COBIT provides a framework for IT governance and control that aims to ensure IT is aligned with business objectives and risks are managed appropriately. It defines four domains - plan and organize, acquire and implement, deliver and support, and monitor and evaluate - that cover 34 IT processes. For each process, COBIT establishes control objectives and requirements to help management implement controls and provide assurance that business goals will be achieved through the optimal and secure use of IT resources.
Strategic IT Governance defines the formal process of aligning an organization's IT strategy with its overall business goals and overseeing execution. IT governance is important for regulatory compliance, competitive advantage, supporting enterprise goals, innovation, increasing intangible assets, and reducing risk. Effective IT governance involves strategic alignment, value delivery, risk management, resource management, and performance measurement. It requires involvement from leaders, managers, executives, boards, and stakeholders. Challenges include lack of business strategy alignment, ineffective project management, and lack of transparency and controls. Frameworks like COBIT and ITIL can help with governance, and balanced scorecards are effective for performance measurement.
The document provides information about BPKP's internal participant selection process for 2010 and 2012. It includes the number of participants, pass rates, and other details like participant origins and time taken to pass exams. It shows that in 2010, 30 participants were selected with a 10% pass rate, while in 2012 there were 30 participants selected with a 10% pass rate as well.
Understanding COBIT 5.0 (IT Governance) by Mr. Avinash Totade
President of Information Systems Audit and Control Association (ISACA) UAE Chapter
OpenThinking Day 2012
This document provides an overview of IT governance and describes how to audit IT governance. It defines IT governance as the leadership, structures, and processes that ensure an organization's IT supports its strategies and objectives. The document outlines key elements of IT governance including strategic alignment, value delivery, risk management, resource management, and performance measurement. It also discusses benefits of IT governance, common frameworks, the role of internal audit, and current trends in auditing IT governance with a focus on higher education institutions.
The document discusses several frameworks for IT governance - COBIT, ITIL, and Val IT. It describes the key components and benefits of each framework. COBIT focuses on controls and metrics for IT processes, while ITIL provides guidance on service delivery and support. Using the frameworks together can provide a comprehensive approach to IT governance that establishes what should be done as well as how.
What Every Executive Needs To Know About IT GovernanceBill Lisse
IT governance provides the structure for determining organizational IT objectives and monitoring performance to ensure objectives are met. It specifies decision rights and accountability to encourage desirable behavior in IT use. Effective IT governance involves business process owners, evaluates performance against business requirements, and considers components like competitive advantage, risk management, and performance measurement.
This document defines control, audit, and information systems. It explains that control is a managerial function, and management is required by law to establish internal controls. An audit objectively examines financial statements to ensure they accurately represent transactions. Information system audits test IT infrastructure controls. The COBIT framework provides best practices for IT governance and management. It links control objectives and practices to business processes and objectives. COBIT 5 is the latest version, which builds on previous versions and other frameworks to provide more holistic enterprise guidance.
Strategic IT Governance defines the formal process of aligning an organization's IT strategy with its overall business goals and overseeing execution. IT governance is important for regulatory compliance, competitive advantage, supporting enterprise goals, innovation, increasing intangible assets, and reducing risk. Effective IT governance involves strategic alignment, value delivery, risk management, resource management, and performance measurement. It requires involvement from leaders, managers, executives, boards, and stakeholders. Challenges include lack of business strategy alignment, ineffective project management, and lack of transparency and controls. Frameworks like COBIT and ITIL can help with governance, and balanced scorecards are effective for performance measurement.
The document provides information about BPKP's internal participant selection process for 2010 and 2012. It includes the number of participants, pass rates, and other details like participant origins and time taken to pass exams. It shows that in 2010, 30 participants were selected with a 10% pass rate, while in 2012 there were 30 participants selected with a 10% pass rate as well.
Understanding COBIT 5.0 (IT Governance) by Mr. Avinash Totade
President of Information Systems Audit and Control Association (ISACA) UAE Chapter
OpenThinking Day 2012
This document provides an overview of IT governance and describes how to audit IT governance. It defines IT governance as the leadership, structures, and processes that ensure an organization's IT supports its strategies and objectives. The document outlines key elements of IT governance including strategic alignment, value delivery, risk management, resource management, and performance measurement. It also discusses benefits of IT governance, common frameworks, the role of internal audit, and current trends in auditing IT governance with a focus on higher education institutions.
The document discusses several frameworks for IT governance - COBIT, ITIL, and Val IT. It describes the key components and benefits of each framework. COBIT focuses on controls and metrics for IT processes, while ITIL provides guidance on service delivery and support. Using the frameworks together can provide a comprehensive approach to IT governance that establishes what should be done as well as how.
What Every Executive Needs To Know About IT GovernanceBill Lisse
IT governance provides the structure for determining organizational IT objectives and monitoring performance to ensure objectives are met. It specifies decision rights and accountability to encourage desirable behavior in IT use. Effective IT governance involves business process owners, evaluates performance against business requirements, and considers components like competitive advantage, risk management, and performance measurement.
This document defines control, audit, and information systems. It explains that control is a managerial function, and management is required by law to establish internal controls. An audit objectively examines financial statements to ensure they accurately represent transactions. Information system audits test IT infrastructure controls. The COBIT framework provides best practices for IT governance and management. It links control objectives and practices to business processes and objectives. COBIT 5 is the latest version, which builds on previous versions and other frameworks to provide more holistic enterprise guidance.
With the help of this power point presentation, Noha El-Mikawy, UNDP Governance Practice leader for the Arab States Region, summarized main messages from the first day of the workshop in Cairo on assessing governance in sectors (June 2009) and discussed the process of conducting a country-led assessment.
IT Governance – The missing compass in a technology changing worldPECB
Oladapo Ogundeji, CTO of Digital Jewels Ltd, gave a presentation on IT governance and its importance in today's technology changing world. He discussed that IT governance provides a formal process to define IT strategy and oversee its execution to achieve business goals. It also helps balance priorities like maximizing returns, increasing agility, and mitigating risks. Ogundeji covered frameworks like COBIT 5 and ISO 38500 that provide guidance on implementing IT governance and highlighted critical success factors like executive commitment, focus on execution, and competence in resources.
The COBIT framework provides guidance on IT governance and management. It focuses on aligning business goals with IT goals. COBIT describes IT processes across four domains - plan and organize, acquire and implement, deliver and support, monitor and evaluate. It defines 34 processes to ensure IT delivers value and manages risks. COBIT also identifies key IT resources like applications, information, infrastructure, and people that need to be managed optimally.
This document provides definitions and summaries of key concepts related to control and audit information systems, including:
- Definitions of control, which is a managerial function, and audit, which is an independent examination of financial statements and records.
- Cobit is a framework for developing, implementing, monitoring and improving IT governance and management practices.
- COBIT 5 builds on previous versions of COBIT and other frameworks, providing updated guidance while allowing organizations to continue work from earlier versions. It focuses more on enablers, has a new process reference model, and new assessment approaches.
IT Governance or Corporate governance of information technology is a subset discipline of corporate
governance, focused on information and technology (IT) and its performance and risk management.
The interest in IT Governance is due to the ongoing need within organizations to focus value creation efforts
on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders.
