Presentation is loading. Please wait.

Presentation is loading. Please wait.

TI BISNIS ITG using COBIT &

Published byNathaniel Simmons Modified over 9 years ago

Similar presentations

Presentation on theme: "TI BISNIS ITG using COBIT &"— Presentation transcript:

1

2 TI BISNIS ITG using COBIT &
Successful organisations require an appreciation for and a basic understanding of the risks and constraints of IT at all levels within the enterprise in order to achieve effective direction and adequate controls. COBIT provides such a control and security framework for IT. COBIT (Control Objectives for Information and related Technology) | erwin.sutomo

3 Forces Driving IT Governance
Business/IT Alignment ROI Compliance Project Execution Security

4 IT Governance Needs a Management Framework
Driving Forces Map Onto the IT Governance Domains

5 COBIT 4.1—The IT Governance Framework
Internationally accepted good practices Management-oriented Supported by tools and training Freely available at Sharing knowledge and leveraging expert volunteers Continually evolving Maintained by reputable not- for-profit organisation Maps strongly to all major related standards COBIT CobiT CobiT best practices best practices repository for repository for IT Processes IT Processes IT Processes IT Processes IT Management Processes IT Management Processes IT Management Processes IT Management Processes IT Governance Processes IT Governance Processes IT Governance Processes IT Governance Processes The only IT management and control framework that covers the end-to-end IT life cycle

6 COBIT 4.1—The IT Governance Framework
Is a reference, set of best practices, not an ‘off-the-shelf’ cure Enterprises still to need to analyse their control requirements and customise based on: Value drivers Risk profile IT infrastructure, organisation and project portfolio COBIT CobiT CobiT best practices best practices repository for repository for IT Processes IT Processes IT Processes IT Processes IT Management Processes IT Management Processes IT Management Processes IT Management Processes IT Governance Processes IT Governance Processes IT Governance Processes IT Governance Processes The only IT management and control framework that covers the end-to-end IT life cycle

7 Where COBIT Typically Sits
COSO Governance Layer COBIT 27001 Governance Layer IT ITIL 17799 Management Layer IT CMM

8 Concepts That Underpin COBIT

9 COBIT FRAMEWORK SPECIFICS
“Control” is defined as the policies, procedures, practices and organisational structures designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented or detected and corrected. “IT control objective” is defined as a statement of the desired result or purpose to be achieved by implementing control procedures in a particular IT activity. There are two distinct classes of control models currently available: those of the business control model class (e.g., COSO and CoCo) and the more focused control models for IT (e.g., DTI). COBIT aims to bridge the gap that exists between the two. COBIT is therefore positioned to be more comprehensive for management and to operate at a higher level than pure technology standards for information systems management.

10 COBIT Cube: Processes, Resources and Information Criteria

11 Key Driving Forces for COBIT
How IT is organised to respond to the requirements The resources made available to—and built up by—IT What the stakeholders expect from IT Data Application systems Technology Facilities People Plan and Organise Aquire and Implement Deliver and Support Monitor and Evaluate Effectiveness Efficiency Confidentiality Integrity Availability Compliance Information reliability IT Resources Business Requirements IT Processes

12 How Does COBIT Link to ITG?
Direction and Resourcing Requirements Goals Control Objectives Responsibilities Business IT Governance Information the business needs to achieve its objectives Information executives and board need to exercise their responsibilities IT Governance

13 Process Orientation Domains Natural grouping of processes, often matching an organisational domain of responsibility Processes A series of joined activities with natural control breaks Activities or Tasks Actions needed to achieve a measurable result—activities have a life cycle, whereas tasks are discrete

14 Process Orientation IT Domains IT Processes Activities Plan and
Organise Acquire and Implement Deliver and Support Monitor and Evaluate IT Processes IT strategy Computer operations Incident handling Acceptance testing Change management Contingency planning Problem management Activities Record new problem. Analyse. Propose solution. Monitor solution. Record known problem. Etc. … Natural grouping of processes, often matching an organisational domain of responsibility A series of joined activities with natural (control) breaks Actions needed to achieve a measurable result—activities have a life cycle, whereas tasks are discrete

