COBIT 5 is a framework for the governance and management of enterprise IT. It has 5 principles: meeting stakeholder needs, covering the enterprise end-to-end, applying a single integrated framework, enabling a holistic approach, and separating governance from management. COBIT 5 defines 37 processes, 7 enablers, and a goals cascade to translate stakeholder needs into goals. It also provides a process capability model to assess processes at 6 levels from incomplete to optimizing. The presentation summarized the key concepts and components of COBIT 5.
LPC Warehouse Management System For Clients In The Business Sector
COBIT 5 Basic Concepts
1. CODBIT 5 Presentation Summary
of the full presentation that can be found at
http://theProjectLeaders.org
Spyros Ktenas | http://open-works.org/?e=spyros-ktenas
Use of content from “COBIT 5®, A Business Framework for the
Governance and Management of Enterprise IT”, An ISACA®
Framework.
1
2. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
CONTENTS
Introduction
History
Drivers for the Development of COBIT
Benefits
Format
Principles
Enablers
Implementation
Process Capability Model
2
COBITBasicConcepts
3. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
CONTROL OBJECTIVES FOR INFORMATION AND RELATED
TECHNOLOGY (COBIT)
Information is the key element of the 21st century
It has a lifecycle (created, used, retained, disclosed and
destroyed).
Technology is used in all lifecycle stages
Quality of information -> Quality of Decisions
COBIT is a good-practice framework created by
international professional association ISACA for
information technology management and IT
governance. COBIT provides an implementable "set of
controls over information technology and organizes
them around a logical framework of IT-related processes
and enablers.”
3
4. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
DRIVERS FOR THE DEVELOPMENT OF COBIT
More stakeholders around IT
Increased dependency on third party suppliers
Ever-increasing volume of information
IT is an integral part of the business
A need for an end-to-end management and governance
framework
Provide further guidance in the area of innovation and
emerging technologies
Better control over user-based IT solutions
Alignment with other guidance and integration of ISACA
(coming from Information Systems Audit and Control
Association) frameworks
4
5. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
COBIT 5 BENEFITS
Provides a comprehensive framework that assists
enterprises in achieving their objectives for the
governance and management of enterprise IT
Holistic, integrated and complete view of enterprise
governance and management of IT
Creates common language between IT and business
It is consistent with generally accepted corporate
governance standards – so helps to meet regulatory
requirements.
5
6. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
COBIT 5 PRINCIPLES
1. Meeting stakeholder needs
2. Covering enterprise end-to-end
3. Applying a single Integrated Framework
4. Enabling a holistic approach
5. Separating Governance from Management
6
7. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
GOALS CASCADE
Goals Cascade
Is the mechanism to translate stakeholder needs in to specific, actionable and customized goals
(Enterprise, IT-related, Enabler goals)
Stakeholder Drivers (Environment, Technology…)
Step1
Stakeholder Needs (Benefits Realization, Risk Optimization, Resource Optimization)
Cascade to Stakeholder needs and enterprise goals
Step 2
Enterprise goals (COBIT 5 Enterprise goals table)
Cascade to Detailed mapping: Enterprise Goals to IT related goals (COBIT provides scorecards and
mapping tables)
Step 3
IT related goals (COBIT 5 IT related goals table)
Cascade to Detailed mapping: IT related goals to IT related processes (COBIT provides scorecards
and mapping tables)
Step 4
Enabler Goals (Process, organization structures, information) (COBIT provides scorecards and
mapping tables) 7
9. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
PRINCIPLE 1: MEETING STAKEHOLDER NEEDS
IT Related Goals
9
10. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
PRINCIPLE 2: COVERING ENTERPRISE END TO END
10
• Governance Enablers
Governance enablers are the organisational resources for governance, such as frameworks,
principles, structures, processes and practices, through or towards which action is directed and
objectives can be attained
• Governance Scope
Governance can be applied to the entire enterprise, an entity, a tangible or intangible asset, etc.
That is, it is possible to define different views of the enterprise to which governance is applied,
and it is essential to define this scope of the governance system well. The scope of COBIT 5 is the
enterprise—but in essence COBIT 5 can deal with any of the different views.
