Cobit 5 Business Framework -Governance and Management of Enterprise IT


Published on

ISACA's Premier Product -COBIT Framework

Published in: Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cobit 5 Business Framework -Governance and Management of Enterprise IT

  1. 1. COBIT® 5.0 A Business Framework for Governance and Management of Enterprise IT Presented By Balasubramanian.C, B.E, ITIL®V3,PRINCE2®,COBIT®5.0 I.T.Project Manager – Supply Chain & EAM COBIT® is a Registered Trademark of ISACA® registered in United States of America and other countries.
  2. 2. Reference: This presentation is excerpted and modified from ISACA’s COBIT and all related 10/23/2013 documents. 2
  3. 3. 1) Appreciate Background of COBIT ®5 2) COBIT 5 Product Family 3) Information & Enterprise Benefits 4) Stakeholder Value 5) COBIT® 5 Framework 6) COBIT® 5 [5 Priniciples] 7) COBIT® 5 [7 Enablers] 8) Governance & Management Process Domains 9) Goals Cascade using Balanced Score Card 10) Implementation Guidance 10/23/2013 3
  4. 4. 10/23/2013 4
  5. 5. 10/23/2013 5
  6. 6. 10/23/2013 6
  7. 7. 10/23/2013 7
  8. 8. 10/23/2013 8
  9. 9. 10/23/2013 9
  10. 10. IT is Complicated . IT Governance doesn’t have to be. 10/23/2013 10
  11. 11. 10/23/2013 11
  12. 12. 1) Appreciate Background of COBIT®5 COBIT®5: One Complete Business Framework for A Business Framework for Governance and Management of Enterprise 12 IT 10/23/2013
  13. 13. 2) COBIT®5 Product Family Source:COBIT®5 Implementation, figure 1. © 2012 ISACA®All rights reserved 10/23/2013 13
  14. 14. COBIT®5 Product Family - includes Implementation Guidance Documents have been Officially released COBIT®5 Framework COBIT®5 Enabling Process COBIT®5 Implementation 10/23/2013 14
  15. 15. COBIT®5 Product Family -A Set of Resources to help U Implement COBIT®5 effectively in your enterprise Documents have been Officially released COBIT®5 Information Security COBIT®5 for Risk COBIT®5 Process Assessment Programme COBIT®5 for Assurance 10/23/2013 15
  16. 16. COBIT®5 Product Family Documents under Development COBIT®5 Enabling Information COBIT 5 Translation COBIT 5 Online COBIT 5 Toolkit and materials Readily available for download 10/23/2013 16
  17. 17. 3) Information & Enterprise Benefits • Information is a key resource for all enterprises. • Information is created, used, retained, disclosed and destroyed. • Technology plays a key role in these actions. • Technology is becoming pervasive in all aspects of business and personal life. So what benefits do information and technology bring to enterprises? Enterprise and their executives strive to: 1. Maintain Quality Information to support Business decisions 2. Generate Business Value from IT-enabled investments, i.e., to achieve strategic goals and realise business benefits through effective and innovative use of IT. 3. Achieve operational excellence through reliable and efficient application of technology. 4. Maintain and Optimize IT related risk and Cost at acceptable level 10/23/2013 17
  18. 18. 4) Stakeholder Value How can above benefits be realised to create enterprise Stakeholder Value? A. Delivering enterprise stakeholder value requires good governance and management of information and technology (IT) assets. B. Enterprise boards, executives and management have to embrace IT like any other significant part of the business. C. External legal, regulatory and contractual compliance requirements related to enterprise use of information and technology are increasing, threatening value if breached. COBIT 5 provides a comprehensive framework that assists enterprises to achieve their goals and deliver value through effective GOVERNANCE and MANAGEMENT of ENTERPRISE IT 10/23/2013 18
  19. 19. 5) COBIT 5 Framework Simply Stated, COBIT 5 helps Enterprises create optimal value from IT by maintaining balance between realising benefits and optimizing risk levels and resource usage. COBIT 5 enables Information and Technology to be governed and managed in a holistic manner for the entire enterprise, taking in the full end-to end business and functional areas of responsibility, considering IT – related interests of Internal and External Stakeholders. COBIT 5 PRINCIPLES and ENABLERS are generic and useful for enterprises of all sizes, whether commercial, notfor-profit or in the public sector. 10/23/2013 19
  20. 20. 6) COBIT 5 [5 Priniciples] Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved. 10/23/2013 20
  21. 21. 7) COBIT 5 [7 Enablers] Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved. 10/23/2013 21
  22. 22. 8) Governance & Management Process Domains Governance Ensures that enterprise objectives achieved by EVALUATING stakeholder needs, conditions and options; setting DIRECTION through priortisation and decision making; and MONITORING performance, compliance and progress against agreed-on direction and objectives (EDM). Management PLANS, BIULDS, RUN, and MONITOR’s activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM). Exercising governance and management effectively in practice requires appropriately using all enablers. The COBIT process reference model allows us to focus easily on the relevant enterprise 22 activities. 10/23/2013
