Emilio Gratton Isaca And It Governance

2,834 views

Published on

this presentation is extracted to one given recently to explain how I could help a University to align the teaching objectives to a required IT complete renovation. feel free to download but, please send me also a message and stay connected. maybe we have the same interest and we could share experiences

Published in: Business, Economy & Finance
  • Unfortunately SlideShare doesn't provide slide animations.
    If interested, I'm happy to share the original presentation with all animations and comments.
    I can also provide a tailored presentation to meet your business/IT requirements
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Emilio Gratton Isaca And It Governance

  1. 1. October 2010 Emilio Gratton ISACA MEMBER 630629
  2. 2. OUTLINE 1. NEED AND MEANING 2. MANAGEMENT SELECTION 3. COBIT FOCUS AREAS 4. COBIT FRAMEWORK 5. VALIT AT A GLANCE 6. RISKIT AT A GLANCE 7. COBIT PROCESS EXAMPLE 8. CONCLUSIONS
  3. 3. NEED AND MEANING 1. HOW TO EXPLOIT THE BENEFIT OF IT (IT VALUE) IN FAVOUR OF AN ENTERPRISE 2. HOW TO MANAGE IT ASSOCIATED RISKS (NON COMPLIANCE / CRITICAL DEPENDENCIES) 3. HOW TO MAINTAIN THE CONTROL OVER VALUE AND RISK IT Risks IT IT Value Controls IT Governance
  4. 4. NEED AND MEANING IT Governance RESPONSIBILITY CONSIST OF: OF THE ― LEADERSHIP EXECUTIVES ― ORGANISATIONAL STRUCTURES AND ― PROCESSES BOARD OF DIRECTORS ENTERPRISE’S IT MANAGEMENT SUSTAIN AND EXTENDS THE ORGANIZATION’S STRATEGIES & OBJECTIVES
  5. 5. MANAGEMENT SELECTION what IT management ?
  6. 6. MANAGEMENT SELECTION what IT management ? COBIT Professional association with 95,000 constituents. Worldwide (160) leader in IT governance, control, security and assurance. Offers the CISA, CISM, CRISC and CGEIT certifications. Controlled OBjectives for Information and related Technologies
  7. 7. MANAGEMENT SELECTION IT Governance ISACA INTEGRATES ENTERPRISE’S IT INSTITUTIONALISES SUPPORTS THE GOOD PRACTISES BUSINESS OBJECTIVES • linking to the business requirements • Organising IT activities into a process model COBIT • Identifying the major IT resources to be leveraged • Defining the management control objectives
  8. 8. COBIT FOCUS AREAS COBIT IT Governance Resource Management
  9. 9. COBIT FOCUS AREAS • STRATEGIC ALIGNMENT linkage of business and IT plans defining, maintaining and validating the IT value proposition aligning IT operations with enterprise operations. • VALUE DELIVERY executing the value throughout the delivery cycle, ensuring that IT delivers the promised benefits against the strategy, optimising costs and proving the intrinsic value of IT. • RESOURCE MANAGEMENT investment in – management of – critical IT resources: applications, information, infrastructure and people. Key issues  optimisation of knowledge and infrastructure. • RISK MANAGEMENT Requires : risk awareness by senior corporate officers, understanding of the enterprise’s appetite for risk, understanding of compliance requirements, transparency about the significant risks to the enterprise and embedding of risk management responsibilities into the organisation. • PERFORMANCE MEASUREMENT Tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery, using, for example, balanced scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting.
  10. 10. BUSINESS-FOCUSED COBIT COBIT • BASIC PRINCIPLE • INFORMATION CRITERIA FRAMEWORK • ALIGN BUSINESS GOALS TO IT GOALS • ALIGN RESOURCE AND IT ARCHITECTURE PROCESS-ORIENTED • 4 DOMAINS • 34 IT PROCESSES CONTROL-BASED • 6 PROCESS CONTROLS • 6 APPLICATION CONTROLS MEASUREMENT-DRIVEN • MATURITY SCALE MATURITY LEVELS MATURITY MODELS
  11. 11. COBIT FRAMEWORK – THE BUSINESS BASIC COBIT PRINCIPLE
