The document provides an overview of COBIT (Control Objectives for Information and Related Technologies) as a risk management framework. COBIT is an IT governance framework that consists of 34 high-level IT processes mapped to business goals and objectives. It covers IT governance, management of IT resources, delivery and support of IT services, and monitoring of IT performance. The document outlines the key components of COBIT including its domains, processes, and maturity model.
This presentation provides an overview of the COBIT framework for IT governance and control. It is designed for academic courses covering topics like information systems management, information security management, auditing, and accounting information systems. The presentation introduces the driving forces behind IT governance and control, an overview of the COBIT framework, and how COBIT maps to other relevant standards and frameworks.
The Relationship Between ITG and ITSM Lifecycles PradeepBhanot
The document discusses the relationship between IT governance and IT service management lifecycles. It notes that both areas have evolved from being operations focused to becoming more risk and value focused. A key point is that IT governance and IT service management have similar drivers of business alignment, transparency, best practices, rigor, formality, policy and compliance. The document advocates taking a holistic view and creating a unified service model to bring more transparency and value to both IT and the business.
4. it governance a compass without a map v.2.6 pink elephantaventia
The document discusses IT governance and service management. It notes that as business needs for IT services increase in complexity and rate of change, there is a growing "risk gap" between business goals and IT capabilities. Effective IT governance is needed to close this gap and ensure IT supports business objectives. The document then covers various aspects of IT governance, including defining governance and its components, governance models and frameworks, the relationship between governance and business value, and evolving IT service delivery models.
The document discusses auditing IT compliance and governance. It introduces CobIT, an IT governance framework that can be used to manage IT risks and compliance. CobIT provides over 300 control objectives that help ensure business objectives are met and undesired events are prevented or detected. The document outlines how CobIT can be used to design, implement, assess, and monitor an organization's IT compliance program.
This independent survey was commissioned by
Savvis and conducted with 550 CIOs, IT Directors,
Heads of IT and Senior IT Managers of global large
enterprises based in the USA (200), UK (100),
Germany (100), Japan (50), Hong Kong (50) and
Singapore (50), and was completed in August
2012. The research was conducted by Vanson
Bourne, a research based technology marketing
consultancy offering clients analysis and advice
based on incisive, rigorous research into their
market environment. The research used a
combination of online fieldwork methodology and
telephone interviewing. All research carried out by
Vanson Bourne adheres to the latest MRS Code
of Conduct. Demographic detailing respondent
communities includes industry sector, country
in which the respondents were based, and size
of business.
The document summarizes GM's history with IT outsourcing and issues they currently face. It discusses 3 options to address the issues: 1) insourcing IT, 2) modular sourcing with few vendors, and 3) a new governance structure. The new structure shifts from a matrix model to divisional management with regional CIOs having accountability for IT in their business units. This addresses delays in decision making and lack of accountability in the current matrix structure.
This presentation provides an overview of the COBIT framework for IT governance and control. It is designed for academic courses covering topics like information systems management, information security management, auditing, and accounting information systems. The presentation introduces the driving forces behind IT governance and control, an overview of the COBIT framework, and how COBIT maps to other relevant standards and frameworks.
The Relationship Between ITG and ITSM Lifecycles PradeepBhanot
The document discusses the relationship between IT governance and IT service management lifecycles. It notes that both areas have evolved from being operations focused to becoming more risk and value focused. A key point is that IT governance and IT service management have similar drivers of business alignment, transparency, best practices, rigor, formality, policy and compliance. The document advocates taking a holistic view and creating a unified service model to bring more transparency and value to both IT and the business.
4. it governance a compass without a map v.2.6 pink elephantaventia
The document discusses IT governance and service management. It notes that as business needs for IT services increase in complexity and rate of change, there is a growing "risk gap" between business goals and IT capabilities. Effective IT governance is needed to close this gap and ensure IT supports business objectives. The document then covers various aspects of IT governance, including defining governance and its components, governance models and frameworks, the relationship between governance and business value, and evolving IT service delivery models.
The document discusses auditing IT compliance and governance. It introduces CobIT, an IT governance framework that can be used to manage IT risks and compliance. CobIT provides over 300 control objectives that help ensure business objectives are met and undesired events are prevented or detected. The document outlines how CobIT can be used to design, implement, assess, and monitor an organization's IT compliance program.
This independent survey was commissioned by
Savvis and conducted with 550 CIOs, IT Directors,
Heads of IT and Senior IT Managers of global large
enterprises based in the USA (200), UK (100),
Germany (100), Japan (50), Hong Kong (50) and
Singapore (50), and was completed in August
2012. The research was conducted by Vanson
Bourne, a research based technology marketing
consultancy offering clients analysis and advice
based on incisive, rigorous research into their
market environment. The research used a
combination of online fieldwork methodology and
telephone interviewing. All research carried out by
Vanson Bourne adheres to the latest MRS Code
of Conduct. Demographic detailing respondent
communities includes industry sector, country
in which the respondents were based, and size
of business.
The document summarizes GM's history with IT outsourcing and issues they currently face. It discusses 3 options to address the issues: 1) insourcing IT, 2) modular sourcing with few vendors, and 3) a new governance structure. The new structure shifts from a matrix model to divisional management with regional CIOs having accountability for IT in their business units. This addresses delays in decision making and lack of accountability in the current matrix structure.
Transcending Enterprise Boundaries: IT consolidation in an M&A deal, By Salil...HCL Infosystems
This document discusses the importance of IT in mergers and acquisitions. IT integration poses significant challenges and is one of the top integration risks. IT involvement is important throughout the deal cycle from due diligence to post-merger integration to identify challenges, risks, and opportunities for cost savings and synergies. The role of the CIO is also key to managing IT integration and ensuring business and IT objectives are aligned. CIOs must have strong business, technical, program management, and people skills to lead the IT integration effort.
The document discusses Business Technology Optimization (BTO) software from HP that aims to align IT with business goals while reducing costs. BTO integrates solutions across IT strategy, applications, and operations to automate and standardize processes. This helps deliver measurable business outcomes, improve predictability and accountability of IT, and demonstrate IT's value. HP claims market leadership across the IT value chain with best-in-class products in categories like project management, application security, and asset management.
Guerilla Marketing of Enterprise Architecture ManagementChristian Kählig
Marketing Enterprise Architecture Management is hard. This presentation deals with effective marketing building blocks to make your initiative successful. This does not mean you need a lot of money. Guerilla marketing allows you to achieve big results with only little resources.
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...SilverStormSolutions
"Credibility and Collaboration to achieve excellence in IT Governance"
So how are we at SilverStorm helping CIO´s Transform IT?
For us it´s simple, Transforming IT means raising the credibility of IT to gain the collaboration of others throughout the organization.