The document discusses IT governance in higher education and IT governance at Harvard University specifically. It provides an overview of what IT governance is, why it is important, and how CoBIT (an IT governance framework) was used to assess IT governance at Harvard. The audit found that Harvard's IT governance maturity could be improved in several key areas and provided five recommendations to help increase maturity to a target level of 3.0. Benefits of stronger IT governance include clearer accountability, decision making roles, and strengthened controls.
This document outlines a framework for ICT governance based on the ISO/IEC 38500 standard, modified for non-profit organizations. It describes six key dimensions that board members should monitor, evaluate, and direct: responsibility, strategy, acquisition, performance, conformance, and human behavior. For each dimension, it lists requirements from the standard and provides a column to note implications for developing an ICT governance policy, including questions, strengths/weaknesses, and anything already in place. The framework is intended to guide a board workshop discussion on defining the policy.
The document provides an overview and comparison of three major IT governance frameworks: ITIL, COBIT, and ISO 27001. ITIL focuses on IT service management and was originally developed by the UK government. COBIT is aimed at regulatory compliance and risk management. ISO 27001 contains information security standards and guidelines. Each framework takes a different approach, with ITIL emphasizing processes, COBIT control objectives, and ISO 27001 information security practices. Implementing the frameworks requires consideration of factors like organizational needs, budgets, and vendor expertise.
The document provides information about an upcoming training on IT Governance to be delivered by Goutama Bachtiar. It includes details about the trainer's background and experience in IT advisory, consulting, auditing, and education. The training objectives are to address key knowledge areas related to IT Governance domains such as framework, strategy alignment, value delivery, risk management, and performance measurement. The targeted participants are corporate and IT management, IT auditors, and senior IT management. The training agenda covers various topics around governance vs management, frameworks, strategy, value, risk, performance and more. It also discusses the ISACA CGEIT certification domains that the training maps to.
Understanding IT Governance and Risk Managementjiricejka
Describes IT Governance Holistic Framework for establishing transparent relation between Business and IT environment.
Describes Governance services and Risk Management Methods
The WLS value proposition is:
-Extensive IT business experience and capability
-Demonstrated IT risk and compliance delivery
-Proven commercial experience with practical perspectives
-Low overhead compared to larger service providers results in a more competitive service
-Flexibility in service provision to reflect your business budgetary and resource requirements
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB
This document discusses how COBIT 5 and ISO 38500 can be aligned for effective IT governance. It provides an overview of COBIT 5 including its product family, principles, processes, and implementation guidance. It also summarizes ISO 38500 and its six principles for corporate governance of IT. The document emphasizes that both frameworks take a holistic approach to IT governance covering the entire enterprise and can be used together to establish effective IT governance.
IT Governance Vs IT Management Presentation V0.1Richard Willis
IT governance involves establishing responsibility and accountability for major IT decisions and ensuring IT strategy alignment with business strategy. Effective IT governance increases profitability and shareholder returns. Frameworks like COBIT, ITIL, and ISO/IEC 38500 provide best practices for IT governance and management. IT governance is concerned with strategic decision making while IT management focuses on operational excellence. Organizations can assess their IT governance maturity to continually improve practices over time.
COBIT (Control Objectives for Information and Related Technology) provides guidance on evaluating internal controls for enterprise IT resources. It consists of 5 domains: strategic alignment, value delivery, risk management, resource management, and performance management. The COBIT cube represents the framework, with IT resources like applications, information, infrastructure, and personnel on one side and IT processes like planning, acquisition, delivery, and monitoring on the other side.
The document discusses Iman Baradari's background and qualifications. It states that he has a Master's degree in project management from the University of Melbourne and various professional certifications in project management, IT service management, and risk management. It also lists his work experience, which includes roles as a project manager for several large IT projects in Iran.
Proposal of a Framework of Lean Governance and Management of Enterprise ITMehran Misaghi
Technology and Information are vital to the success of companies.
To leverage the successes in IT projects, companies have at their
disposal, references globally accepted as good practices (COBIT,
ITIL, PMBOK, ISO, TOGAF, etc.). In spite of this, it is still great
the magnitude of spending on IT projects poorly designed or
improperly implemented. This paper presents a brief description
of standards and good practices related to governance and
management of enterprise IT, defines the Lean Thinking, Lean IT, the Processes Management, the Portfolio, Program and Project
Management, and the Work System Theory, and highlights the
purpose of them, showing their characteristics and suggests a
Framework of Lean Governance and Management of Enterprise
IT, by demonstrating how the standards and good practices
presented can work together, because it advocates that the Lean
Thinking, the Process, Portfolio, Program, and Project
Management, and the Work System Theory complement the
standards and good practices of Governance and Management of
Enterprise IT with an approach not referenced in these standards
and good practic
This document provides an overview of IT strategy and governance for executives. It discusses the importance of aligning IT with business strategy and having proper governance structures in place. Key points include:
- IT strategy should define how technology will support business goals and priorities through investments, applications, and infrastructure.
- IT governance ensures IT goals are met, risks mitigated, and value delivered to business. It focuses on strategic alignment, value delivery, risk management, resource management, and performance.
- Common pitfalls of IT strategy include lack of ownership, not tracking progress, failing to realize ROI, and not having proper governance structures.
- Strong IT governance with board oversight and an IT steering committee is needed to successfully
The document discusses quality assurance and improvement programs (QAIP) for internal audit activities (IAA). It states that the chief audit executive must develop and maintain a QAIP to ensure the IAA conforms with standards, adds value, and identifies opportunities for improvement. A QAIP includes ongoing monitoring, periodic self-assessments, and external assessments of the IAA's conformance, efficiency, effectiveness and opportunities for improvement. It should conclude with recommendations to improve IAA quality. The document also outlines the Plan-Do-Check-Act model for quality management.
The document provides information on various accounting concepts and journal entries. It discusses the basic accounting equation, adjusting entries for deferrals and accruals, methods for accounting for uncollectible accounts, accounting for long-term bonds and investments, and cash flow statements. Key topics covered include the basic accounting equation, adjusting entries, allowance method for uncollectible accounts, journal entries for bonds and investments, and preparation of cash flow statements using both the direct and indirect methods.
This document discusses information technology risks in banking, specifically related to internet banking. It outlines two models of internet banking - established banks providing online services and internet-only banks. While regulatory expectations are the same, internet-only banks face unique risks like high marketing costs and low margins. The document also discusses various types of IT risks including financial, operational, and compliance risks. It provides examples of risks from hacking, viruses, and unauthorized access and their potential impacts. Finally, it outlines different supervisory approaches to assessing IT risks.
The document discusses risk management principles and frameworks. It defines risk as the effect of uncertainty on an organization's objectives. An effective risk management framework ensures that risk is managed comprehensively, efficiently, and coherently across an organization. Establishing the proper context is a key first step of the risk management process, which includes understanding an organization's internal and external contexts.
With the help of this power point presentation, Noha El-Mikawy, UNDP Governance Practice leader for the Arab States Region, summarized main messages from the first day of the workshop in Cairo on assessing governance in sectors (June 2009) and discussed the process of conducting a country-led assessment.
IT Governance – The missing compass in a technology changing worldPECB
Oladapo Ogundeji, CTO of Digital Jewels Ltd, gave a presentation on IT governance and its importance in today's technology changing world. He discussed that IT governance provides a formal process to define IT strategy and oversee its execution to achieve business goals. It also helps balance priorities like maximizing returns, increasing agility, and mitigating risks. Ogundeji covered frameworks like COBIT 5 and ISO 38500 that provide guidance on implementing IT governance and highlighted critical success factors like executive commitment, focus on execution, and competence in resources.