  23. 23. COBIT 5 is not prescriptive, but it advocates that enterprises implement governance and management processes such that key areas are covered as shown in above figure 15. Source: COBIT® 5, figure 15. © 2012 ISACA® All rights reserved. 10/23/2013 23
  24. 24. 10/23/2013 Source: COBIT® 5, © 2012 ISACA® All rights reserved. 24
  25. 25. Governance Domain (EDM) = 5 Processes Ensure, Direct and Monitor (EDM) Management Domain (PBRM) = 32 Processes Align, Plan and Organise (APO) Build, Acquire and Implement (BAI) Deliver, Service and Support (DSS) Monitor, Evaluate and Assess (MEA) 10/23/2013 25
  26. 26. 9) Goals Cascade using Balanced Score Card The COBIT5 goals cascade translates stakeholder needs into specific, practical and customized goals within the context of Enterprise, IT-related goals and Enabler Goals. Source: COBIT® 5, © 2012 ISACA® All rights reserved. 10/23/2013 26
  27. 27. 17 Generic Enterprise Goals mapped to 17 Generic IT Related Goals using BSC approach 10/23/2013 27
  28. 28. 17 Generic IT Related Goals mapped to IT Generic IT Related Process using BSC approach 10/23/2013 28
  29. 29. Stakeholder Needs – Internal Stakeholders & External Stakeholders 10/23/2013 29
  30. 30. Internal Stakeholders Board,CEO, chieffinancialofficer(CFO), chiefinformationofficer(CIO), businessexecutives, businessprocessowners, businessmanagers, riskmanagers,security managers, servicemanagers,HRmanagers, internalaudit,privacyofficers, ITusers,ITmanagers, etc. External Stakeholders Businesspartners, suppliers, shareholders, regulators/government externalusers, customers, standardisation organisations, externalauditors, consultants, etc. 10/23/2013 30
  31. 31. Internal Stakeholder Needs •How do I get value from IT? •How do I manage performance of IT? •How can I best exploit new technology for new strategic •opportunities? •How do I know whether I’m compliant with all applicable •regulations? •How do I best build and structure my IT department? •What are(control) requirements for Information? •Did I address all IT‐related risks? •Am I running an efficient and resilient IT operation? •How do I control cost of IT? 10/23/2013 31
  32. 32. External Stakeholder Needs •How do I know my business partner’s operations are secure and reliable? •How do I know the organisation is compliant with applicable rules and regulations? •How do I know the enterprise is maintaining an effective system of internal control? 10/23/2013 32
  33. 33. Enterprise Goals Mapped to Governance objectives using Balanced Scorecard approach 10/23/2013 33
  34. 34. IT Related Goals Mapped using Balanced Scorecard approach 10/23/2013 34
  35. 35. Stakeholder Need’s Mapped to Enterprise Goals Mapped using Balanced Scorecard approach 10/23/2013 35
  36. 36. COBIT 5 Implementation •The improvement of the governance of enterprise IT (GEIT) is widely recognised by top management as an essential part of enterprise governance. •Information and the pervasiveness of information technology are increasingly part of every aspect of business and public life. •The need to drive more value from IT investments and manage an increasing array of IT-related risk has never been greater. •Increasing regulation and legislation over business use of information is also driving heightened awareness of the importance of a well-governed and managed IT environment. •ISACA has developed the COBIT 5 framework to help enterprises implement sound governance enablers. Indeed, implementing good GEIT is almost impossible without engaging an effective governance framework. Best practices and standards are also available to underpin COBIT 5. 10/23/2013 36
  37. 37. COBIT 5 Implementation - Contd. • • • Frameworks, best practices and standards are useful only if they are adopted and adapted effectively. There are challenges that need to be overcome and issues that need to be addressed if GEIT is to be implemented successfully. COBIT 5: Implementation provides guidance on how to do this. COBIT 5: Implementation covers the following subjects: • Positioning GEIT within an enterprise • Taking the first steps towards improving GEIT • Implementation challenges and success factors • Enabling GEIT-related organisational and behavioural change • Implementing continual improvement that includes change enablement and programme management • Using COBIT 5 and its components 10/23/2013 37
  38. 38. COBIT 5 Implementation - Contd. 10/23/2013 Source: COBIT® 5, © 2012 ISACA® All rights reserved. 38
  39. 39. Questions 10/23/2013 39
  40. 40. Thank You Balasubramanian.C, B.E, ITIL®V3,PRINCE2®,COBIT®5 10/23/2013 40