Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Introducing cobit 5-may2012_v1.0

22,178 views

Published on

I had the honor of presenting an Introduction to COBIT 5 at the Rocky Mountain Information Security Conference on May 18, 2012 in Denver, Colorado. This is the deck I used.

Published in: Business, Technology

Introducing cobit 5-may2012_v1.0

  1. 1. Slide Heading ®Introducing COBIT 5 Bob Frelinger, CGEIT May 18, 2012
  2. 2. Learning ObjectivesAppreciate the Background Behind COBIT® 5Understand the Five COBIT® 5 PrinciplesUnderstand the Seven COBIT® 5 EnablersKnow How to Navigate the “COBIT® 5” framework documentKnow How to Navigate “COBIT® 5: Enabling Processes”
  3. 3. What’s Behind COBIT® 5Some History…
  4. 4. What’s Behind COBIT® 5References and Influencers… ISO Standards: OGC (UK) Best Management Practice Portfolio IT Service Management Managing Successful Programmes (MSP) Quality Management PRINCE2® Risk Management Information Technology Infrastructure Library (ITIL®), Information Security Risk Management Corporate Governance of Information Technology Process Assessment British Standards: Federal Enterprise Business Continuity Management Architecture (FEA) (USA) APM Introduction to Programme Management (UK) TOGAF® 9 COBIT 5 Product Family PMBOK2® Leading Change OECD Principles of by John Kotter Existing ISACA/ITGI Material: Balanced Corporate Governance COBIT 4.1 Scorecard (France) Val IT The [European] Commission Risk IT Enterprise IT Architecture BMIS BABOK® Guide Framework (CEAF) (Belgium) IT Assurance Framework Board Briefing on IT Governance King Code of Governance Principles Combined Code on (King III) (South Africa) Corporate Governance’ (UK) COSO
  5. 5. What’s Behind COBIT® 5Global Expertise and Collaboration… • Overseen by the ISACA/ITGI Framework Committee (FC) • Research results were quality-controlled throughout the development process. • Preliminary research involved several COBIT development groups based around the world. • Before being issued, the draft documents were distributed to more than 100 subject matter experts around the world to obtain their professional review comments. • Once ready, draft versions of COBIT 5 and COBIT 5: Enabling Processes were made available to the general public. Thousands of comments were received.
  6. 6. Importance of IT Importance of IT to the Delivery of Business Strategy and VisionSource: Global Status Report on theGovernance of Enterprise IT (GEIT) – 2011.Rolling Meadows, IL: ISACA & ITGI, 2011.
  7. 7. Why & What is COBIT® 5The Business Case… Enterprises, large and small, commercial, not-for-profit or public sector, must create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use. Information and related technology needs to: • Be governed and managed in a holistic manner for the entire enterprise, • Take in the full end-to-end business and IT functional areas of responsibility, • Consider the IT-related interests of internal and external stakeholders A BUSINESS FRAMEWORK FOR THE GOVERNANCE AND MANAGEMENT OF ENTERPRISE IT
  8. 8. IT-Related IssuesSource: Global Status Report on the Governance of Enterprise IT (GEIT) – 2011. Rolling Meadows,IL: ISACA & ITGI, 2011.
  9. 9. Drivers for GEIT ActivitiesSource: Global Status Report on the Governance of Enterprise IT (GEIT) – 2011. RollingMeadows, IL: ISACA & ITGI, 2011.
  10. 10. Enterprise Readiness for GEITSource: Global Status Report on the Governance of Enterprise IT (GEIT) – 2011. Rolling Meadows,IL: ISACA & ITGI, 2011.
  11. 11. What is COBIT® 5The Product Family… Source: COBIT® 5, figure 1. © 2012 ISACA® All rights reserved.
  12. 12. Making It Real – Just Try ItEmbrace the Concepts Embedded in COBIT 5… • Integrate best, good and common industry practices • Cascade goals and objectives • Measure both performance toward, and achievement of, goals • Take the holistic approach; end-to-end view • Link inputs and outputs of key management practices • Enable success through integration and alignment of seemingly disconnected governance and management activities
  13. 13. COBIT® 5 Principles Based on five key principles for governanceand management of enterprise IT Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.
  14. 14. COBIT® 5 – Principle 1Principle 1. Meeting Stakeholder Needs Enterprises exist to create value for their stakeholders. Source: COBIT® 5, figure 3. © 2012 ISACA® All rights reserved.