The first step: Increase “CREDIBILITY”.
The second step: Increase “COLLABORATION”.
Without “Credibility” there can never be “Collaboration”
We are helping our customers achieve measurable benefits by combing processes, people and technology.
Why IT Governance is a powerful business tool. Evaluating the potential for value creation –
the Governance Scorecard. Using the Scorecard to improve IT integration.
Strategic Information management survey results presentation 2011. Contents:
1. Top ten IT management concerns
2. Trends in business & IT
3. CIO trends and developments
Enpower Process Consultants Pvt. Ltd. is an alternative to large management consulting firms that provides services to assist clients in building high performance businesses. It has expertise in areas such as IT, energy, environment, and human resources and utilizes best practices and frameworks to identify challenges, design solutions, and implement improvements for its clients.
The government has published a cloud computing strategy that outlines the kinds of cloud services that could be offered and how a government cloud platform might work. The strategy recommends limited use of private cloud, use of public cloud subject to criteria, and use of community cloud where public cloud is not suitable. However, the strategy is missing some key details like a cloud store, readiness criteria, a framework for public vs community cloud assessment, and details on service provisioning and data management.
Intro To COBIT IT Controls And Cost Benefit Analysiswebmentorman
This document outlines a business information systems course. It discusses how businesses use information systems, the lifecycle costs of systems, and the need for IT controls like COBIT to manage costs and risks. It then explains how COBIT recommends performing a cost-benefit analysis for new projects using a framework that accounts for estimated costs and benefits as well as levels of confidence in those estimates. Making recommendations about project feasibility based on a thorough cost-benefit analysis can help businesses determine which IT initiatives to undertake or not.
MENA IT Governance, Risk & Compliance 2010Sudhakar_s
The document discusses IT governance, risk, and compliance (GRC) in the Middle East. It begins by defining IT GRC and assessing the current state in the region, noting some focus on governance and risk identification but room for improvement. It then outlines approaches to achieving better IT GRC through strategic planning, solution architecture, and implementation. Key challenges are identified as focus, commitment, integrating frameworks cost-effectively, and ensuring initiatives are practical, viable, sustainable and address people issues. The document raises whether the region has achieved proper IT GRC and calls for further initiatives, particularly in the private sector.
This document discusses how standardization can help financial institutions become leaner, smarter, and more competitive. It outlines an 8-point strategy for standardizing business processes, consolidating applications and information, and simplifying infrastructure. This allows companies to free up capital spent on costly infrastructure and redirect it towards strategic initiatives. Standardization improves information sharing, flexibility, lowers risks, and reduces costs by eliminating redundant systems and fragmented data from acquisitions and decentralized decision making over time. The benefits of standardization include better competitive positioning, improved productivity, and a foundation for future growth.
An IT security audit is an independent analysis of a company's IT system controls, policies, and procedures to evaluate their adequacy and ensure compliance. The document discusses the importance of governance, risk management, and compliance for IT security audits. It also outlines the audit process, future trends including a focus on risk and analytics, and regulatory issues concerning frameworks, cybersecurity, and auditing standards.
IT Strategic Planning - Methodology and ApproachDave Shiple
The document outlines an IT strategic planning methodology that involves interviews, benchmarking, workshops, and opportunity validation to develop a 3-5 year strategic plan. Key elements include assessing the current state, defining a future state and gaps, prioritizing IT opportunities, and creating an implementation plan and timeline to realize the strategy. The deliverables will include assessment findings, identified opportunities, a total cost of ownership model, and a roadmap for achieving meaningful use compliance.
Prinya acis slide for swpark - it & information security human resource deve...TISA
1. The document discusses top strategic technology areas from 2009 to 2011 according to Gartner, including virtualization, cloud computing, mobile applications, social media, and analytics.
2. It also highlights some of Gartner's predictions for IT organizations and users from 2010 to 2015, such as more people accessing the internet via mobile than PC, and context becoming as influential to mobile services as search is to the web.
3. The final section discusses integrated governance, risk management, and compliance implementation, as well as IT service management, business continuity management, regulatory compliance, information security awareness training, and emerging technologies like cloud, virtualization, and social/mobile.
The document discusses the challenges facing IT departments during economic downturns. It notes that during recessions, IT is under pressure to cut costs while still ensuring spending aligns with business needs. Several strategies for cost cutting are discussed, including reducing headcount, renegotiating supplier contracts, limiting new projects, and optimizing operations. However, the document also argues that IT has an important role to play in business innovation. It presents survey results finding that while IT focuses on cost cutting, many organizations still see IT as important for implementing innovations. The document concludes that while crisis management may focus on short-term survival, IT should also seek ways to continue supporting the business through downturns.
ASL BiSL Foundation (formerly ASL Foundation) has managed ASL and BiSL’s key ideas for several years, and is now developing them further. In doing so, it is seeking to bring business and IT closer together. The supply of information – perhaps by its very nature – needs to take place via an integrated chain.
The document discusses the eDiscovery market and opportunities for emerging eDiscovery vendors. It notes that the market is shifting from a reactive, case-driven model to a more proactive approach focused on enterprise compliance. For emerging vendors to succeed, they need scalable technology and the ability to integrate with broader content management and information governance initiatives. The document also analyzes acquisition trends that see global software firms acquiring specialized eDiscovery vendors to fill gaps and gain expertise in this growing market segment.
This introduction to Strategic Agility summarizes insights for the necessity to change business practices to succeed in a world where competitive advantages are now fleeting.
IS Unified's mission is to deliver a robust solution focusing on common problematic areas that affect the Digital Enterprise. Their unified solution manages strategy, clients, products/services, people and assets using over 30 modules. This includes capabilities like business process modeling, resource management, project portfolio management, and more to help businesses with goals like productivity, agility, and aligning IT with business objectives.
Understanding COBIT 5.0 (IT Governance) by Mr. Avinash Totade
President of Information Systems Audit and Control Association (ISACA) UAE Chapter
OpenThinking Day 2012
The document discusses IT governance, defining it as the processes that ensure effective and efficient use of IT to help an organization achieve its goals. IT governance is a responsibility of executives and the board of directors and consists of leadership, structures, and processes to ensure IT supports business strategies and objectives. Frameworks like COBIT provide structures to align IT strategy with business strategy through formal processes. The benefits of IT governance include transparency, accountability, improved ROI, risk management, and compliance. Governance focuses on strategic decisions while management handles tactical implementation.
Transcending Enterprise Boundaries: IT consolidation in an M&A deal, By Salil...HCL Infosystems
This document discusses the importance of IT in mergers and acquisitions. IT integration poses significant challenges and is one of the top integration risks. IT involvement is important throughout the deal cycle from due diligence to post-merger integration to identify challenges, risks, and opportunities for cost savings and synergies. The role of the CIO is also key to managing IT integration and ensuring business and IT objectives are aligned. CIOs must have strong business, technical, program management, and people skills to lead the IT integration effort.
