Presentation IT Governance
Presentation IT Governance
Officers
(CIO)
Module 5
IT Governance COBIT
Framework
Objectives of Module 5
To enhance the basic understanding of
the CIOs to the IT Governance
concepts and techniques using the
COBIT Framework and explore their
applicability in Iraq
Scope of Module 5
IT Governance Concepts
IT Governance vis-a-vis
Enterprise
Governance
IT Governance life cycle
IT Domains, Processes and Activities
IT Monitoring Evaluation and Control
ENTERPRISE
ACTIVITIES
INFORMATION
TECHNOLOGY
GOVERNANCE
INFORMATION
TECHNOLOGY
ACTIVITIES
Enterprise IT Governance C
DIRECT
OBJECTIV
ES
IT is aligned with
the
business,
enables the
Business
and
maximises
benefits.
IT resources are
used responsibly.
IT-related
risks
are managed
appropriately
Plan
Do
Check
CONTR
OL
Correct
Manage
Risk
Security
Increase
Reliability
Automati
Compliance oneffective
Decrease
Cost- be
efficient
REPORT
IT
RESOURCES
IT inRESOURCES
Data- Objects
their widest sense (i.e.,
external and
internal), structured and non
structured, graphics, sound, etc.
Application Systems
Technology- Hardware, operating system,
database management
multimedia, etc.
systems, networking,
Facilities
People-
Staff
skills,
awareness
and
productivity to plan,
organise, acquire,
deliver, support, monitor and
evaluate
information systems and services
8
DATA
APPLICATION
FACILITIE
S
PEOPLE
TECHNOL
OGY
SYSTEM
INFORMATION
Effectiveness
Efficiency
Confidentialit
y
Integrity
Availability
Compliance
Reliability
What you
GET
INFORMATION
INFORMATION
RESOURCES
People
Application
Systems
Technology
Facilities
Data
What you
Need
Information
Criteria
effectiveness
Efficiency
Confidentiality
Integrity
Availability
Compliance
Reliability
DO They Match?
10
11
Fiduci
ary
DATA
Security
FACILITIES
TECHNOLOGY
Application Sy
IT
PROCES
SES
Processes
ACTIVITIES
PEOPLE
IT RESOURCES
12
IT Governance
BUSINESS
Framework
OBJECTIVES
M&E PROCESSES
PLAN AND
ORGANISE
INFORMATI
ON
IT
MONITOR
AND
EVALUATE
DELIVER
AND
SUPPORT
IT
RESOURCE
S
ACQUIRE AND
IMPLEMENT
13
14
17
Maturity
Model
Repeatable
0 Nonexistent Management
processes are not
applied at all.
International Standard Guidelines
1 Initial Processes are ad hoc and
Industry Best Practice
disorganised.
2 Repeatable Processes follow a
Enterprise Strategy
regular pattern.
3 Defined Processes are
documented and
communicated.
4 Managed Processes are
18
Enterprise Current Status