  15. 15. COBIT® 5 – Principle 1Principle 1. Meeting Stakeholder Needs The COBIT 5 goals cascade translates stakeholder needs into specific, actionable and customized goals within the context of the: • Enterprise goals, • IT-related goals and • Enabler goals. Source: COBIT® 5, figure 4. © 2012 ISACA® All rights reserved.
  16. 16. COBIT® 5 – Goals CascadeGeneric Model – Based on Sound Global ResearchMapping Stakeholder Needs to COBIT 5 Enterprise GoalsAppendix DMapping COBIT 5 Enterprise Goals to IT-related GoalsAppendix BMapping COBIT 5 IT-related Goals to ProcessesAppendix C Process Goals and Suggested Metrics COBIT 5: Enabling Processes
  17. 17. COBIT® 5 – Principle 2Principle 2. Covering the Enterprise End-to-end• Enterprisewide, end-to- end perspective• Information and related technology wherever that information is being Governance System processed Key• NOT just the IT function Components Source: COBIT® 5, figure 8 & 9 combined. © 2012 ISACA® All rights reserved.
  18. 18. COBIT® 5 – Principle 3Principle 3. Applying a Single Integrated Framework• Aligns with other standards and frameworks• Complete in enterprise coverage• Simple architecture for: • structuring guidance materials • producing a consistent product set• Integrates all knowledge previously dispersed over different ISACA/ITGI Source: COBIT® 5, figure 10. © frameworks 2012 ISACA® All rights reserved.
  19. 19. COBIT® 5 – Principle 4Principle 4. Enabling a Holistic Approach• Driven by the goals cascade – goals define what enablers should achieve• To achieve enterprise objectives consider an interconnected set of enablers• Some enablers are the enterprise resources Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
  20. 20. COBIT® 5 – Principle 4Principle 4. Enabling a Holistic Approach1. The vehicles totranslate the desiredbehavior into practicalguidance for day-to-daymanagement Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
  21. 21. COBIT® 5 – Principle 4Principle 4. Enabling a Holistic Approach2. Describe an organizedset of practices andactivities to achievecertain objectives andproduce a set of outputsin support of achievingoverall IT-related goals Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
  22. 22. COBIT® 5 – Principle 4Principle 4. Enabling a Holistic Approach3. Are the key decision-making entities in anenterprise. They can bethe traditional verticalstructures or horizontal(or lateral structures). Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
  23. 23. Organizational StructureFormal org structure supported by cross-org structures
  24. 24. COBIT® 5 – Principle 4Principle 4. Enabling a Holistic Approach4. Applies to bothindividuals and of theenterprise; very oftenunderestimated as asuccess factor ingovernance andmanagement activities Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
  25. 25. COBIT® 5 – Principle 4Principle 4. Enabling a Holistic Approach5. Pervasive throughoutany organization andincludes all theinformation produced andused by the enterprise. Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
  26. 26. COBIT® 5 – Principle 4Principle 4. Enabling a Holistic Approach6. The infrastructure,technology andapplications that providethe enterprise withinformation technologyprocessing and services Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
  27. 27. COBIT® 5 – Principle 4Principle 4. Enabling a Holistic Approach7. People, and their skillsand competencies, arerequired for:• successful completion of all activities and• for making correct decisions and• taking corrective actions Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
  28. 28. COBIT® 5 – Principle 4Principle 4. Enabling a Holistic ApproachEnabler Dimensions All enablers have a set of common dimensions. Source: COBIT® 5, figure 13. © 2012 ISACA® All rights reserved. This common set of dimensions: • Provides a common, simple and structured way to deal with enablers • Allows an entity to manage its complex interactions • Facilitates successful outcomes of the enablers
  29. 29. COBIT® 5 – Principle 4Principle 4. Enabling a Holistic Approach Enabler Performance Management Actual Outcomes Actual Functioning Source: COBIT® 5, figure 13. © 2012 ISACA® All rights reserved.