The document discusses Business Technology Optimization (BTO) software from HP that aims to align IT with business goals while reducing costs. BTO integrates solutions across IT strategy, applications, and operations to automate and standardize processes. This helps deliver measurable business outcomes, improve predictability and accountability of IT, and demonstrate IT's value. HP claims market leadership across the IT value chain with best-in-class products in categories like project management, application security, and asset management.
Guerilla Marketing of Enterprise Architecture ManagementChristian Kählig
Marketing Enterprise Architecture Management is hard. This presentation deals with effective marketing building blocks to make your initiative successful. This does not mean you need a lot of money. Guerilla marketing allows you to achieve big results with only little resources.
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...SilverStormSolutions
"Credibility and Collaboration to achieve excellence in IT Governance"
So how are we at SilverStorm helping CIO´s Transform IT?
For us it´s simple, Transforming IT means raising the credibility of IT to gain the collaboration of others throughout the organization.
The first step: Increase “CREDIBILITY”.
The second step: Increase “COLLABORATION”.
Without “Credibility” there can never be “Collaboration”
We are helping our customers achieve measurable benefits by combing processes, people and technology.
Why IT Governance is a powerful business tool. Evaluating the potential for value creation –
the Governance Scorecard. Using the Scorecard to improve IT integration.
Strategic Information management survey results presentation 2011. Contents:
1. Top ten IT management concerns
2. Trends in business & IT
3. CIO trends and developments
Enpower Process Consultants Pvt. Ltd. is an alternative to large management consulting firms that provides services to assist clients in building high performance businesses. It has expertise in areas such as IT, energy, environment, and human resources and utilizes best practices and frameworks to identify challenges, design solutions, and implement improvements for its clients.
The government has published a cloud computing strategy that outlines the kinds of cloud services that could be offered and how a government cloud platform might work. The strategy recommends limited use of private cloud, use of public cloud subject to criteria, and use of community cloud where public cloud is not suitable. However, the strategy is missing some key details like a cloud store, readiness criteria, a framework for public vs community cloud assessment, and details on service provisioning and data management.
Intro To COBIT IT Controls And Cost Benefit Analysiswebmentorman
This document outlines a business information systems course. It discusses how businesses use information systems, the lifecycle costs of systems, and the need for IT controls like COBIT to manage costs and risks. It then explains how COBIT recommends performing a cost-benefit analysis for new projects using a framework that accounts for estimated costs and benefits as well as levels of confidence in those estimates. Making recommendations about project feasibility based on a thorough cost-benefit analysis can help businesses determine which IT initiatives to undertake or not.
MENA IT Governance, Risk & Compliance 2010Sudhakar_s
The document discusses IT governance, risk, and compliance (GRC) in the Middle East. It begins by defining IT GRC and assessing the current state in the region, noting some focus on governance and risk identification but room for improvement. It then outlines approaches to achieving better IT GRC through strategic planning, solution architecture, and implementation. Key challenges are identified as focus, commitment, integrating frameworks cost-effectively, and ensuring initiatives are practical, viable, sustainable and address people issues. The document raises whether the region has achieved proper IT GRC and calls for further initiatives, particularly in the private sector.
This document discusses how standardization can help financial institutions become leaner, smarter, and more competitive. It outlines an 8-point strategy for standardizing business processes, consolidating applications and information, and simplifying infrastructure. This allows companies to free up capital spent on costly infrastructure and redirect it towards strategic initiatives. Standardization improves information sharing, flexibility, lowers risks, and reduces costs by eliminating redundant systems and fragmented data from acquisitions and decentralized decision making over time. The benefits of standardization include better competitive positioning, improved productivity, and a foundation for future growth.
An IT security audit is an independent analysis of a company's IT system controls, policies, and procedures to evaluate their adequacy and ensure compliance. The document discusses the importance of governance, risk management, and compliance for IT security audits. It also outlines the audit process, future trends including a focus on risk and analytics, and regulatory issues concerning frameworks, cybersecurity, and auditing standards.
IT Strategic Planning - Methodology and ApproachDave Shiple
The document outlines an IT strategic planning methodology that involves interviews, benchmarking, workshops, and opportunity validation to develop a 3-5 year strategic plan. Key elements include assessing the current state, defining a future state and gaps, prioritizing IT opportunities, and creating an implementation plan and timeline to realize the strategy. The deliverables will include assessment findings, identified opportunities, a total cost of ownership model, and a roadmap for achieving meaningful use compliance.
Prinya acis slide for swpark - it & information security human resource deve...TISA
1. The document discusses top strategic technology areas from 2009 to 2011 according to Gartner, including virtualization, cloud computing, mobile applications, social media, and analytics.
2. It also highlights some of Gartner's predictions for IT organizations and users from 2010 to 2015, such as more people accessing the internet via mobile than PC, and context becoming as influential to mobile services as search is to the web.
3. The final section discusses integrated governance, risk management, and compliance implementation, as well as IT service management, business continuity management, regulatory compliance, information security awareness training, and emerging technologies like cloud, virtualization, and social/mobile.
The document discusses the challenges facing IT departments during economic downturns. It notes that during recessions, IT is under pressure to cut costs while still ensuring spending aligns with business needs. Several strategies for cost cutting are discussed, including reducing headcount, renegotiating supplier contracts, limiting new projects, and optimizing operations. However, the document also argues that IT has an important role to play in business innovation. It presents survey results finding that while IT focuses on cost cutting, many organizations still see IT as important for implementing innovations. The document concludes that while crisis management may focus on short-term survival, IT should also seek ways to continue supporting the business through downturns.
ASL BiSL Foundation (formerly ASL Foundation) has managed ASL and BiSL’s key ideas for several years, and is now developing them further. In doing so, it is seeking to bring business and IT closer together. The supply of information – perhaps by its very nature – needs to take place via an integrated chain.
The document discusses the eDiscovery market and opportunities for emerging eDiscovery vendors. It notes that the market is shifting from a reactive, case-driven model to a more proactive approach focused on enterprise compliance. For emerging vendors to succeed, they need scalable technology and the ability to integrate with broader content management and information governance initiatives. The document also analyzes acquisition trends that see global software firms acquiring specialized eDiscovery vendors to fill gaps and gain expertise in this growing market segment.
This introduction to Strategic Agility summarizes insights for the necessity to change business practices to succeed in a world where competitive advantages are now fleeting.
IS Unified's mission is to deliver a robust solution focusing on common problematic areas that affect the Digital Enterprise. Their unified solution manages strategy, clients, products/services, people and assets using over 30 modules. This includes capabilities like business process modeling, resource management, project portfolio management, and more to help businesses with goals like productivity, agility, and aligning IT with business objectives.