  12. 12. COBIT FRAMEWORK – THE BUSINESS INFORMATION CRITERIA BUSINESS REQUIREMENT FOR INFORMATION 1. Effectiveness : information being relevant and pertinent to the business process as well as delivery in a timely, correct, consistent and usable manner. 2. Efficiency : provision of information through the optimal (most productive and economical) use of resources. 3. Confidentiality : protection of sensitive information from unauthorised disclosure. 4. Integrity : accuracy and completeness of information as well as validity in accordance with business values and expectations. 5. Availability : information being available when required by the business process now and in the future, safeguarding of necessary resources and associated capabilities. 6. Compliance : complying with the laws, regulations and contractual arrangements to which the business process is subject. 7. Reliability : provision of appropriate information for management to operate the entity and exercise its fiduciary and governance responsibilities.
  13. 13. COBIT FRAMEWORK – THE GOALS DEFINING IT GOALS AND ENTERPRISE ARCHITECTURE FOR IT
  14. 14. COBIT FRAMEWORK – THE RESOURCES IT RESOURCES CLASSIFICATION
  15. 15. COBIT FRAMEWORK – THE PROCESSES 4 DOMAINS – 34 PROCESSES P01 PROCESS “PLAN AND ORGANISE - DEFINE A STRATEGIC IT PLAN” SCREENSHOTS
  16. 16. PLAN AND ORGANISE
  17. 17. ACQUIRE AND IMPLEMENT
  18. 18. DELIVERY AND SUPPORT
  19. 19. MONITOR AND EVALUATE
  20. 20. COBIT FRAMEWORK – THE CONTROLS CONTROL MODEL
  21. 21. COBIT FRAMEWORK – THE CONTROLS BOUNDARIES BETWEEN CONTROLS
  22. 22. COBIT FRAMEWORK - MEASUREMENTS GRAPHIC REPRESENTATION OF A MATURITY MODEL
  23. 23. COBIT FRAMEWORK - MEASUREMENTS MATURITY LEVELS OF AN IT PROCESS
  24. 24. COBIT FRAMEWORK - MEASUREMENTS THE THREE DIMENSIONS OF MATURITY
  25. 25. COBIT FRAMEWORK – THE COBIT CUBE THE THREE DIMENSIONS OF IT CONTROLLED MANAGEMENT
  26. 26. COBIT FRAMEWORK – THE GOVERNANCE MAPPING HOW COBIT FRAMEWORK MAP IT GOVERNANCE FOCUS AREAS
  27. 27. IT GOVERNANCE FOCUS AREAS COBIT IT Governance Resource Management ValIT BASED ON COBIT
  28. 28. ValIT VALIT AT A GLANCE 1 A COMPREHENSIVE APPROACH • Many enterprises practice elements of Val IT already ™ • Val IT provides a consistent, repeatable and comprehensive ™ approach • IT and business become equal shareholders because Val IT™ helps management to answer these key questions:* The strategic question The value question The architecture question The delivery question * Based on the Four ‘Area's as described by John Thorp in his book The Information Paradox, written jointly with Fujitsu, first published in 1998 and revised in 2003
  29. 29. ValIT VALIT AT A GLANCE 2 DOMAINS AND PROCESSES
  30. 30. ValIT VALIT AT A GLANCE 3 CONTRIBUTION TO IT GOVERNANCE
  31. 31. IT GOVERNANCE FOCUS AREAS COBIT IT Governance Resource Management ValIT RiskIT BASED ON COBIT BASED ON COBIT
  32. 32. RiskIT RISKIT AT A GLANCE 1 RISK AND OPPORTUNITY MANAGEMENT
  33. 33. RiskIT RISKIT AT A GLANCE 2 BUSINESS OBJECTIVE
  34. 34. RiskIT RISKIT AT A GLANCE 3 RISK IT’S THREE DOMAINS RISKIT AT A GLANCE 3
  35. 35. RiskIT RISKIT AT A GLANCE 4 RISKIT AT A GLANCE 3 RISK RESPONSE APPROACH
  36. 36. RiskIT RISKIT AT A GLANCE 4 RISKIT AT A CONTRIBUTION 5 IT GOVERNANCE GLANCE TO
  37. 37. COBIT PROCESS EXAMPLE 1
  38. 38. COBIT PROCESS EXAMPLE 2
  39. 39. COBIT PROCESS EXAMPLE 3
  40. 40. COBIT PROCESS EXAMPLE 4
  41. 41. COBIT PROCESS EXAMPLE 5
  42. 42. COBIT PROCESS EXAMPLE 6
  43. 43. COBIT PROCESS EXAMPLE 7
  44. 44. COBIT PROCESS EXAMPLE 8
  45. 45. CONCLUSIONS SOLUTION STRENGHT 1. UNIQUE SET OF TOOLS AND STANDARDIZED DOCUMENTATION 2. VAST PARTECIPATION OF PROFESSIONALS 3. EXPANDIBILITY OF SCOPES 4. CONTINUOS UPDATE 5. LARGE SET OF CERTIFICATIONS
  46. 46. CONCLUSIONS SOLUTION EASINESS 1. CLEAR GUIDANCES AND THOROUGH EXPLANATIONS 2. PROCESSES ADAPTABILITY TO MANY MANAGEMENT SOFTWARE 3. FACILITATE MIGRATION FROM OTHER MANAGEMENT WORLDS 4. CONSISTENCY AMONG ISACA DOCUMENTATION
  47. 47. COBIT 4.1 including select text and figures featured within this presentation are the property of ISACA/ITGI. Copyright © 1996-2007 ITGI. All rights reserved. ISACA, ITGI and COBIT are registered trademarks of ISACA. PERMISSIONS

×