“Understanding COBIT 5” based on ISACA© Materials www...
Transcript of “Understanding COBIT 5” based on ISACA© Materials www...
“Understanding COBIT 5”
based on ISACA© Materials www.isaca.org/cobit
Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant
Date: Thursday, March 7, 2013 1 ISACA Silicon Valley Chapter Spring 2013 Conference
Session Objectives o Why COBIT is important o What COBIT 5 is
n Framework n Implementation Life Cycle n Process Reference Model n Process Assessment Method
o How to use COBIT o What is different about COBIT 5 vs. COBIT 4.1
Date: Thursday, March 7, 2013
ISACA Silicon Valley Chapter Spring 2013 Conference
2
Date: Thursday, March 7, 2013
3 ISACA Silicon Valley Chapter Spring 2013 Conference
Why is COBIT important to Your Enterprise?
o IT audit and assurance de-facto standard o Governance, Risk and Compliance o Information Security o Business value focused IT Process Framework o ITIL, CMMI and PMBOK synergies o Governance and Management processes o “How to” monitor, evaluate, assess and
improve business process performance
Date: Thursday, March 7, 2013
4 ISACA Silicon Valley Chapter Spring 2013 Conference
COBIT Framework to Achieve Business Goals
Date: Thursday, March 7, 2013
ISACA Silicon Valley Chapter Spring 2013 Conference
5
Information Technology
Make Quality Business Decisions
Generate Business Value Achieve
Operational Excellence
Maintain acceptable level
of IT-related risk
Optimize Costs
A Business Framework for the Governance and Management of Enterprise IT
• Five Principles • Seven Enablers • Governance and Management • Implementation Lifecycle • Assessment Approach
Date: Thursday, March 7, 2013
Page:6 ISACA Silicon Valley Chapter Spring 2013 Conference
Now a Complete Framework!
Governance of Enterprise IT
IT Governance
Management
Control
Audit
1996 1998 2000 2005/7 2012
Evol
utio
n of
scop
e
COBIT 1 COBIT
2 COBIT
3 COBIT 4.0/4.1 COBIT 5
Val IT 2.0 (2008)
Risk IT (2009)
ww.isaca.org/cobit Date: Thursday, March 7, 2013
Page:7 ISACA Silicon Valley Chapter Spring 2013 Conference
COBIT 5 – Five Principles
COBIT 5 Principles
1. Meeting Stakeholder
Needs
2. Covering the Enterprise
End-to-End
3. Applying a Single
Integrated Framework
4. Enabling a Holistic
Approach
5. Separating Governance
From Management
Date: Thursday, March 7, 2013
8 ISACA Silicon Valley Chapter Spring 2013 Conference
Principle 1. Meeting Stakeholder Needs
Stakeholder Needs
Drive
Benefits Realization
Risk Optimization
Resource Optimization
Governance Objective: Create Value
Date: Thursday, March 7, 2013
9 ISACA Silicon Valley Chapter Spring 2013 Conference
Stakeholder Needs Drive
Benefits Realization
Risk Optimization
Resource Optimization
Governance Objective: Create Value
Enterprise Goals
IT Related Goals
Enabler Goals
Cascades to
Cascades to
Influences
Date: Thursday, March 7, 2013
10 ISACA Silicon Valley Chapter Spring 2013 Conference
Principle 2. Covering the Enterprise End-to-End
Benefits Realization
Risk Optimization
Resource Optimization
Governance Objective: Create Value
Governance Enablers
Roles, Activities and Relationships
Governance Scope
Date: Thursday, March 7, 2013
11 ISACA Silicon Valley Chapter Spring 2013 Conference
Principle 2: Roles, Activities
and Relationships Owners and Stakeholders
Governing Body
Delegate
Accountable
Monitor Management
Set Direction
Operations and
Execution
Instruct and Align
Report Date: Thursday, March 7, 2013
12 ISACA Silicon Valley Chapter Spring 2013 Conference
Principle 3: Applying a Single Integrated Framework
Diagram excerpt from COBIT 5 Essential Facts - Fact 4: “COBIT 5 brings order to complex standards, regulations and frameworks” Date: Thursday, March 7, 2013
13 ISACA Silicon Valley Chapter Spring 2013 Conference
Principle 4. Enabling a Holistic Approach
Principles, Policies and Frameworks
Information
Organizational Structures
Culture, Ethics and Behavior Processes
Services Infrastructure Applications
People, Skills and
Competencies RESOURCES
Date: Thursday, March 7, 2013
14 ISACA Silicon Valley Chapter Spring 2013 Conference
Enablers and Performance
Stake-holders
• Internal • External
Goals
• Intrinsic • Context • Accessibility and Security
Life Cycle • Plan • Design • Build • Use • Evaluate • Dispose
Good Practices
• Practices • Work Products
• Addressed? • Managed? • Achieved? • Applied?
Goal Indicator Metrics Practice Indicator Metrics Date: Thursday, March 7, 2013
15 ISACA Silicon Valley Chapter Spring 2013 Conference
Principle 5:
Governance Evaluate
Management
Plan (Align, Plan,
Organize)
Build (Build,
Acquire Implement)
Run (Deliver, Service, Support)
Monitor (Monitor, Evaluate, Assess)
Direct Monitor Management Feedback
Business Needs
Date: Thursday, March 7, 2013
16 ISACA Silicon Valley Chapter Spring 2013 Conference
Implementation Lifecycle
Date: Thursday, March 7, 2013
Page:17 ISACA Silicon Valley Chapter Spring 2013 Conference
Process Capability Assessment Approach
o Detailed guidance for COBIT 5 o ISO/IEC 15504 Compliant method o COBIT 5 Enabling Processes are defined
as ISO/IEC 15504 compliant process reference model
o Raises bar – incomplete process if there is not evidence (metrics and work products) that purpose/goals are largely achieved
o Aligns with ITIL TIPA Assessment method Date: Thursday, March 7, 2013
18 ISACA Silicon Valley Chapter Spring 2013 Conference
COBIT 5 PAM
Incomplete
Performed
Managed
Established
Predictable
Optimizing Capability Measurement System
PRM • Purpose • Outcomes • Base Practices • Work Products
COBIT 5 Enabling Processes
o Goals Cascade o Process model
explanation o Diagram of Model o Details for 37
Processes: n Purpose n Practices n Goals & Metrics n Activities & RACI n Work Products
Date: Thursday, March 7, 2013
Page:20 ISACA Silicon Valley Chapter Spring 2013 Conference
COBIT 5 Domains and Processes
Date: Thursday, March 7, 2013
21 ISACA Silicon Valley Chapter Spring 2013 Conference
Slide 22
COBIT4.1 Framework
COBIT 4.1 v.s COBIT 5 COBIT 4.1 o Governance
embedded o No Val IT and Risk IT o IT Management and
Audit focus
COBIT 5.0 o 5 Principles o “Principle-driven”
approach o Bridge from COBIT
4.1 o Enablers developed
as “Pulled”
Date: Thursday, March 7, 2013
ISACA Silicon Valley Chapter Spring 2013 Conference
23
Summary
Date: Thursday, March 7, 2013
24 ISACA Silicon Valley Chapter Spring 2013 Conference
Date: Thursday, March 7, 2013
Page:25 ISACA Silicon Valley Chapter Spring 2013 Conference
Thanks!
Great ideas need landing gear as well as wings.
~C.D. Jackson
Date: Thursday, March 7, 2013
Page:26 ISACA Silicon Valley Chapter Spring 2013 Conference