Use COBIT for IT SAVINGS

737 views
599 views

Published on

Understand advantages of using COBIT Framework and how it can be used for IT Management in addition to a holistic IT Governance Implementation

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
737
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
64
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Use COBIT for IT SAVINGS

  1. 1. Introduction-BenefitsIntroduction-Benefits COBIT FrameworkCOBIT Framework With ExampleWith Example Sanjiv Arora, CISA, CISM, CGEIT Principal Consultant TECHNOLOGICS & CONTROLS Protecting the ABCs of your business.
  2. 2. AgendaAgenda  IT Governance  COBIT framework  Example - Cost Management Controls in IT Operations using COBIT  About Technologics and Controls
  3. 3. IT Governance – Need?IT Governance – Need? What is driving today’s businesses? Assertive Stakeholders Aggressive Competition Emerging Regulations Recessionary trends direct / indirect Extremely high IT Dependence Impacts Enterprise GovernanceEnterprise Governance
  4. 4. IT Governance - AlignmentIT Governance - Alignment Value Delivery •Secure •On Time •Within Budgets •Good Quality •Reduce Expense •Proven best practices Business Benefits •Customer satisfaction •Brand Loyalty •Competitive advantage •Profitability Crux - Fill what's empty. Empty what's full. And scratch where it itches. – Murphy’s law
  5. 5. Why COBIT?Why COBIT?  Better alignment based on business focus  Demonstrates management viewpoint and expectations  Clear ownerships and responsibilities based on processes  Increasing acceptability with third parties and regulators  Eases IT Governance communication between stakeholders and other parties  Fulfillment of the COSO requirements for IT control environment
  6. 6. Lack of IT Governance makes it....Lack of IT Governance makes it....  Difficult to make a link to the business requirements  Complex to measure performance against the requirements  Cumbersome to control activities using a generally accepted process model  Difficult to identify the resources to be leveraged  A problem to define management control objectives
  7. 7. Use of COBIT – Practical ScenarioUse of COBIT – Practical Scenario  Uses are  Implement and Manage IT governance  Risk Assessment and Management  Defining KPI and KGI  Mapping to other standards  Customize controls  Provides direction and recommendations for weak controls  Aid to implement ERP, BCP, BPR and other IT projects  Implement Cost Savings on IT spend (Capex and Opex)  Assessment of IT governance maturity  Demonstrate IT alignment (using Balance Score card)
  8. 8. COBIT – It is ImplementableCOBIT – It is Implementable  Based on self assessment  Very comprehensive yet flexible  Does not enforce COMPLETE implementation  Customizable  Easy to understand (Subject Matter Experts are available)  Implementation maybe fast track, with help of tools
  9. 9. COBIT – Importance Vs Other standardsCOBIT – Importance Vs Other standards  Comprehensive for business requirements  Business operations completely dependent on IT  Business applications (ERP), workflows, resource sharing, communication (chat, email,video conferencing) controls are all logical controls  Approval and authorization – financial or non-financial is mostly handled by logical controls  Confidentiality is primarily managed within technology  COBIT encompasses all aspects of IT Governance  Other standards where COBIT is useful  ITIL  SOX compliance  PCI-DSS  NIST  HIPAA  ISO27001  Others
  10. 10. COBITCOBIT – Other Standards– Other Standards http://www.isaca.org/AMTemplate.cfm?Section=COBIT_Focus&Template=/ContentManagement/ContentDisplay.cfm&ContentID=31702 Common misunderstanding: We already have xyz standard, so we do not need COBIT.
  11. 11. COBIT FrameworkCOBIT Framework Source – ITGI presentation materials
  12. 12. The following slides explain an example of COBIT framework implementation. The slides are prepared using the Meycor COBIT suite software tools. Actual tool may also be demonstrated as necessary, time and audience permitting. Thanks.
