Les nouveautés de Cobit 5
 

Les nouveautés de Cobit 5

on

  • 1,401 views

CobIT 5 est le nouveau cadre de gouvernance IT conçu pour assister les entreprises dans l'atteinte de leurs objectifs concernant la gouvernance et la gestion des technologies de l'information. Il ...

CobIT 5 est le nouveau cadre de gouvernance IT conçu pour assister les entreprises dans l'atteinte de leurs objectifs concernant la gouvernance et la gestion des technologies de l'information. Il fournit aux gestionnaires, aux auditeurs et professionnels de l'informatique un ensemble de mesures généralement acceptées (best practices), des indicateurs de performance, des processus et des meilleures pratiques destinées à les aider à générer de la valeur ajoutée pour le business, tout en maximisant les avantages, la gestion et la réduction des risques et en optimisant les ressources.

Statistics

Views

Total Views
1,401
Views on SlideShare
1,401
Embed Views
0

Actions

Likes
0
Downloads
111
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Value creation means realizing benefits at an optimal resource cost while optimising risk. Benefits can take many forms, e.g., financial for commercial enterprises or public service for government entities.For each decision, questions should be asked: For whom are the benefits? Who bears the risk? What resources are required?
  • Every enterprise operates in a different context : external and internal factors, and requires customized governance and management systemStakeholder needs have to be transformed into an enterprise’s actionable strategy.The COBIT 5 goals cascade translates stakeholder needs into specific, actionable and customized enterprise goals, IT-related goals and enabler goals:Allows setting specific goals at every levelSupports alignment between enterprise needs and IT solutions and servicesIdentifies and communicate how enablers are important to achieve enterprise goals Each enterprise should build its own goals cascade, compare it with COBIT and then refine it.
  • Means:Integrates governance of enterprise IT into enterprise governance.Covers all functions and processes related to IT (internal and external, IT and business).Governance approach:Enablers (frameworks, principles, structures, processes, practices, resources, people, information, …)Scope (enterprise [COBIT 5], entity, tangible or intangible asset, …)Roles, activities and relationships (who is involved, how they are involved, what they do, how they interact)
  • COBIT 5 framework delivers to its stakeholders the most complete and up-to-date guidance on governance and management of enterprise IT by:New content development (COBIT+VALIT+RISK IT, needed updates, alignment to other standards and framework (ITIL, ISO, TOGAF, …))Set of governance and management enablersCOBIT 5 knowledge base with all guidance and contentReference of good practices
  • Enablers are factors that influence whether governance and management over enterprise IT will work. They are driven by the goals cascade.Principles, policies and frameworks are the vehicle to translate the desired behaviour into practical guidance for day-to-day management.Processes describe an organised set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals.Organisational structures are the key decision-making entities in an enterprise.Culture, ethics and behaviourof individuals and of the enterprise are very often underestimated as a success factor in governance and management activities.Information is pervasive throughout any organisation and includes all information produced and used by the enterprise.Services, infrastructure and applications provide the enterprise with information technology processing and services.People, skills and competencies are required for successful completion of all activities and for making correct decisions and taking corrective actions.
  • Set of common dimensions: simple and structured way to deal with enablers.Enablers dimensionsEnablers have:Stakeholders: internal or externalGoals (expected outcomes, application or operation of the enabler): Intrinsic quality: work accurately, objectively, (accurate, objective, reputable results)Contextual quality: enablers and outcomes fit for purpose given the context. Outcomes are relevant, complete, current, appropriate, consistent, easy to use, …Access and security: enablers and outcomes are accessible and securedLife cycle: enablers have life cycleGood practices: how to best implement enablers, required inputs and outputsEnabler performance managementExpect positive outcomes from application and use of enablers. Monitoring and metrics on regular basis (see Enabling Processes):Are stakeholder needs addressed? (KGI - lag indicator)Are enabler goals achieved? (KGI - lag indicator)Is enabler life cycle managed? (KPI - lead indicator)Are good practices applied? (KPI - lead indicator)
  • Clear distinction between governance and management: different types of activities, require different organisational structures and serve different purposes.Governance: ensures that stakeholder needs are evaluated to determine enterprise objectives; setting direction through prioritisation and decision making; and monitoring performance and compliance against agreed-on direction and objectives.Responsibility of the board of directors under the leadership of the chairperson.Management: plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives.Responsibility of the executive management under the leadership of the CEO.
  • Defines and describes in detail 37 governance and management processes normally found in an enterprise relating to IT activities. Each enterprise must define its own process set, taking into account its specific situation.2 main process domains:Governance: Contains five governance processes; within each process, evaluate, direct and monitor (EDM) practices are defined.Management: Contains four domains, in line with plan, build, run and monitor (PBRM),and provides end-to-end coverage of IT. These domains are an evolution of the COBIT 4.1 domain and process structure:– Align, Plan and Organise (APO)– Build, Acquire and Implement (BAI)– Deliver, Service and Support (DSS)– Monitor, Evaluate and Assess (MEA)
  • Governance and management of enterprise IT will be different for every enterprise, context needs to be understood, adapt COBIT implementation of governance and management of enterprise IT enablers.Practical and guidance in publication “COBIT 5 Implementation”Supported by an implementation tool kit containing assessment, measurement and diagnostic tools, documentation for various audiences, articles and explanations.
  • Address complexity and challenges encountered during implementation.3 components of the life cycle are the:1. Continual improvement life cycle2. Enablement of change3. Management of the programmePhase 1: identifies desire to changePhase 2: defines scope of implementation or improvement initiative. Assessment of the current statePhase 3: set the targetPhase 4: creates business casesPhase 5: solution implemented into day-to-day practicesPhase 6: operate and monitor of benefitsPhase 7: review for continual improvement
  • Process maturity models used to measure the current maturity of an enterprise’s IT-related processes, to define a required state of maturity, and to determine the gap between them and how to improve the process to achieve the desired maturity level.COBIT 5 is based on ISO/IEC 15504 Software Engineering—Process Assessment standard.Different from the COBIT 4.1 maturity model in its design and use.
  • Assessing a process maturity:Assessment whether control objectives for the process were metObtain maturity profile of the process from maturity modelUse generic maturity model for the process to obtain detail view on maturity levelReview process controls
  • Differences:Cannot compare COBIT 4.1 and COBIT 5 capability scales. Meaning is different. Score in COBIT 5 will be lower.9 process attributes in ISO 15504. Not identical with COBIT 4.1 (overlap, map to a certain extent).Benefits of the changes:Improved focus on process to confirm it achieves purpose and delivers outcomes as expected.Simplified, more reliable and usable process assessment (COBIT 4.1 needed number of specific components)Compliance with process assessment standard.

