COBITlaminate_online_RD3 introduction overview
- 1. 2019 • Enterprise strategy • Enterprise goals • Enterprise size • Role of IT • Sourcing model for IT • Compliance requirements • Etc. • SME • Security • Risk • DevOps • Etc. ➢ Priority governance and management objectives ➢ Specific guidance from focus areas ➢ Target capability and performance management guidance Design Factors COBIT 5 Inputs to COBIT 2019 COBIT 2019 Community Contribution Standards, Frameworks, Regulations COBIT Core Publications Focus Area Tailored Enterprise Governance System for Information and Technology COBIT Core Reference Model of Governance and Management Objectives COBIT® 2019 Framework: Introduction and Methodology COBIT® 2019 Framework: Governance and Management Objectives COBIT® 2019 Design Guide: Designing an Information and Technology Governance Solution COBIT® 2019 Implementation Guide: Implementing and Optimizing an Information and Technology Governance Solution EDM01—Ensured Governance Framework Setting and Maintenance APO01—Managed I&T Management Framework APO08—Managed Relationships APO02—Managed Strategy APO09—Managed Service Agreements APO03—Managed Enterprise Architecture APO10—Managed Vendors APO04—Managed Innovation APO11—Managed Quality APO05—Managed Portfolio APO12—Managed Risk APO06—Managed Budget and Costs APO07—Managed Human Resources APO014—Managed Data MEA01—Managed Performance and Conformance Monitoring MEA02—Managed System of Internal Control MEA03—Managed Compliance with External Requirements MEA04—Managed Assurance APO13—Managed Security DSS01—Managed Operations DSS02—Managed Service Requests and Incidents DSS03—Managed Problems DSS04—Managed Continuity DSS05—Managed Security Services DSS06—Managed Business Process Controls BAI01—Managed Programs BAI08—Managed Knowledge BAI02—Managed Requirements Definition BAI09—Managed Assets BAI03—Manage Solutions Identification and Build BAI10—Managed Configuration BAI04—Managed Availability and Capacity BAI11—Managed Projects BAI05—Managed Organizational Change BAI06—Managed IT Changes BAI07—Managed IT Change Acceptance and Transitioning EDM02—Ensured Benefits Delivery EDM03—Ensured Risk Optimization EDM04—Ensured Resource Optimization EDM05—Ensured Stakeholder Engagement Figure 4.1 COBIT Overview © 2018 ISACA. All Rights Reserved.
- 2. 1. Provide Stakeholder Value 2. Holistic Approach 3. Dynamic Governance System 4. Governance Distinct From Management 5. Tailored to Enterprise Needs 6. End-to-End Governance System Figure 2.1 COBIT Stakeholders Figure 3.1 Governance System Principles Figure 3.2 Governance Framework Principles Stakeholder Benefit of COBIT Internal Stakeholders Boards Provides insights on how to get value from the use of I&T and explains relevant board responsibilities Executive Management Provides guidance on how to organize and monitor performance of I&T across the enterprise Business Managers Helps to understand how to obtain the I&T solutions enterprises require and how best to exploit new technology for new strategic opportunities IT Managers Provides guidance on how best to build and structure the IT department, manage performance of IT, run an efficient and effective IT operation, control IT costs, align IT strategy to business priorities, etc. Assurance Providers Helps manage dependency on external service providers, get assurance over IT, and ensure the existence of an effective and efficient system of interal controls Risk Management Helps to ensure the identitication and management of all IT-related risk External Stakeholders Regulators Helps to ensure the enterprise is compliant with applicable rules and regulations and has the right governance system in place to manage and sustain compliance Business Partners Helps to ensure that a business partner’s operations are secure, reliable and compliant with applicable rules and regulations IT Vendors Helps to ensure that an IT vendor’s operations are secure, relaible and compliant with applicable rules and regulations 1. Based on Conceptual Model 2. Open and Flexible 3. Aligned to Major Standards © 2018 ISACA. All Rights Reserved.
- 3. Processes Services, Infrastructure and Applications Organizational Structures Culture, Ethics and Behavior Information People, Skills and Competencies Principles, Policies, Procedures Governance System Figure 4.3 COBIT Components of a Governance System Stakeholder Drivers and Needs Enterprise Goals Alignment Goals Governance and Management Objectives Cascade to Cascade to Cascade to Figure 4.16 COBIT Goals Cascade © 2018 ISACA. All Rights Reserved.