  13. 13. COBIT FrameworkCOBIT Framework
  14. 14. COBIT – Key Objectives and ControlsCOBIT – Key Objectives and Controls
  15. 15. COBIT – Map Business objectives using Funnel ApproachCOBIT – Map Business objectives using Funnel Approach 4 Domains 34 Processes (select applicable processes) 210 Control Objectives (select from applicable objectives) Controls (Select / add / modify controls to Suit your IT Governance needs) * Equals = 4 Domains 22 processes 145 controls objectives N Controls * An example
  16. 16. COBIT – Processes and Controls – Tangible Cost ManagementCOBIT – Processes and Controls – Tangible Cost Management Source - http://www.isaca.org/AMTemplate.cfm?Section=COBIT_Focus&Template=/ContentManagement/ContentDisplay.cfm&ContentID=47399 Cost Management Controls = Selected 10 processes
  17. 17. COBIT – Processes and Controls – Excess Labour ManagementCOBIT – Processes and Controls – Excess Labour Management Too many cooks….!
  18. 18. COBIT – Assessment and gaps – Tangible Cost ManagementCOBIT – Assessment and gaps – Tangible Cost Management
  19. 19. COBIT – Tangible Cost Management – Concerns / SavingCOBIT – Tangible Cost Management – Concerns / Saving Cont’d
  20. 20. COBIT – Tangible Cost Management – Concerns / SavingCOBIT – Tangible Cost Management – Concerns / Saving
  21. 21. COBIT – Tangible Cost Management – Recommendation – DS2COBIT – Tangible Cost Management – Recommendation – DS2 Customize recommendations according to business objectives.
  22. 22. COBIT – Tangible Cost Management–Tasks/linked RecommendationCOBIT – Tangible Cost Management–Tasks/linked Recommendation
  23. 23. COBIT – Tangible Cost Management–Tasks Manage / ComplyCOBIT – Tangible Cost Management–Tasks Manage / Comply Verify and validate to ensure compliance and success.
  24. 24. COBIT – Tangible Cost Management– Communicate ResultsCOBIT – Tangible Cost Management– Communicate Results  Proactive IT initiatives and operational improvements  Enhance credibility of the IT organization  Benefits  Tangibles  Current period vs previous period  % saving from alternate options  Forecast reduction in expense / ROI  Intangibles  Efficiency of operations  Reduced incidents  High uptime  Link to business objectives  Faster product launch  Timely service delivery  Increase in customers / revenue
  25. 25. COBIT – Map Business objectives using Funnel ApproachCOBIT – Map Business objectives using Funnel Approach 4 Domains 34 Processes (select applicable processes) 210 Control Objectives (select from applicable objectives) Controls (Select / add / modify controls to Suit your IT Governance needs) * Equals = 4 Domains 22 processes 145 controls objectives N Controls * An example The funnel model can be used for implementation of ERP, Other IT Projects, Project Monitoring and controls, Compliance checklists
  26. 26. Introduction : Technologics & ControlsIntroduction : Technologics & Controls  Founded in 2001  Based in New Delhi, India  Services: IT Audits, Risk Management consulting, Information security assessment and management, IT Governance services, compliance and related services.  Products: Sole reseller in India of DataSec S.R.L providing software solutions based on COBIT / ISO27001 / COSO and other standards
  27. 27. COBIT – BenefitsCOBIT – Benefits We offer our rich experience to meet your Business Requirements and Objectives in the IT Audits, IT Governance, Risk, Security Awareness, CISA, CISM Training and IT Strategy consulting areas. Our specializations includes reviews of ERP, CBS, Information Architecture, IT Efficiency and Effectiveness to deliver value amongst other things. We have worked with Al Rajhi Takaful in KSA, Qatar Steel, WFP, WHO, UNOPS, Govt of India and many other reputed companies across the world. We shall be happy to discuss your requirements, Look forward. Sanjiv Arora Contact us on +91 98102 93733 or email sa@tech-controls.com www.tech-controls.com

×