Cobit as IT Management Best Practice Framework

9,923 views

Published on

Cobit as IT Management Best Practice Framework.

What are the IT management issues that COBIT can help to solve?

How COBIT is one of the most comprehensive IT management best practice frameworks - from IT Strategy, Architecture, Portfolio Management to Programme and Project Management to SDLC Management to Service Support and Delivery and Measure/Evaluate.

Also, mapping of COBIT to various IT Management best practices as well as a look at the future COBIT v5 from an IT Managmenet Framework perspective.

Published in: Technology

Cobit as IT Management Best Practice Framework

  1. 1. COBIT as IT Management Best Practice Framework Adapted from Jan 2011 Management Update Seminar: “Beyond IT Project Management: Advanced IT Management Best Practices” Goh BoonNam Institute of Systems ScienceISACA®, IT Governance Institute® and CobiT® are registered trademarks of ISACA, Use of these trademarks in this document does NOT imply any association, sponsorship, affiliation, or endorsement by ISACA. ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 1 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  2. 2. What is COBIT? Control OBjectives for Information and related Technology International framework from ISACA (Information Systems Control & Audit Association) and IT Governance Institute Helps maximise value of IT to business and minimise issues such as those listed earlier Originally, more for monitoring/audit /risk assessment of IT management processes Increasingly recognised as comprehensive framework of IT Management best practices ■ Advises on WHAT to do ■ Some high-level of how to do Currently Version 4.1COBIT References: http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx http://www.isaca.org/Knowledge-Center/cobit/Pages/Downloads.aspx ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 2 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  3. 3. Why COBIT? Why COBIT as IT Management Best Practice Framework? ■ Comprehensive coverage of IT Management ■ Helps avoids issues such as: • Strategic oversights • Architecture oversights • Implementation oversights • Service Delivery oversights • Governance oversights ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 3 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  4. 4. Avoid Issue #1 – Strategic Oversight Past report from Director of Audit of a large organisation: ■ no formal IT strategy exists which leads to piecemeal development and absence of monitoring and evaluation (of projects). ■ hence, additional expenditure had to be incurred …. ■ systems cannot satisfy objectives Reference: http://www.gov.mu/portal/site/auditsite/menuitem.afcc311f8d4ff832b4c3bb4e52a521ca/?content_id=a4ac207a78d48010VgnVCM100000ca6a12acRCRD ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 4 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  5. 5. Avoid Issue #2 - Architecture oversights A leading European bank ■ struggled with a tangle of applications that hampered its retail-banking operations ■ the lack of unifying standards created difficulties in satisfying bank-wide business requirements, such as speeding time to market for a new banking services Reference : https://www.mckinseyquarterly.com/Overhauling_banks_IT_systems_2554 ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 5 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  6. 6. IT Issue #3 - Implementation oversights Passport system in a European country: ■ half a million new passports couldnt be issued on time ■ Passport Agency had brought in a new system that was (not properly designed/developed and) without sufficient testing and staff training ■ hundreds of people missed their holidays with money in the millions spent in compensation for staff overtime and umbrellas for the poor people queuing in the rain for passports Reference : http://www.zdnet.com/news/the-top-10-it-disasters-of-all-time/177729 ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 6 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  7. 7. IT Issue #4 - Service Delivery oversights Bank in a European country: ■ Online banking services, that had been in operation for some time, suddenly went down for nearly a week Reference : http://www.computerweekly.com/blogs/management-matters/2010/07/has-the-private-sector-caught-the-public-sector-it-disease.html ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 7 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  8. 