Published on

Gert du Preez'nin ISACA-Istanbul'da yaptığı sunum.

Published in: Business, Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Other frameworks: help stakeholders understand how they are relatively positioned and can be used togetherHigh interest areas: EA, business relationship management , and management of emerging technology and innovationEnd-to-end scope: esp important given pervasiveness of IT and help increase transparency
  • All stakeholder issues can be traced back to one of the governance objectives
  • All stakeholder issues can be traced back to one of the governance objectives
  • Enabler viewsPractitioner based views – e.g. IT risk, information securitySubject/topic based views – privacy, SMEs
  • Enabler viewsPractitioner based views – e.g. IT risk, information securitySubject/topic based views – privacy, SMEs
  • Goals: bus goals – enterprise goals; # IT goals rationalized & reduced;
  • Cobit5

    1. 1. COBIT 5 – Where to start<br /><br />June 2011<br />
    2. 2. Contents<br />Drivers for COBIT 5<br />New concepts<br />Progress and timelines<br />Implementation and migration guidance<br />Questions<br />2<br />
    3. 3. Introduction<br />3<br /><ul><li>PwC’s global contract with ISACA
    4. 4. Recent involvement in:
    5. 5. Risk IT Framework and Practitioner’s Guide
    6. 6. Latest version of IT Governance Implementation Guide
    7. 7. Taking Governance Forward (TGF)
    8. 8. Val IT ver 2
    9. 9. Global Status Report on the Governance of Enterprise IT (4thed and previous)
    10. 10. COBIT 5</li></li></ul><li>Drivers for COBIT 5 – Major initiatives planned<br />4<br />Source: Global Status Report on the Governance of Enterprise IT, 4th edition, 2011<br />
    11. 11. Drivers for COBIT 5 – Enterprise Maturity Level for IT Governance<br />5<br />Source: Global Status Report on the Governance of Enterprise IT, 4th edition, 2011<br />
    12. 12. Drivers for COBIT 5 – External Frameworks and Standards Used as Basis for IT Governance Approach<br />6<br />Source: Global Status Report on the Governance of Enterprise IT, 4th edition, 2011<br />
    13. 13. Drivers for COBIT 5 – Measures to Govern Enterprise Architecture<br />7<br />Source: Global Status Report on the Governance of Enterprise IT, 4th edition, 2011<br />
    14. 14. Drivers for COBIT 5 - The Taking Governance Forward initiative <br />8<br />Governance Objectives<br />Governance Enablers<br />Governance Views<br />Roles, Activities and Relationships – who is involved? What do they do? How do they interact?<br />Owners and Stakeholders<br />Governing Body<br />Management<br />Operations<br />Accountability Delegation<br />Monitoring Direction Setting<br />Alignment, Execution, Control<br />Assurance<br />
    15. 15. Other drivers for COBIT 5<br />9<br />83%<br />of 1,124 CEOs interviewed for PwC's 12th Annual Global CEO Survey cited technological innovation as an important or critical driver for long-term success.<br />
    16. 16. Other drivers for COBIT 5<br /><ul><li>Linking together an reinforcing major ISACA research, frameworks and guidance
    17. 17. Major focus is COBIT, Val IT and Risk IT, but also considering BMIS, ITAF, Board Briefing on IT Governance and Taking Governance Forward
    18. 18. A need to connect to, and where relevant align with, other major frameworks and standards, such as ITIL, TOGAF, SFIA, PMBOK, PRINCE2 and ISO standards
    19. 19. Extending guidance in areas of high interest
    20. 20. Improving ease-of-use and ease-of-navigation and catering to needs of users that want to focus on specific topics
    21. 21. Ensuring that the scope covers the fill end-to-end business and IT functional capabilities</li></ul>10<br />
    22. 22. What is COBIT 5 – Design principles and features<br /><ul><li>Keeping guidance digestible and practically usable while considering different stakeholder groups and their needs
    23. 23. Providing a single overarching framework that serves as a consistent and integrated source of guidance
    24. 24. Clearly distinguishing between governance and management with a revised process model that shows how these domains relate to each other
    25. 25. Taking an end-to-end perspective, showing the responsibilities of both IT function and business human resources
    26. 26. Providing clear migration guidance to the user base that has made investments in previous versions of COBIT, Val IT and Risk IT
    27. 27. Including evolving models that address governance enablers such as decision-making organization structures or skills and competencies
    28. 28. Implementation and continual improvement guidance</li></ul>11<br />
    29. 29. Starting point: Stakeholders and their issues<br />12<br />Stakeholders<br />Internal Stakeholders<br />CEO, CFO, CIO, Board, Risk Managers, HR Managers, Internal Audit, Privacy Officers, IT Users, Business Process Owners, Business Managers, IT Managers...<br />Drivers<br />Technology changes, operating environment & context, strategy changes<br />Stakeholder Issues<br />Internal Stakeholder Concerns<br />How do I know whether I’m compliant with all applicable regulations?<br />How do I build and structure my IT department?<br />What are the (control) requirements for information?<br />Did I address all IT-related risks?<br />External Stakeholders<br />Business partners, Suppliers, Stakeholders, Regulatory/Government, External Users, Customers, Standardization Organization, External Auditors, Consultants...<br />External Stakeholder Concerns<br />How do I know my business partner’s operations are secure and reliable?<br />How do I know the organization is compliant with applicable rules and regulations?<br />Governance Objectives<br />Value Optimization<br />Risk Optimization<br />Resource Optimization<br />
