Your SlideShare is downloading. ×
COBIT 5 as an IT Management Best Practices Framework - by Goh Boon Nam
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

COBIT 5 as an IT Management Best Practices Framework - by Goh Boon Nam

1,158
views

Published on

Published in: Business, Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,158
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
183
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 COBIT® 5 as IT Management Best Practice Framework 1 Please see Acknowledgements & Notices in last few slides
  • 2. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 What is COBIT?  Control OBjectives for Information and related Technology  International framework from ISACA and IT Governance Institute  Helps maximise value of IT to businesses  Originally, more for monitoring/ audit /risk assessment of IT management processes  Increasingly recognised as comprehensive framework of IT Management best practices ■ Advises on WHAT to do ■ Some high-level of how to do  Currently Version 5 2
  • 3. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 COBIT - Governance and Management 3 Strategic Tactical Operational Nb: Words in green above NOT part of COBIT but added by the author of this presentation. generally, the responsibility of Board of Directors
  • 4. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 COBIT5 Processes 4 Align, Plan & Organise Build, Acquire & Implement Monitor, Evaluate & Assess Deliver, Service & Support • Manage the IT Management Framework • Manage Strategy • Manage Innovation • Manage Enterprise Architecture • Manage Portfolio • Manage Budget and Costs • Manage Human Resources • Manage Relationships • Manage Service Agreements • Manage Suppliers • Manage Quality • Manage Risk • Manage Security • Manage Programmes & Projects • Manage Requirements Definition • Manage Solutions Identification and Build • Manage Availability & Capacity • Manage Change Acceptance and Transitioning • Manage Organisational Change Management • Manage Changes • Manage Knowledge • Manage Assets • Manage Configuration • Monitor, Evaluate and Assess Performance & Conformance • Monitor, Evaluate and Assess the System of Internal Control • Monitor, Evaluate and Assess Compliance with External Requirements Governance • Manage Operations • Manage Service Requests & Incidents • Manage Problems • Manage Continuity • Manage Security Services • Manage Business Process Controls • Ensure Governance Framework Setting and Maintenance • Ensure Benefits Delivery • Ensure Risk Optimisation • Ensure Resource Optimisation • Ensure Stakeholder Transparency Domains Processes
  • 5. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 Domain BAI - Build, Acquire & Implement 5 Nb: Bold headings are author’s own categorisation & are not part of COBIT  Programmes ■ Manage Programmes (and Projects)  Projects ■ Manage (Programmes and) Projects  Requirements ■ Manage Requirements Definition ■ Manage Availability & Capacity  Design & Build ■ Manage Solutions Identification and Build  Test & Implement ■ Manage Change Acceptance and Transitioning  Changes ■ Manage (IT) Changes ■ Manage Organisational Change Management  Supporting Processes ■ Manage Knowledge ■ Manage Assets ■ Manage Configuration
  • 6. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 Domain BAI - Build, Acquire & Implement 6 Build, Acquire & Implement (BAI) Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT. Programme Management (Generic) Project Management IT Systems Devt Life Cycle Mgt Support Processes Knowledge, Asset, Configuration Requirements & Feasibility Design & Build Test & Implement Manage Changes IT and Organisational
  • 7. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 IT Strategy / Innovation / Ent. Architecture / Portfolio Management BAI Relationship with APO 7 Build, Acquire & Implement (BAI) Align, Plan & Organise (APO) Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT. Pre-Project Development Production Programme Management (Generic) Project Management IT Systems Devt Life Cycle Mgt Support Processes Knowledge, Asset, Configuration Requirements & Feasibility Design & Build Test & Implement Manage Changes IT and Organisational(Tactical) (Strategic) IT Ongoing Management
  • 8. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 Domain APO – Align, Plan & Organise  Strategy/ Architecture / Portfolio ■ Manage the IT Management Framework ■ Manage Strategy ■ Manage Innovation ■ Manage Enterprise Architecture ■ Manage Portfolio  IT Ongoing Management ■ Manage Budget and Costs ■ Manage Human Resources ■ Manage Relationships ■ Manage Service Agreements ■ Manage Suppliers ■ Manage Quality ■ Manage Risk ■ Manage Security 8 Nb: Bold headings are author’s own categorisation & are not part of COBIT IT Strategy / Architecture / Portfolio Management Programme Management (Generic) Project Management IT Systems Devt Life Cycle Mgt Support Processes Knowledge, Asset, Configuration Requirements & Feasibility Design & Build Test & Implement Manage Changes IT and Organisational IT Ongoing Management