• Roles, Activities and Relationships
A last element is governance roles, activities and relationships. It defines who is involved in
governance, how they are involved, what they do and how they interact, within the scope of any
governance system.
11. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
PRINCIPLE 3: APPLYING A SINGLE INTEGRATED NETWORK
11
There are many IT-related standards and good practices, each providing
guidance on a subset of IT activities. COBIT 5 aligns with other relevant
standards and frameworks at a high level, and thus can serve as the
overarching framework for governance and management of enterprise IT
ISACA Frameworks that map to COBIT 5
CBIT 4.1 (Control Objectives)
Val IT (Key Managements Practices)
Risk IT (Management Practices)
COBIT sits on top of other frameworks like ITIL (Service Management), PRINCE
2 (Project Management) etc.
12. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
PRINCIPLE 4: ENABLING A HOLISTIC APPROACH
12
Efficient and effective governance and management of enterprise IT
require a holistic approach, taking into account several interacting
components
COBIT 5 Defines a set of enables to support the implementation of a
comprehensive governance and management system for enterprise IT
Emphasizing the importance of the whole and the interdependence of its
parts.
7 Enterprise Enabler Categories
Enablers are factors that, individually and collectively, influence whether something will work—in this case, governance and
management over enterprise IT
1. Principles, Policies and Frameworks
2. Processes
3. Organisational Structures
4. Culture, Ethics and Behavior
5. Information (resources)
6. Services Infrastructures and Applications(resources)
7. People Skills and Competencies (resources)
13. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
PRINCIPLE 4: ENABLING A HOLISTIC APPROACH
13
Life cycle—Each enabler has a life cycle, from inception through an
operational/useful life until disposal. This applies to information,
structures, processes, policies, etc. The phases of the life cycle consist of:
– Plan (includes concepts development and concepts selection)
– Design
– Build/acquire/create/implement
– Use/operate
– Evaluate/monitor
– Update/dispose
Good practices—For each of the enablers, good practices can be defined.
Good practices support the achievement of the enabler goals. COBIT 5
provides examples of good practices for some enablers provided by COBIT
5 (e.g., processes). For other enablers, guidance from other standards,
frameworks, etc., can be used.
14. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
PRINCIPLE 5: SEPARATING GOVERNANCE FROM
MANAGEMENT
14
Governance ensures that stakeholder needs, conditions and options are
evaluated to determine balanced, agreed-on enterprise objectives to be
achieved; setting direction through prioritisation and decision making;
and monitoring performance and compliance against agreed-on direction
and objectives.
In most enterprises, overall governance is the responsibility of the board of
directors under the leadership of the chairperson. Specific governance
responsibilities may be delegated to special organisational structures at an
appropriate level, particularly in larger, complex enterprises
Management plans, builds, runs and monitors activities in alignment
with the direction set by the governance body to achieve the enterprise
objectives.
In most enterprises, management is the responsibility of the executive
management under the leadership of the chief executive officer (CEO).
15. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
PRINCIPLE 5: SEPARATING GOVERNANCE FROM
MANAGEMENT #2
15
Clear distention between Governance and Management
Governance - Leadership, sets the directions and monitors against the
direction
Management - Deliver and achieve the governance objectives
Interactions
Governance: Direct, Evaluate, Monitor
Management: Plan (APO), Build(BAI), Run (DSS), Monitor (MEA)
Align, Plan and Organize (APO)
Build, Acquire and Implement (BAI)
Deliver, Service and Support (DSS)
Monitor, Evaluate and Assess (MEA)
Together, these five principles enable the enterprise to build an effective
governance and management framework that optimises information and
technology investment and use for the benefit of stakeholders.
16. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
PRINCIPLE 5: SEPARATING GOVERNANCE FROM
MANAGEMENT #3
16
37 Governance and Management Processes
Process Reference Model
17. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
COBIT 5 IMPLEMENTATION
17
The Enterprise Context
Understand both enterprise internal and external factors as they apply to
change management
Ethics and culture
Applicable laws, regulations and policies
Mission, vision and values
Governance policies and practices
Business plans and strategic intentions
Operating model
Management style
Risk appetite
Capabilities and available resources
Industry practices
18. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
COBIT 5 IMPLEMENTATION
18
Success Factors
Top management providing the direction and mandate for the
initiative, as well as visible ongoing commitment and support
All parties supporting the governance and management processes to
understand the business and IT objectives
Ensuring effective communication and enablement of the necessary
changes
Tailoring COBIT and other supporting good practices and standards to
fit the unique context of the enterprise
Focussing on quick wins and prioritising the most beneficial
improvements that are easiest to implement
19. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
COBIT 5 IMPLEMENTATION
19
Implementation Lifecycle
Programme Management
Quality, time, cost
Change Enablement
Addressing the behavioral and cultural aspects
Continual Improvement Life Cycle
To identify that this is not a one-off project.
20. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
COBIT 5 PROCESS CAPABILITY MODEL
20
Based on ISO/IEC 15504- Identifies process assessment
as an activity performed either as part of a process
improvement initiative or as part of a capability
determination approach.
The purpose of process capability determination is to
identify the strengths, weaknesses and risks of selected
processes.
A capability is carried out at process level, whereas a
maturity assessment is carried out at organizational
level.
21. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
COBIT 5 PROCESS CAPABILITY MODEL
21
6 Capability levels
Level 0: Incomplete process (not implemented or fails to archive
its purpose)
Level 1: Performed process (achieves its process purpose)
Level 2: Managed process (implemented in a managed fashion,
planned, monitored and adjusted. Its products are appropriately
established controlled and maintained)
Level 3: Established process (implemented using defined
process)
Level 4: Predictable process (the process operated within
defined limits to achieve its outcomes)
Level 5: Optimising process (the process is continuously
improved to meet relevant current and predicted business
goals)
22. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
COBIT 5 PROCESS CAPABILITY MODEL
22
9 Process Attributes
Level 1: Performed process
PA.1.1 Process Performance Attribute (is a measure of the extent to which the
process purpose is achieved (only relevant to Level 1)
Level 2 Managed
PA.2.1 Performance Management Attribute
PA.2.2 Work Management Attribute
Level 3 Established
PA.3.1 Definition Attribute
PA.3.2 Deployment Attribute
Level 4 Predictable
PA.4.1 Process Measurement Attribute
PA.4.2 Process Control Attribute
Level 5 Optimizing
PA.5.1 Innovation Attribute
PA.5.2 Optimisation Attribute
23. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
COBIT 5 OVERVIEW/SUMMARY
Full presentation Available at http://theProjectLeaders.org
23
5 Principles
1. Meeting stakeholder needs
2. Covering enterprise end-to-
end
3. Applying a single Integrated
Framework
4. Enabling a holistic approach
5. Separating Governance from
Management
Goals Cascade (COBIT 5 provides detailed mapping tables)
Stakeholder Drivers -> Stakeholder Needs ->Enterprise Goals -> IT Related Goals -> Enabler Goals
Covering the Enterprise End-to-end
Owners and Stakeholders Delegate <->AccountableGoverning Body Set Direction <->MonitorManagement Instruct and Align <->Report Operations and Execution
7 Enabler categories
1. Principles, Policies and Frameworks
2. Processes
3. Organisational Structures
4. Culture, Ethics and Behavior
5. Information (resources)
6. Services Infrastructures and
Applications(resources)
7. People Skills and Competencies (resources)
Governance and Management Processes (37 in total)
Governance—five processes; evaluate, direct and monitor
Management—four domains; plan, build, run and monitor
Domains:
Align, Plan and Organise (APO) – Build, Acquire and Implement (BAI) –
Deliver, Service and Support (DSS) – Monitor, Evaluate and Assess (MEA)
Implementation life cycle components
1. Core continual improvement life cycle
2. Enablement of change
3. Management of the programme
7 phases for every component
Process Capability Model
Level 0: Incomplete process
Level 1: Performed process
Level 2: Managed process
Level 3: Established process
Level 4: Predictable process
Level 5: Optimising process
“COBIT 5®, A Business Framework for the Governance and Management of Enterprise IT”, An ISACA® Framework.
24. Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
THANK YOU!
24
CODBIT Presentation Summary
This was a summary of the full presentation that can be found
at http://theProjectLeaders.org