Understanding COBIT 5.0 (IT Governance) by Mr. Avinash Totade
President of Information Systems Audit and Control Association (ISACA) UAE Chapter
OpenThinking Day 2012
The document discusses IT governance, defining it as the processes that ensure effective and efficient use of IT to help an organization achieve its goals. IT governance is a responsibility of executives and the board of directors and consists of leadership, structures, and processes to ensure IT supports business strategies and objectives. Frameworks like COBIT provide structures to align IT strategy with business strategy through formal processes. The benefits of IT governance include transparency, accountability, improved ROI, risk management, and compliance. Governance focuses on strategic decisions while management handles tactical implementation.
Creating A Necessary Dependence - IT Business Alignmentgmwhitfield
The document discusses IT business alignment and how creating dependence between IT and business leaders is necessary to achieve alignment. It outlines challenges to alignment like focusing only on how IT aligns to business, a lack of tools to measure maturity, and traditional technology-focused solutions. The document proposes an IT2x framework that takes a process-centric approach involving both IT and business to identify projects supporting business goals. This framework aims to eliminate waste, allow more budget for innovation, and provide metrics to improve efficiency and alignment through a shared understanding of goals.
This document summarizes information about simplifying IT governance, risk management, and compliance (GRC). It discusses how GRC has become central to organizational strategies and how investment in GRC platforms and tools in the US reached $32 billion in 2008. It provides definitions for governance, risk management, and compliance. It also outlines some key areas of concern for GRC and how Microsoft's System Center Service Manager 2010 and IT Compliance Management Library products can help organizations address GRC requirements and regulations.
The document discusses Iman Baradari's background and qualifications. It states that he has a Master's degree in project management from the University of Melbourne and various professional certifications in project management, IT service management, and risk management. It also lists his work experience, which includes roles as a project manager for several large IT projects in Iran.
This report summarizes an IT organizational assessment and improvement project conducted at a company. Key findings include that the IT department is not well integrated with business strategy and priorities finance requests over others. Recommendations are to restructure IT reporting lines, define roles, create an IT strategic plan, improve processes, and potentially outsource some infrastructure. A roadmap is provided to implement changes over three quarters focused on organizational restructuring, governance improvements, and defining technology needs.
The document discusses the findings of a survey conducted by IBM of 421 IT leaders regarding how the economic downturn is affecting IT decision making. Some key findings include:
1. While overall budgets are being cut, most organizations are maintaining their IT budgets at current levels to fuel business productivity and efficiency.
2. IT leaders are challenged to enable greater value from existing resources through smarter ways of working.
3. CIOs are taking a business-driven approach to reprioritizing investments based on critical business functions supported by IT and leveraging service management best practices.
The document summarizes a presentation on IT governance given by Erik Guldentops in Ghent, Belgium from 19-21 September. The presentation discussed how to achieve IT value while mitigating IT risks through the five domains of IT governance: strategic alignment, performance management, resource management, risk management, and value management. It provided an overview of frameworks for implementing IT governance like COBIT and assessing the benefits organizations have experienced by establishing stronger IT governance practices.
This document summarizes a presentation given by Kenneth L. Mullins on relating enterprise strategy to business outcomes. It discusses three important ingredients for doing so: performance management, portfolio management, and program/project management. It then provides examples and considerations for transforming an enterprise, making investment decisions, and assessing value and return on investment for government projects and initiatives.
Business is evolving, and IT governance frameworks like COBIT can help organizations adapt. COBIT provides a comprehensive framework for ensuring IT is properly governed and aligned with business needs. It addresses key areas like strategic alignment, value delivery, risk management, and resource management through establishing clear processes and controls. By implementing COBIT, organizations can improve transparency, accountability, compliance and overall IT performance.
This document discusses key factors for achieving business value from IT, including strategic support from IT, effective IT governance, and risk management of IT. It notes that Intec can provide advisory services to help organizations in these areas. The document then provides examples of focus areas, important questions, and key performance indicators (KPIs) related to strategy, governance, risk, and understanding IT value. KPIs can help communicate strategy, focus operations, improve IT/business relationships, and report on achievement.
This document discusses IT governance for smaller nonprofits and provides guidance on how to establish an IT governance framework. It defines key aspects of IT governance and provides questions that nonprofits should consider to help align their IT with their mission and strategy, define IT performance measures, manage IT-related change, and organize IT decision rights. The document emphasizes that even small changes to IT can significantly impact a nonprofit given their smaller size, so IT governance is important.
A common misconception is that IT Governance is only for big enterprises. Cloud computing and the increasing pervasive use of technology in the workplace requires that smaller organizations take a more strategic and risk-aware approach to managing their technology and business information. Attend this session to learn how to apply IT governance principles and practices to smaller not-for-profit organizations to help develop your IT strategy, manage your IT risk, and enable better business decisions through information.
Whitepaper Practical Information Technology GovernanceAlan McSweeney
The document discusses implementing effective IT governance. It describes how IT governance creates a framework for effective IT management and decision making aligned with business objectives. COBIT is presented as a flexible IT governance framework that incorporates other best practice standards. Implementing IT governance using COBIT can provide quick wins such as ensuring IT priorities align with business priorities and developing metrics to demonstrate IT's business value. COBIT's process structure and control objectives provide a practical approach for translating IT governance principles into implementation.
The document discusses how organizations are increasingly questioning the value of IT investments despite continuing to spend more on IT. It notes several studies that found high percentages of failed or challenged IT projects. The document then discusses how IT investments have evolved from efficiency to effectiveness to innovation. It argues that organizations need to maximize the value of IT-enabled change investments by getting optimal benefits at affordable costs with acceptable risk over the full investment lifecycle. It presents various aspects of IT governance, portfolio management, and a full governance process as ways to better ensure IT investment success and value delivery.
Benefits Identification, Assessment, Validation and Realisation for Informati...Alan McSweeney
This document discusses approaches to identifying, assessing, validating, and realizing benefits from IT projects. It emphasizes that organizations often focus on technology implementation but not on achieving expected business benefits. A structured benefits management framework is needed to ensure benefits are identified upfront and plans are in place to track and achieve them. The framework should include identifying potential benefits, assessing and validating benefits, and ensuring their realization.
Capital Planning And Investment Management And Control In Information TechnologyAlan McSweeney
This document discusses capital planning and investment control for information technology (CPIC-IT). It provides an overview of CPIC-IT and how it is a structured process for managing risks and returns associated with IT investments. It ensures investments are implemented on time and within budget, and contribute to improved organizational performance. The document also covers topics like IT investment management, cost estimation, and analyzing IT investments. Overall it provides information on applying a systematic approach to managing IT investments through their entire lifecycle.
