1. © ITGI 2004 - not for commercial use. 1 C OBI T ® Presentation Package Sample 10 Slides of 80-slide Deck The C OBI T ® framework explained in a complete PowerPoint presentation, to be used by professors in information systems management, information security management, auditing, information systems auditing and/or accounting information systems

2. © ITGI 2004 - not for commercial use. 2 Disclaimer The IT Governance Institute ® (ITGI), Information Systems Audit and Control Association ® (ISACA ® ) [the “Owner(s)”] and the authors have designed and created C OBI T ® in Academia™ and its related publications, titled C OBI T ® Presentation Package, C OBI T ® Student Book, C OBI T ® Case Study and C OBI T ® Caselets (the “Work”), primarily as an educational resource for assurance professionals. The Owners make no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of any proper information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, the assurance professional should apply his/her own professional judgement to the specific circumstances presented by the particular systems or information technology environment.

3. © ITGI 2004 - not for commercial use. 3 Disclosure Copyright © 2004 IT Governance Institute. All rights reserved. This publication is intended solely for academic use and shall not be used in any other manner (including for any commercial purpose). Reproductions of selections of this publication are permitted solely for the use described above and must include the following copyright notice and acknowledgement: “Copyright © 2004 IT Governance Institute. All rights reserved. Reprinted by permission.” C OBI T in Academia may not otherwise be used, copied, or reproduced, in any form by any means (electronic, mechanical, photocopying, recording or otherwise), without the prior written permission of the IT Governance Institute. Any modification, distribution, performance, display, transmission, or storage, in any form by any means (electronic, mechanical, photocopying, recording or otherwise) of C OBI T in Academia is strictly prohibited. No other right or permission is granted with respect to this work. C OBI T in Academia ISBN 1-893209-96-2

4. © ITGI 2004 - not for commercial use. 4 Acknowledgements Development Team  Erik Guldentops, CISA, CISM, University of Antwerp Management School, Belgium (Chair)  Roger Debreceny, Ph.D., FCPA, University of Hawaii, USA  Steven De Haes, University of Antwerp Management School, Belgium (Project Manager)  Roger Lux, Farmers Insurance Group, USA  John Mitchell, CISA, CIA, CFE, LHS Business Control, UK  Ed O’Donnell, Ph.D., Arizona State University, USA  Scott Summers, Ph.D., Brigham Young University, USA  Wim Van Grembergen, Ph.D., University of Antwerp Management School, Belgium

5. © ITGI 2004 - not for commercial use. 5 Acknowledgements Review Team  Rob Nehmer, Ph.D., Quinnipiac University, USA  Malcolm Pattinson, CISA, University of South Australia, Australia  Elaine Mauldin, CPA, University of Missouri-Columbia, USA  Faye Borthick, Ph.D., CISA, CPA, AMA, CDP, Georgia State University, USA  José Roberto Alpizar Fallas, CPA, Universidad de Costa Rica, Costa Rica

6. © ITGI 2004 - not for commercial use. 6 Purpose of This Document This C OBI T Presentation Package, developed in collaboration with a group of international academics and practitioners, is a product of the IT Governance Institute (www.itgi.org). It provides a complete PowerPoint presentation explaining all the core elements of the C OBI T framework, which can be used by professors in information systems management, information security management, auditing, information systems auditing and/or accounting information systems. Professors can use the complete set, make extractions if they want to focus on specific parts, or can even add their own materials and examples in accordance with their needs. There are some speaker notes included in the package, but it is advisable to use the C OBI T Student Book (included in C OBI T in Academia) as guidance and source material to prepare this presentation. The IT Governance Institute also developed three other components that are part of C OBI T in Academia. The C OBI T Student Book explains and illustrates all the C OBI T components. The C OBI T Case Study:TIBO can be used by students to apply the C OBI T knowledge in a real-life situation and the C OBI T Caselets provides some minicases for smaller C OBI T exercises.

7. © ITGI 2004 - not for commercial use. 7   Incorporates major international standards   Has become the de facto standard for overall control over IT   Starts from business requirements   Is process-oriented IT Processes IT Management Processes IT Governance Processes CobiT best practices repository for IT Processes IT Management Processes IT Governance Processes C OBI T best practices repository for C OBI T as a response to the needs Why and how is C OBI T used?

8. © ITGI 2004 - not for commercial use. 8 PO1 Define a strategic IT plan PO2 Define the information architecture PO3 Determine the technological direction PO4 Define the IT organisation and relationships PO5 Manage the IT investment PO6 Communicate management aims and direction PO7 Manage human resources PO8 Ensure compliance with external requirements PO9 Assess risks PO10 Manage projects PO11 Manage quality AI1 Identify automated solutions AI2 Acquire and mantain application software AI3 Acquire and maintain technology infrastructure AI4 Develop and maintain IT procedures AI5 Install and accredit systems AI6 Manage changes M1 Monitor the process M2 Assess internal control adequacy M3 Obtain independent assurance M4 Provide for independent audit DS1 Define service levels DS2 Manage third-party services DS3 Manage peformance and capacity DS4 Ensure continuous service DS5 Ensure systems security DS6 Identify and attribute costs DS7 Educate and train users DS8 Assist and advise IT customers DS9 Manage the configuration DS10 Manage problems and incidents DS11 Manage data DS12 Manage facilities DS13 Manage operations IT RESOURCES IT RESOURCES Data Application systems Technology Facilities People Data Application systems Technology Facilities People PLAN AND ORGANISE PLAN AND ORGANISE ACQUIRE AND IMPLEMENT ACQUIRE AND IMPLEMENT DELIVER AND SUPPORT Effectiveness Efficiency Confidenciality Integrity Availability Compliance Reliability Effectiveness Efficiency Confidenciality Integrity Availability Compliance Reliability Criteria Business Objectives C OBI T Framework MONITOR AND EVALUATE

9. © ITGI 2004 - not for commercial use. 9   High-level control objective One per process   Detailed control objectives Three to 30 per process   Control practices Five to seven per control objective Control Objectives and Control Practices

10. © ITGI 2004 - not for commercial use. 10 IT Governance Goals Responsibilities Control Objectives Requirements Business IT Governance Information the Business Needs to Achieve Its Objectives Direction (IT Strategy and Policy) Information (IT Control, Risk and Assurance) How Does C OBI T Link to IT Governance?