The COBIT framework provides guidance on IT governance and management. It focuses on aligning business goals with IT goals. COBIT describes IT processes across four domains - plan and organize, acquire and implement, deliver and support, monitor and evaluate. It defines 34 processes to ensure IT delivers value and manages risks. COBIT also identifies key IT resources like applications, information, infrastructure, and people that need to be managed optimally.
This document provides definitions and summaries of key concepts related to control and audit information systems, including:
- Definitions of control, which is a managerial function, and audit, which is an independent examination of financial statements and records.
- Cobit is a framework for developing, implementing, monitoring and improving IT governance and management practices.
- COBIT 5 builds on previous versions of COBIT and other frameworks, providing updated guidance while allowing organizations to continue work from earlier versions. It focuses more on enablers, has a new process reference model, and new assessment approaches.
IT Governance or Corporate governance of information technology is a subset discipline of corporate
governance, focused on information and technology (IT) and its performance and risk management.
The interest in IT Governance is due to the ongoing need within organizations to focus value creation efforts
on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders.
The document discusses IT governance in higher education and IT governance at Harvard University specifically. It provides an overview of what IT governance is, why it is important, and how CoBIT (an IT governance framework) was used to assess IT governance at Harvard. The audit found that Harvard's IT governance maturity could be improved in several key areas and provided five recommendations to help increase maturity to a target level of 3.0. Benefits of stronger IT governance include clearer accountability, decision making roles, and strengthened controls.
This document outlines a framework for ICT governance based on the ISO/IEC 38500 standard, modified for non-profit organizations. It describes six key dimensions that board members should monitor, evaluate, and direct: responsibility, strategy, acquisition, performance, conformance, and human behavior. For each dimension, it lists requirements from the standard and provides a column to note implications for developing an ICT governance policy, including questions, strengths/weaknesses, and anything already in place. The framework is intended to guide a board workshop discussion on defining the policy.
The document provides an overview and comparison of three major IT governance frameworks: ITIL, COBIT, and ISO 27001. ITIL focuses on IT service management and was originally developed by the UK government. COBIT is aimed at regulatory compliance and risk management. ISO 27001 contains information security standards and guidelines. Each framework takes a different approach, with ITIL emphasizing processes, COBIT control objectives, and ISO 27001 information security practices. Implementing the frameworks requires consideration of factors like organizational needs, budgets, and vendor expertise.
The document provides information about an upcoming training on IT Governance to be delivered by Goutama Bachtiar. It includes details about the trainer's background and experience in IT advisory, consulting, auditing, and education. The training objectives are to address key knowledge areas related to IT Governance domains such as framework, strategy alignment, value delivery, risk management, and performance measurement. The targeted participants are corporate and IT management, IT auditors, and senior IT management. The training agenda covers various topics around governance vs management, frameworks, strategy, value, risk, performance and more. It also discusses the ISACA CGEIT certification domains that the training maps to.
Understanding IT Governance and Risk Managementjiricejka
Describes IT Governance Holistic Framework for establishing transparent relation between Business and IT environment.
Describes Governance services and Risk Management Methods
The WLS value proposition is:
-Extensive IT business experience and capability
-Demonstrated IT risk and compliance delivery
-Proven commercial experience with practical perspectives
-Low overhead compared to larger service providers results in a more competitive service
-Flexibility in service provision to reflect your business budgetary and resource requirements
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB
This document discusses how COBIT 5 and ISO 38500 can be aligned for effective IT governance. It provides an overview of COBIT 5 including its product family, principles, processes, and implementation guidance. It also summarizes ISO 38500 and its six principles for corporate governance of IT. The document emphasizes that both frameworks take a holistic approach to IT governance covering the entire enterprise and can be used together to establish effective IT governance.
IT Governance Vs IT Management Presentation V0.1Richard Willis
IT governance involves establishing responsibility and accountability for major IT decisions and ensuring IT strategy alignment with business strategy. Effective IT governance increases profitability and shareholder returns. Frameworks like COBIT, ITIL, and ISO/IEC 38500 provide best practices for IT governance and management. IT governance is concerned with strategic decision making while IT management focuses on operational excellence. Organizations can assess their IT governance maturity to continually improve practices over time.
COBIT (Control Objectives for Information and Related Technology) provides guidance on evaluating internal controls for enterprise IT resources. It consists of 5 domains: strategic alignment, value delivery, risk management, resource management, and performance management. The COBIT cube represents the framework, with IT resources like applications, information, infrastructure, and personnel on one side and IT processes like planning, acquisition, delivery, and monitoring on the other side.
The document discusses Iman Baradari's background and qualifications. It states that he has a Master's degree in project management from the University of Melbourne and various professional certifications in project management, IT service management, and risk management. It also lists his work experience, which includes roles as a project manager for several large IT projects in Iran.
Proposal of a Framework of Lean Governance and Management of Enterprise ITMehran Misaghi
Technology and Information are vital to the success of companies.
To leverage the successes in IT projects, companies have at their
disposal, references globally accepted as good practices (COBIT,
ITIL, PMBOK, ISO, TOGAF, etc.). In spite of this, it is still great
the magnitude of spending on IT projects poorly designed or
improperly implemented. This paper presents a brief description
of standards and good practices related to governance and
management of enterprise IT, defines the Lean Thinking, Lean IT, the Processes Management, the Portfolio, Program and Project
Management, and the Work System Theory, and highlights the
purpose of them, showing their characteristics and suggests a
Framework of Lean Governance and Management of Enterprise
IT, by demonstrating how the standards and good practices
presented can work together, because it advocates that the Lean
Thinking, the Process, Portfolio, Program, and Project
Management, and the Work System Theory complement the
standards and good practices of Governance and Management of
Enterprise IT with an approach not referenced in these standards
and good practic
This document provides an overview of IT strategy and governance for executives. It discusses the importance of aligning IT with business strategy and having proper governance structures in place. Key points include:
- IT strategy should define how technology will support business goals and priorities through investments, applications, and infrastructure.
- IT governance ensures IT goals are met, risks mitigated, and value delivered to business. It focuses on strategic alignment, value delivery, risk management, resource management, and performance.
- Common pitfalls of IT strategy include lack of ownership, not tracking progress, failing to realize ROI, and not having proper governance structures.
- Strong IT governance with board oversight and an IT steering committee is needed to successfully
The document discusses quality assurance and improvement programs (QAIP) for internal audit activities (IAA). It states that the chief audit executive must develop and maintain a QAIP to ensure the IAA conforms with standards, adds value, and identifies opportunities for improvement. A QAIP includes ongoing monitoring, periodic self-assessments, and external assessments of the IAA's conformance, efficiency, effectiveness and opportunities for improvement. It should conclude with recommendations to improve IAA quality. The document also outlines the Plan-Do-Check-Act model for quality management.
The document provides information on various accounting concepts and journal entries. It discusses the basic accounting equation, adjusting entries for deferrals and accruals, methods for accounting for uncollectible accounts, accounting for long-term bonds and investments, and cash flow statements. Key topics covered include the basic accounting equation, adjusting entries, allowance method for uncollectible accounts, journal entries for bonds and investments, and preparation of cash flow statements using both the direct and indirect methods.