The document discusses the importance of IT financial management in running IT successfully. It outlines key components of the IT financial management lifecycle including planning, budgeting, accounting, chargebacks, spend analysis, and portfolio management. Adopting these practices and using tools to support them can help optimize costs, ensure alignment between IT and business objectives, and deliver value from IT investments.
Similar to Cobi t riskmanagementframework_iac (20)
Genetic algorithms are biologically inspired algorithms that use processes such as selection, crossover, and mutation to evolve solutions to problems by iteratively attempting to improve a population of candidate solutions. They work by initializing a population of random solutions and using the Darwinian principle of survival of the fittest to select the best solutions for reproduction, combining them to form new solutions. This process is repeated until an optimal solution emerges. Genetic algorithms are well-suited for large, complex search spaces as they can find optimal solutions that may not be found through other means in a reasonable amount of time.
This document introduces soft computing and provides an agenda for the lecture. Soft computing is defined as a fusion of fuzzy logic, neural networks, evolutionary computing, and probabilistic computing to deal with uncertainty and imprecision. Hybrid systems combine different soft computing techniques for improved performance. The lecture will cover an introduction to soft computing, fuzzy computing, neural networks, evolutionary computing, and hybrid systems. References are also provided.
The document presents a taxonomy for classifying wireless network attacks. It proposes an 8 category taxonomy covering: (1) the stage of the attack, (2) effects on power consumption, (3) the OSI layer targeted, (4) security attributes utilized, (5) vulnerabilities exploited, (6) effects of the attacks, (7) precautions for each attack, and (8) the network type. The taxonomy aims to provide a simple classification system for end users to understand wireless network security requirements and emerging threats. It analyzes common wireless attacks and categorizes them according to the proposed taxonomy.
Here are the key points about standard analysis techniques:
- Count the number of basic operations like assignments, comparisons, etc. to determine time complexity.
- Analyze worst case scenario where inputs cause maximum number of operations.
- Ignore lower order terms and constant factors for asymptotic analysis. Focus on highest order term.
- Compare functions using Big-O notation which indicates how fast a function grows relative to input size.
- Be aware that even small differences in complexity orders can have huge impact on runtime as input sizes increase.
So in summary, carefully count operations, analyze worst case, use asymptotic analysis, and compare growth rates using Big-O. This allows determining how efficiently algorithms solve problems as input sizes
The document introduces fuzzy logic and its key concepts. It discusses fuzzy sets and membership functions, operators on fuzzy sets, fuzzy relations, and linguistic variables. Graphs are provided to illustrate membership functions for small and prime sets as well as examples of fuzzy relations. The goal is to explain the basic concepts and components of fuzzy logic.
This document summarizes built-in predicates in Prolog including:
- Utility goals like help and halt
- Loading and testing types of Prolog programs
- Arithmetic, equality, and database manipulation predicates
- Input/output predicates for writing, reading, and file handling
- Control predicates for negation, conjunction, disjunction
- Finding all solutions with findall, bagof, and setof
The document contains monthly calendars from January 2013 through November 2014. Each calendar shows the days of the week and dates for that month. Weekends are highlighted. The calendars are arranged chronologically with the year and month labeled above each new calendar.
Fuzzy logic is a form of multi-valued logic where the truth values of variables may be any real number between 0 and 1. It deals with fuzzy sets whose elements have degrees of membership. A fuzzy set is characterized by a membership function that assigns a degree of membership to each element. Fuzzy relations are defined between fuzzy sets and composition of fuzzy relations allows inference about one fuzzy set given information about another. Fuzzy rules use max-min inference to relate fuzzy sets through a fuzzy associative matrix. This allows approximate reasoning using fuzzy logic.
The document discusses fuzzy logic and fuzzy sets. It begins by explaining fuzzy logic is used to model imprecise concepts and dependencies using natural language terms. It then defines fuzzy variables, universes of discourse, and fuzzy sets which have membership functions assigning a degree of membership between 0 and 1. Operations on fuzzy sets like intersection, union, and complement are also covered. The document also discusses fuzzy rules, relations, and approximate reasoning using max-min inference.
This document provides an overview of fuzzy logic and fuzzy sets. It discusses key concepts such as membership functions, operations on fuzzy sets like complement, intersection and union, properties of fuzzy sets including equality and inclusion, and alpha cuts. The document also introduces fuzzy rules and compares classical rules to fuzzy rules. Finally, it provides examples of applying concepts like support, core and complement to fuzzy sets.
1. John W. Lainhart IV
CISA, CISM, CGEIT, CIPP/G
Partner, Security, Privacy,
Wireless & IT Governance
IBM Global Business Services
Principal Advisory to IT
Governance Institute
john.w.lainhart@us.ibm.com
301-803-2745
C OBI T ® as a Risk Management
Framework
2. In This Presentation...
The Governance Environment
An introduction to IT Governance
An introduction to Control Objectives for
Information and related Technology (COBIT®)
Overview of COBIT® Supporting Materials
COBIT® Mappings to Other Standards
An introduction to ValIT™
An introduction to RiskIT™
Recently Announced Certification Program – CGEIT
Questions
3. IT Governance, C OBI T, Val IT and
Risk IT Are Brought to You by …
4. IT Governance Institute
IT Governance
Institute is a
non-profit
research think-tank
associated with
ISACA®
5. IT Governance Institute
Product Suite
Governance
Business and Technology
Management
Governance, Security and Assurance
Management
ITOBIT Control
Governance
C Information on
Board Briefing
IT Assurance
CValTIT
OBI 4.1
Implementation
ITPractices
Security Governance
Governance
Guide
Guide
8. What Makes IT Governance so
important?
Drivers
• Strategic importance of IT
• Extended Enterprise
• Regulatory requirements
• Cost optimisation
• Return on investment
• Gartner – more than 600
billion $ thrown away
annually on ill conceived or
ill executed IT projects
• Standish Group – about
• Low return from high-cost IT investments, and transparency of IT’s
20% of projects fail outright,
performance are two top issues 50% are challenged and
• More than 30% claim negative return from IT investments targeting only 30% are successful
efficiency gains
• ITGI 2005 Survey early
• 40% do not have good alignment between IT plans and business
strategy findings confirm concerns
• Interest in and use of active management of the return on IT investments
has doubled in 2 years (28% to 58%)
9. What makes IT Governance so
important?
Shareholders want protection for
the Enterprise’s Share Price
“…if not filed, auditor must include a
paragraph in its annual report that it
cannot vouch for the enterprise’s
ability as a going concern…”
“…financial reporting system is not
up to speed…”
“…the company has lost a third more of
its market value yesterday as it revealed
a virtual collapse of its financial
reporting system…”
“…data entry
problems…”
12. What is IT Governance?
“IT governance is the responsibility of the
board of directors and executive management.
