Assessor Examples of Presentation TechniquesThis document contains sample templates and examples that can be used to suppo...
Example of Business Goals Questionnaire                                              Business Goals Questionnaire    Main ...
Example Heat Map: Example of IT Process Questionnaire                                                  IT Goals Questionna...
Example of Spider Charts                                                                                   PO1        Matu...
Examples of a Spider ChartPO Plan and Organise      PO1 Define a                           Target                         ...
Example Current vs. Target State Process Capability Levels forProcesses in Scope           Current vs. Short- and Long-Ter...
Example in Report Template D.3 of Assessor Guide    Current and Target Capability                                         ...
Excel Spreadsheet Template                          Summary Results                                                       ...
Example Assessment of Improvement OpportunitiesRef   Improvement Opportunity                                       Process...
Example Analysis of Selected Improvements                      Define service level agreements with business, with assigne...
Upcoming SlideShare
Loading in...5
×

5. cobit 4 1 assessmnt present. techniques

1,021

Published on

Published in: Business, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,021
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
45
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "5. cobit 4 1 assessmnt present. techniques"

  1. 1. Assessor Examples of Presentation TechniquesThis document contains sample templates and examples that can be used to supportthe assessment activities described in the publication COBIT ® 4.1 Assessor Guide:Using COBIT ® 4.1, especially process improvement and board presentations.The focus is on providing guidance to assessors on how to present assessmentresults. It is complementary to the other templates and tools provided in this toolkit.It should be noted that the examples are intended to be generic and simple to use.They should be used as a foundation to be extended and tailored to suit the uniqueneeds of a particular enterprise.The tools for many of the examples outlined here have not been developed. Thesewill be considered for further development when the COBIT assessmentprogramme matures.It should also be noted that many of these examples have been presented inprevious tool kits, such as the tool kit for Implementing and ContinuouslyImproving IT Governance. © 2011 ISACA. All rights reserved. © 2011 ISACA. All rights reserved. 1
  2. 2. Example of Business Goals Questionnaire Business Goals Questionnaire Main MenuScore each of the following business goals on a relative scale from 1 (not important) to 10 (mostimportant). This means that the most important goals are scored 10 and the less important goals Scoreare scored 1. 1 Provide a good return on investment of IT-enabled business investments 10 Financial 2 Manage IT-related business risk 1 6 3 Improve corporate governance and transparency 8 4 Improve customer orientation and service 10 5 Offer competitive products and services 5 6 Establish service continuity and availability 2 Customer 7 7 Create agility in responding to changing business requirements (time to market) 8 8 Achieve cost optimisation of service delivery 10 9 Obtain reliable and useful information for strategic decision making 8 10 Improve and maintain business process functionality 10 11 Lower process costs 5 12 Provide compliance with external laws, regulations and contracts 4 Internal 6 13 Provide compliance with internal policies 9 14 Manage business change 6 15 Improve and maintain operational and staff productivity 1 16 Manage product and business innovation 3 Learning 5 17 Acquire and maintain skilled and motivated people 7 6.3 Avg © 2011 ISACA. All rights reserved. 2
  3. 3. Example Heat Map: Example of IT Process Questionnaire IT Goals Questionnaire Main MenuEach of the following IT goals is scored on a scale from 1 (not important) to 10 (most important) based onthe business goals scoring. The IT goals scores are automatically calculated based on the business goals Scorescores and filled in by the system. 1 Respond to business requirements in alignment with the business strategy 7 2 Respond to business requirements in line with board direction 6 3 Ensure satisfaction of end users with service offerings and service levels 10 4 Optimise use of information 8 5 Create IT agility 6 Define how business functional and control requirements are translated in effective and efficient automated 6 8 solutions 7 Acquire and maintain integrated and standardised application systems 7 8 Acquire and maintain an integrated and standardised IT infrastructure 5 9 Acquire and maintain IT skills that respond to the IT strategy 7 10 Ensure mutual satisfaction of third-party relationships 6 11 Seamlessly integrate applications and technology solutions into business processes 6 12 Ensure transparency and understanding of IT cost, benefits, strategy, policies and service levels 8 13 Ensure proper use and performance of the applications and technology solutions 5 14 Account for and protect all IT assets 1 15 Optimise the IT infrastructure, resources and capabilities 5 16 Reduce solution and service delivery defects and rework 2 17 Protect the achievement of IT objectives 1 18 Establish clarity of business impact of risk to IT objectives and resources 5 19 Ensure critical and confidential information is withheld from those who should not have access to it 3 20 Ensure automated business transactions and information exchanges can be trusted 4 Ensure IT services and the IT infrastructure can properly resist and recover from failures due to error, 21 3 deliberate attack or disaster 22 Ensure minimum business impact in the event of an IT service disruption or change 2 23 Make sure that IT services are available as required 6 24 Improve ITs cost-efficiency and its contribution to business profitability 8 25 Deliver projects on time and on budget, meeting quality standards 6 26 Maintain the integrity of information and processing infrastructure 6 27 Ensure IT compliance with laws, regulations and contracts 4 Ensure that IT demonstrates cost-efficient service quality, continuous improvement and readiness for future 28 5 change © 2011 ISACA. All rights reserved. 5.2 Avg 3