Les nouveautés de Cobit 5 Les nouveautés de Cobit 5 Presentation Transcript

  • ITIL V3 Foundation Les nouveautés de COBIT 5 Connaissances fondamentales et mise en œuvre de COBIT 5 Lausanne, 13.9.2012 Stephane Perroud, SP Consulting Raphael Rues, Digicomp Academy Suisse Romande SA
  • Orateur Stéphane Perroud Formations  Ingénieur ETS / HES  Economiste HEC  Master en Management de la Sécurité des SI Expériences  Développeur J2EE et Web (LODH)  Auditeur informatique (PwC)  Consultant en Management de la Sécurité des SI  Formateur en Gouvernance, Sécurité et Audit (COBIT, CISA, CISSP, CISM, ISO 27001, ITIL, Sécurité, Réseau, Gestion des Risques) (HEG Genève et Digicomp)  Consultant en Gouvernance, Audit et Sécurité( Stéphane Perroud Consulting) Certifications et examens  Gestion appliquée de projets, COBIT Foundation 4.1, Management of Risk, CISA, CISM, ITIL v3 Foundation, CISSP, Lead Auditor ISO 20’000, Lead Auditor ISO27001 Stéphane Perroud www.sperroud.ch consulting@sperroud.com
  • Orateur Raphael Rues Formations  Wirtschaftsinformatiker II Eidg. Dipl  BA Histoire Economique et MSc en Gestion des Risques Expériences  Responsable IT Security Helsana Dübendorf  Risk Manager, Digicomp Zürich  Co-Fondateur, Co-Directeur Digicomp Romandie  Auditeur informatique, Consultant en Management de la Sécurité des SI, MinimaRisk Zug  Formateur en IT Management (COBIT, Security, ITIL) Certifications et examens  ITIL Service Manager V2, ITIL Expert V3, COBIT, Management of Risk, Lead Auditor ISO 20000, Lead Auditor ISO27001, Prince2 Raphael Rues www.digicomp.ch raphael.rues@digicomp.ch
  • Agenda  Introduction  Les 5 Principes  L’Implémentation  Le Modèle de Capacité des Processus  Q&A
  • Introduction
  • Gouvernance / Management  La Gouvernance assure que les objectifs de l'entreprise sont atteints en évaluant les besoins des intervenants, les conditions et les options; l’établissement de l'orientation en priorisant et prenant des décisions; la surveillance du rendement, de la conformité et des progrès par rapport à l'orientation et aux objectifs convenus (EDM).  Le Management planifie, construit, exécute et surveille les activités en alignement avec la direction fixée par l'organe de gouvernance afin d’atteindre les objectifs de l'entreprise (PBRM).
  • Gouvernance / Management (cont.) COBIT 5 est un référentiel "top-down" fondé sur des principes et alimenté par des catalyseurs, qui sépare la gouvernance du management, et qui est livré avec un puissant guide de mise en œuvre pour orienter le praticien tout en assurant la valeur pour l’entreprise des investissements IT. Source: COBIT® 5 © 2012 ISACA® All rights reserved.
  • Historique Governance of Enterprise IT COBIT 5 IT Governance COBIT4.0/4.1 Management COBIT3 Control COBIT2 Audit COBIT1 2005/720001998 Evolutiondupérimètre 1996 2012 Val IT 2.0 (2008) Risk IT (2009)
  • Changements dans COBIT 5  Nouveaux Principes GEIT (Governance of Enterprise IT)  Concentration accrue sur les catalyseurs  Nouveau modèle de référence des processus  Nouveaux et amélioration des processus  Pratiques et activités  Objectifs et métriques  Entrées et sorties des processus  Tableaux RACI  Les modèles de maturité  L’évaluations des processus
  • Les 5 Principes Source: COBIT® 5 © 2012 ISACA® All rights reserved.
  • COBIT 5 Principles (cont.) 1. Meeting Stakeholder Needs Source: COBIT® 5 © 2012 ISACA® All rights reserved.
  • COBIT 5 Principles (cont.) 1. Meeting Stakeholder Needs (cont.) Cascade des Objectifs Porter SWOT Source: COBIT® 5 © 2012 ISACA® All rights reserved.
  • COBIT 5 Principles (cont.) Meeting Stakeholder Needs – Enterprise Goals Source: COBIT® 5 © 2012 ISACA® All rights reserved.
  • COBIT 5 Principles (cont.) Meeting Stakeholder Needs – IT Goals Source: COBIT® 5 © 2012 ISACA® All rights reserved.
  • COBIT 5 Principles (cont.) 2. Covering the Enterprise End-to-end Source: COBIT® 5 © 2012 ISACA® All rights reserved.
  • COBIT 5 Principles (cont.) Environnement CdA Direction IT Dept Source: COBIT® 5 © 2012 ISACA® All rights reserved.
  • COBIT 5 Principles (cont.) 3. Applying a Single Integrated Framework (cont). APO BAI DSS MEA Source: COBIT® 5 © 2012 ISACA® All rights reserved.
  • COBIT 5 Principles (cont.) 4. Enabling a Holistic Approach Cobit 5: 32 + 5 Processes Source: COBIT® 5 © 2012 ISACA® All rights reserved.
  • COBIT 5 Principles (cont.) 4. Enabling a Holistic Approach (cont.) Source: COBIT® 5 © 2012 ISACA® All rights reserved.
  • COBIT 5 Principles (cont.) 5. Separating Governance From Management Source: COBIT® 5 © 2012 ISACA® All rights reserved.
  • COBIT 5 Principles (cont.) 5. Separating Governance From Management (cont.) Modèle de Référence des Processus Source: COBIT® 5 © 2012 ISACA® All rights reserved.
  • L’Implémentation
  • Facteurs clés de succès  Engagement et soutien de la direction, qui donne l’orientation  Compréhension des objectifs métiers et informatiques  Communication et management efficaces des changements nécessaires  Modifier COBIT et autres standards pour s'adapter au contexte de l'entreprise  Mettre l'accent sur ​​les gains rapides et prioriser les améliorations les plus utiles et plus faciles
  • Le cycle de vie Source: COBIT® 5 © 2012 ISACA® All rights reserved.
  • Le Modèle de Capacité des Processus
  • Modèle de Maturité COBIT 4.1 Source: COBIT® 5 © 2012 ISACA® All rights reserved.
  • Modèles COBIT 4.1 et COBIT 5 Source: COBIT® 5 © 2012 ISACA® All rights reserved.
  • Conclusions COBIT 5 rassemble 5 principes qui permettent à l'entreprise de construire une gouvernance efficace et d'un cadre de management fondés sur un ensemble holistique de 7 catalyseurs qui optimisent les investissements IT et leur utilisation au profit des parties prenantes.
  • Digicomp et Cobit: What’s next  Printemps 2013 : nouveau examen Foundation avec ISACA et APMG, disponible qu’en Anglais  Cobit 4.1 Foundation : http://www.digicomp.ch/cours/CB1.html  Cobit 5 Nouveautés : http://www.digicomp.ch/cours/CB2.html
  • Contact Raphael Rues Digicomp Academy Suisse Romande SA Phone: 0041 21 321 65 00 E-Mail: raphael.rues@digicomp.ch Web: http://www.digicomp.ch/fr