8. IT Issue #5 - Governance oversights The Office of Inspector General (OIG) of the U.S. House of Representatives (House) sought to improve IT activities within the House. ■ A large number of the first audit reports issued by the OIG addressed weaknesses in various IT operations of the House - including the lack of policies and procedures (e.g., systems development life cycle), poor systems design and development, the lack of planning and performance measures, poor management of the mainframe and the lack of adequate information security. ■ Management needed to take control of the situation and establish clear roles and responsibilities…and adopt an IT governance framework. Reference : http://www.isaca.org/Knowledge-Center/cobit/Pages/US-House-of-Representatives.aspx ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 8 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  9. 9. • Define a Strategic IT Plan • Define the Information COBIT - Overview Architecture • Determine Technological• Monitor and Evaluate IT Direction Processes • Define the IT Processes,• Monitor and Evaluate Internal Organization and Relationships Control • Manage the IT Investment• Ensure Regulatory Compliance • Communicate Management Aims• Provide IT Governance and Direction • Manage IT Human Resources Monitor & Evaluate Plan & Organise • Manage Quality • Assess and Manage IT Risks• Define and Manage Service • Manage Projects Levels• Manage Third-party Services• Manage Performance and Capacity Deliver & Support Acquire & Implement • Identify Automated Solutions• Ensure Continuous Service • Acquire and Maintain Application• Ensure Systems Security Software• Identify and Allocate Costs • Acquire and Maintain Technology• Educate and Train Users Infrastructure• Manage Service Desk and • Enable Operation and Use Incidents • Procure IT Resources• Manage the Configuration • Manage Changes• Manage Problems • Install and Accredit Solutions and• Manage Data Changes• Manage the Physical Environment• Manage Operations ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 9 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  10. 10. COBIT Components • Define a Strategic IT Plan • Define the Information Architecture PROCESSES • Determine Technological Direction • Define the IT Processes, Organization and Relationships • Manage the IT Investment • Communicate Management Aims and Direction • Manage IT Human ResourcesMonitor & Evaluate Plan & Organise • Manage Quality • Assess and Manage IT Risks • Manage Projects • Programme Management Framework • Project Management Framework • Project Management Approach • Stakeholder CommitmentDeliver & Support Acquire & Implement • Project Scope Statement • Project Phase Initiation • Integrated Project Plan • Project Resources • Project Risk Management • Project Quality Plan DOMAINS • Project Change Control • Project Planning of Assurance Methods • Project Performance Measurement, Reporting and CONTROL Monitoring • Project Closure OBJECTIVES ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 10 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  11. 11. COBIT Domains – Plan & Organise (PO) Plan &  Strategy / Architecture / Portfolio ■ Define a Strategic IT Plan Monitor & Evaluate Organise ■ Define the Information Architecture ■ Determine Technological Direction Deliver & Acquire & Support Implement  Programme & Project Management ■ Manage Projects  IT Organisation Management ■ Define the IT Processes, Organization and Relationships ■ Manage the IT Investment ■ Communicate Management Aims and DirectionNb: Bold headings areauthor’s own categorisation ■ Manage IT Human Resources& are not part of COBIT ■ Manage Quality ■ Assess and Manage IT Risks ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 11 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  12. 12. Plan & Organise (PO) Strategic Pre-Project Development Production IT Strategy / Architecture / Portfolio Management Level of Work IT Programme Organisation Management Management Project Management Tactical Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within PO. ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 12 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  13. 13. COBIT Domains – Acquire & Implement (AI) Monitor &  Requirements & Feasibility ■ Identify Automated Solutions Plan & Organise Evaluate Deliver & Acquire &  Design & Build Support Implement ■ Acquire and Maintain Application Software ■ Acquire and Maintain Technology Infrastructure  Test & Implement ■ Install and Accredit Solutions and Changes ■ Enable Operation and Use  Changes ■ Manage ChangesNb: Bold headings areauthor’s own categorisation& are NOT part of COBIT  Procurement Management  Procure IT Resources ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 13 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  14. 14. AI Relationship with PO Pre-Project Development Production IT Strategy / Architecture / Portfolio Management Plan & Programme Management Organise (PO) (Generic) Project Management IT Systems Devt Life Cycle Mgt Requirements & Design & Test & Acquire & Feasibility Build Implement Implement Manage (System-Related) Changes (AI) Procurement ManagementNb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT. ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 14 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  15. 15. COBIT Domains – Deliver & Support Service Delivery ■ Define and Manage Service Levels Monitor & Evaluate Plan & Organise ■ Manage Third-party Services ■ Manage Performance and Capacity Deliver & Acquire & Implement ■ Ensure Continuous Service Support ■ Ensure Systems Security ■ Identify and Allocate Costs Service Support ■ Educate and Train Users ■ Manage Service Desk and Incidents ■ Manage the Configuration Nb: Bold headings are author’s own categorisation ■ Manage Problems & are not part of COBIT ■ Manage Data ■ Manage the Physical Environment ■ Manage Operations ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 15 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  16. 16. DS Relationship with AI & PO Pre-Project Development Production IT Strategy / Architecture / Portfolio ManagementPlan & Programme ManagementOrganise(PO) (Generic) Project Management IT Systems Devt Life Cycle MgtAcquire & Requirements & Feasibility Design & Build Test & ImplementImplement Manage (System-Related) Changes(AI) Procurement ManagementDeliver & Service DeliverySupport Service Support(DS) Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT. ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 16 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  17. 17. COBIT Domains – Monitor & Evaluate Monitor & Evaluate Monitor & Evaluate ■ Monitor and Evaluate IT Processes Plan & Organise ■ Monitor and Evaluate Internal Control Deliver & Support Acquire & Implement ■ Ensure Regulatory Compliance Direct ■ Provide IT Governance Nb: Bold headings are author’s own categorisation & are not part of COBIT ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 17 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  18. 18. COBIT Overview ME Relationship with PO / AI / DS Measure & Pre-Project Development Production Evaluate (ME) IT Strategy / Architecture / Portfolio ManagementPlan & Programme ManagementOrganise(PO) (Generic) Project Management Measure & Evaluate IT IT Systems Devt Life Cycle Mgt OrganisationAcquire & / Management Requirements Design & Test &Implement & Feasibility Build Implement Direct(AI) Manage (System-Related) Changes Procurement ManagementDeliver & Service DeliverySupport(DS) Service Support Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT. ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 18 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  19. 19. Other Elements of COBIT Besides ■ Domains ■ Processes ■ Control Objectives Some Key Elements ■ Management Guidelines • roles and responsibilities • goals and metrics ■ Maturity Model ■ Associated Toolkits (for ISACA members) • Implementation Guide • Assurance Guide ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 19 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  20. 20. COBIT Mapping to Other Frameworks P3O TOGAF PRINCE2 PMP CITPM CMMI SCRUM CBAP COMIT ISO20000 CISSP ITIL Monitor & Plan & Organise CGEIT Evaluate COBIT Acquire & Deliver & Support ImplementNb: Some of the other frameworks can map to more than one COBIT domain (eg. ITIL/COBIT) but for simplicity, only one domain is mapped here ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 20 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  21. 21. Future of COBIT as IT ManagementFramework – Draft COBIT v5 ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 21 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  22. 22. Future of COBIT as IT ManagementFramework – Draft COBIT v5  Some Key New Features ■ Explicit recognition of COBIT as covering IT Management processes in addition to IT Governance processes ■ Identification of degree of involvement of IT and Business in the various processes ■ Enterprise Architecture (instead of Information Architecture of prior versions) ■ Consolidation into one new “Manage the IT Organisation” process those v4.1 processes that were for internal IT organisation support - eg. • Define IT Processes, Organization and Relationships • Communicate Management Aims and Direction • Manage IT Human Resources etc ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 22 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  23. 23. For Further InformationPlease refer to:http://www.iss.nus.edu.sg/Or email BoonNam Goh at:issgbn@nus.edu.sg ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 23 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
  24. 24. The EndATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 24COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/

×