Presentation is loading. Please wait.

Presentation is loading. Please wait.

Change Management and COBIT®. Estonia & Finland Chapters Presentation Friday, November 5 th 2004 Charles Mansour CISA Tere päevast! ©Charles Mansour.

Published byGabriel Hudson Modified over 8 years ago

Similar presentations

Presentation on theme: "Change Management and COBIT®. Estonia & Finland Chapters Presentation Friday, November 5 th 2004 Charles Mansour CISA Tere päevast! ©Charles Mansour."— Presentation transcript:

1

2 Change Management and COBIT®. Estonia & Finland Chapters Presentation Friday, November 5 th 2004 Charles Mansour CISA Tere päevast! ©Charles Mansour

3 Background Change –getting from State A to State A’ ©Charles Mansour

4 Background Change –getting from State A to State A’ We’ve seen what Change Management is Now we’ll Look at a Tool –which is freely available to all ISACA members ©Charles Mansour

5 Background Change –getting from State A to State A’ We’ve seen what Change Management is Now we’ll Look at a Tool –which is freely available to all ISACA members –can help to control, secure and audit Change Management Systems –can be used for Corporate Governance ©Charles Mansour

6 Objectives To Introduce COBIT® As an Audit and GovernanceTool ©Charles Mansour

7 Objectives To Introduce COBIT® As an Audit and GovernanceTool To look specifically at what COBIT® has to say about Governance and focus on an Audit of Change Management ©Charles Mansour

8 Objectives To Introduce COBIT® As an Audit and GovernanceTool To look specifically at what COBIT® has to say about Governance and focus on an Audit of Change Management Compare and contrast Audit Guidelines with COBIT Online V3.1 ©Charles Mansour

9 Audience Audit? Change Managers? Security? Other? ©Charles Mansour

10 Signpost Should last about 90 minutes ©Charles Mansour

11 Signpost Should last about 90 minutes Handouts ©Charles Mansour

12 Signpost Should last about 90 minutes Handouts Questions ©Charles Mansour

13 Introduction to COBIT®. What it is Why is it there ©Charles Mansour

14 Introduction to COBIT®. What it is Why is it there How to use How to get hold of it ©Charles Mansour

15 Introduction to COBIT®. What it is Why is it there How to use How to get hold of it IT GOVERNANCE A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes. COBIT®. V3 ©Charles Mansour

16 COBIT®. Key Points. The COBIT Framework. The Framework starts from a simple and pragmatic premise: Maturity Models for control over IT processes ©Charles Mansour

17 COBIT®. Key Points. The COBIT Framework. The Framework starts from a simple and pragmatic premise: Maturity Models for control over IT processes Critical Success Factors ©Charles Mansour

18 COBIT®. Key Points. The COBIT Framework. The Framework starts from a simple and pragmatic premise: Maturity Models for control over IT processes Critical Success Factors Key Performance Indicators ©Charles Mansour

19 COBIT®. Key Points. The COBIT Framework. The Framework starts from a simple and pragmatic premise: Maturity Models for control over IT processes Critical Success Factors Key Performance Indicators Key Goal Indicators ©Charles Mansour

20 Maturity Model. 0 Non Existent 1 Initial / Ad Hoc 2 Repeatable but Intuitive 3 Defined Process 4 Managed and Measurable 5 Optimised ©Charles Mansour

21 Critical Success Factors KGIs, and KPIs Critical Success Factors, define the most important management-oriented implementation guidelines to achieve control over and within its IT processes; ©Charles Mansour

22 Critical Success Factors KGIs, and KPIs Critical Success Factors, define the most important management-oriented implementation guidelines to achieve control over and within its IT processes; Key Goal Indicators, define measures that tell management—after the fact—whether an IT process has achieved its business requirements ©Charles Mansour

23 Critical Success Factors KGIs, and KPIs Critical Success Factors, define the most important management-oriented implementation guidelines to achieve control over and within its IT processes; Key Goal Indicators, define measures that tell management—after the fact—whether an IT process has achieved its business requirements Key Performance Indicators, which are lead indicators that define measures of how well the IT process is performing in enabling the goal to be reached. ©Charles Mansour

24 COBIT®’s Four Domains PO: Planning and Organisation AI: Acquisition and Implementation DS: Delivery and Support –Subject of Change is referenced in all the above sections M: Monitoring ©Charles Mansour

25 Scope of Change Management Process Everything Because everything can change! (and probably will!) ©Charles Mansour

26 Scope of Change Management Process Everything Because everything can change! (and probably will!) Biggest Changes - Strategic Direction - Business –software application and system –hardware ©Charles Mansour

27 Scope of Change Management Process Everything Because everything can change! (and probably will!) Biggest Changes - Strategic Direction - Business –software application and system –hardware ©Charles Mansour

28 Scope of Change Management Process Everything Because everything can change! (and probably will!) Biggest Changes - Strategic Direction - Business –software application and system –hardware –vendors –sourcing –ways of doing things –Process and procedure updates ©Charles Mansour

29 Scope of Change Management Process Everything Because everything can change! (and probably will!) Biggest Changes - Strategic Direction - Business –software application and system –hardware –vendors –sourcing –ways of doing things –Process and procedure updates –And DATA ©Charles Mansour

30 Why do We Need to Manage Change? Cost Quality ©Charles Mansour

31 Why do We Need to Manage Change? Cost Quality Continuity Avoid re-work ©Charles Mansour

32 Why do We Need to Manage Change? Cost Quality Continuity Avoid re-work Insurance Control over third parties / partners ©Charles Mansour

33 Change Management - Where New Systems –Systems Development Life Cycles are big Change Management Processes –not part of this presentation ©Charles Mansour

34 Change Management - Where New Systems –Systems Development Life Cycles are big Change Management Processes –not part of this presentation Enhancements to Existing Systems –Main system costs are in this area (80% of system cost is after implementation) ©Charles Mansour

35 Change Management - Where New Systems –Systems Development Life Cycles are big Change Management Processes –not part of this presentation Enhancements to Existing Systems –Main system costs are in this area (80% of system cost is after implementation) Acquisition of Hardware ©Charles Mansour

36 Responsibilities Business (for any business applications or processes) –End to End Process Ownership (E2EPO) –data and systems ownership ©Charles Mansour

37 Responsibilities Business (for any business applications or processes) –End to End Process Ownership (E2EPO) –data and systems ownership IT ©Charles Mansour

38 Responsibilities Business (for any business applications or processes) –End to End Process Ownership (E2EPO) –data and systems ownership IT Security Audit / Risk /Compliance ©Charles Mansour

39 Audit Flow Terms of Reference Engagement Memo Audit Planning Memorandum –Scope –Control Objectives Audit Programme –Who to see –What to get Test Programme –Compliance –Substantive ©Charles Mansour

40 Change Management - COBIT® What does COBIT® say –It’s mainly in Domain AI (Acquisition and Implementation) Section 6: Manage Changes,

41 Change Management - COBIT® What does COBIT® say –It’s mainly in Domain AI (Acquisition and Implementation) Section 6: Manage Changes, –High Level Sections cover The Business Process

42 Change Management - COBIT® What does COBIT® say –It’s mainly in Domain AI (Acquisition and Implementation) Section 6: Manage Changes, –High Level Sections cover The Business Process The Business Requirements (High Level Control Objectives)

43 Change Management - COBIT® What does COBIT® say –It’s mainly in Domain AI (Acquisition and Implementation) Section 6: Manage Changes, –High Level Sections cover The Business Process The Business Requirements (High Level Control Objectives) How control is achieved

44 Change Management - COBIT® What does COBIT® say –It’s mainly in Domain AI (Acquisition and Implementation) Section 6: Manage Changes, –High Level Sections cover The Business Process The Business Requirements (High Level Control Objectives) How control is achieved Control considerations

45 Contd. What does COBIT® say? –At the detailed Audit Level Detailed Control Objectives

46 Contd. What does COBIT® say? –At the detailed Audit Level Detailed Control Objectives How to obtain an understanding of the process

47 Contd. What does COBIT® say? –At the detailed Audit Level Detailed Control Objectives How to obtain an understanding of the process How to evaluate controls

48 Practical Auditing Using COBIT® Audit Engagement –High Level Control Objective / Business Need ©Charles Mansour

49 Practical Auditing Using COBIT® Audit Engagement –High Level Control Objective / Business Need –High Level Process definition ©Charles Mansour

