“ I C T a d v i s o r y s e r v i c e s ” Transforming Enterprise IT Thomas Bbosa, CISSP BitWork Consult Ltd BitWork Consult Ltd

“ I C T a d v i s o r y s e r v i c e s ” IT Requires Executive Oversight An apparel manufacturing company’s difficulties in installing supply chain software cost it an estimated US $200 million A publicly traded company admitted that a virtual collapse of its financial reporting system reduced its market value by one-third in a single day An operational meltdown after the merger of two transportation companies was traced to the inability to coordinate their IT systems  2009 ISACA Al Rights reserved. 2 With good reason:

“ I C T a d v i s o r y s e r v i c e s ” Oversight Can Lead to Value Creation A major airline’s supply chain transformation improved the forecast of demand, reduced procurement costs and increased service levels while costs fell A technology products and services company saved US $12 billion over two years by linking up disparate pieces of its supply chain, thereby reducing inventory levels  2009 ISACA All Rights reserved. 3 IT can provide significant benefits, too:

“ I C T a d v i s o r y s e r v i c e s ”  2009 ISACA All Rights reserved. 4 IT Governance Is the Key Issue IT Governance Is the Key Issue Enterprises are sacrificing money, productivity and competitive advantage by not implementing effective IT governance Executives need a better way to: – Direct IT for optimal advantage – Measure the value provided by IT – Manage IT-related risks

“ I C T a d v i s o r y s e r v i c e s ”  2009 ISACA All Rights reserved. 5 C OBI T ® is a Road Map to Good IT Governance Accepted globally as a set of tools that ensures IT is working effectively Functions as an overarching framework Provides common language to communicate goals, objectives and expected results to all stakeholders Based on, and integrates, industry standards and good practices in: – Strategic alignment of IT with business goals – Value delivery of services and new projects – Risk management – Resource management – Performance measurement

“ I C T a d v i s o r y s e r v i c e s ”  2009 ISACA All Rights reserved. 6 Developed by the Leader in IT Governance Professional association with 86,000 constituents. Worldwide leader in IT governance, control, security and assurance. Offers the CISA, CISM and CGEIT certifications. Control Objectives for Information and related Technology

“ I C T a d v i s o r y s e r v i c e s ”  2009 ISACA All Rights reserved. 7 C OBI T ® Business Benefits C OBI T ® provides guidance for executive management to govern IT within the enterprise More effective tools for IT to support business goals More transparent and predictable full life-cycle IT costs More timely and reliable information from IT Higher quality IT services and more successful projects More effective management of IT-related risks

“ I C T a d v i s o r y s e r v i c e s ”  2009 ISACA All Rights reserved. 8 Harmonising the Elements of IT Governance IT Governance Resource Management Strategic Alignment Value Delivery Performance Measurement Risk Management

“ I C T a d v i s o r y s e r v i c e s ”  2009 ISACA All Rights reserved. 9 A Closer Look at

“ I C T a d v i s o r y s e r v i c e s ”  2009 ISACA All Rights reserved. 10 C OBI T ® Answers Key Business Questions Is my information technology organization doing the right things? Are we doing them the right way? Are we getting them done well? Are we getting the benefits? * * Based on the “Four Ares” as described by John Thorp in his book The Information Paradox, written jointly with Fujitsu, first published in 1998 and revised in 2003

“ I C T a d v i s o r y s e r v i c e s ”  2009 ISACA All Rights reserved. 11 The C OBI T ® Framework

“ I C T a d v i s o r y s e r v i c e s ” C OBI T ® C OBI T ® Defines Processes, Goals and Metrics  2009 ISACA All Rights reserved. 12 Relationship Amongst Process, Goals and Metrics (DS5)

“ I C T a d v i s o r y s e r v i c e s ”  2009 ISACA All Rights reserved. 13 Defined Responsibilities for Each Process Link business goals to IT goals. CI A/ R IC Identify critical dependencies and current performance. CCR A/ R CCCCCC Build an IT strategic plan. ACCRICCCCIC Build IT tactical plans. CIACCCCCRI Analyse programme portfolios and manage project and service portfolios. CIIARRCRCCI RACI Chart Activities Functions A RACI chart identifies who is Responsible, Accountable, Consulted and/or Informed.

“ I C T a d v i s o r y s e r v i c e s ” C OBI T ® Products and Their Primary Audience  2009 ISACA All Rights reserved. 14 C OBI T, Risk IT and Val IT frameworks Implementing and Continually Improving IT Governance C OBI T User Guide for Service Managers C OBI T and Application Controls

“ I C T a d v i s o r y s e r v i c e s ”  2009 ISACA All Rights reserved. 15 COBIT is often used at the highest level of IT governance It harmonises practices and standards such as ITIL, ISO and 27002, and PMBOK – Improves their alignment to business needs – Covers full spectrum of IT-related activities C OBI T ® Harmonises Other Standards 27001/2

“ I C T a d v i s o r y s e r v i c e s ”  2009 ISACA All Rights reserved. 16 Used by Organizations Worldwide (for complete case studies visit ‘We continue to recommend that enterprises use [C OBI T] to challenge their established IT governance procedures and to improve the controls they have in place.’ —Gartner also used by Allstate, Harley-Davidson, the Bahrain Civil Service Bureau and many others

“ I C T a d v i s o r y s e r v i c e s ”  2009 ISACA All Rights reserved. 17 Getting Started Visit to download the C OBI T ® frameworkwww.isaca.org/cobit

“ I C T a d v i s o r y s e r v i c e s ”  2009 ISACA All Rights reserved. 18 Thank You!

“ I C T a d v i s o r y s e r v i c e s ” About BitWork Consult Ltd Our services and solutions include: - Information Security Awareness Training - ISO Information Security program development - ICT Projects Management - Penetration Testing - Threat & Vulnerability Management - Information Security Incident management - Business Continuity and Recovery Services - IT Audits, Compliance Management, & IT Governance Our Contacts: Plot 135, UMA Show Ground – Lugogo – Kampala - Uganda Tel: Tel: (+256) / / Web: