COBIT5 Primer

advertisement
10/7/2015
COBIT5
Primer
Mark Thomas, CGEIT, CRISC, ITIL Expert
Mark Thomas, CGEIT, CRISC
Areas of expertise
 Governance of Enterprise IT (CGEIT)
 Enterprise Risk Management (CRISC)
 COBIT
 ITIL Expert
Experience
 IT Director
 VP, IT Operations
 Enterprise Program Manager
 Governance frameworks consulting
1
10/7/2015
Agenda
Introduction
COBIT Primer
COBIT Implementation
Capability Assessment
Closing and Questions
COBIT5
Why the enterprise exists
2
10/7/2015
COBIT5
 End-to-end business view of the
governance and management of
enterprise IT.
 Integrates other major industry frameworks
such as ITIL, TOGAF, PRINCE2, and
related ISO standards.
 Based on five principles and seven
enablers.
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
Description
COBIT is the only end to end business framework that offers a holistic
and integrated view of the governance of enterprise IT (GEIT). COBIT
assists enterprises in many areas, to include:
 Maintain high-quality information to support business decisions.
 Achieve strategic goals and realize business benefits.
 Support compliance with relevant laws, regulations, contractual agreements
and policies.
 Optimize IT-related risk.
 Optimize the cost of IT services and technology.
3
10/7/2015
Evolution
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
Framework Relationships
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
4
10/7/2015
Principles
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
Principle 1, Meeting Stakeholder Needs
 Translates stakeholder needs into
specific, practical and customized
goals.
 Allows the definition of priorities for:

Implementation

Improvement

Assurance efforts for the
governance of enterprise IT
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
5
10/7/2015
Principle 2, Covering the Enterprise
End to End
Set
Direction
Delegate
Owners and
Stakeholders
Governing
Body
Accountable
Instruct
and Align
Management
Monitor
Report
Operations
and
Execution
Example:
Example:
Example:
Example:
Shareholder
Meetings
IT Strategy
Committee
IT Steering
Committee
Change
Advisory Board
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
Principle 3, Applying a Single Integrated
Framework
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
6
10/7/2015
Principle 4, Enabling a Holistic Approach
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
Domains and Processes
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
7
10/7/2015
COBIT5 Process Reference Model
Process
Identification
Process Goals
& Metrics
Process
Description
Process
Purpose
Statement
Goals Cascade
Information
RACI Chart
Detailed Practice
Descriptions
(inputs, outputs
and activities)
Related
Guidance
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
Principle 5, Separating Governance
From Management
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
8
10/7/2015
COBIT5
Implementation
COBIT Implementation
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
9
10/7/2015
Process Capability
Assessment
Assessment Program
COBIT Process Assessment Model (PAM): Using COBIT 5.0
Serves as a base reference document for the performance of a capability
assessment of an organization's current IT processes against COBIT.
COBIT Assessor Guide: Using COBIT 5.0
Provides details on how to undertake a full ISO-compliant assessment.
COBIT Self-assessment Guide: Using COBIT 5.0
Provides guidance on how to perform a basic self-assessment of an
organization's current IT process capability levels against COBIT processes.
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
10
10/7/2015
Capability Levels and Attributes
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
Closing and Questions
11
10/7/2015
12
Download