50 Practical Auditing Using COBIT® Audit Planning Memorandum –Considerations (Audit Scope)

51 Practical Auditing Using COBIT® Audit Planning Memorandum –Considerations (Audit Scope)

52 Practical Auditing Using COBIT® Audit Planning Memorandum –Detailed Control Objectives ©Charles Mansour

53 Practical Auditing Using COBIT® Determination ©Charles Mansour

54 Practical Auditing Using COBIT® Determination - Control Evaluation ©Charles Mansour

55 Practical Auditing Using COBIT® Compliance Test Plan

56 Practical Auditing Using COBIT® Compliance Test Plan

57 Practical Auditing Using COBIT® Compliance Test Plan

58 Practical Auditing Using COBIT® Substantive Test Plan

59 COBIT® On Line Free ‘Browse capability for ISACA members Version 3.1 now available Includes Control Practices Includes ‘Quickstart’ information Compare and Contrast with the Audit Guidelines ©Charles Mansour

60

61

62 Control Objective Factors Effectiveness: the degree to which the control objective responds to the underlying value delivery and risk mitigation requirements, irrespective of efficiency, cost, etc. Effectiveness: Legend : Very High High Medium Low Very Low Not Applicable

63 Control Objective Factors Effectiveness: the degree to which the control objective responds to the underlying value delivery and risk mitigation requirements, irrespective of efficiency, cost, etc. Expedience: the time taken, on average, to implement the control objective Expedience:

64 Control Objective Factors- Cont’d Sustainability: the degree to which the control can continue to operate without maintenance due to changes in the environment Sustainability:

65 Control Objective Factors- Cont’d Sustainability: the degree to which the control can continue to operate without maintenance due to changes in the environment Contribution: the total contribution of the control objective to improving risk mitigation and value delivery and is the combination of effectiveness, expedience and sustainability Contribution:

66 Control Objective Factors- Cont’d Sustainability: the degree to which the control can continue to operate without maintenance due to changes in the environment Contribution: the total contribution of the control objective to improving risk mitigation and value delivery and is the combination of effectiveness, expedience and sustainability Effort: an indication of cost and people time required to implement and maintain the control objective Effort:

67 Globalisation –Systems need to be available 365/24 –Timing of change is critical ISACA IT Control Practice Statements –Why do it? –Control Practices for each control consderation area What’s Changed? ©Charles Mansour

68

69

70

71

72

73

74 Maturity Modelling – The Journey 0 5 12 3 4 Where we are now

75 Maturity Modelling – The Journey 0 5 12 3 4 Where we are now Industry Standard

76 Maturity Modelling – The Journey 0 5 12 3 4 Where we are now Industry Standard Where we want to be

77 Hints & Tips Be selective – you won’t use 100% of the material in COBIT in your audit

78 Hints & Tips Be selective – you won’t use 100% of the material in COBIT in your audit Mould your approach to the size of the business

79 Hints & Tips Be selective – you won’t use 100% of the material in COBIT in your audit Mould your approach to the size of the business Use ‘Quickstart’ pointers in COBIT Online

80 Hints & Tips Be selective – you won’t use 100% of the material in COBIT in your audit Mould your approach to the size of the business Use ‘Quickstart’ pointers in COBIT Online Use Control Practice Statements

81 What’s Changed? E-Business –Many Components

82 What’s Changed? E-Business –Many Components –Many outside systems or staff –Increasing use of outsourcing

83 What’s Changed? E-Business –Many Components –Many outside systems or staff –Increasing use of outsourcing –difficult to implement one change management process

84 What’s Changed? E-Business –Many Components –Many outside systems or staff –Increasing use of outsourcing –difficult to implement one change management process –focus on synchronising change –bottlenecks

85 Reprise We’ve looked at; –the role of COBIT® ©Charles Mansour

86 Reprise We’ve looked at; –the role of COBIT® –COBIT® and Corporate Governance ©Charles Mansour

87 Reprise We’ve looked at; –the role of COBIT® –COBIT® and Corporate Governance –structure of the Audit Guidelines ©Charles Mansour

88 Reprise We’ve looked at; –the role of COBIT® –COBIT® and Corporate Governance –structure of the Audit Guidelines –how you can use COBIT® in the course of a Change Management Audit ©Charles Mansour