  • 9. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 COBIT Domains – Deliver, Service & Support (DSS)  Service Operations ■ Manage Operations ■ Manage Service Requests & Incidents ■ Manage Problems ■ Manage Continuity ■ Manage Security Services ■ Manage Business Process Controls 9 Nb: Bold headings are author’s own categorisation & are not part of COBIT
  • 10. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 DSS Relationship with BAI & APO 10 IT Systems Devt Life Cycle Mgt Support Processes Knowledge, Assets, Configuration Requirements & Feasibility Design & Build Test & Implement Manage Changes IT & Organisational Build, Acquire & Implement (BAI) Align, Plan & Organise (APO) Deliver, Service & Support (DSS) Service Operations IT Strategy / Innovation / Ent. Architecture / Portfolio Management Programme Management (Generic) Project Management Pre-Project Development Production Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT. IT Ongoing Management (Strategic) (Tactical) (Operational)
  • 11. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 COBIT Domains – Monitor, Evaluate & Assess  Monitor, Evaluate and Assess ■ Performance & Conformance ■ System of Internal Control ■ Compliance with External Requirements 11 Nb: Bold headings are author’s own categorisation & are not part of COBIT
  • 12. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 MEA Relationship with APO / BAI / DSS 12 IT Systems Devt Life Cycle Mgt Support Processes Knowledge, Assets, Configuration Requirements & Feasibility Design & Build Test & Implement Manage Changes IT & Organisational Build, Acquire & Implement (BAI) Align, Plan & Organise (APO) Deliver, Service & Support (DSS) Service Operations IT Strategy / Innovation / Ent. Architecture / Portfolio Management Programme Management (Generic) Project Management Pre-Project Development Production Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT. IT Ongoing Management Measure, Evaluate & Assess Measure, Evaluate & Assess (MEA) (Strategic) (Tactical) (Operational)
  • 13. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 COBIT Domains – Governance  Monitor, Evaluate & Direct to: ■ Ensure Governance Framework Setting and Maintenance ■ Ensure Benefits Delivery ■ Ensure Risk Optimisation ■ Ensure Resource Optimisation ■ Ensure Stakeholder Transparency 13 Nb: Bold headings are author’s own categorisation & are not part of COBIT
  • 14. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 Governance Relationship To Management 14 IT Systems Devt Life Cycle Mgt Support Processes Knowledge, Assets, Configuration Requirements & Feasibility Design & Build Test & Implement Manage Changes IT & Organisational Build, Acquire & Implement (BAI) Align, Plan & Organise (APO) Deliver, Service & Support (DSS) Service Operations IT Strategy / Innovation / Ent. Architecture / Portfolio Management Programme Management (Generic) Project Management Pre-Project Development Production Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT. IT Ongoing Management Measure, Evaluate & Assess Measure, Evaluate & Assess (MEA) (Strategic Mgt) (Tactical Mgt) (Operational Mgt) (Governance) Monitor Evaluate Direct
  • 15. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 Further Process Details  COBIT provides further details to the Process ■ Breakdown of Process • Process – Management Practices » Activities ■ RACI for Management Practices ■ Inputs-Outputs for each Activity ■ Metrics for the overall process • IT-related • Process-related 15
  • 16. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 COBIT Process Details – Management Practices 16  Manage Programmes and Projects ■ Maintain a standard approach for programme and project management ■ Initiate a programme. ■ Manage stakeholder engagement. ■ Develop and maintain the programme plan. ■ Launch and execute the programme ■ Monitor, control and report on the programme outcomes. ■ Start up and initiate projects within a programme. ■ Plan projects ■ Manage programme and project quality ■ Manage programme and project risk ■ Monitor and control projects ■ Manage project resources and work packages. ■ Close a project or iteration ■ Close a programme. Process Management Practices
