Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of IT Governance & ITSM

Published byAlan Lyons Modified over 6 years ago

Similar presentations

Presentation on theme: "Overview of IT Governance & ITSM"— Presentation transcript:

1 Overview of IT Governance & ITSM

2 Introduction and Objectives
Objectives of the Session Review of the concepts of IT Governance Awareness of COBIT 5 Discuss the way COBIT 5 can help improving Enterprise Governance

3 Agenda Enterprise IT Governance
COBIT 5 Framework to implement and improve Enterprise IT Governance How does all fit together Best Approach for Implementing Best Practices and Continual Improvement Questions

4 IT Governance & COBIT 5

5 Governance Enterprises have many stakeholders Governance is about
Negotiating Deciding amongst different stakeholders’ value interests Considering all stakeholders when making benefit, resource and risk assessment decisions For each decision, the following questions should be asked: For whom are the benefits? Who bears the risk? What resources are required? © 2012 ISACA. All Rights Reserved. © Copyright 2013 Impetus Consulting

6 Governance Governance is Directing and Controlling
Governance is Steering towards the ultimate goal through: Evaluating the results and current situation for adjusting the direction based on the feedback received from monitoring and control processes. Directing by setting new direction and goals on multiple levels via dedicated governance processes. Monitoring the achievement of the set goals. © 2012 ISACA. All Rights Reserved. © Copyright 2013 Impetus Consulting

7 COBIT 5 - IT Governance Framework
© Copyright 2012 Impetus Consulting

8 COBIT 5 Scope Not simply IT; not only for big business!
COBIT 5 is about governing and managing information Whatever medium is used End to end throughout the enterprise Information is equally important to: Global, multinational business National and local government Charities and not for profit enterprises Small to medium enterprises and Clubs and associations Information, not always IT, is important to every type and size of enterprise. Large enterprises must control and manage IT to make global decisions. Information is equally important in government, small enterprises and not for profit enterprises. For example, even the local golf club would find it hard to survive without membership information! Information is one of the key Enablers in COBIT 5 which is important to every type and size of organization. High quality and effective decisions require access and control of quality information which has to be supported and facilitated by the technology. Every type of enterprise must ensure its IT is providing value for the resources that were put into it instead of being a black hole into which enterprises pour money and resources with no real business value and results. As a strategic business enabler, IT can create business-related risks that include confidentiality and availability issues. Further, every country has laws and regulations regarding the quality, security and availability of Information. © Copyright 2013 Impetus Consulting

9 Enterprise Benefits Enterprises and their executives strive to:
Maintain quality information to support business decisions. Generate business value from IT-enabled investments, i.e., achieve strategic goals and realise business benefits through effective and innovative use of IT. Achieve operational excellence through reliable and efficient application of technology. Maintain IT-related risk including ever increasing Information Security risks at an acceptable level. Optimise the cost of IT services and technology relative to the value generated. How can these benefits be realized to create enterprise stakeholder value? © Copyright 2013 Impetus Consulting

10 COBIT 5 Framework Stakeholder needs have to be transformed into an enterprise’s actionable strategy. The goals cascade translates stakeholder needs into specific, actionable and customised goals within the context of the enterprise, IT-related goals and enabler goals.

11 COBIT 5 Enablers Resources 2. Processes 3. Organisational Structures
4. Culture, Ethics and Behaviour 1. Principles, Policies and Frameworks 5. Information Resources 6. Services, Infrastructure and Applications 7. People, Skills and Competencies A quick reminder the COBIT 5 Generic Enterprise Enabler model – from page 27 of the Framework © Copyright 2012 Impetus Consulting

12 COBIT 5 Framework COBIT 5 and accompanying publications provide a comprehensive framework that assists enterprises to achieve consistently their goals and deliver value through effective governance and management of enterprise IT. COBIT 5 Defines the starting point of governance and management activities with the stakeholder needs related to enterprise IT. It is consistent with generally accepted corporate governance standards, and thus helps to meet regulatory requirements. The following stakeholder needs are identified and supported by the COBIT 5 Framework: Benefits Realisation Risk Optimisation Resource Optimisation Focusing initially on the needs of the stakeholder, one of the key benefits of COBIT 5 is that it is first and foremost a ‘business framework’. It provides the business management with a means enabling them to have the very critical business conversation with the IT management. COBIT 5 Framework provides a top- down view of business needs that create a goals cascade which drives the need to meet the expectations of the stakeholder right through the enterprise down to IT Goals and goals of individual IT Processes. COBIT 5 also encourages a common language throughout the enterprise so that stakeholders understand IT and IT meets their business needs. The Goals Cascade is part of one of the Important Principles of COBIT 5 Framework and will be dealt with in Learning Area PR – Principles. © 2012 ISACA. All rights reserved. © Copyright 2013 Impetus Consulting