15 Process Orientation Plan and Organise
Domains Description This domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. The realisation of the strategic vision needs to be planned, communicated and managed for different perspectives. Proper organisation and technological infrastructure must be put in place. Topics Strategy and tactics Vision planned Organisation and infrastructure Questions Are IT and the business strategy aligned? Is the enterprise achieving optimum use of its resources? Does everyone in the organisation understand the IT objectives? Are IT risks understood and being managed? Is the quality of IT systems appropriate for business needs? Contoh deskripsi domain PO

16 4 Domains - 34 Processes - 210 Control Objectives
Waterfall Model The control of IT Processes that satisfy Business Requirements is enabled by Control Statements considering Berikan contoh salah satu proses di cobit untuk memperjelas waterfall Control Practices 4 Domains - 34 Processes Control Objectives

17 Cobit 4.1

18 COBIT Processes Plan and Organise Acquire and Implement PO1
Define an IT strategic plan. PO2 Define the information architecture. PO3 Determine technological direction. PO4 Define the IT processes, organisation and relationships. PO5 Manage the IT investment. PO6 Communicate management aims and direction. PO7 Manage IT human resources. PO8 Manage quality. PO9 Assess and manage IT risks. PO10 Manage projects. Plan and Organise AI1 Identify automated solutions. AI2 Acquire and maintain application software. AI3 Acquire and maintain technology infrastructure. AI4 Enable operation and use. AI5 Procure IT resources. AI6 Manage changes. AI7 Install and accredit solutions and changes. Acquire and Implement

19 COBIT Processes Deliver and Support Monitor and Evaluate DS1
Define and manage service levels. DS2 Manage third-party services. DS3 Manage performance and capacity. DS4 Ensure continuous service. DS5 Ensure systems security. DS6 Identify and allocate costs. DS7 Educate and train users. DS8 Manage service desk and incidents. DS9 Manage the configuration. DS10 Manage problems. DS11 Manage data. DS12 Manage the physical environment. DS13 Manage operations. Deliver and Support ME1 Monitor and evaluate IT performance. ME2 Monitor and evaluate internal control. ME3 Ensure compliance with external requirements. ME4 Provide IT governance. Monitor and Evaluate

20 COBIT 5 Model cobit 5, dipisahkan antara govern dan manage

21 COBIT 5 Detil cobit 5

22 ITG Framework Cobit ITIL ISO 27001 PMBoK IT control objectives
IT infrastructure, service and operation management ISO 27001 Information security management PMBoK Program and project management

Download ppt "TI BISNIS ITG using COBIT &"

Similar presentations

IT Management Frameworks

IT Management Frameworks
IT Governance Framework

IT Governance Framework
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Alignment of COBIT to Botswana IT Audit Methodology

Alignment of COBIT to Botswana IT Audit Methodology
Analisa Proses. Terjemahan model analisis menjadi desain software.

Analisa Proses. Terjemahan model analisis menjadi desain software.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
 2007 IT Governance Institute. All rights reserved. www.itgi.org1 IT Governance Using C OBI T ® and Val IT™: Presentation, 2 nd Edition The explanation.

 2007 IT Governance Institute. All rights reserved. IT Governance Using C OBI T ® and Val IT™: Presentation, 2 nd Edition The explanation.
Auditing Corporate Information Security John R. Robles Tuesday, November 1, 2005 Tel: 787-647-396.

Auditing Corporate Information Security John R. Robles Tuesday, November 1, Tel:
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
The Importance of the COBIT Framework IT Processes For Effective Internal Control over the Reliability of Financial Reporting: An International Survey.

The Importance of the COBIT Framework IT Processes For Effective Internal Control over the Reliability of Financial Reporting: An International Survey.
COBIT Framework Source:

COBIT Framework Source:
© ITGI, ISACA - not for commercial use. A High-level Overview of the C OBI T Principles, Structure, and Framework John R. Robles 787-647-3961

© ITGI, ISACA - not for commercial use. A High-level Overview of the C OBI T Principles, Structure, and Framework John R. Robles
Centro de Convenciones, August 22-23, 2006

Centro de Convenciones, August 22-23, 2006
COBIT - II.

COBIT - II.
IT Governance Capability Maturity within Government

IT Governance Capability Maturity within Government
Www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
Using COBIT and ITIL Robert E Stroud CGEIT

Using COBIT and ITIL Robert E Stroud CGEIT
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Similar presentations

Ads by Google