Scribd
Upload
107 views18 pages

Presentation IT Governance

This document discusses IT governance concepts using the COBIT framework. It introduces COBIT and describes how IT governance relates to enterprise governance and the IT life cycle. The document outlines COBIT's domains, processes, and activities for IT planning, implementation, delivery, monitoring and control. It shows how COBIT can help align IT with business objectives and criteria through its framework for IT resources, processes and delivery of information.

Uploaded by

Rakesh Choudhary
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
107 views18 pages

Presentation IT Governance

This document discusses IT governance concepts using the COBIT framework. It introduces COBIT and describes how IT governance relates to enterprise governance and the IT life cycle. The document outlines COBIT's domains, processes, and activities for IT planning, implementation, delivery, monitoring and control. It shows how COBIT can help align IT with business objectives and criteria through its framework for IT resources, processes and delivery of information.

Uploaded by

Rakesh Choudhary
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 18

Chief Information

Officers
(CIO)

Module 5
IT Governance COBIT
Framework

Objectives of Module 5
To enhance the basic understanding of
the CIOs to the IT Governance
concepts and techniques using the
COBIT Framework and explore their
applicability in Iraq

Scope of Module 5
IT Governance Concepts
IT Governance vis-a-vis

Enterprise

Governance
IT Governance life cycle
IT Domains, Processes and Activities
IT Monitoring Evaluation and Control

Enterprise Governance and IT G


ENTERPRISE
GOVERNANCE

ENTERPRISE
ACTIVITIES

Drives and Sets

Require Information From

INFORMATION
TECHNOLOGY
GOVERNANCE

INFORMATION
TECHNOLOGY
ACTIVITIES

Enterprise IT Governance C
DIRECT
OBJECTIV
ES

IT is aligned with
the
business,
enables the
Business
and
maximises
benefits.
IT resources are
used responsibly.
IT-related
risks
are managed
appropriately

Plan
Do
Check

CONTR
OL

Correct

Manage
Risk

Plan & Organize


Acquire &
Implement
Deliver &
Support
Monitor &
Realise
Benefits
Evaluate

Security
Increase
Reliability
Automati
Compliance oneffective

Decrease

Cost- be
efficient

REPORT

COBIT- IT Governance Conc


BUSINESS
REQUIREMENT
S
IT
PROCESSES

IT
RESOURCES

IT inRESOURCES
Data- Objects
their widest sense (i.e.,

external and
internal), structured and non
structured, graphics, sound, etc.

Application Systems
Technology- Hardware, operating system,
database management
multimedia, etc.

systems, networking,

Facilities

People-

Staff
skills,
awareness
and
productivity to plan,
organise, acquire,
deliver, support, monitor and
evaluate
information systems and services
8

IT Resources and Delivery of S


EVENTS
Business
objectives
Business
opportunitie
s
External
requirement
s
Regulations
Risks

DATA
APPLICATION

FACILITIE
S
PEOPLE
TECHNOL
OGY

SYSTEM

INFORMATION
Effectiveness
Efficiency
Confidentialit
y
Integrity
Availability
Compliance
Reliability

Framework IT Control objec


BUSINESS
PROCCESSES

What you
GET
INFORMATION

INFORMATION
RESOURCES
People
Application
Systems
Technology
Facilities
Data

What you
Need
Information
Criteria
effectiveness
Efficiency
Confidentiality
Integrity
Availability
Compliance
Reliability

DO They Match?

10

IT Domain, Processes and


Activities
DOMAIN
PROCESSE
S
ACTIVITIE
S / TASKS

11

Processes, Information &


INFORMATION CRITERIA
Resources Criteria
Qualit
y
Domain

Fiduci
ary

DATA

Security
FACILITIES
TECHNOLOGY

Application Sy

IT
PROCES
SES

Processes

ACTIVITIES

PEOPLE

IT RESOURCES

12

IT Governance
BUSINESS
Framework
OBJECTIVES
M&E PROCESSES

PLAN AND
ORGANISE
INFORMATI
ON
IT

MONITOR
AND
EVALUATE
DELIVER
AND
SUPPORT

IT
RESOURCE
S
ACQUIRE AND
IMPLEMENT
13

Plan and Organize


Processes
PO1
define a strategic IT plan
PO2 define the information architecture
PO3 determine the technological direction
PO4
define
the
IT
organisation
and
relationships
PO5 manage the IT investment
PO6 communicate management aims and
direction
PO7 manage human resources
PO8
ensure
compliance
with
external
requirements
PO9 assess risks
PO10 manage projects
PO11 manage quality

14

Acquire and Implement


Processes

AI1 identify automated solutions


AI2 acquire and maintain application
software
AI3 acquire and maintain technology
infrastructure
AI4 develop and maintain procedures
AI5 install and accredit systems
AI6 manage changes
15

Deliver and Support


DS1 define and manage service levels
Processes

DS2 manage third-party services


DS3 manage performance and capacity
DS4 ensure continuous service
DS5 ensure systems security
DS6 identify and allocate costs
DS7 educate and train users
DS8 assist and advise customers
DS9 manage the configuration
DS10 manage problems and incidents
DS11 manage data
DS12 manage facilities
DS13 manage operations
16

Monitoring and Evaluation


Processes
M1 monitor the processes
M2
assess
internal
control
adequacy
M3 obtain independent assurance
M4 provide for independent audit

17

Maturity
Model

Non Existent Initial

Repeatable

LEGEND FOR SYMBOLS USED

Defined Managed Optimized

LEGEND FOR RANKINGS USED

0 Nonexistent Management
processes are not
applied at all.
International Standard Guidelines
1 Initial Processes are ad hoc and
Industry Best Practice
disorganised.
2 Repeatable Processes follow a
Enterprise Strategy
regular pattern.
3 Defined Processes are
documented and
communicated.
4 Managed Processes are
18
Enterprise Current Status

You might also like