This document discusses information technology risks in banking, specifically related to internet banking. It outlines two models of internet banking - established banks providing online services and internet-only banks. While regulatory expectations are the same, internet-only banks face unique risks like high marketing costs and low margins. The document also discusses various types of IT risks including financial, operational, and compliance risks. It provides examples of risks from hacking, viruses, and unauthorized access and their potential impacts. Finally, it outlines different supervisory approaches to assessing IT risks.
The document discusses risk management principles and frameworks. It defines risk as the effect of uncertainty on an organization's objectives. An effective risk management framework ensures that risk is managed comprehensively, efficiently, and coherently across an organization. Establishing the proper context is a key first step of the risk management process, which includes understanding an organization's internal and external contexts.
The control environment within IT refers to the overall attitude, awareness, and actions of management and employees regarding IT controls and their importance to the organization. Some key aspects of the IT control environment include:
- Tone at the top from CIO/IT leadership - Demonstrating commitment to IT controls through clear communication and leadership actions. Setting the "tone" that IT controls are important and should be taken seriously.
- Ethical climate within IT - Fostering an environment where ethical and compliant behavior is expected and encouraged regarding IT controls and responsibilities.
- Management philosophy and operating style - How IT management approaches oversight and accountability over IT controls. Ensuring appropriate philosophies around risk management, compliance, etc.
- A
The document defines internal auditing as an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The purpose of internal auditing is to evaluate and improve the effectiveness of risk management, control, and governance processes through a systematic and disciplined independent and objective assurance approach.
COBIT (Control Objectives for Information and Related Technology) adalah kerangka kerja tata kelola TI dan kumpulan perangkat yang membantu manajer mengelola risiko bisnis, masalah teknis, dan kebutuhan kontrol. Dokumen ini membahas pengertian, sejarah perkembangan, manfaat, dan perbedaan versi COBIT serta penjelasan mengenai COBIT 5.
The Stackies Awards, hosted by the MarTech conference and judged by chiefmartec.com, invites marketers to submit a single 16:9 slide that visualizes how they conceive of their marketing technology stack — the different products and technologies that they have harnessed into their marketing capabilities. This year, 41 companies entered their stacks and agreed to openly share them in this deck.
CobiT 4.1 is an authoritative, up-to-date set of generally accepted IT control objectives and practices for business and IT managers. It provides a framework for IT governance and is aimed at ensuring information integrity, security, and availability. CobiT promotes the understanding that IT resources need to be managed through key processes in order to deliver the information required for organizations to achieve their objectives.
The document discusses an enterprise architecture strategy with five key elements:
1. Customer relationship management and data integration
2. People, process, governance and a technical integration framework
3. Analytics, business intelligence, data quality, and master data management
4. Enterprise performance management with operational and analytical requirements
5. Integration across business processes, locations, applications, and data
This document discusses policy development based on the COBIT framework. It provides an overview of COBIT, including that it is a globally accepted framework for IT governance and management consisting of 34 processes organized into 4 domains: planning and organization, acquisition and implementation, delivery and support, and monitoring. It also outlines the 7 key information criteria that COBIT addresses: effectiveness, efficiency, availability, integrity, confidentiality, reliability, and compliance.
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
This document provides an overview of internal controls and information system auditing. It defines internal controls as processes designed to provide reasonable assurance of achieving objectives related to operations, financial reporting, and compliance. It discusses control objectives, components of internal controls including the control environment, risk assessment, control activities, information and communication, and monitoring. The document also covers the Foreign Corrupt Practices Act, types of financial reporting controls, segregation of duties, accounting systems, limitations of internal controls, and the role of internal controls in financial audits.
This document discusses several security frameworks and methodologies. It describes COSO as a corporate governance framework focused on fraudulent financial reporting. CobiT is derived from COSO and deals with IT governance, providing processes and control objectives. ITIL is the most used framework for IT service management, focusing on identifying, planning, delivering and supporting IT services businesses rely on. ISO/IEC 27000 is a series of standards that outlines developing and maintaining an information security management system to help organizations manage security controls centrally.
This document discusses IT governance and provides an overview of key concepts. It defines IT governance as consisting of leadership, structures, and processes to ensure IT supports business strategies and objectives. The document outlines five areas of focus for IT governance: strategic alignment, value delivery, resource management, risk management, and performance measurement. It also discusses why IT governance is important, who benefits, common frameworks that can be used, as well as advantages and disadvantages.
The COBIT 5 framework describes seven categories of enablers
• Principles, policies and frameworks are the vehicle to translate the desired behaviour into practical guidance for
day-to-day management.
• Processes describe an organised set of practices and activities to achieve certain objectives and produce a set of
outputs in support of achieving overall IT-related goals.
• Organisational structures are the key decision-making entities in an enterprise.
• Culture, ethics and behaviour of individuals and of the enterprise are very often underestimated as a success factor
in governance and management activities.
• Information is pervasive throughout any organisation and includes all information produced and used by the
enterprise. Information is required for keeping the organisation running and well governed, but at the operational
level, information is very often the key product of the enterprise itself.
• Services, infrastructure and applications include the infrastructure, technology and applications that provide the
enterprise with information technology processing and services.
• People, skills and competencies are linked to people and are required for successful completion of all activities and
for making correct decisions and taking corrective actions.
This document provides an overview of COBIT 5, a framework for the governance and management of enterprise IT. COBIT 5 helps enterprises create optimal value from IT by balancing benefits realization with risk optimization and resource use. The framework is designed to be a single integrated governance framework that covers the entire enterprise from end to end. It separates governance, which evaluates options and sets direction, from management, which implements activities. COBIT 5 aims to help enterprises maintain high quality information, generate value from IT, achieve operational excellence, manage IT risks, optimize costs, and ensure compliance.
IT Governance and Compliance: Its Importance and the Best Practices to Follow...GrapesTech Solutions
With new technology coming in every day, the need for IT governance and compliance is essential. IT governance and compliance are not only necessary for consumers but also for businesses. A strong IT governance plan can help add immense value to your business.
Many businesses are not aware of the importance of IT governance and Its Compliance. Hence it is important first to understand IT Governance and the Compliance Standards.
Explore the Significance of IT Governance and Compliance in 2024. Explore best practices for effective management, ensuring security, and meeting regulatory standards in the dynamic IT landscape.
IT governance consists of leadership, organizational structures, processes and relationships to ensure IT supports business strategy and objectives. COBIT is an internationally accepted framework for IT controls that focuses on objectives rather than implementation. Internal controls aim to provide assurance for effective operations, reliable financial reporting, and compliance, and have five components: control environment, risk assessment, control activities, information/communication, and monitoring. Portfolio management tools are needed to align IT investments with business goals and strategies to maximize returns.
The document discusses IT governance, defining it as the processes that ensure effective and efficient use of IT to help an organization achieve its goals. IT governance is a responsibility of executives and the board of directors and consists of leadership, structures, and processes to ensure IT supports business strategies and objectives. Frameworks like COBIT provide structures to align IT strategy with business strategy through formal processes. The benefits of IT governance include transparency, accountability, improved ROI, risk management, and compliance. Governance focuses on strategic decisions while management handles tactical implementation.