13 COBIT 5 Framework These challenges can be overcome through a well implemented and sustained IT Governance Framework

14 COBIT 5 Process Reference Model

15 COBIT 5 Framework

16 Governance of Enterprise IT
The Evolution of COBIT 5 2005/7 2000 1998 Evolution 1996 Governance of Enterprise IT COBIT 5 IT Governance COBIT4.0/4.1 BMIS (2010) Management COBIT3 Val IT 2.0 (2008) Control COBIT2 Audit COBIT1 Risk IT (2009) COBIT has evolved from its initial focus on Information Systems (IS) Audit in 1996 through the stages shown below. Each version evolved to better meet the needs of the business to manage both its information and the most important medium supporting business information, Information Technology (IT). Prior to 1996, COBIT existed as the ISACA “Control Objectives” for IS auditors which was issued as a loose-leaf manual to all ISACA members which, at the time, were primarily IS auditors. 1996 – first frameworks was created primarily for auditors 1998 – introduced control practices and control activities 2000 – big change to include management guidelines, 2005 – – additional offerings including BMIS, Val IT, Risk IT Business Model for Information Security (BMIS) provides a holistic and business-oriented approach to managing information security, and a common language for information security and business management to talk about information protection. 2012 © 2012 ISACA. All Rights Reserved. © Copyright 2013 Impetus Consulting

17 Benefits of using a Framework
Benefits of an IT Governance Framework particularly COBIT 5: Use of proven best practice for IT Governance Repeatable governance practices designed as processes in a coherent framework which can be sustained successfully on a longer term Continual Improvement concept integrated into the governance practice Start small and broaden the scope as needed; and justified by the results and measured benefits Possibility of getting certified for ISO at a later stage

18 Benefits of COBIT 5 continued
Defines the starting point of governance and management activities with the stakeholder needs related to enterprise IT Provides a more holistic, integrated and complete view of enterprise governance and management of IT that is consistent Helps creating and consistently sustaining a holistic, end-to-end IT Governance practice integrated well into the overall Enterprise Governance Creates a common language between IT and business for the enterprise governance and management of IT Is consistent with generally accepted corporate governance standards, and thus helps to meet regulatory requirements © Copyright 2013 Impetus Consulting

19 How does All Fit Together?

20 Mapping of Frameworks © Copyright 2013 Impetus Consulting
Appendix E of COBIT 5 Framework provides further details of the mapping between COBIT 5 and other standards or frameworks. ISO/IEC 38500: ISO Standard for IT Governance which is based on 6 principles that can be mapped to COBIT 5 ITIL (IT Infrastructure Library): The IT Service Management framework covers a subset of process in the DSS domain, a subset of processes in the BAI domain as well as some process in the APO domain ISO/IEC 27000: ISO Standard for Information Security covers Security and IT-related processes in domains EDM, APO and DSS as well as some monitoring of security monitoring activities in MEA ISO/IEC 31000: ISO Standard for Risk management covers related activities in EDM and APO TOGAF (The Open Group Architecture Framework) covers resource-related processes in EDM and enterprise architecture processes of APO PRINCE2 covers the project management processes in the BAI domain as well as some of the Portfolio related processes in the APO domain CMMI (Capability Maturity Model Integration) covers some organisational and quality-related processes in the APO domain as well as building and acquisition related processes in BAI © 2012 ISACA. All rights reserved. © Copyright 2013 Impetus Consulting

21 Mapping of Frameworks COBIT ITIL SCOPE OF COVERAGE COSO ISO 27002
WHAT HOW This slide shows a different high-level view. It is normal for COBIT to be used in conjunction with other good practices, standards and in-house developed guidance. COBIT can act like an umbrella providing the framework for integrating everything else. SCOPE OF COVERAGE © 2012 ISACA. All rights reserved. © Copyright 2013 Impetus Consulting

