Presentation is loading. Please wait.

Presentation is loading. Please wait.

C OBI T and slides © 2007 IT Governance Institute. Used with permission. An Overview of C OBI T ®

Published byLester Fowler Modified over 8 years ago

Similar presentations

Presentation on theme: "C OBI T and slides © 2007 IT Governance Institute. Used with permission. An Overview of C OBI T ®"— Presentation transcript:

1 C OBI T and slides © 2007 IT Governance Institute. Used with permission. An Overview of C OBI T ®

2 C OBI T and slides © 2008 IT Governance Institute. Used with permission. In This Presentation... Driving forces for IT governance and Control Objectives for Information and related Technology (C OBI T ® ) An introduction to: The C OBI T framework C OBI T supporting materials Where C OBI T fits with other frameworks and standards

3 C OBI T and slides © 2007 IT Governance Institute. Used with permission. The Governance Environment

4 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Forces Driving IT Governance Compliance Security Business/IT Alignment ROI Project Execution

5 C OBI T and slides © 2008 IT Governance Institute. Used with permission. IT Governance Needs a Management Framework Driving Forces Map Onto the IT Governance Focus Areas Strategic Alignment Value Delivery Risk Management Resource Management Performance Measurement IT Governance Domains Strategic Alignment Value Delivery Risk Management Resource Management Performance Measurement IT Governance Focus Areas

6 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Internationally accepted good practices Management-oriented Supported by tools and training Freely available Sharing knowledge and leveraging expert volunteers Continually evolving Maintained by reputable not- for-profit organization Maps 100 percent to COSO Maps strongly to all major related standards C OBI T 4.1—The IT Governance Framework The only IT management and control framework that covers the end-to-end IT life cycle IT Processes IT Management Processes IT Governance Processes CobiT best practices repository for IT Processes IT Management Processes IT Governance Processes C OBI T good practices repository for

7 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Is a reference, set of best practices, not an ‘off-the-shelf’ cure Enterprises still to need to analyze their control requirements and customize based on:  Value drivers  Risk profile  IT infrastructure, organization and project portfolio C OBI T 4.1—The IT Governance Framework IT Processes IT Management Processes IT Governance Processes CobiT best practices repository for IT Processes IT Management Processes IT Governance Processes C OBI T good practices repository for

8 C OBI T and slides © 2008 IT Governance Institute. Used with permission. The resources made available to— and built up by—IT What the stakeholders expect from IT How IT is organized to respond to the requirements Key Driving Forces for C OBI T IT Processes IT Resources IT Resources Business Requirements  Data  Application systems  Technology  Facilities  People  Plan and Organize  Aquire and Implement  Deliver and Support  Monitor and Evaluate  Effectiveness  Efficiency  Confidentiality  Integrity  Availability  Compliance  Information reliability

9 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Goals Responsibilities Control Objectives Requirements BusinessIT Governance Information the business needs to achieve its objectives Information executives and board need to exercise their responsibilities Direction and Resourcing How Does C OBI T Link to IT Governance? IT Governance

10 C OBI T and slides © 2007 IT Governance Institute. Used with permission. C OBI T Is Brought to You by …

11 C OBI T and slides © 2008 IT Governance Institute. Used with permission. IT Governance Institute IT Governance Institute is a non-profit research think tank associated with ISACA ®.

12 C OBI T and slides © 2008 IT Governance Institute. Used with permission. IT Governance Institute Product Suite Board Briefing on IT Governance Information Security Governance C OBI T 4.1 Val IT IT Governance Implementation Guide C OBI T Control Practices IT Assurance Guide Governance, Security and Assurance Management Business and Technology Management Governance

13 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Some findings of the ITGI survey of 600 executives: 18 % 26 % 2003 2005 Executive awareness of C OBI T C OBI T is the preferred way to implement effective IT governance. Executive awareness is up. Perception that it is difficult to implement More than one-third of those who know the content, know it very well. C OBI T—Global Status More than half of those who know it, know its contents.

14 C OBI T and slides © 2007 IT Governance Institute. Used with permission. An Overview of C OBI T

15 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Processes A series of joined activities with natural control breaks Activities or Tasks Actions needed to achieve a measurable result—activities have a life cycle, whereas tasks are discrete Domains Natural grouping of processes, often matching an organizational domain of responsibility Process Orientation

16 C OBI T and slides © 2008 IT Governance Institute. Used with permission. IT Domains Plan and Organize Acquire and Implement Deliver and Support Monitor and Evaluate IT Processes IT strategy Computer operations Incident handling Acceptance testing Change management Contingency planning Problem management Activities Record new problem. Analyze. Propose solution. Monitor solution. Record known problem. Etc. Natural grouping of processes, often matching an organizational domain of responsibility A series of joined activities with natural (control) breaks Actions needed to achieve a measurable result—activities have a life cycle whereas tasks are discrete Process Orientation