89 Reprise We’ve looked at; –the role of COBIT® –COBIT® and Corporate Governance –structure of the Audit Guidelines –how you can use COBIT® in the course of a Change Management Audit –What’s changed in Change Management ©Charles Mansour

90 Conclusion Change Management is getting more complex ©Charles Mansour

91 Conclusion Change Management is getting more complex Auditing Change Management is more challenging ©Charles Mansour

92 Conclusion Change Management is getting more complex Auditing Change Management is more challenging Few organisations have single sources of change ©Charles Mansour

93 Conclusion Change Management is getting more complex Auditing Change Management is more challenging Few organisations have single sources of change Basic principles still apply ©Charles Mansour

94 Conclusion Change Management is getting more complex Auditing Change Management is more challenging Few organisations have single sources of change Basic principles still apply COBIT® provides a sound basis for –IT Governance and Control of Change –Audit of Change Management Processes ©Charles Mansour

95 Conclusion Change Management is getting more complex Auditing Change Management is more challenging Few organisations have single sources of change Basic principles still apply COBIT® provides a sound basis for –IT Governance and Control of Change –Audit of Change Management Processes Challenge is to sell COBIT® as a Governance tool to our organisation’s IT Executive ©Charles Mansour

96 Public Downloads (from www.isaca.org – Governance – COBIT Online – Access COBIT Online – Browsing – PDF Downloads)www.isaca.org Document Last modified on Board Briefing on IT Governance.pdf2 Oct 2003 COBIT_Control_Objectives.pdf1 Oct 2003 COBIT_Executive_Summary.pdf1 Oct 2003 COBIT_Framework.pdf1 Oct 2003 COBIT_Implementation_Toolset.pdf1 Oct 2003 COBIT_Management_Guidelines.pdf1 Oct 2003 Member Downloads Document Last modified on COBIT_Audit_Guidelines.pdf1 Oct 2003

97 Useful Websites ISACA Website (for free download of COBIT® and free browsing of COBIT On LIne) –http://www.isaca.org Survival Guide Website –http://www.construx.com/survivalguide/ –detailedchangeproc.htm#TopLevelContents Change Management Resource Library –http://www.change-management.org/articles.htm Audit net Change Management Programme –http://www.auditnet.org/docs/chngmgmt.txt ©Charles Mansour

98 Questions???? ©Charles Mansour

99

Download ppt "Change Management and COBIT®. Estonia & Finland Chapters Presentation Friday, November 5 th 2004 Charles Mansour CISA Tere päevast! ©Charles Mansour."

Similar presentations

A Joint Code of Practice Objectives and Summary Presentation

A Joint Code of Practice Objectives and Summary Presentation
COBIT® 5 for Assurance Introduction

COBIT® 5 for Assurance Introduction
Enterprise Architecture Rapid Assessment

Enterprise Architecture Rapid Assessment
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Risk-based sampling using CobiT By Rune Johannessen and Børre Lagesen June 2005 Lithuania.

Risk-based sampling using CobiT By Rune Johannessen and Børre Lagesen June 2005 Lithuania.
Alignment of Enterprise Governance and IT Governance

Alignment of Enterprise Governance and IT Governance
1 Professionalising Programme & Project Management Developing programme & project management capacities for UNDP and national counterparts External Briefing.

1 Professionalising Programme & Project Management Developing programme & project management capacities for UNDP and national counterparts External Briefing.
Control and Accounting Information Systems

Control and Accounting Information Systems
Unilever IT Career Framework Daryl Beck IT Excellence Thursday 6 th December 2007.

Unilever IT Career Framework Daryl Beck IT Excellence Thursday 6 th December 2007.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
CPIS 357 Software Quality & Testing I.Rehab Bahaaddin Ashary Faculty of Computing and Information Technology Information Systems Department Fall 2010.

CPIS 357 Software Quality & Testing I.Rehab Bahaaddin Ashary Faculty of Computing and Information Technology Information Systems Department Fall 2010.
COBIT - II.

COBIT - II.
IT Governance Capability Maturity within Government

IT Governance Capability Maturity within Government
Www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.

COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.

Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.
Safety Management Simon Roberts SMS Programme Manager UK CAA.

Safety Management Simon Roberts SMS Programme Manager UK CAA.

Similar presentations

Ads by Google