Download presentation
Presentation is loading. Please wait.
Published byJakov Subotić Modified over 5 years ago
1
Change Management and COBIT®. ISACA London Chapter Presentation
Thursday, April 25th 2002 Charles Mansour CISA ©Charles Mansour
2
Background Change getting from State A to State A’
We’ve seen what Change Management is Now we’ll Look at a Tool which is freely available to all ISACA members can help to control, secure and audit Change Management Systems can be used for Corporate Governance ©Charles Mansour
3
Objectives To Introduce COBIT® As an Audit and GovernanceTool
To look specifically at what COBIT® has to say about Governance and focus on an Audit of Change Management ©Charles Mansour
4
Audience Audit? Change Managers? Security? Other? ©Charles Mansour
5
Signpost Should last about 45 minutes Handouts Questions
©Charles Mansour
6
Introduction to COBIT®.
What it is Why is it there How to use How to get hold of it IT GOVERNANCE A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes. COBIT®. V3 ©Charles Mansour
7
COBIT®. Key Points . The COBIT Framework.
The Framework starts from a simple and pragmatic premise: Maturity Models for control over IT processes Critical Success Factors Key Performance Indicators Key Goal Indicators provides a tool for the business process owner that facilitates the discharge of this responsi-bility. The Framework starts from a simple and pragmatic premise: COBIT provides Maturity Models for control over IT processes, so that management can map where the organisation is today, where it stands in relation to the best-in- class in its industry and to international standards and where the organisation wants to be; Critical Success Factors, which define the most important management-ori-ented implementation guidelines to achieve control over and within its IT processes; Key Goal Indicators, which define measures that tell management—after the fact—whether an IT process has achieved its business requirements; and Key Performance Indicators, which are lead indicators that define measures of how well the IT process is performing in enabling the goal to be reached. ©Charles Mansour
8
Maturity Model 0 Non Existent 1 Initial / Ad Hoc
. 0 Non Existent 1 Initial / Ad Hoc 2 Repeatable but Intuitive 3 Defined Process 4 Managed and Measurable 5 Optimised provides a tool for the business process owner that facilitates the discharge of this responsi-bility. The Framework starts from a simple and pragmatic premise: COBIT provides Maturity Models for control over IT processes, so that management can map where the organisation is today, where it stands in relation to the best-in- class in its industry and to international standards and where the organisation wants to be; Critical Success Factors, which define the most important management-ori-ented implementation guidelines to achieve control over and within its IT processes; Key Goal Indicators, which define measures that tell management—after the fact—whether an IT process has achieved its business requirements; and Key Performance Indicators, which are lead indicators that define measures of how well the IT process is performing in enabling the goal to be reached. ©Charles Mansour
9
Critical Success Factors KGIs, and KPIs
Critical Success Factors, define the most important management-oriented implementation guidelines to achieve control over and within its IT processes; Key Goal Indicators, define measures that tell management—after the fact—whether an IT process has achieved its business requirements Key Performance Indicators, which are lead indicators that define measures of how well the IT process is performing in enabling the goal to be reached. Key Performance Indicators, which are lead indicators that define measures of how well the IT process is performing in enabling the goal to be reached. ©Charles Mansour
10
COBIT®’s Four Domains PO: Planning and Organisation
AI: Acquisition and Implementation DS: Delivery and Support Subject of Change is referenced in all the above sections M: Monitoring ©Charles Mansour
11
Scope of Change Management Process
Everything Because everything can change! (and probably will!) Biggest Changes - Strategic Direction - Business software application and system hardware vendors sourcing ways of doing things Process and procedure updates And DATA ©Charles Mansour
12
Why do We Need to Manage Change?
Cost Quality Continuity Avoid re-work Insurance Control over third parties / partners ©Charles Mansour
13
Change Management - Where
New Systems Systems Development Life Cycles are big Change Management Processes not part of this presentation Enhancements to Existing Systems Main system costs are in this area (80% of system cost is after implementation) Acquisition of Hardware ©Charles Mansour
14
Responsibilities Business (for any business applications or processes)
data and systems ownership IT Security Audit / Risk /Compliance ©Charles Mansour
15
Change Management - COBIT®
What does COBIT® say It’s mainly in Domain AI (Acquisition and Implementation) Section 6: Manage Changes, High Level Sections cover The Business Process The Business Requirements (High Level Control Objectives) How control is achieved Control considerations
16
Contd. What does COBIT® say? At the detailed Audit Level
Detailed Control Objectives How to obtain an understanding of the process How to evaluate controls
17
Contd. What does COBIT® say? At the detailed Audit Level
How to assess compliance with controls
18
Contd. What does COBIT® say? At the detailed Audit Level
How to assess compliance with controls How to substantiate the risk of control objectives not being met
19
Practical Auditing Using COBIT®
Audit Engagement High Level Control Objective High Level Process definition ©Charles Mansour
20
Practical Auditing Using COBIT®
Audit Planning Memorandum Considerations (Audit Scope)
21
Practical Auditing Using COBIT®
Audit Planning Memorandum Detailed Control Objectives ©Charles Mansour
22
Practical Auditing Using COBIT®
Determination ©Charles Mansour
23
Practical Auditing Using COBIT®
Determination - Control Evaluation ©Charles Mansour
24
Practical Auditing Using COBIT®
Compliance Test Plan
25
Practical Auditing Using COBIT®
Substantive Test Plan
26
What’s Changed? E-Business Many Components
Many outside systems or staff Increasing use of outsourcing difficult to implement one change management process focus on synchronising change bottlenecks ©Charles Mansour
27
What’s Changed? Globalisation ISACA IT Control Practice Statements
Systems need to be available 365/24 Timing of change is critical ISACA IT Control Practice Statements Why do it? Control Practices for each control consderation area ©Charles Mansour
28
Reprise We’ve looked at; the role of COBIT®
COBIT® and Corporate Governance structure of the Audit Guidelines how you can use COBIT® in the course of a Change Management Audit What’s changed in Change Management ©Charles Mansour
29
Conclusion Change Management is getting more complex
Auditing Change Management is more challenging Few organisations have single sources of change Basic principles still apply COBIT® provides a sound basis for IT Governance and Control of Change Audit of Change Management Processes Challenge is to sell COBIT® as a Governance tool to our organisation’s IT Executive ©Charles Mansour
30
Useful Websites ISACA Website (for free download of COBIT®)
Survival Guide Website detailedchangeproc.htm#TopLevelContents Change Management Resource Library Audit net Change Management Programme ©Charles Mansour
31
Questions???? ©Charles Mansour
32
Thank you! ©Charles Mansour
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.