17 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Process Orientation Plan and Organize Description This domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. Furthermore, the realization of the strategic vision needs to be planned, communicated and managed for different perspectives. Finally, a proper organization as well as technological infrastructure must be put in place. Topics Strategy and tactics Vision planned Organization and infrastructure Questions Are IT and the business strategy aligned? Is the enterprise achieving optimum use of its resources? Does everyone in the organization understand the IT objectives? Are IT risks understood and being managed? Is the quality of IT systems appropriate for business needs? Domains

18 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Waterfall Model The control of that satisfy is enabled by considering 4 Domains - 34 - 210 Control Objectives 4 Domains - 34 Processes - 210 Control Objectives IT Processes Business Requirements Control Statements Control Practices

19 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Acquire and Implement Deliver and Support Monitor and Evaluate Criteria Effectiveness Efficiency Confidentiality Integrity Availability Compliance Reliability Applications Information Infrastructure People IT Resources Business Objectives Plan and Organize C OBI T Framework IT Life Cycle

20 C OBI T and slides © 2008 IT Governance Institute. Used with permission. C OBI T Processes Plan and Organize Acquire and Implement PO1 Define an IT Strategic Plan PO2Define the Information Architecture PO3Determine Technological Direction PO4Define the IT Processes, Organization and Relationships PO5Manage the IT Investment PO6Communicate Management Aims and Direction PO7Manage IT Human Resources PO8Manage Quality PO9Assess and Manage IT Risks PO10Manage Projects

21 C OBI T and slides © 2008 IT Governance Institute. Used with permission. C OBI T Processes Deliver and Support Monitor and Evaluate ME1Monitor and Evaluate IT Performance ME2Monitor and Evaluate Internal Control ME3 Ensure Compliance With External Requirements ME4Provide IT Governance

22 C OBI T and slides © 2007 IT Governance Institute. Used with permission. Digging Into C OBI T

23 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Digging Into C OBI T Working with the C OBI T product suite Introduce the key elements of C OBI T. Show how they interrelate. Introduce supporting materials.

24 C OBI T and slides © 2008 IT Governance Institute. Used with permission. C OBI T Framework C OBI T framework provides guidance on IT governance and role of IT control. Generic controls: Controls that relate to all processes Application controls

25 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Process-level Navigating in C OBI T

26 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Which Domain?

27 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Process Description All changes, including emergency maintenance and patches, relating to infrastructure and applications within the production environment are formally managed in a controlled manner. Changes (including those to procedures, processes, system and service parameters) are logged, assessed and authorized prior to implementation, and reviewed against planned outcomes following implementation. This assures mitigation of the risks of negatively impacting the stability or integrity of the production environment.

28 C OBI T and slides © 2008 IT Governance Institute. Used with permission. The Waterfall of Control c

29 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Information Criteria

30 C OBI T and slides © 2008 IT Governance Institute. Used with permission. IT Resources

31 C OBI T and slides © 2008 IT Governance Institute. Used with permission. IT Governance

32 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Control Objectives AI6.5 Change Closure and Documentation Whenever changes are implemented, update the associated system and user documentation and procedures accordingly.

33 C OBI T and slides © 2007 IT Governance Institute. Used with permission. Management Guidelines

34 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Management Guidelines

35 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Input-output Matrix Managing the Life Cycle Inputs coming from other processes Outputs going to other processes

36 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Managing the Life Cycle Whilst C OBI T represents the life cycle of IT investments, it must also manage inter-process interdependencies.

37 C OBI T and slides © 2008 IT Governance Institute. Used with permission. RACI Charts

38 C OBI T and slides © 2008 IT Governance Institute. Used with permission. RACI chart Typical Process Activities Standard Organization Chart Who is Responsible, Accountable Consulted and Informed?

39 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Goals and Metrics

40 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Maturity Model

41 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Maturity Levels in C OBI T 012345 Non-existent InitialRepeatableDefinedManagedOptimised 0 - Management processes are not applied at all. 1 - Processes are ad hoc and disorganised. 2 - Processes follow a regular pattern. 3 - Processes are documented and communicated. 4 - Processes are monitored and measured. 5 - Best practices are followed and automated.

42 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Dimensions of Process Maturity in C OBI T  Policies, standards and procedures  Tools and automation  Skills and expertise  Responsibility and accountability  Goal setting and measurement We capture process maturity data on each of six dimensions:  Awareness and communication

43 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Collecting Maturity Model Data Policies, Standards and Procedures Tools and Automation Skills and Expertise Responsibility and Accountability Goal Setting and Measurement 012345 Awareness and Communication

44 C OBI T and slides © 2007 IT Governance Institute. Used with permission. How to Get Started With C OBI T

45 C OBI T and slides © 2008 IT Governance Institute. Used with permission. IT Goals IT Processes How Do Governance and the Business Drive IT? Business Goals Applications Information Infrastructure People Business Goals Governance Drivers Business Outcomes