It is an integral part of enterprise governance
and consists of the leadership and
organisational structures and processes that
ensure that the organisation’s IT sustains and
extends the organisation’s strategies and
objectives.”
ITGI, Board Briefing on IT Governance
13. IT Governance Needs a
Management Framework
C
GI T V
DE AL
Driving Forces
E N
R AT ME LI U E
VE
ST IGN RY
AL
Map Onto the
PER UREME
IT
T
MEA
IT Governance
M EN
GOVERNANCE
FOR
S
MAN RISK
AGE
MAN NT
Focus Areas
CE
RESOURCE
MANAGEMENT
14. IT Governance Focus Areas
Strategic alignment, focuses on ensuring the linkage of business and IT plan; on
defining, maintaining and validating the IT value proposition; on aligning IT operations
with the enterprise operations; and establishing collaborative solutions to
• Add value and competitive positioning to the enterprise’s products and services
• Contain costs while improving administrative efficiency and managerial effectiveness
Va
gic nt De lue
te liv
r a me
t n er
S ig y
A l
IT
IT
Governance
Perf ure
Perf ureme
t en
Me
Mea
Dom ains
agem
Man isk
orm
orm
s
s
R
ance t
ance t
Resource
n
n
Management
15. IT Governance Focus Areas
Value delivery is about executing the value proposition throughout the delivery cycle,
ensuring that IT delivers the promised benefits against the strategy, concentrating on
optimising expenses and proving the value of IT, and on controlling projects and
operational processes with practices that increase the probability of success (quality,
risk, time, budget, cost, etc)
Va
gic nt De lue
te liv
r a me
t n er
S ig y
A l
IT
IT
Governance
Perf ure
Perf ureme
ten
Me
Mea
Dom ains
agem
Man isk
orm
orm
s
s
R
ance t
ance t
Resource
n
n
Management
16. IT Governance Focus Areas
Risk management requires risk awareness of senior corporate officers, a clear under-
standing of the enterprise’s appetite for risk and transparency about the significant
risks to the enterprise; it embeds risk management responsibilities in the operation of
the enterprise and specifically addresses the safeguarding of IT assets, disaster
recovery and continuity of operations
Va
gic nt De lue
te liv
r a me
t n er
S ig y
A l
IT
IT
Governance
Perf ure
Perf ureme
ten
Me
Mea
Dom ains
agem
Man isk
orm
orm
s
s
R
ance t
ance t
Resource
n
n
Management
17. IT Governance Focus Areas
Resource management covers the optimal investment, use and allocation of IT
resources and capabilities (people, applications, technology, facilities, data) in servicing
the needs of the enterprise, maximising the efficiency of these assets and optimising
their costs, and specifically focusses on optimising knowledge and the IT infrastructure
and on where and how to outsource
Va
gic nt De lue
te liv
r a me
t n er
S ig y
A l
IT
IT
Governance
Perf ure
Perf ureme
t en
Me
Mea
Dom ains
agem
Man isk
orm
orm
s
s
R
ance t
ance t
Resource
n
n
Management
18. IT Governance Focus Areas
Performance measurement, tracking project delivery and monitoring IT services, using
balanced scorecards that translate strategy into action to achieve goals measur-able
beyond conventional accounting, measuring those relationships and knowledge-based
assets necessary to compete in the information age: customer focus, process efficiency
and the ability to learn and grow.
Va
gic nt De lue
te liv
r a me
t n er
S ig y
A l
IT
IT
Governance
Perf ure
Perf ureme
t en
Me
Mea
Dom ains
agem
Man isk
orm
orm
s
s
R
ance t
ance t
Resource
n
n
Management
21. IT Governance Control Cycle
Assess Environment
•Based on COBIT®, develop an approach for improved
internal control to meet regulatory requirements that
incorporates business and IT mission, vision, and
strategy
•Establish risk management strategy
•Formally document existing processes
22. IT Governance Control Cycle
Maintain IT Controls Framework
•Develop controls framework to supports sound
business decisions
•Document integration points in the current
environment
•Create an organizational mechanism to support the
governance of IT
•Mitigate identified risks through the IT controls
framework
23. IT Governance Control Cycle
Develop & Refine Governing Documents
•Utilize a central repository for governing documents
•Develop a consistent approach for creating governing
documents
•Consistently apply processes and procedures
•Gain executive commitment for IT governance
frameworks and structure
24. IT Governance Control Cycle
Communicate and Train
•Provide “Tone at the Top”
•Develop a strategic communication plan for mission
objectives and overall management direction
•Execute strategic communication plan
•Implement a standard training program to avoid
unnecessary and redundant training
25. IT Governance Control Cycle
Implement and Operate
•Align staff responsibilities with IT control objectives
•Achieve sustainability of IT controls in the operational
environment
•Support continuous improvement of operational
effectiveness and accountability
26. IT Governance Control Cycle
Measure and Validate
•Revise current metrics program to include newly
defined controls
•Verify the sustainability of defined controls
•Develop cost effective automated measurements
•Measure all processes to include Applications,
Databases, Platforms and Networks
27. IT Governance Control Cycle
Monitor and Report
•Report on continued effectiveness of controls
•Increase transparency to auditors of issues and
actions taken
•Accurately attest to IT’s compliance with policy,
laws, and regulations
•Improve existing processes using metrics trending
28. IT Governance Control Cycle
Enforce
•Reinforce required policy compliance and standards
conformance
•Define a consistent approach for enforcement
across all processes
30. C OBI T 4.1—The IT
Governance Framework
CobiT
Internationally accepted good practices
C OBI T
best practices
Management-oriented
Freely available
Sharing knowledge and leveraging expert
volunteers
repository for Continually evolving
Maintained by reputable not-for-profit
organisation
IT Processes
Maps 100% to COSO
IT Management Processes Maps strongly to all major related standards
IT Governance Processes Is a reference, set of best practices, not an
“off-the-shelf” cure
Enterprises still needs to analyse their
The only IT management control requirements and customise based
on:
and control framework Value drivers
that covers the end-to-end Risk profile
IT infrastructure, organisation and
IT life cycle project portfolio
31. COBIT: An IT Control Framework
Starts from the premise that IT needs to Domains:
1. Plan & Organize
deliver the information that the enterprise
2. Acquire & Implement
needs to achieve its objectives 3. Delivery & Support
Promotes process focus and process 4. Monitor & Evaluate
ownership Information Criteria:
Divides IT into 4 domains and 34 processes, 1. Effectiveness
2. Efficiency
with a total of 210 control objectives 3. Availability
4. Integrity
Looks at fiduciary, quality and security needs
5. Confidentiality
of enterprises and provides for seven 6. Reliability