    30. 30. Stakeholders concerns can be traced to IT processes through the revised Goals Cascade<br />13<br />
    31. 31. Stakeholder concerns will be addressed through a series of products within a consistent architecture<br />14<br />
    32. 32. COBIT 5: A systemic model of interacting enablers<br />Drivers<br />Technology changes, operating environment & context, strategy changes<br />Stakeholders<br />Stakeholder Issues<br />Internal Stakeholders<br />Internal Stakeholder Concerns<br />External Stakeholders<br />External Stakeholder Concerns<br />Enterprise Performance and Governance Objectives<br />Value <br />Optimization<br />Risk <br />Optimization<br />Resource <br />Optimization<br />Enablers for the Enterprise<br />Service Capabilities<br />Process Reference Model<br />People & Skills<br />Processes<br />Principles & Policies<br />Culture, Ethics, Behaviour<br />Information<br />Organizational Structures<br />15<br />
    33. 33. New process reference model<br />16<br />Processes for Governance of Enterprise IT<br />Evaluate, Direct and Monitor…<br />EDM1 – Set and Maintain the Governance Framework<br />EDM2 – Ensure Value Optimization<br />EDM3 – Ensure Risk Optimization<br />EDM4 – Ensure Resource Optimization<br />EDM5 – Ensure Stakeholder Transparency<br />Processes for Management of Enterprise IT<br />Align, Plan and Organize…<br />Monitor, Evaluate and Assess…<br />APO1 – Define the Management Framework for IT<br />APO2 – Define Strategy<br />APO3 – Manage Enterprise Architecture<br />APO4 – Manage Innovation<br />APO5 – Manage Portfolio<br />APO6 – Manage Budget and Costs<br />Direct<br />MEA1 – Monitor and Evaluate Performance and Conformance<br />APO7 – Manage Human Resources<br />APO8 – Manage Relationships<br />APO9 – Manage Service Agreements<br />APO10 – Manage Supplier<br />APO11 – Manage Quality<br />APO12– Manage Risk<br />Build, Acquire and Implement…<br />BAI1 – Manage Programs and Projects<br />BAI2 – Define Requirements<br />BAI3 – Identify and Build Solutions<br />BAI4 – Manage Availability and Capacity<br />MEA2 – Monitor System of Internal Control<br />Direct<br />BAI5 – Manage Organizational Change<br />BAI6 – Manage Changes<br />BAI 7 – Accept and Transition Changes<br />BAI 8 – Knowledge Management<br />Deliver, Service and Support…<br />MEA3 – Monitor and Assess Compliance with External Requirements<br />DSS1 – Manage Operations<br />DSS2 – Manage Assets<br />DSS3 – Manage Configuration<br />DSS4 – Manage Service Requests and Incidents<br />Direct<br />DSS5 – Manage Problems<br />DSS6 – Manage Continuity<br />DSS7 – Manage Security<br />DSS8 – Manage Business Process Controls<br />
    34. 34. Example of process details<br />17<br />
    35. 35. Example of process details<br />18<br />
    36. 36. Example of process details<br />19<br />
    37. 37. Example of process details<br />20<br />
    38. 38. Example of process details<br />21<br />
    39. 39. Progress and timeline <br />22<br /><ul><li>SME review of content for Vols 1 and 2 completed
    40. 40. Currently incorporating SME comments
    41. 41. Public exposure scheduled for July
    42. 42. Updating of Implementation Guide content (Vol 3)
    43. 43. Vols 1 and 2 scheduled for release Q4 2011</li></li></ul><li>When and how to use COBIT 5 processes<br /><ul><li>Review C5 for new processes (areas not covered by previous versions of COBIT and other frameworks)
    44. 44. Determine additional value if implemented or formalized
    45. 45. When embarking on improvement initiatives related to current processes, adopt guidance from COBIT 5
    46. 46. Mapping of previous processes to COBIT 5 </li></ul>23<br />
    47. 47. Priority for migration<br />24<br />
    48. 48. Summary of major changes<br /><ul><li>Architecture changes
    49. 49. Process model changes
    50. 50. Goals cascade
    51. 51. Control objectives and control practice statement -> Governance and Management Practices, which includes control practices and other practices</li></ul>Mapping of COBIT CO and Val IT/Risk IT KMP to new practices<br /><ul><li>Management guidelines -> not explicitly referred to as such, but included are:</li></ul>IT related goals and enterprise goals supported by project; process goals and metrics; RACI chart at process level; inputs and outputs<br /><ul><li>Assurance Steps are not include in the Framework, will be part of COBIT 5 for Assurance volume
    52. 52. Maturity model changes aligned with ISO/IEC 15504</li></ul>25<br />
    53. 53. An implementation lifecycle<br />26<br />
    54. 54. A framework for optimising the governance of enterprise IT<br />27<br />Organisation internal & external environment<br />Dependency on & criticality of IT<br />Industry & markets<br />Regulatory environment<br />Business strategy<br />Org. size & structure<br />Enterprise governance<br />IT governance framework<br />Interface with operational IT<br />
    55. 55. Questions<br />28<br />Gert du PreezSerdarGuzel<br />+1.403 509 7579 212 326 6334<br /><br />TuminGultekin<br />212 326 6232<br /><br />