• Save
CobiT
Upcoming SlideShare
Loading in...5
×
 

CobiT

on

  • 2,073 views

CobiT

CobiT

Statistics

Views

Total Views
2,073
Views on SlideShare
2,037
Embed Views
36

Actions

Likes
2
Downloads
0
Comments
0

1 Embed 36

http://www.slideshare.net 36

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

CobiT CobiT Presentation Transcript

  • SEMINARIO DE SISTEMAS 1
    Presentación 2
    Julio René Santizo Ochoa
  • Plan de implementación
    Presentación inicial
    Entrega de Executesummary (a colaboradores)
    Definición de responsables por cada CO (Gerencia, Coordinadores)
    Evaluación interna prioridades y riesgos (Colaboradores)
    Tabulación y presentación de los resultados
    Definición de prioridades CO (Gerencia, Coordinadores)
    Presentación del plan a autoridades relacionadas externas
  • Auditoria al inicio del proyecto
    Definición de plan de implementación de tareas de los CO nivel 1
    Al finalizar implementación de tareas nivel 1 segunda auditoria
    Presentación de resultados
    El ciclo del paso 9 al 11 son repetitivos para 3 fases definidas para los 3 niveles.
    Al finalizar queda la tarea de monitorear y auditar periódicamente.
    View slide
  • Cubo de CobiT
    View slide
  • Áreas del gobierno de IT
  • Áreas del gobierno de IT
    Alineación estratégica:
    Se enfoca en garantizar el vínculo entre los planes de negocio y de TI; en definir, mantener y validar la propuesta de valor de TI; y en alinear las operaciones de TI con las operaciones de la empresa.
  • Áreas del gobierno de IT
    Entrega de valor:
    Se refiere a ejecutar la propuesta de valor a todo lo largo del ciclo de entrega, asegurando que TI genere los beneficios prometidos en la estrategia, concentrándose en optimizar los costos y en brindar el valor intrínseco de la TI.
  • Áreas del gobierno de IT
    Administración de recursos:
    Se trata de la inversión óptima, así como la administración adecuada de los recursos críticos de TI:, aplicaciones, información, infraestructura y personas. Los temas claves se refieren a la optimización de conocimiento y de infraestructura.
  • Áreas del gobierno de IT
    Administración de riesgos:
    Requiere conciencia de los riesgos por parte de los altos ejecutivos de la empresa, un claro entendimiento del deseo de riesgo que tiene la empresa, comprender los requerimientos de cumplimiento, transparencia de los riesgos significativos para la empresa, y la inclusión de las responsabilidades de administración de riesgos dentro de la organización.
  • Áreas del gobierno de IT
    Medición del desempeño:
    Rastrea y monitorea la estrategia de implementación, la terminación del proyecto, el uso de los recursos, el desempeño de los procesos y la entrega del servicio, con el uso, por ejemplo, de balancedscorecards que traducen la estrategia en acción para lograr las metas que se puedan medir más allá del registro convencional.
  • COBIT: An IT Control Framework
    COBIT as a Response to Needs
    COBIT’s Vision
    To be the model for IT governance
    To research, develop, publicise and promote an authoritative, up-to-date, international set of generally accepted IT control objectives for day-to-day use by business managers and auditors
    COBIT’s Mission
    The policies, procedures, practices and organisational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected
    Definition of Control
    Definition of IT Control Objective
    A statement of the desired result or purpose to be achieved by implementing control practices in a particular IT activity
  • COBIT: What Does It Consist Of?
    The Elements of COBIT—What?
    • Executive Summary: “There is a method...”
    • Framework: “The method is...”
    • Control Objectives: “Minimum controls are...”
    • Audit Guidelines: “Here is how you audit...”
    • Implementation Tool Set: “Here is how you implement…”
    • Management Guidelines: “Here is how you measure…”
  • Natural grouping of processes, often matching an organisational domain of responsibility
    Domains
    A series of joined activities with natural control breaks
    Processes
    Actions needed to achieve a measurable result. Activities have a life cycle whereas tasks are discrete.
    Activities
    or tasks
    COBIT Framework
  • COBIT Framework
    IT Domains
    • Plan and Organise
    • Acquire and Implement
    • Deliver and Support
    • Monitor and Evaluate
    IT Processes
    • IT Strategy
    • Policy and Procedures
    • Feasibility Study
    • Acceptance Testing
    • Change Management
    • Contingency Planning
    • Problem Management
    Activities
    • Record New Problem
    • Analyse
    • Propose Solution
    • Monitor Solution
    • Record Known Problem
    • Etc.
    Natural grouping of processes, often matching an organisational domain of responsibility
    A series of joined activities with natural (control) breaks
    Actions needed to achieve a measurable result. Activities have a life cycle whereas tasks are discrete.
  • COBIT Framework
    Business Requirements
    Business requirements = information criteria BUT depend on the enterprise
  • Performance Measurement—IT Scorecard
    Key Goal Indicators
    • Describe the outcome of the process, i.e., measurable after the fact; a measure of “what”; may describe the impact of not reaching the process goal
    • Are indicators of the success of the process and its business contribution
    • Focus on the customer and financial dimensions of the balanced scorecard
  • Performance Measurement—IT Scorecard
    Key Performance Indicators
    • Are a measure of how well the process is performing
    • Predict the probability of success or failure
    • Focus on the process and learning dimensions of the balanced scorecard
    • Are expressed in precise measurable terms
    • Should help in improving the IT process
  • Ejemplo de un Objetivo de Control
  • The COBIT Framework
    Why Is COBIT Used? (Testimonials from Case Studies)
    • Helps substantially increase acceptance and reduce time needed to implement IT governance program
    • Provides a guide for formal audits/reviews
    • Helps use results of audits as an opportunity to plan improvements
    • Strong factor in achieving primary goals for IT governance—transform organisational practices and pursue improved processes
    • Provides economical continuous improvement framework
    • Management's decision on controls needed was based on a credible source (COBIT)
    • IT operations manager impressed with COBIT's ability to help him understand what auditors want
    • Ideal for business management
    • Reliable source reference that ensures identification of all major risk areas
    • Improves communications and relations with IT management
  • The COBIT Framework
    How Is COBIT Used? (Results from Surveys)
    • To improve audit approach/programs
    • To support audit work with detailed audit guidelines
    • To provide guidance for IT governance
    • As a valuable benchmark for IS/IT control
    • To improve IS/IT controls
    • To standardise audit approach/programs