22 Enterprise Governance Best Practice Standards
Mapping of Frameworks CONFORMANCE Basel II, Sarbanes- Oxley Act, etc. Drivers PERFORMANCE: Business Goals Balanced Scorecard Enterprise Governance COSO IT Governance COBIT This slide shows how COBIT fits into the hierarchy - from business drivers at the top, down to specific governance processes and procedures. COBIT is the bridge between business and enterprise governance requirements and specific IT governance practices. ISO 9001:2000 ISO 27002 ISO 20000 Best Practice Standards QA Procedures Security Principles Processes and Procedures ITIL © 2012 ISACA. All rights reserved. © Copyright 2013 Impetus Consulting

23 COBIT 5 Implementation © Copyright 2013 Impetus Consulting
There are three interrelated components of the life cycle model shown (Refer Figure 17 chapter 7 of the COBIT Framework Guide) 1. Core continual improvement life cycle – This is not a one-off project 2. Enablement of Change – Addressing the behavioural and cultural aspects and 3. The Management of the programme © 2012 ISACA. All Rights Reserved. © Copyright 2013 Impetus Consulting

24 The Deming PDCA cycle Continuous quality control and consolidation
Plan Do Check Act Planning for improvement initiative Implementation of improvement Monitor, measure and review New Actions ACT PLAN Business IT Alignment Maturity Level CHECK DO Fig: 2.8 The Deming Cycle This relates to the W Edwards Deming Cycle for quality improvement Plan: Goals and measures for success are established, a gap analysis performed, action steps to close the gap are defined, and measures to ensure the gap was closed are established and implemented. Do: Covers the development and implementation of a project to close the identified gaps, implementation of the improvement process and establishing the smooth operation of the process Check: The implemented improvements are compared to the measures of success established in the Plan phase Act: Is any further work required to close any remaining gaps. Project decisions at this stage are the input for the next round of the PDCA cycle. Effective Quality Improvement Consolidation of the level reached i.e. Baseline Time Scale

25 Key Success Factors Top Management providing the direction and mandate for the initiative as well as on-going commitment. All parties supporting the governance and management processes to understand the business and IT objectives. Creating a common language via trainings and awareness sessions. Ensuring effective communication and enablement of the necessary changes. Tailoring COBIT 5, ITIL and any other supporting good practices and standards to fit the unique context of the enterprise. Focusing on quick wins and prioritizing the most beneficial improvements that are easiest to implement. © 2012 ISACA. All Rights Reserved. © Copyright 2013 Impetus Consulting

26 Benefits of the Approach
Use of proven best practice for IT Governance and IT Service Management. Repeatable governance and management practices designed as processes to be sustained successfully on a longer term. Continual Improvement concept integrated into the governance practice. Start small and broaden the scope as needed; and justified by the results and measured benefits. Pragmatic and realistic with low risk. Possibility of getting certified for ISO and/or ISO at a later stage.

27 Questions?

Download ppt "Overview of IT Governance & ITSM"

Similar presentations

Life Science Services and Solutions

Life Science Services and Solutions
COBIT 5 for Information Security Introduction

COBIT 5 for Information Security Introduction
Presented by. © 2012 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored.

Presented by. © 2012 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored.
Alignment of COBIT to Botswana IT Audit Methodology

Alignment of COBIT to Botswana IT Audit Methodology
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
Enterprise Architecture

Enterprise Architecture
Welcome ISO9001:2000 Foundation Workshop.

Welcome ISO9001:2000 Foundation Workshop.
COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.

COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.
COBIT® 5 for Risk Introduction

COBIT® 5 for Risk Introduction
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.

Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
Continual Service Improvement Process

Continual Service Improvement Process
COBIT Information Security An Introduction Tanvir Orakzai,PhD

COBIT Information Security An Introduction Tanvir Orakzai,PhD
The Challenge of IT-Business Alignment

The Challenge of IT-Business Alignment
CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.

CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.

An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Holistic Approach to Security

Holistic Approach to Security

Similar presentations

Ads by Google