information criteria that can be used to 7. Compliance
generically define what the business requires
IT Resources:
from IT 1. Applications
2. Information
Addresses the resources made available to
3. Infrastructure
and built up by IT 4. People
32. Key Driving Forces for
C OBI T How IT is What the
The resources
The resources How IT is What the
made available to— organised to
organised to stakeholders
stakeholders
made available to— respond to the Business expect from IT
and built up by—IT
and built up by—IT respond to the Requirements expect from IT
requirements IT
requirements Processes
IT
Resources
IT IT Business
Resources Processes Requirements
Applications Plan and Effectiveness
Organise
Information Efficiency
Aquire and
Infrastructure Confidentiality
Implement
Integrity
People Deliver and
Support
Availability
Compliance
Monitor and
Evaluate Information
reliability
33. C OBI T Business Objectives
Criteria
Framework •
•
•
Effectiveness
Efficiency
Confidentiality
• Integrity
• Availability
• Compliance
• Reliability
IT Resources
• Applications
• Information
• Infrastructure
Monitor and • People
Evaluate
Plan and
IT Life Organise
Deliver and Cycle
Support
Acquire and
Implement
34. C OBI T Processes
PO1 Define an IT Strategic Plan
PO2 Define the Information Architecture
PO3 Determine Technological Direction
PO4 Define the IT Processes, Organisation and Relationships
Plan and PO5 Manage the IT Investment
Organise PO6 Communicate Management Aims and Direction
PO7 Manage IT Human Resources
PO8 Manage Quality
PO9 Assess and Manage IT Risks
PO10 Manage Projects
AI1 Identify Automated Solutions
AI2 Acquire and Maintain Application Software
AI3 Acquire and Maintain Technology Infrastructure
Acquire and AI4 Enable Operation and Use
Implement AI5 Procure IT Resources
AI6 Manage Changes
AI7 Install and Accredit Solutions and Changes
35. C OBI T Processes
DS1 Define and Manage Service Levels
DS2 Manage Third-party Services
DS3 Manage Performance and Capacity
DS4 Ensure Continuous Service
DS5 Ensure Systems Security
DS6 Identify and Allocate Costs
Deliver and DS7 Educate and Train Users
Support DS8 Manage Service Desk and Incidents
DS9 Manage the Configuration
DS10 Manage Problems
DS11 Manage Data
DS12 Manage the Physical Environment
DS13 Manage Operations
ME1 Monitor and Evaluate IT Performance
Monitor and ME2 Monitor and Evaluate Internal Control
Evaluate ME3 Ensure Compliance With External Requirements
ME4 Provide IT Governance
36. C OBI T PC and AC
Processes
PC1 Process Goals and Objectives
PC2 Process Ownership
PC3 Process Responsibility
Process
Controls PC4 Roles and Responsibilities
PC5 Policy, Plans and Procedures
PC6 Process Performance Improvement
AC1 Source Data Preparation and Authorization
AC2 Source Data Collection and Entry
AC3 Accuracy, Completeness and Authenticity Checks
Application
Controls AC4 Processing Integrity and Validity
AC5 Output Review, Reconciliation and Error Handling
AC6 Transmission Authentication and Integrity
38. Control Objectives
P09.6 Maintenance and Monitoring of a Risk Action Plan
Prioritise and plan the control activities at all levels to implement the risk responses
identified as necessary, including identification of costs, benefits and responsibility for
execution. Obtain approval for recommended actions and acceptance of any residual
risks, and ensure that committed actions are owned by the affected process owner(s).
Monitor execution of the plans, and report on any deviations to senior management.
42. Maturity Levels in C OBI T
Non-existent Initial Repeatable Defined Managed Optimised
0 1 2 3 4 5
0 - Management processes are not applied at all.
1 - Processes are ad hoc and disorganised.
2 - Processes follow a regular pattern.
3 - Processes are documented and communicated.
4 - Processes are monitored and measured.
5 - Best practices are followed and automated.
43. Dimensions of Process
Maturity in C OBI T
We capture process maturity data on each of
six dimensions:
Awareness and communication
Policies, standards and procedures
Tools and automation
Skills and expertise
Responsibility and accountability
Goal setting and measurement
46. Implementation Guide
IT Governance Implementation Guide, 2nd
Edition
Detailed, structured guidance to the
implementation of IT governance
Generic IT governance implementation
guidance, not just COBIT
48. Control Practices
COBIT Control Practices, 2nd Edition
Detailed guidance on each of the control
objectives
Management-oriented
From three to 12 control practices per
control objective
50. Assurance Guide
IT Assurance Guide: Using COBIT
Detailed guidance to support assurance
practitioners in:
Financial statement audit
Internal audit
Value for money
Operational improvement
Guidance on:
How to leverage COBIT for assurance
Detailed assurance testing steps
52. Quickstart
For small and medium sized organizations and
larger organizations wanting to quickstart IT
governance
Selection of components from the complete
COBIT framework
Can be used as a baseline (set of “smart things to
do”) for small and medium-sized enterprises and
other entities where IT is not strategic or
absolutely critical for survival
Can also be a starting point for larger enterprises
in their first moves toward an appropriate level
of control and governance of IT
60. The Information Paradox
The value of IT is being
increasingly questioned... ??
?
…yet organizations continue to
spend more and more on IT
60
61. The Fundamental Question
Are we maximizing the value of our IT-
enabled business investments such
that:
we are getting optimal benefits;
at an affordable cost; and
with an acceptable level of risk?
Over the full economic life-cycle
of the investment
62. Without Effective Governance
Situation
Situation Leads to..
Leads to.. Results in..
Results in..
Budget overruns
S
Reluctance to say no Project delays
to projects Too many projects
Business needs
M
Lack of Strategic Focus
not met
O
Benefits not
received
T
Can’t kill projects
Quality of execution
Increased
P
Projects are “sold” on suffers
emotional basis -- not Complexity
selected
M
Sub-optimal
Underestimation of use of
Y resources
No strong review process risks and costs
S
Finger
Overemphasis on
pointing
Projects not aligned
Financial ROI
to strategy Lack of
No clear confidence (in
strategic criteria
for selection
IT)
Source: Fujitsu
63. Continuously Need to Question
The strategic question. Is the investment: In the value question. Do we have:
In line with our vision? A clear and shared understanding of the expected
Consistent with our business principles? benefits?
Contributing to our strategic objectives? Clear accountability for realising the benefits?
Providing optimal value, at affordable cost, at Relevant metrics?
an acceptable level of risk? An effective benefits realisation process?
Are we Are we
doing getting
the right the
Some things? benefits?
about the
fundamental value enabled
questions by IT
Are we Are we
doing them getting
the right them done
way? well?