Knowledge of the purpose of IT strategy, policies, standards & pro cedures for an organization and the essential elements of each
https://www.infosectrain.com/blog/part-2-cisa-domain-2-governance-and-management-of-it/
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
This courseware was designed for the training entitled 'Governance and Management of Enterprise IT with COBIT 5 Framework' with the objective of understanding COBIT 5 Framework as well as achieving IT Governance effectiveness using the respective framework.
Cobit is a framework that provides governance over IT to ensure it is aligned with business needs. It improves IT efficiency and effectiveness by helping IT understand business needs and putting practices in place to meet them. Cobit supports IT governance by providing a framework to ensure IT is aligned with the business, enables the business, uses resources responsibly, and manages risks appropriately. Implementing Cobit provides benefits like a common language, understanding how business and IT can work together, improved efficiency, reduced risk, and more effective audits.
The document provides an overview of the Digital Trust Framework (DTF) and how it will integrate several frameworks including ODA, COBIT 2019, ITIL 4, and ISO 27005 to provide an overall approach for digital trust. The DTF will be a modular, cloud-based, open digital platform that can be orchestrated using AI. It will use the TMForum's Open Digital Architecture as a cornerstone and was developed for a 4IR environment.
The document discusses governance and the evolution of COBIT from versions 4.1 to 5.0, noting key changes like new principles, a focus on enablers, a new process reference model, and new/modified processes. It provides an overview of COBIT 5.0's framework for linking business goals to IT goals and processes. The presentation is by Dr. Santipat Arunthari, Chief Technology Officer of PTT ICT Solutions Company Limited.
This whitepaper provides some meaningful examples on metrics along with purposes of metrics (targets).
The whitepaper focuses on metrics in relation to the status of the ISMS and its output. These are also the outputs, which feeds into the management reporting.
A program description of an IT governance methodology for large and small programs where COBIT or ITIL may not be in your plans.
More at www.sqpegconsulting.com, Square Peg Consulting
John Goodpasture, PMP
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...TRANANHQUAN4
CoBit is a framework for IT governance and management. It was developed in 1996 and provides best practices for IT processes, including over 200 control objectives across 34 IT processes organized into 4 domains: Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate. The goals of CoBit are to ensure IT alignment with business objectives and deliver value while managing risks, resources, and performance.
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf46adnanshahzad
How to Start Up a Company: A Step-by-Step Guide Starting a company is an exciting adventure that combines creativity, strategy, and hard work. It can seem overwhelming at first, but with the right guidance, anyone can transform a great idea into a successful business. Let's dive into how to start up a company, from the initial spark of an idea to securing funding and launching your startup.
Introduction
Have you ever dreamed of turning your innovative idea into a thriving business? Starting a company involves numerous steps and decisions, but don't worry—we're here to help. Whether you're exploring how to start a startup company or wondering how to start up a small business, this guide will walk you through the process, step by step.
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Tastemy Pandit
Know what your zodiac sign says about your taste in food! Explore how the 12 zodiac signs influence your culinary preferences with insights from MyPandit. Dive into astrology and flavors!
SATTA MATKA SATTA FAST RESULT KALYAN TOP MATKA RESULT KALYAN SATTA MATKA FAST RESULT MILAN RATAN RAJDHANI MAIN BAZAR MATKA FAST TIPS RESULT MATKA CHART JODI CHART PANEL CHART FREE FIX GAME SATTAMATKA ! MATKA MOBI SATTA 143 spboss.in TOP NO1 RESULT FULL RATE MATKA ONLINE GAME PLAY BY APP SPBOSS
Industrial Tech SW: Category Renewal and CreationChristian Dahlen
Every industrial revolution has created a new set of categories and a new set of players.
Multiple new technologies have emerged, but Samsara and C3.ai are only two companies which have gone public so far.
Manufacturing startups constitute the largest pipeline share of unicorns and IPO candidates in the SF Bay Area, and software startups dominate in Germany.
How MJ Global Leads the Packaging Industry.pdfMJ Global
MJ Global's success in staying ahead of the curve in the packaging industry is a testament to its dedication to innovation, sustainability, and customer-centricity. By embracing technological advancements, leading in eco-friendly solutions, collaborating with industry leaders, and adapting to evolving consumer preferences, MJ Global continues to set new standards in the packaging sector.
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...my Pandit
Dive into the steadfast world of the Taurus Zodiac Sign. Discover the grounded, stable, and logical nature of Taurus individuals, and explore their key personality traits, important dates, and horoscope insights. Learn how the determination and patience of the Taurus sign make them the rock-steady achievers and anchors of the zodiac.
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Final ank Satta Matka Dpbos Final ank Satta Matta Matka 143 Kalyan Matka Guessing Final Matka Final ank Today Matka 420 Satta Batta Satta 143 Kalyan Chart Main Bazar Chart vip Matka Guessing Dpboss 143 Guessing Kalyan night
Part 2 Deep Dive: Navigating the 2024 Slowdownjeffkluth1
Introduction
The global retail industry has weathered numerous storms, with the financial crisis of 2008 serving as a poignant reminder of the sector's resilience and adaptability. However, as we navigate the complex landscape of 2024, retailers face a unique set of challenges that demand innovative strategies and a fundamental shift in mindset. This white paper contrasts the impact of the 2008 recession on the retail sector with the current headwinds retailers are grappling with, while offering a comprehensive roadmap for success in this new paradigm.
At Techbox Square, in Singapore, we're not just creative web designers and developers, we're the driving force behind your brand identity. Contact us today.
Structural Design Process: Step-by-Step Guide for BuildingsChandresh Chudasama
The structural design process is explained: Follow our step-by-step guide to understand building design intricacies and ensure structural integrity. Learn how to build wonderful buildings with the help of our detailed information. Learn how to create structures with durability and reliability and also gain insights on ways of managing structures.
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfthesiliconleaders
In the recent edition, The 10 Most Influential Leaders Guiding Corporate Evolution, 2024, The Silicon Leaders magazine gladly features Dejan Štancer, President of the Global Chamber of Business Leaders (GCBL), along with other leaders.
Top mailing list providers in the USA.pptxJeremyPeirce1
Discover the top mailing list providers in the USA, offering targeted lists, segmentation, and analytics to optimize your marketing campaigns and drive engagement.
[To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
This PowerPoint compilation offers a comprehensive overview of 20 leading innovation management frameworks and methodologies, selected for their broad applicability across various industries and organizational contexts. These frameworks are valuable resources for a wide range of users, including business professionals, educators, and consultants.
Each framework is presented with visually engaging diagrams and templates, ensuring the content is both informative and appealing. While this compilation is thorough, please note that the slides are intended as supplementary resources and may not be sufficient for standalone instructional purposes.
This compilation is ideal for anyone looking to enhance their understanding of innovation management and drive meaningful change within their organization. Whether you aim to improve product development processes, enhance customer experiences, or drive digital transformation, these frameworks offer valuable insights and tools to help you achieve your goals.
