11. Drivers for COBIT 5 – Enterprise Maturity Level for IT Governance 5 Source: Global Status Report on the Governance of Enterprise IT, 4th edition, 2011
12. Drivers for COBIT 5 – External Frameworks and Standards Used as Basis for IT Governance Approach 6 Source: Global Status Report on the Governance of Enterprise IT, 4th edition, 2011
13. Drivers for COBIT 5 – Measures to Govern Enterprise Architecture 7 Source: Global Status Report on the Governance of Enterprise IT, 4th edition, 2011
14. Drivers for COBIT 5 - The Taking Governance Forward initiative 8 Governance Objectives Governance Enablers Governance Views Roles, Activities and Relationships – who is involved? What do they do? How do they interact? Owners and Stakeholders Governing Body Management Operations Accountability Delegation Monitoring Direction Setting Alignment, Execution, Control Assurance
15. Other drivers for COBIT 5 9 83% of 1,124 CEOs interviewed for PwC's 12th Annual Global CEO Survey cited technological innovation as an important or critical driver for long-term success.
16.
17. Major focus is COBIT, Val IT and Risk IT, but also considering BMIS, ITAF, Board Briefing on IT Governance and Taking Governance Forward
18. A need to connect to, and where relevant align with, other major frameworks and standards, such as ITIL, TOGAF, SFIA, PMBOK, PRINCE2 and ISO standards
29. Starting point: Stakeholders and their issues 12 Stakeholders Internal Stakeholders CEO, CFO, CIO, Board, Risk Managers, HR Managers, Internal Audit, Privacy Officers, IT Users, Business Process Owners, Business Managers, IT Managers... Drivers Technology changes, operating environment & context, strategy changes Stakeholder Issues Internal Stakeholder Concerns How do I know whether I’m compliant with all applicable regulations? How do I build and structure my IT department? What are the (control) requirements for information? Did I address all IT-related risks? External Stakeholders Business partners, Suppliers, Stakeholders, Regulatory/Government, External Users, Customers, Standardization Organization, External Auditors, Consultants... External Stakeholder Concerns How do I know my business partner’s operations are secure and reliable? How do I know the organization is compliant with applicable rules and regulations? Governance Objectives Value Optimization Risk Optimization Resource Optimization
31. Stakeholder concerns will be addressed through a series of products within a consistent architecture 14
32. COBIT 5: A systemic model of interacting enablers Drivers Technology changes, operating environment & context, strategy changes Stakeholders Stakeholder Issues Internal Stakeholders Internal Stakeholder Concerns External Stakeholders External Stakeholder Concerns Enterprise Performance and Governance Objectives Value Optimization Risk Optimization Resource Optimization Enablers for the Enterprise Service Capabilities Process Reference Model People & Skills Processes Principles & Policies Culture, Ethics, Behaviour Information Organizational Structures 15
33. New process reference model 16 Processes for Governance of Enterprise IT Evaluate, Direct and Monitor… EDM1 – Set and Maintain the Governance Framework EDM2 – Ensure Value Optimization EDM3 – Ensure Risk Optimization EDM4 – Ensure Resource Optimization EDM5 – Ensure Stakeholder Transparency Processes for Management of Enterprise IT Align, Plan and Organize… Monitor, Evaluate and Assess… APO1 – Define the Management Framework for IT APO2 – Define Strategy APO3 – Manage Enterprise Architecture APO4 – Manage Innovation APO5 – Manage Portfolio APO6 – Manage Budget and Costs Direct MEA1 – Monitor and Evaluate Performance and Conformance APO7 – Manage Human Resources APO8 – Manage Relationships APO9 – Manage Service Agreements APO10 – Manage Supplier APO11 – Manage Quality APO12– Manage Risk Build, Acquire and Implement… BAI1 – Manage Programs and Projects BAI2 – Define Requirements BAI3 – Identify and Build Solutions BAI4 – Manage Availability and Capacity MEA2 – Monitor System of Internal Control Direct BAI5 – Manage Organizational Change BAI6 – Manage Changes BAI 7 – Accept and Transition Changes BAI 8 – Knowledge Management Deliver, Service and Support… MEA3 – Monitor and Assess Compliance with External Requirements DSS1 – Manage Operations DSS2 – Manage Assets DSS3 – Manage Configuration DSS4 – Manage Service Requests and Incidents Direct DSS5 – Manage Problems DSS6 – Manage Continuity DSS7 – Manage Security DSS8 – Manage Business Process Controls
54. A framework for optimising the governance of enterprise IT 27 Organisation internal & external environment Dependency on & criticality of IT Industry & markets Regulatory environment Business strategy Org. size & structure Enterprise governance IT governance framework Interface with operational IT
55. Questions 28 Gert du PreezSerdarGuzel +1.403 509 7579 212 326 6334 gert.du.preez@ca.pwc.com serdar.guzel@tr.pwc.com TuminGultekin 212 326 6232 Tumin.gultekin@tr.pwc.com
Editor's Notes
Other frameworks: help stakeholders understand how they are relatively positioned and can be used togetherHigh interest areas: EA, business relationship management , and management of emerging technology and innovationEnd-to-end scope: esp important given pervasiveness of IT and help increase transparency
All stakeholder issues can be traced back to one of the governance objectives
All stakeholder issues can be traced back to one of the governance objectives
Enabler viewsPractitioner based views – e.g. IT risk, information securitySubject/topic based views – privacy, SMEs
Enabler viewsPractitioner based views – e.g. IT risk, information securitySubject/topic based views – privacy, SMEs
Goals: bus goals – enterprise goals; # IT goals rationalized & reduced;