Scribd
Upload
100 views

Intro COBIT5 PDF

Uploaded by

Stanley Ke Bada
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
100 views

Intro COBIT5 PDF

Uploaded by

Stanley Ke Bada
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 39

Introduction to COBIT 5

ROBERT E STROUD CGEIT CRISC


I S A C A S T R AT E G I C A D V I S O R Y B O A R D
V I C E P R E S I D E N T S T R AT E G Y & I N N O V AT I O N
CA TECHNOLOGIES

1 © 2012 ISACA. All Rights Reserved.


Introduction to COBIT 5
Abstract
Introduction to COBIT 5

Building on more than 15 years of practice in the business, IT, risk,


security and assurance communities, the COBIT 5 framework will
deliver the basis for governing and managing enterprise IT! COBIT 5 is
a “business framework for the governance and management of
enterprise IT.” COBIT 5 will empower executives to make better
decisions regarding their information and technology assets.

COBIT 5 is a "top down" framework which is principle-based, powered


by enablers, separating governance and management and is delivered
with a powerful implementation guide to direct the practitioner in
ensuring value from their IT-enabled business investments. This
session will discuss the critical aspects of COBIT 5, what is available
and when, and will allow time for your questions!

2 © 2012 ISACA. All Rights Reserved.


Robert E Stroud CRISC CGEIT

y Vice President Strategy & Innovation


y Evangelist Service Management, Governance & Cloud
Computing
y Immediate Past International Vice President ISACA\ITGI
\
y ISACA Strategic Advisory Council
y 15 years Banking Experience
y C t ib t COBIT,
Contributor COBIT VALIT andd RISK IT
y Immediate Past Executive Board itSMF Intl.
Treasurer and Director Audit Standards
& compliance
y Former Board Member USA itSMF
y Author Public Speaker & Industry GeeK
Author,

3
COBIT 5

4
COBIT – the history

Governance of Enterprise
p IT
scope

IT Governance
Evolution of s

V l IT 2.0
Val 20
Management (2008)

Control
Ri k IT
Risk
(2009)
Audit

COBIT1 COBIT2 COBIT3 COBIT4.0/4.1


T4 0/4 1 COBIT 5

1996 1998 2000 2005/7 2012

An business framework from ISACA,


ISACA at www.isaca.org/cobit
www isaca org/cobit
© 2012 ISACA® All rights reserved.
5
COBIT 5 Framework

y The main,, overarching


g COBIT 5 product
p
y Contains the executive summary and the full description
of all of the COBIT 5 framework components:
y The five COBIT 5 principles
y The seven COBIT 5 enablers plus
y An introduction to the implementation guidance provided
by ISACA (COBIT 5 Implementation)

6 6
Governance and Management

y Governance ensures that enterprise objectives are


achieved
hi d by b evaluating
l i stakeholder
k h ld needs, d
conditions and options; setting direction through
prioritisation and decision making; and monitoring
performance, compliance and progress against
agreed-on
g direction and objectives
j ((EDM).)
y Management plans, builds, runs and monitors
activities in alignment
g with the direction set by
y the
governance body to achieve the enterprise objectives
(PBRM).

7 7
COBIT 5 Principles

Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.

8
COBIT 5 Enablers

Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.


COBIT 5 Product Family

10 Source: COBIT® 5, figure 11. © 2012 ISACA® All rights reserved.


COBIT 5 Principles

1. Meeting
g Stakeholder Needs
2. Covering the Enterprise End-to-end
3. Applying a Single Integrated Framework
4. Enabling a Holistic Approach
5 Separating Governance From Management
5.

11
Meeting Stakeholder Needs

Principle
p 1. Meeting g Stakeholder Needs
y Enterprises exist to
create value for
their stakeholders.

12 Source: COBIT® 5, figure 3. © 2012 ISACA® All rights reserved.


Meeting Stakeholder Needs  (cont.)

y Multiple stakeholders with differing concept of value


y Negotiating and deciding amongst different
stakeholders’ value interests.
y Governance system should consider all stakeholders
when making benefit, resource and risk assessment
decisions
‰ Who receives
Wh i the
th benefits?
b fit ?
‰ Who bears the risk?
‰ What resources are required?

13
Meeting Stakeholder Needs  (cont.)

y Stakeholder needs
transformed into an
enterprise’s actionable
strategy
y COBIT 5 goals cascade

14 Source: COBIT® 5, figure 4. © 2012 ISACA® All rights reserved.


Covering the Enterprise End‐to‐end

y Integrates governance of enterprise IT into enterprise


governance
y Aligns with the latest views on governance.
y Covers all functions and processes within the enterprise

NOT JUST THE IT FUNCTION!

15
Covering the Enterprise End‐to‐end 
(cont )
(cont.)

y Keyy components
p of a ggovernance system
y

16 Source: COBIT® 5, figure 8. © 2012 ISACA® All rights reserved.


Covering the Enterprise End‐to‐end (cont.)

17 Source: COBIT® 5, figure 9. © 2012 ISACA® All rights reserved.


Applying a Single Integrated Framework

y COBIT 5 aligns with the latest relevant other standards and


frameworks used by enterprises:
y Enterprise: COSO, COSO ERM, ISO/IEC 9000, ISO/IEC
31000
y IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series,
TOGAF, PMBOK/PRINCE2, CMMI
y Etc.
E
y COBIT 5 the overarching governance and management
framework integrator
g
y ISACA plans a capability to facilitate COBIT user mapping of
practices and activities to third-party references

18
Enabling a Holistic Approach

COBIT 5 enablers
y Factors that, individually and collectively, influence
whether something will work—in the case of COBIT,
governance and management over enterprise IT
y Driven by the goals cascade, i.e., higher-level IT-related
goals define what the different enablers should achieve
y Described by the COBIT 5 framework in seven
categories

19 19
Enabling a Holistic Approach (cont.)

