGEIT) Enterprise Risk Management (CRISC) COBIT ITIL Expert Experience IT Director VP, IT Operations Enterprise Program Manager Governance frameworks consulting 1 10/7/2015 Agenda Introduction COBIT Primer COBIT Implementation Capability Assessment Closing and Questions COBIT5 Why the enterprise exists 2 10/7/2015 COBIT5 End-to-end business view of the governance and management of enterprise IT. Integrates other major industry frameworks such as ITIL, TOGAF, PRINCE2, and related ISO standards. Based on five principles and seven enablers. ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute Description COBIT is the only end to end business framework that offers a holistic and integrated view of the governance of enterprise IT (GEIT). COBIT assists enterprises in many areas, to include: Maintain high-quality information to support business decisions. Achieve strategic goals and realize business benefits. Support compliance with relevant laws, regulations, contractual agreements and policies. Optimize IT-related risk. Optimize the cost of IT services and technology. 3 10/7/2015 Evolution ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute Framework Relationships ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute 4 10/7/2015 Principles ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute Principle 1, Meeting Stakeholder Needs Translates stakeholder needs into specific, practical and customized goals. Allows the definition of priorities for: Implementation Improvement Assurance efforts for the governance of enterprise IT ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute 5 10/7/2015 Principle 2, Covering the Enterprise End to End Set Direction Delegate Owners and Stakeholders Governing Body Accountable Instruct and Align Management Monitor Report Operations and Execution Example: Example: Example: Example: Shareholder Meetings IT Strategy Committee IT Steering Committee Change Advisory Board ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute Principle 3, Applying a Single Integrated Framework ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute 6 10/7/2015 Principle 4, Enabling a Holistic Approach ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute Domains and Processes ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute 7 10/7/2015 COBIT5 Process Reference Model Process Identification Process Goals & Metrics Process Description Process Purpose Statement Goals Cascade Information RACI Chart Detailed Practice Descriptions (inputs, outputs and activities) Related Guidance ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute Principle 5, Separating Governance From Management ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute 8 10/7/2015 COBIT5 Implementation COBIT Implementation ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute 9 10/7/2015 Process Capability Assessment Assessment Program COBIT Process Assessment Model (PAM): Using COBIT 5.0 Serves as a base reference document for the performance of a capability assessment of an organization's current IT processes against COBIT. COBIT Assessor Guide: Using COBIT 5.0 Provides details on how to undertake a full ISO-compliant assessment. COBIT Self-assessment Guide: Using COBIT 5.0 Provides guidance on how to perform a basic self-assessment of an organization's current IT process capability levels against COBIT processes. ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute 10 10/7/2015 Capability Levels and Attributes ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute Closing and Questions 11 10/7/2015 12