46 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Business Goals IT Goals IT Processes How Do Governance and the Business Drive IT? Applications IT Processes Infrastructure & People need Information deliver run Applications IT Processes Infrastructure and People need Information deliver run Business Requirements Information Services Information Criteria require imply Governance Requirements influence Business Requirements Information Services Information Criteria require imply Governance Requirements influence

47 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Performance Measurement Goal Relationships

48 C OBI T and slides © 2007 IT Governance Institute. Used with permission. Leverage Supporting Materials

49 C OBI T and slides © 2007 IT Governance Institute. Used with permission. Implementation Guide

50 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Implementation Guide IT Governance Implementation Guide: Using C OBI T and Val IT, 2 nd Edition Detailed, structured guidance to the implementation of IT governance Generic IT governance implementation guidance, not just C OBI T

51 C OBI T and slides © 2007 IT Governance Institute. Used with permission. Control Practices

52 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Control Practices C OBI T Control Practices, 2 nd Edition Detailed guidance on each of the control objectives Management-oriented From three to 12 control practices per control objective

53 C OBI T and slides © 2007 IT Governance Institute. Used with permission. C OBI T Online

54 C OBI T and slides © 2008 IT Governance Institute. Used with permission. C OBI T Online An online view of C OBI T allows users to customise and integrate COBIT, coupled with process benchmarking.

55 C OBI T and slides © 2007 IT Governance Institute. Used with permission. Assurance Guide

56 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Assurance Guide IT Assurance Guide: Using COBIT Detailed guidance to support assurance practitioners in: Financial statement audit Internal audit Value for money Operational improvement Guidance on: How to leverage C OBI T for assurance Detailed assurance testing steps

57 C OBI T and slides © 2007 IT Governance Institute. Used with permission. C OBI T and Other Frameworks and Standards

58 C OBI T and slides © 2008 IT Governance Institute. Used with permission. TickIT Where C OBI T Typically Sits 17799 CMM COSO ITIL Governance Layer IT Governance Layer IT Management Layer C OBI T

59 C OBI T and slides © 2008 IT Governance Institute. Used with permission.  Integrator of technical standards  Interface to business standards How C OBI T Relates to Frameworks and Standards

60 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Work instruction 2 3 4,5, 6…. Work instruction 2 3 4,5, 6…. Work instruction 2 3 4,5, 6…. Work instruction 2 3 4,5, 6…. Work instruction 2 3 4,5, 6…. XY ## XY ## XY ## XY ## XY ## Strategic C OBI T ITIL CMM 17799 Process Control Process Execution Work Instruction How C OBI T Relates to Frameworks and Standards

61 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Work instruction 2 3 4,5, 6…. Work instruction 2 3 4,5, 6…. Work instruction 2 3 4,5, 6…. Work instruction 2 3 4,5, 6…. Work instruction 2 3 4,5, 6…. XY ## XY ## XY ## XY ## XY ## Strategic C OBI T ITIL CMM 17799 Process Control Process Execution Work Instruction How C OBI T Relates to Frameworks and Standards

62 C OBI T and slides © 2008 IT Governance Institute. Used with permission. Summary Quality IT Services Successful IT Projects Improved efficiency Optimized costs Easier compliance Reduced operational risk Improved management, confidence and trust

63 C OBI T and slides © 2007 IT Governance Institute. Used with permission. An Overview of C OBI T ®

Download ppt "C OBI T and slides © 2007 IT Governance Institute. Used with permission. An Overview of C OBI T ®"

Similar presentations

IT Management Frameworks

IT Management Frameworks
IT Governance Framework

IT Governance Framework
Alignment of COBIT to Botswana IT Audit Methodology

Alignment of COBIT to Botswana IT Audit Methodology
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
 2007 IT Governance Institute. All rights reserved. www.itgi.org1 IT Governance Using C OBI T ® and Val IT™: Presentation, 2 nd Edition The explanation.

 2007 IT Governance Institute. All rights reserved. IT Governance Using C OBI T ® and Val IT™: Presentation, 2 nd Edition The explanation.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
TI BISNIS ITG using COBIT &

TI BISNIS ITG using COBIT &
Centro de Convenciones, August 22-23, 2006

Centro de Convenciones, August 22-23, 2006
COBIT - II.

COBIT - II.
IT Governance Capability Maturity within Government

IT Governance Capability Maturity within Government
Www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
COBIT & IT Governance Control Objectives for Information and Related Technology Includes material subject to: Copyright © 2004 and 2005 IT Governance Institute.

COBIT & IT Governance Control Objectives for Information and Related Technology Includes material subject to: Copyright © 2004 and 2005 IT Governance Institute.
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
Overview of IT Governance and

Overview of IT Governance and
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.

COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Information Technology Audit

Information Technology Audit
What is Business Analysis Planning & Monitoring?

What is Business Analysis Planning & Monitoring?

Similar presentations

Ads by Google