  4. 4. Example of Spider Charts PO1 Maturity 3.50 ME1 PO3 3.00 DS11 PO5 Benchmark 2.50 2.00 DS10 PO9 Results by 1.50 1.00 large medium Enterprise DS5 PO10 small Size DS4 AI1 DS1 AI2 AI6 AI5 PO1 PO1 3.50 PO1 3.50 ME1 PO3 3.50 ME1 PO3 3.00 ME1 PO3 3.00 DS11 PO5 3.00 DS11 PO5 2.50 DS11 2.50 PO5 2.50 2.00 2.00DS10 PO9 2.00 DS10 PO9 1.50 DS10 PO9 1.50 1.50 1.00 1.00DS5 PO10 1.00 DS5 PO10 DS5 PO10 DS4 AI1 DS4 AI1 DS4 AI1 DS1 AI2 DS1 AI2 DS1 AI2 AI6 AI5 AI6 AI5 AI6 AI5 Large Medium Small © 2011 ISACA. All rights reserved 4
  5. 5. Examples of a Spider ChartPO Plan and Organise PO1 Define a Target Strategic IT Plan 5.0 Current PO10 Manage PO2 Define the Projects 4.0 Information… 3.0 PO9 Assess and 2.0 PO3 Determine Manage IT Risks 1.0 Technological… 0.0 PO8 Manage PO4 Determine the Quality IT… PO7 Manage IT PO5 Manage the IT DS Deliver and Support Human Resources Investment PO6 Communicate Management… DS1 Define and Manage Service… DS13 Manage 5.0 DS2 Manage Operations Third Party… 4.0 DS12 Manage the DS3 Manage 3.0 Physical… Performance… 2.0 DS11 Manage 1.0 DS4 Ensure Target Data Continuous… 0.0 Current DS10 Manage DS5 Ensure Problems Systems Security DS9 Manage the DS6 Identify and Configuration Allocate Costs DS8 Manage DS7 Educate and Service Desk… Train Users © 2011 ISACA. All rights reserved. 5
  6. 6. Example Current vs. Target State Process Capability Levels forProcesses in Scope Current vs. Short- and Long-Term Target Process Process Capability Levels PO3 Short-Term Target 5 ME4 PO4 Longer-Term Target Current Level 4 DS13 PO8 3 2 DS9 PO10 1 0 DS8 AI1 DS7 AI2 DS3 AI3 AI5 AI4 © 2011 ISACA. All 2011 ISACA. All rights reserved. © rights reserved. 6
  7. 7. Example in Report Template D.3 of Assessor Guide Current and Target Capability 0.0 1.0 2.0 3.0 4.0 5.0 6.0 PO1 Define a Strategic IT Plan 2.0 3.0 1.0 3.0 PO Plan & Organise PO3 Determine Technological Direction 3.0 5.0 2.0 3.0 PO5 Manage the IT Investment 1.0 2.0 2.0 3.0 PO7 Manage IT Human Resources 1.0 3.0 2.0 PO9 Assess and Manage IT Risks 2.0 3.0 1.0 4.0 AI1 Identify Automated Solutions 2.0 3.0 AI Acquire and 2.0 3.0 Implement AI3 Acquire and Maintain Technology 1.0 3.0 2.0 3.0 AI5 Procure IT Resources 2.0 3.0 2.0 3.0 AI7 Install and Accredit Solutions and Changes 2.0 3.0 2.0 3.0 DS2 Manage Third Party Services 2.0 3.0 2.0 3.0 DS Deliver and Support DS4 Ensure Continuous Service 2.0 3.0 2.0 3.0 DS6 Identify and Allocate Costs 2.0 3.0 2.0 3.0 DS8 Manage Service Desk and Incidents 3.0 2.0 3.0 DS10 Manage Problems 2.0 3.0 2.0 3.0 DS12 Manage the Physical Environment 2.0 3.0 2.0 3.0 ME1 Monitor and Evaluate IT Performance 2.0 3.0EvaluateMonitor 2.0 3.0 and ME ME3 Ensure Compliance with External Requirements 1.0 2.0 2.0 Target Current © 2011 ISACA. All rights reserved. 7
  8. 8. Excel Spreadsheet Template Summary Results Achieved Capability LevelPROCESS Process 1 2 3 4 5 Process Purpose ID Description Performed Managed Established Predictable Optimising Satisfy the business requirement of Identify identifying automated solutions that AI1 Automated translate business functional and F Solutions control requirements into effective and efficient solutions Satisfy the business requirement of Acquire and aligning available applications with Maintain business and security requirements, AI2 and doing so in a timely manner and F L Application Software at a reasonable cost. Satisfy the business requirement of providing satisfactory third-party Manage Third services while being transparent DS2 L Parties about benefits, costs and risk. Satisfy the business requirement of maintaining the confidentiality, Manage integrity and availability of DS5 Information information and the processing F F L Security infrastructure aligned to business needs and minimizing the impact of security vulnerabilities. Satisfy the business requirement of optimizing the use of information DS11 Manage Data and ensuring that information is L available as required. © 2011 ISACA. All rights reserved. 8
  9. 9. Example Assessment of Improvement OpportunitiesRef Improvement Opportunity Process Benefit (L, Cost Ease of M, H) (L, M, H) implementation (L, M, H)1 Define service level agreements with business, with DS1 H M M assigned responsibilities and accountabilities, as well as a reporting framework2 Document and formalise the IT continuity plan DS4 H M M3 Run an awareness campaign on core security policies DS5 M L H4 Standardise the incident management process across DS8 H H L business units5 Formalise benchmarking against key competitors and ME1 M M L peers © 2011 ISACA. All rights reserved. 9
  10. 10. Example Analysis of Selected Improvements Define service level agreements with business, with assigned responsibilities and Opportunity accountabilities, as well as a reporting framework Objectives and scope Approach Resources required TotalActivities Duration (elapsed) Full-time equivalent (FTE)• dedicated resources •Business 1.4Deliverables •IT 2.3• Estimated cost and duration Summary of benefitsImplementation cost (one-off) Recurring costs Quantifiable• • Other benefits • Dependencies and risksRisks and dependencies Mitigating factors• © 2011 ISACA. All rights reserved. 10
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×