INCLUDED FRAMEWORKS/MODELS:
1. Stanford’s Design Thinking
2. IDEO’s Human-Centered Design
3. Strategyzer’s Business Model Innovation
4. Lean Startup Methodology
5. Agile Innovation Framework
6. Doblin’s Ten Types of Innovation
7. McKinsey’s Three Horizons of Growth
8. Customer Journey Map
9. Christensen’s Disruptive Innovation Theory
10. Blue Ocean Strategy
11. Strategyn’s Jobs-To-Be-Done (JTBD) Framework with Job Map
12. Design Sprint Framework
13. The Double Diamond
14. Lean Six Sigma DMAIC
15. TRIZ Problem-Solving Framework
16. Edward de Bono’s Six Thinking Hats
17. Stage-Gate Model
18. Toyota’s Six Steps of Kaizen
19. Microsoft’s Digital Transformation Framework
20. Design for Six Sigma (DFSS)
To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations
[To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
This presentation is a curated compilation of PowerPoint diagrams and templates designed to illustrate 20 different digital transformation frameworks and models. These frameworks are based on recent industry trends and best practices, ensuring that the content remains relevant and up-to-date.
Key highlights include Microsoft's Digital Transformation Framework, which focuses on driving innovation and efficiency, and McKinsey's Ten Guiding Principles, which provide strategic insights for successful digital transformation. Additionally, Forrester's framework emphasizes enhancing customer experiences and modernizing IT infrastructure, while IDC's MaturityScape helps assess and develop organizational digital maturity. MIT's framework explores cutting-edge strategies for achieving digital success.
These materials are perfect for enhancing your business or classroom presentations, offering visual aids to supplement your insights. Please note that while comprehensive, these slides are intended as supplementary resources and may not be complete for standalone instructional purposes.
Frameworks/Models included:
Microsoft’s Digital Transformation Framework
McKinsey’s Ten Guiding Principles of Digital Transformation
Forrester’s Digital Transformation Framework
IDC’s Digital Transformation MaturityScape
MIT’s Digital Transformation Framework
Gartner’s Digital Transformation Framework
Accenture’s Digital Strategy & Enterprise Frameworks
Deloitte’s Digital Industrial Transformation Framework
Capgemini’s Digital Transformation Framework
PwC’s Digital Transformation Framework
Cisco’s Digital Transformation Framework
Cognizant’s Digital Transformation Framework
DXC Technology’s Digital Transformation Framework
The BCG Strategy Palette
McKinsey’s Digital Transformation Framework
Digital Transformation Compass
Four Levels of Digital Maturity
Design Thinking Framework
Business Model Canvas
Customer Journey Map
Storytelling is an incredibly valuable tool to share data and information. To get the most impact from stories there are a number of key ingredients. These are based on science and human nature. Using these elements in a story you can deliver information impactfully, ensure action and drive change.
3. IT governance:
merupakan tanggung jawab eksekutif dan BoD. Terdiri dari kepemimpinan, struktur
organisasi dan proses yang menjamin bahwa enterprise’s IT mendukung dan
mengembangkan tujuan dan strategi organisasi.
COBIT supports IT governance by providing a framework to ensure that:
IT is aligned with the business
IT enables the business and maximises benefits
IT resources are used responsibly
IT risks are managed appropriately
IT transparency is achieved through performance measurement.
4. Strategic alignment: ensuring linkage of business and IT plan;
defining, maintaining and validating IT value proposition; and
aligning IT operations with enterprise operations.
Value delivery: executing value proposition throughout delivery
cycle, ensuring that IT deliver the promised benefit against
strategy, concentrating on optimising costs and proving the
intrinsic value of IT.
Resource management: optimal investment in, and proper mgt of
critical IT resource: applications, inf, infrastructure and people.
Key issue relate to optimisation of knowledge and infrastructure.
Risk management: risk awareness by senior officers, clear
understanding of appetite for risk, understanding of compliance
requirements, transparency about the sig. risk to enterprise and
embedding of RM responsibilities into org.
Perf measurement: track and monitor strategy implement,
project completion, resource usage, process perf and service
delivery, using, ex: BSC that translate strategy into action to
achieve goals measurable beyond conventional accounting.
5.
6. Business goals
IT goals
IT Processes
Key
Activities
requirements information
Control
Outcomes Test
Control
Objectives
Responsibilities
and
Accountibilities
Chart
Performance
Indicators
Outcomes
Measures
Control
Design
Test
Control
Practices
based
on
Maturity
Models
derived
from
7.
8. A control framework for IT governance defines the reasons IT governance is needed, the
stakeholders and what it needs to accomplish.
Why
In particular, management needs to know if inf is being managed, so that it is:
Likely to achieve its objectives
Resilient enough to learn and adapt
Judiciously managing the risks it faces
Appropriately recognising opportunities and acting upon them
Enterprise cannot deliver effectively against business and governance requirement
w/o adopting and implementing a governance and control FW for IT to:
Make a link to the business requirements
Make performance against these requirements transparent
Organise its activities into a generally accepted process model
Identify the major resources to be leveraged
Define the management control objectives to be considered.
9. Who
A gov and control FW needs to serve a variety of internal and external stakeholders,
each of whom has specific needs:
Stakeholders within enterprise who have interest in generating value fr IT invest:
Internal and external stakeholders who provide IT services:
Internal and external stakeholders who have a control/risk responsibility:
What
To meet the requirement listed in previous section, a FW for IT gov and control should:
Provide a business focus to enable alignment between business and IT objectives
Establish process orientation to define scope and extent of coverage, w/ defined
structure enabling easy navigation of content.
Be generally acceptable by being consistent w/ accepted IT good practices and
standard and independent of specific technologies.
Supply a common language w/ a set of terms and definitions that are generally
understandable by all stakeholders.
Help meet regulatory req by being consistent with generally accepted corporate gov
standard (e.g., COSO) and IT control expected by regulator and external auditor.
10. In response to the needs, the COBIT FW was created w/ main characteristics of being:
business-focused,
process-oriented,
controls-based, and
measurement-driven.
Sumber: IT Governance Institute, COBIT 4.1, 2007
11. Business orientation is the main theme of COBIT, designed to: (1) be employed by IT
service providers, users, and auditors, and (2) to provide comprehensive guidance for
mgt and business process owners.
COBIT’S INFORMATION CRITERIA
To satisfy business obj, inf needs to conform to certain control criteria, which refers to
as business requirement for inf. Inf criterias are defined as follows:
1. Effectiveness: inf being relevant and pertinent to business process as well as being
delivered in a timely, correct, consistent, and usable manner.
2. Efficiency: provision of inf through optimal (productive and eco) use of resource.
3. Confidentiality: the protection of sensitive inf from unauthorised disclosure.
4. Integrity: accuracy and completeness of inf as well as to its validity.
5. Availability: inf being available when required by business process now and in future.
6. Compliance: complying with law, regulation and contractual arrangement.
7. Reliability: provision of appropriate inf for mgt to operate entity and exercise its
fiduciary and governance responsibilities.
12. BUSINESS GOALS AND IT GOALS
Defining set of business goal and IT goal provides a business-related and refined
basis for establishing business req and developing measurement. See Appendix I.
Defining IT Goals and Enterprise Architecture for IT
13. IT RESOURCES
IT resources (people, infrastructure, applications, information) together with the
processes, constitute an enterprise architecture for IT.
Enterprise needs to invest in resource to
create technical capability (e.g., ERP), to
support a capability (e.g., implementing a
supply chain), resulting in the desired
outcome (increase sales and fin benefit).
The IT resources:
Applications: automated system and
manual procedure that process inf.
Information: data, input, processed and
output by IS, used by business.
Infrastructur: tech and facilities (HW, OS,
DMS, network, multimedia).
People: required to plan, organise,
acquire, implement, deliver, support,
monitor and evaluate IS and services.