The architecture question. Is the investment: The delivery question. Do we have:
In line with our architecture? Effective and disciplined delivery and change
management processes?
Consistent with our architectural principles? Competent and available technical and business
Contributing to the population of our resources to deliver:
architecture? the required capabilities; and
the organisational changes required to leverage the
In line with other initiatives? capabilities?
Source: The Information Paradox
64. Val IT
Processes & Key Management Practices
VG1 Ensure informed and committed leadership
VG2 Define and implement processes Value
VG3 Define roles & responsibilities
VG4 Ensure appropriate and accepted Governance
accountability (VG)
VG5 Define information requirements
VG6 Establish reporting requirements
VG7 Establish organisational structures
VG8 Establish Strategic Direction
VG9 Define investment categories
VG10 Determine target portfolio mix
VG11 Define evaluation criteria by category
PM1 Maintain human resource
Portfolio inventory
PM2 Identify resource requirements
Management PM3 Perform gap analysis
(PM) PM4 Develop resourcing plan
PM5 Monitor resource requirements
Investment and utilisation
PM6 Establish investment threshold
Management PM7 Evaluate initial programme
(IM) concept business case
PM8 Evaluate & assign relative score to
programme business case
IM1 Develop a high-level definition of investment opportunity PM9 Create overall portfolio view
IM2 Develop initial programme concept business case PM10 Make and communicate
IM3 Develop clear understanding of candidate programmes investment decision
IM4 Perform Alternatives Analysis PM11 Stage-gate (and fund) selected
IM5 Develop Programme plan programmes
IM6 Develop Benefits Realisation plan PM12 Optimize portfolio performance
IM7 Identify Full life cycle costs & benefits PM13 Re-prioritise portfolio
IM8 Develop detailed programme business case PM14 Monitor and report on portfolio
IM9 Assign clear accountability & ownership performance
IM10 Initiate, plan and launch the programme
IM11 Manage programme
IM12 Manage/track benefits
IM13 Update business case
IM14 Monitor and report on programme performance
IM15 Retire programme
65. P3M -Projects, Programs, and Portfolios
Portfolio – a suite of business
programmes managed to optimise
overall enterprise value
Portfolio
Management
Programme – a structured
grouping of projects designed to
Programme produce clearly identified
Management business value
Project
Management Project – a structured set of
activities concerned with delivering
a defined capability based on an
agreed schedule and budget
66. Val IT
Relationship between Processes & Practices
VG1-
Establish governance framework 4, 6 -7
Establish
Provide strategic direction portfolio parameters VG5,
VG VG8 9-11
PM1-5 PM6
Maintain Maintain
resource funding
profile profile
Evaluate & Move selected Manage Monitor & PM14
PM7-
prioritize investments to overall report on
10 investments active portfolio portfolio portfolio
performance
PM PM11 PM12-13
Analyse alternatives Assign Document
Identify business case
business Define candidate accountability
req’ts programme
IM4 IM9
IM1-2 IM8,
IM3, 5-7
13
Launch Manage Monitor &
Retire
programme programme report on
programme
execution programme
performance
IM15
IM IM10 IM 11-
12 IM14
67. Val IT Initiative …a value lens into
C T™
COBI T
Are we doing VG Val IT
PM
Are we getting
the right
the benefits?
things?
Va
Governance & management
ic
eg t Deli lue of a portfolio of business
at men Are we doing
r
St ign
Al
ve
ry them the right
way?
IM Are we doing
them well? change programmes
IT
IT
Gover nance
Governance
ent
P f s e e
P f s e e
P f s e e
Per f sureme
M a
M a
M a
Mea
Dom ains
agem
Man isk
o
o
o
orm
R
anc t
c
c
ce
Resource
n
n
n
n
Management Are we doing
Are we getting
the right
the benefits?
things?
Are we doing Are we doing
them the right them well?
way?
Are we doing
COBIT the right
Are we getting
ME
the benefits?
things?
Governance & management
PO
of a portfolio of technology Are we doing Are we doing
projects, services, systems
& supporting infrastructure
AI
them the right
way? DS
them well?
68. Val IT Initiative Status
DONE
Framework
Business Case
Case Study (initial)
IN PROCESS
Extend FW to services
& other IT assets/
resources & Simplify
Maturity Models
Management
Guidelines
Taxonomy
QuickStart Guide
1st Qtr. of 2008
PLANNE
D Business Case v2.0
Empirical Analysis Available for free download from:
Benchmarking www.isaca.org or www.itgi.org
69. The Business Challenge
Maximizing value and reducing risk made possible
by IT both enables and requires a through IT
governance approach that:
Ensures clarity of, and accountability for the desired
outcomes
Enables understanding of the full scope of effort
Breaks down the “silos” and “connects the dots”
Manage the full economic life-cycle
Senses and responds to changes and deviations
This is a significant leadership challenge,
opportunity and responsibility!
71. RISK IT DESCRIPTION
A risk management framework that provides the
missing link between enterprise risk
management and IT Management and control,
fitting in the overall IT Governance framework
of ITGI, and building upon all existing risk
related components within the current
frameworks, i.e., COBIT and Val IT
A number of related services and products
(practical guides, reference data,
interfaces/mapping with other standards, …)
72. RISK IT ACTIONS
ITGI Board discussion on this initiative and decision to proceed
with full business case development (July 2007)
Business Case development, (October 2007) including
Market survey
Feasibility study
High-level design of the product/service
Set-up project governance structure, incl. Core Team, expert team, identify
project manager(s) and potential resources
Define high-level development and roll-out plan
ITGI Board approved detailed business case and decision to
proceed with full project (November 2007)
RiskIT Task Force members appointed (December 2007)
First RiskIT Task Force meeting held in Ghent, Belgium on 18-19
January 2008
First draft RiskIT planned to be issued by December 2008
73. Risk IT
Processes & Key Management Practices
As of 19 January 2008 first Task Force
meeting in Ghent, Belgium
Risk
Governance
Glossary
Risk Risk
Inventory Repository Risk
Risk Monitoring
Management &
Reporting
High Level Risk Management Guidance: COSO ERM, AS/NZS 4360, etc
75. RELATIONSHIP OF COBIT/ VAL IT/ RISK IT
ValIT IT GOVERNANCE
Set Objectives
• Align business and IT
RiskIT
• Enable the business and maximise benefits
• Ensure effective and efficient use of resources
Evaluate • Manage IT risk as part of ERM Provide
performance • Fulfil compliance requirements direction
Measure and Translate
report direction into
performance Translate strategy into action strategy
• Make the business effective
• Make the business efficient
• Manage risks (security, reliability & compliance)
CobiT
• Manage service delivery consistency
IT MANAGEMENT