- 4. 2019 INTERNATIONAL HE ADQUARTERS 1700 E. Golf Road | Suite 400 Schaumburg, IL 60173 | USA isaca.org © 2018 ISACA. All Rights Reserved. EDM01—Ensured Governance Framework Setting and Maintenance APO01—Managed I&T Management Framework APO08—Managed Relationships APO02—Managed Strategy APO09—Managed Service Agreements APO03—Managed Enterprise Architecture APO10—Managed Vendors APO04—Managed Innovation APO11—Managed Quality APO05—Managed Portfolio APO12—Managed Risk APO06—Managed Budget and Costs APO07—Managed Human Resources APO014—Managed Data MEA01—Managed Performance and Conformance Monitoring MEA02—Managed System of Internal Control MEA03—Managed Compliance With External Requirements MEA04—Managed Assurance APO13—Managed Security DSS01—Managed Operations DSS02—Managed Service Requests and Incidents DSS03—Managed Problems DSS04—Managed Continuity DSS05—Managed Security Services DSS06—Managed Business Process Controls BAI01—Managed Programs BAI08—Managed Knowledge BAI02—Managed Requirements Definition BAI09—Managed Assets BAI03—Managed Solutions Identification and Build BAI10—Managed Configuration BAI04—Managed Availability and Capacity BAI11—Managed Projects BAI05—Managed Organizational Change BAI06—Managed IT Changes BAI07—Managed IT Change Acceptance and Transitioning EDM02—Ensured Benefits Delivery EDM03—Ensured Risk Optimization EDM04—Ensured Resource Optimization EDM05—Ensured Stakeholder Engagement Figure 4.2 COBIT Core Model
- 5. 1. Management Objective Priority and Target Capability Levels 3. Specific Focus Areas 2. Component Variations Design Factors’ Impact Future Factors Enterprise Strategy Enterprise Goals Risk Profile I&T-Related Issues Threat Landscape Compliance Requirements Role of IT Sourcing Model for IT IT Implementation Methods Technology Adoption Strategy Enterprise Size Figure 4.4 COBIT Design Factors Figure 7.1 Impact of Design Factors on a Governance and Management System © 2018 ISACA. All Rights Reserved. The globally recognized COBIT Framework, which helps ensure effective enterprise governance of infor- mation and technology, has been updated with new information and guidance, facilitating easier, tailored implementation—strengthening COBIT’s continuing role as an important driver of innovation and business transformation. This document provides an overview of the COBIT® 2019 guidance. This excerpt is available as a complimentary PDF at www.isaca.org/COBIT and for purchase in hard copy at www.isaca.org/bookstore. We encourage you to share this document with your enterprise leaders, team members, clients and/or consultants. Additional information is available at isaca.org/COBIT.
- 6. 1. Understand the enterprise context and strategy. 2. Determine the initial scope of the governance system. 3. Refine the scope of the governance system. 4. Conclude the governance system design. • 1.1 Understand enterprise strategy. • 1.2 Understand enterprise goals. • 1.3 Understand the risk profile. • 1.4 Understand current I&T-related issues. • 2.1 Consider enterprise strategy. • 2.2 Consider enterprise goals and apply the COBIT goals cascade. • 2.3 Consider the risk profile of the enterprise. • 2.4 Consider current I&T-related issues. • 3.1 Consider the threat landscape. • 3.2 Consider compliance requirements. • 3.3 Consider the role of IT. • 3.4 Consider the sourcing model. • 3.5 Consider IT implementation methods. • 3.6 Consider the IT adoption strategy. • 3.7 Consider enterprise size. • 4.1 Resolve inherent priority conflicts. • 4.2 Conclude the governance system design. the momentum going? 7 How do we keep 6 D i d w e g e t t h e r e ? 5 H o w d o w e g e t there? 4 What needs to be done? 3 Wher e d o w e w a n t t o b e ? 2 W h e r e a r e w e n o w ? 1 What are the drivers? • Program management (outer ring) • Change enablement (middle ring) • Continual improvement life cycle (inner ring) Initiate program D e f i n e p r o b l e m s a n d o p p o r t u n i t i e s Defin e r o a d m a p Plan program E x e c u t e p lan R e a l i z e b e n e f i t s Review effectiveness O p e r a t e Identify role Com m u n i c a t e t e a m to change a n d u s e players o u t c o m e F o r m i m p l e m e n t a t i o n Establish desire E m b e d n e w Sustain a p p r o a c h e s I m p l e m ent improvements s t a t e A s s e s s Recognize Monitor O p e r a t e i m p r o v e m ents Build ta r g e t c u r r e n t need to and a n d De f i n e s t a t e act evaluate m e a s u r e Figure 7.2 Governance System Design Workflow Figure 8.1 COBIT Implementation Road Map © 2018 ISACA. All Rights Reserved.