14. An operational model is initial step toward good gov, and also provide FW for measuring
and monitoring IT perf, communicating w/ service providers and integrating best mgt
practices.
Within the COBIT framework, generic process model are within four domains:
Plan and Organise (PO)—Provides direction to solution delivery (AI) and service
delivery (DS)
Acquire and Implement (AI)—Provides
solutions and passes them to be
turned into services.
Deliver and Support (DS)—Receives
solutions and makes them usable for
end user.
Monitor and Evaluate (ME)—Monitors
all processes to ensure that the
direction provided is followed
15. PLAN AND ORGANISE (PO)
PO covers strategy and tactics, and concerns identf of the way IT can best contribute to
achievement of business obj, which addresses following mgt questions:
Are IT and the business strategy aligned?
Is the enterprise achieving optimum use of its resources?
Does everyone in the organisation understand the IT objectives?
Are IT risks understood and being managed?
Is the quality of IT systems appropriate for business needs?
ACQUIRE AND IMPLEMENT (AI)
IT solutions need to be identified, developed or acquired, implemented and integrated
into the business process. In addition, changes in and maintenance of existing systems
are covered. This domain typically addresses the following mgt questions:
Are new projects likely to deliver solutions that meet business needs?
Are new projects likely to be delivered on time and within budget?
Will the new systems work properly when implemented?
Will changes be made without upsetting current business operations?
16. DELIVER AND SUPPORT (DS)
DS is concerned w/ actual delivery of services, includes mgt of security and continuity,
service support, and mgt of data and facilities. It addresses following mgt questions:
Are IT services being delivered in line with business priorities?
Are IT costs optimised?
Is the workforce able to use the IT systems productively and safely?
Are adequate confidentiality, integrity and availability in place for inf security?
MONITOR AND EVALUATE (ME)
ME addresses performance mgt, monitoring of IC, regulatory compliance and
governance. It addresses the following mgt questions:
Is IT’s performance measured to detect problems before it is too late?
Does mgt ensure that IC are effective and efficient?
Can IT performance be linked back to business goals?
Are adequate confidentiality, integrity and availability control in place for inf security?
Across these four domains, COBIT has identified 34 IT processes that are generally used
(refer to figure 22 for the complete list).
17. PROCESSES NEED CONTROLS
IT control obj provide a complete set of high-level requirements to be considered by
mgt for effective control of each IT process, they:
Are statements of managerial actions to increase value or reduce risk.
Consist of policies, procedures, practices and organisational structures
Provide reasonable assurance that business obj will be achieved.
Mgt needs to make choices relative to these control objectives by:
Selecting those that are applicable;
Deciding upon those will be implemented;
Choosing how to implement them
(frequency, span, automation, etc.);
Accepting the risk of not implementing.
Standard control has analogy: When room
temperature (standard) for heating system
(process) is set, system will check (compare)
ambient room temp (control inf) and will signal
(act) system to provide more or less heat.
18. PROCESSES NEED CONTROLS
To achieve effective gov, controls need to be implemented by operational managers
within a defined control FW for all IT processes.
The control obj are identified by a 2-character domain reference (PO, AI, DS and ME) +
a process no. and a control obj no. In addition to control obj, each process has
generic control requirements that are identified by PCn (process control no.).
PC1 Process Goals and Objectives
Define and communicate specific, measurable, actionable, realistic, results-
oriented and timely (SMARRT) process goals and objectives. Ensure that they are
linked to the business goals and supported by suitable metrics.
PC2 Process Ownership
Assign owner for each IT process, and clearly define roles and responsibilities of
the process owner. Include, for example, responsibility for process design,
interaction, accountability, measurement, and identification of improvement.
19. PROCESSES NEED CONTROLS
PC3 Process Repeatability
Design and establish each key IT process such that it is repeatable and
consistently produces the expected results.
PC4 Roles and Responsibilities
Define the key activities and end deliverables of the process. Assign and
communicate unambiguous roles and responsibilities for effective and efficient
execution of key activities and their documentation as well as accountability.
PC5 Policy, Plans and Procedures
Define and communicate how all policies, plans and procedures that drive an IT
process are documented, reviewed, maintained, approved, stored, communicated
and used for training.
PC6 Process Performance Improvement
Identify a set of metrics that provides insight into outcomes and performance of
the process. Establish targets that reflect on the process goals and performance
indicators that enable the achievement of process goals.
20. BUSINESS AND IT CONTROLS
The enterprise’s system of IC impacts IT at 3 levels:
1. At the executive mgt level:
The overall approach to governance and control is established by the board and
communicated throughout the enterprise. IT control environment is directed by top-
level set of objectives and policies.
2. At the business process level:
Most business processes are automated and integrated w/ IT application system,
resulting in many of controls at this level being automated. Known as application
control. However, some controls within business process remain as manual
procedures, such as authorisation for trans, separation of duties.
3. To support the business processes:
IT provides IT services, in a shared service to many business processes, and much
of the IT infrastructure is provided as a common service (e.g., networks, databases,
OS and storage). The controls applied to all IT service actv are known as IT general
controls. Poor change mgt could jeopardise reliability of automated integrity check.
21. IT GENERAL CONTROLS AND APPLICATION CONTROLS
General control: controls embedded in IT processes and services, include:
Systems development, Change management, Security, and Computer operation.
Application control: control embedded in business process application, include:
Completeness, Accuracy, Validity, Authorisation, and Segregation of duties
Design and implementation of automated AC is responsibility of IT, covered in AI domain,
based on COBIT’s information criteria, shown in figure 10. The operational mgt and
control responsibility for AC is not w/ IT, but w/ the business process owner.
Hence, the responsibility for AC is an end-to-end joint responsibility between business
and IT, but the nature of the responsibilities changes as follows:
The business is responsible to properly:
– Define functional and control requirements
– Use automated services
IT is responsible to:
– Automate and implement business functional and control requirements
– Establish controls to maintain the integrity of applications controls.
22.
23. The following list provides a recommended set of AC objectives:
AC1 Source Data Preparation and Authorisation
Ensure that source doc are prepared by authorised and qualified personnel following
established procedures, taking into account adequate segregation of duties.
AC2 Source Data Collection and Entry
Establish that data input is performed in timely manner by authorised n qualified staff.
AC3 Accuracy, Completeness and Authenticity Checks
Ensure that transc are accurate, complete, and valid.
AC4 Processing Integrity and Validity
Maintain the integrity and validity of data throughout the processing cycle. Detection
of erroneous transactions does not disrupt the processing of valid transactions.
AC5 Output Review, Reconciliation and Error Handling
Establish procedures and responsibilities, delivered to appr recipient, and protected
during transmission; that verification, detection and correction of accuracy of output.
AC6 Transaction Authentication and Integrity
Before passing transc data b/w internal applications and business/opr functions,
check it for proper addressing, authenticity of origin and integrity of content.
24. Enterprises need to measure where they are and where improvement is required, and
implement a management tool kit to monitor this improvement.
COBIT deals with these issues by providing:
Maturity model to enable benchmark and identify necessary capability improvement.
Perf goals and metric for IT processes, demonstrating how processes meet business
and IT goal and are used for measuring internal process perf based on BSC principle.