  30. 30. COBIT® 5 – Principle 5Principle 5. Separating Governance from Management• Different activities (EDM) and different responsibilities• Interactions between them are facilitated through the Enablers (PBRM) Source: COBIT® 5, figure 15. © 2012 ISACA® All rights reserved.
  31. 31. Implementation Guidance Source: COBIT® 5, figure 17. © 2012 ISACA® All rights reserved.
  32. 32. Process Capability Model Source: COBIT® 5, figure 19. © 2012 ISACA® All rights reserved.
  33. 33. What is COBIT® 5 – TOCThe Framework document…breaking it down A Business Framework for the Governance and Management of Enterprise IT • Executive Summary 2 pages • Overview of COBIT 5 2 pages • A chapter on each of the five principles 17 pages; 2 to 6 pages each • Implementation Guidance 5 pages – intro to the Guide • The COBIT 5 Process Capability Model 5 pages – intro to the Model • Appendices: – References 1 page – Goals Maps 5 pages – Stakeholder Needs and Enterprise Goals 2 pages – Mapping with the Most Relevant Related Standards and Frameworks 5 pages – COBIT 5 Information Model and COBIT 4.1 Information Criteria 1 page – Detailed Description of seven COBIT 5 Enablers 23 pages; 2 to 6 pages each – Glossary 5 pages
  34. 34. COBIT® 5: Enabling ProcessesEnabling Processes Enabler Guide…breaking it down A detailed reference guide to the processes that are defined in the COBIT 5 process reference model. • Introduction • Goals Cascade and Metrics • Process Model • Process Reference Model • Process Reference Guide Contents – Detailed process-related content structure – Inputs and Outputs – Generic Guidance for Processes – Detailed process content for each process • Appendices: – Mapping COBIT 5 with legacy ISACA Frameworks – Goals Maps
  35. 35. What is COBIT® 5Enabling Processes Enabler Guide…breaking it down A detailed reference guide to the processes that are defined in the COBIT 5 process reference model. • Introduction 1 page • Goals Cascade and Metrics 6 pages repeats & extends • Process Model 3 pages framework • Process Reference Model 2 pages • Process Reference Guide Contents 3 pages – Detailed process-related content structure See slide 36 for structure – Inputs and Outputs Broad or universal inputs and outputs – Generic Guidance for Processes one link to the Process Capability Model – Detailed process content for each process 186 pages; 3- 9 pages each • Appendices: – Mapping COBIT 5 with legacy ISACA Frameworks 8 pages – Goals Maps 5 pages; repeat of maps in the framework
  36. 36. Enabling ProcessesEnabler Dimensions – Processes Each process is defined, Process Goals driven by created, operated, and Reference RACI charts goals cascade adjusted / updated or retired. Model Process Capability Limited Model number of example Process metrics Capability Assessments Source: COBIT® 5: Enabling Processes, figure 8. © 2012 ISACA® All rights reserved.
  37. 37. Process Reference Model
  38. 38. Process ContentEnabling Processes: Content Structure for All Processes • Process Identification • Process Description • Process Purpose Statement • Goal Cascade Information • Process Goals and Metrics • RACI Chart • Detailed Description of Process Practices – Practice title and description but remember the – Practice inputs and outputs w/indication of origin & destination broad or universal – Process activities further detailing the practices inputs • Related Guidance
  39. 39. An Example ProcessAPO05 – Manage Portfolio Process Identification, Process Description, Process Purpose Statement
  40. 40. An Example ProcessAPO05 – Manage Portfolio Goal Cascade Information
  41. 41. An Example ProcessAPO05 – Manage Portfolio Process Goals and Metrics
  42. 42. An Example Process
  43. 43. An Example ProcessAPO05 – Manage Portfolio Detailed Description of Process Practices
  44. 44. An Example ProcessAPO05 – Manage Portfolio Detailed Description of Process Practices
  45. 45. An Example ProcessAPO05 – Manage Portfolio Related Guidance
  46. 46. Learning ObjectivesAppreciate the Background Behind COBIT® 5Understand the Five COBIT® 5 PrinciplesUnderstand the Seven COBIT® 5 EnablersKnow How to Navigate the “COBIT® 5” framework documentKnow How to Navigate “COBIT® 5: Enabling Processes”
  47. 47. Implementation ChallengesSource: Global Status Report on the Governance of Enterprise IT (GEIT) – 2011. Rolling Meadows,IL: ISACA & ITGI, 2011.
  48. 48. Questions?bob.frelinger@oracle.com orbob.frelinger@itgovhelp.com

×