20
Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
Enabling a Holistic Approach (cont.)

1. Processes
2. Organisational structures
3. Culture, ethics and behaviour
4. Principles, policies and frameworks
5. Information
6. Services, infrastructure and applications
7. People, skills and competencies

21
Enabling a Holistic Approach (cont).

Source: COBIT® 5, figure 13. © 2012 ISACA® All rights reserved.


Separating Governance From Management

y COBIT 5 framework makes a clear distinction between


governance and management
management.
y These two disciplines:
‰ Encompass different types of activities
‰ Require different organisational structures
‰ Serve different purposes
y Governance
Governance—In
In most enterprises, governance is the
responsibility of the board of directors under the
leadership of the chairperson.
y Management
Management—In In most enterprises, management is the
responsibility of the executive management under the
leadership of the CEO.

23
Separating Governance From Management
(cont.)

24 Source: COBIT® 5, figure 15. © 2012 ISACA® All rights reserved.


Separating Governance From Management 
(
(cont.)
)

• Governance ensures that stakeholders needs,


conditions and options are evaluated to determine
balanced, agreed-on enterprise objectives to be
achieved; setting direction through prioritisation and
decision making; and monitoring performance and
compliance against agreed-on direction and objectives
(EDM).
• Management plans, builds, runs and monitors
activities in alignment with the direction set by the
governance body to achieve the enterprise objectives
(PBRM).

25 25
COBIT 5: Enabling Processes

26
COBIT 5: Enabling  Processes

y COBIT 5: Enabling Processes complements COBIT 5 and


contains a detailed reference guide to the processes that are
defined in the COBIT 5 process reference model:
y In Chapter 22, the COBIT 5 goals cascade is recapitulated and
complemented with a set of example metrics for the enterprise
goals and the IT-related goals.
y In Chapter 33, the COBIT 5 process model is explained and its
components defined.
y Chapter 4 shows the diagram of this process reference model.
y Chapter 5 contains the detailed process information for all 37
COBIT 5 processes in the process reference model.

27
COBIT 5: Enabling  Processes (cont.)

28
Source: COBIT® 5, figure 29. © 2012 ISACA® All rights reserved.
COBIT 5: Enabling  Processes (cont.)
Source: COBIT® 5, figure 16. © 2012 ISACA® All rights reserved.

29 29
COBIT 5: Enabling  Processes (Cont.)

• The COBIT 5 p
process reference model subdivides the IT-
related practices and activities of the enterprise into two
main areas—governance and management— with
management further divided into domains of processes:
• The GOVERNANCE domain contains five governance
processes; within each process,
process evaluate
evaluate, direct and
monitor (EDM) practices are defined.
• The four MANAGEMENT domains are in line with the
responsibility areas of plan, build, run and monitor
(PBRM).

30 30
COBIT 5 Implementation

31
COBIT 5 Implementation

• The improvement of the governance of enterprise IT (GEIT) is an


essential part of enterprise governance.
• Information and the pervasiveness of information technology are
increasingly part of every aspect of business and public life.
life
• The need to drive more value from IT investments and manage an
increasing array of IT-related risk has never been greater.
• Increasing regulation and legislation over business use of
information is also driving heightened awareness of the
importance of a well-governed
well governed and managed IT environment.
environment

32
COBIT 5 Implementation (cont.)

• ISACA has developed the COBIT 5 framework to help


enterprises implement sound governance enablers. Indeed,
implementing good GEIT is almost impossible without
engaging
g g g an effective ggovernance framework. Best ppractices
and standards are also available to underpin COBIT 5.
• Frameworks, best practices and standards are useful only if
th are adopted
they d t d andd adapted
d t d effectively.
ff ti l There
Th are
challenges that need to be overcome and issues that need to
be addressed if GEIT is to be implemented successfully.
• COBIT 5: Implementation provides guidance on how to
do this.

33
COBIT 5 Implementation (cont.)

• COBIT 5: Implementation
p
• Positioning GEIT within an enterprise
• Taking the first steps towards improving GEIT
• Implementation challenges and success factors
• Enabling GEIT-related organisational and behavioural
change
• Implementing continual improvement that includes
change
h enablement
bl t andd programme managementt
• Using COBIT 5 and its components

34
COBIT 5 Implementation (cont.)

35
Source: COBIT® 5, figure 17. © 2012 ISACA® All rights reserved.
COBIT 5
Future Supporting Products

36
COBIT 5 Product Family

37 Source: COBIT® 5, figure 11. © 2012 ISACA® All rights reserved.


COBIT 5 Future Supporting 
Products
• Professional Guides:
•COBIT 5 for Information Security
• COBIT 5 for Assurance

• COBIT 5 for Risk

• Enabler Guides:
• COBIT 5 5: E
Enabling
bli IInformation
f ti
• COBIT Online Replacement
• COBIT Assessment Programme:
• Process Assessment Model (PAM): Using COBIT 5

• Assessor Guide: Usingg COBIT 5


• Self-assessment Guide: Using COBIT 5
38
COBIT 5 delivers value!

y COBIT 5 helps
p enterprises
p create optimal
p value from IT
by maintaining a balance between realising benefits and
optimising risk levels and resource use.
y COBIT 5 enables information and related technology to
be governed and managed in a holistic manner
y The COBIT 5 principles and enablers are generic –
generally applicable!
y A series of publications, education and online
collaboration will drive COBIT forward!

39

You might also like