  • 17. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 COBIT Process Details – Management Practices and Activities 17  Manage Programmes and Projects ■ Maintain a standard approach for programme and project management ■ Initiate a programme • Agree on programme sponsorship and appoint a programme board/committee with members who have strategic interest in the programme, have responsibility for the investment decision making, will be significantly impacted by the programme and will be required to enable delivery of the change. • Confirm the programme mandate with sponsors and stakeholders. Articulate the strategic objectives for the programme, potential strategies for delivery, improvement and benefits that are expected to result, and how the programme fits with other initiatives. • Develop a detailed business case for a programme, if warranted. Involve all key stakeholders to develop and document a complete understanding of the expected enterprise outcomes, how they will be measured, the full scope of initiatives required, the risk involved and the impact on all aspects of the enterprise. Identify and assess alternative courses of action to achieve the desired enterprise outcomes. • Develop a benefits realisation plan that will be managed throughout the programme to ensure that planned benefits always have owners and are achieved, sustained and optimised. • Prepare and submit for in-principle approval the initial (conceptual) programme business case, providing essential decision-making information regarding purpose, contribution to business objectives, expected value created, time frames, etc • Appoint a dedicated manager for the programme, with the commensurate competencies and skills to manage the programme effectively • and efficiently. ■ Manage stakeholder engagement. ■ … Process Management Practices Activities
  • 18. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 COBIT Process Details – RACI for Management Practices 18
  • 19. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 COBIT Process Details – Inputs- Outputs for Each Activity 19
  • 20. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 COBIT Process Details – IT-Related Metrics 20 Example - from Manage Programmes and Projects process
  • 21. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 COBIT Process Details – Process- Related Metrics 21 Example - from Manage Programmes and Projects process
  • 22. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 Other Key Elements of COBIT  Principles  Enablers  Lifecycle Approach  Process Capability Model  COBIT 5 Product Family 22
  • 23. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 Principles 23
  • 24. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 Enablers 24
  • 25. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 Lifecycle Approach 25
  • 26. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 Process Capability Model 26
  • 27. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 COBIT 5 Product Family 27
  • 28. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 COBIT 5 Mapping to Other Frameworks 28 Nb: Some of the other frameworks can map to more than one COBIT domain (eg. ITIL/COBIT) but for simplicity, only one domain is mapped here
  • 29. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 For Further Information  For further details on COBIT course ■ http://www.iss.nus.edu.sg/ProfessionalCourse s/SearchCourse/CourseDetail/tabid/267/cid/20 /cname/nicf-cobit-foundation/Default.aspx  For other related courses: ■ http://www.iss.nus.edu.sg/ProfessionalCourse s/CourseCatalogue.aspx 29
  • 30. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 Acknowledgements & Sources  Sources used in this presentation: ■ Information Systems Audit and Control Association. (2012). COBIT 5: Enabling processes. Rolling Meadows, IL: ISACA. 30
  • 31. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 Acknowledgements & Notices  COBIT® is a registered trade mark of ISACA and the IT Governance Institute  CGEIT® is a registered trade mark of ISACA  TOGAF is a registered trademark of The Open Group in the United States and other countries  CBAP® is a registered certification mark owned by International Institute of Business Analysis  CISSP is a registered Trademark of (ISC)2  SCRUM Alliance REP SM is a service mark of Scrum Alliance, Inc.  PMP is a registered mark of Project Management Institute, Inc.  ITIL®, PRINCE2®, P3O®, MSP® are registered trade marks of the Cabinet Office  CMMI is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University  The Swirl logo™ is a trade mark of the Cabinet Office  © 2011 NUS unless otherwise stated. The contents of this document may not be reproduced in any form or by any means, without the written permission of ISS, NUS, other than for the purpose for which it has been supplied
  • 32. © 2010 NUS. All Rights Reserved Unless Otherwise Stated. ATA/Lucid/2010-01-25 MUS/ COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 The End 32