Activity goals for enabling effective process performanc
MATURITY MODELS
IT mgt is constantly on lookout for benchmarking and self-assessment tool in response
to the need to know what to do in an efficient manner. This responds to 3 needs:
1. A relative measure of where the enterprise is
2. A manner to efficiently decide where to go
3. A tool for measuring progress against the goal.
Maturity model for mgt and control over IT processes is based on a method of evaluating
organisation, so it can be rated fr a maturity level of non-existent (0) to optimised (5).
25. MATURITY MODELS
The purpose is to identify where issues are and how to set priorities for
improvements, not to assess the level of adherence to the control objectives.
They are not designed for use as a threshold model, where one cannot move to the
next higher level without having fulfilled all conditions of the lower level.
26. Using MM developed for each of COBIT’s 34 IT processes, mgt can identify:
The actual performance of the enterprise—Where the enterprise is today
The current status of the industry—The comparison
The enterprise’s target for improvement—Where the enterprise wants to be
The required growth path between ‘as-is’ and ‘to-be’.
27. Capability, coverage and control are all dimensions of process maturity:
Coverage, depth of
control, and how the
capability is used and
deployed are cost-benefit
decisions. For example, a
high level of security mgt
may have to be focused
only on most critical
enterprise systems.
Another example would be
choice b/w a weekly
manual review and a
continuous automated
control.
28. Level Awareness and
Communication
Policies, Plan, and
Procedures
Tools and
Automation
Skill and
Expertise
Responsibility and
Accountability
Goal Setting and
Measurement
1 Recognition of
need for the
process is
emerging
There is sporadic
communication of
the issues
Recognition of the
need for to process
and practices
The process and
policies are undefined
Some tools may
exits; usage is based
on standard desktop
tools
There is no planned
approach to tool
usage
Skills required for
the process are not
identified
A training plan does
not exist and no
formal training
occurs
There is no definition
of accountability and
responsibility. People
take ownership of
issue based on their
own initiative on a
reactive basis
Goals are not clear
and no measurement
take place
2 There is awareness
of the need to act
Mgt communicate
the overall issues
Similar and common
processes emerge,
but are largely
intuitive because of
individual expertise
Some aspect of pro-
cess are repeatable
because of individual
expertise, and some
docu-mentation and
informal under-
standing of policy and
procedure are exits
Common approaches
to use of tools exits
but are based on
solutions developed
by key individuals
Vendor tools may
have been acquired,
but are probably not
applied correctly, and
may even shelfware
Minimum skill
requirements are
identified for critical
area
Training is provided
in response to
needs, rather than
on the basis of
agreed plan, and
informal training on
the job occurs.
An individual
asssumes his/ her
responsibility and is
usually held
accountable. even if
this is not formally
agreed
There is confusion
about responsibilities
when problems occur,
and a culture of blame
tends to exist.
Some goals setting
occurs; some
financial measures
are established, but
known only by SM.
There is
inconsistency
monitoring in isolated
areas.
3 There is
understanding of
the need to act
Usage of good
practices emerges
A plan has been
defined for use and
standarization of tools
to automate process
Skill requirement are
defined and docu-
mented for all areas
Process responsibility
and accountability are
defined and process
owner’ve been identif’
Some effectiveness
goal and measure is
set, not communicat-
ed, and there’s clear
link to businessgoal
29. Level Awareness and
Communication
Policies, Plan, and
Procedures
Tools and
Automation
Skill and
Expertise
Responsibility and
Accountability
Goal Setting and
Measurement
3 Mgt is more formal
and structured in its
communication
The process, policies,
and procedures are
defined and
documented for all
key activities
Tools are being used
for their purposes, but
may not all be in
accord-ance w/
agreedplan, and may
not be integrated w/
one another.
A formal training
plan has been
developed, but
formal training is still
based on individual
initiatives.
The process owner is
unlikely to have a full
authority to exercise
the responsibilities
Measurement
processes emerge, but
not consistently
applied. IT BSC idea
being adopted, as if
intuitive application of
rootcause analys
4 There is unders-
tanding of the full
requirements
Mature communi-
cation techniques
are applied and
standard commu-
nication tools are in
use
The process is sound
and comple-te;
internal best practice
are applied.
All aspect of proces
are documented and
repeatable. Policy
been approve and
signed off on by mgt.
Standard for
developing and
maintaining process
and procedure are
adopted n followed.
Tools r implemented
according to
standirised plan, and
some have been
integrated w/ other
related tools.
Tools are being used
in main areas to
automate
management of the
process and monitor
critical activities and
controls
Skill requirements
are routinely updat-
ed for all areas,
proficient is ensured
for all critical areas,
and certification is
encouraged
Mature training tech-
niques are applied
according to training
plan and knowledge
sharing is encourag-
ed. Internal domain
experts are involved
and effectiveness of
training plan is
assessed
Process responsibility
and accoutability are
accepted and working
in way that enables a
process owner to
discharge his/her
responsibilities.
A reward culture is in
place that motivates
positve actions.
Efficiency and
effectiveness are
measured and
communicated, and
linked to business goal
and IT strategic plan.
The IT BCS is
implemented in some
areas with exceptions
noted by mgt and root
cause analysis is being
standarised.
Continuous
improvement is
emerging.
30. Level Awareness and
Communication
Policies, Plan, and
Procedures
Tools and
Automation
Skill and
Expertise
Responsibility and
Accountability
Goal Setting and
Measurement
5 There is advance,
forward looking
understanding of
requirement
Proactive
communication of
issue based on
trend exists, mature
communication
techniques are
applied, and
integrated
communication
tools are used
External best
practices and
standards are applied
Process
documentation is
evolved to automated
workflows.
Processes, policies,
and procedures are
standarised and
integrated to enable
end-to-end
management and
improvement.
Standarised tools
sets are used accross
the enterprise
Tools are fully
integrated with other
related tools to
enable end-to-end
support of the
processes.
Tools are being used
to support
improvement of the
process and
automatically detect
control exceptions
The organisation
formally encourages
continuous improve-
ment of skills, based
on clearly defined
personal and
organization goals.
Training and
education support
external best
practices and use of
leading edge
concept n technique
Knowledege sharing
is an enterprise
culture, and know-
ledge-based system
are being deployed.
External expert and
industry leaders are
used for guidance
Process owners are
empowered to make
decision and take
actions.
The acceptance of
responsibility has
been cascaded down
throughout the
organization in
consistent fashion
There is integrated
performance
measurement system
linking IT performance
to business goals by
the global application
of the IT balanced
scorecard. Exceptions
are globally and
consistently by
management and root
cause analysis is
applied.
Continuous
improvement is a way
of life.
31. PERFORMANCE MEASUREMENT
Goals and metrics are defined in COBIT at 3 levels:
1. IT goals and metrics: define what business expects from IT and how to measure it.
2. Process goals and metrics: define what the IT process must deliver to support IT’s
objectives and how to measure it.
3. Activity goals and metrics: establish what needs to happen inside the process to
achieve the required perf and how to measure it
32. PERFORMANCE MEASUREMENT
Two types of metrics:
Outcome measure: indicate whether the goals have been met. These can be
measured only after the fact and, therefore, are called ‘lag indicators’.
Performance indicators: indicate whether goals are likely to be met. They can be
measured before the outcome is clear and, therefore, are called ‘lead indicators’.
Outome measures of lower level become performance indicators for higher level.
Outcome measures of IT function are often expressed in term of inf criteria:
Availability of information needed to support the business needs
Absence of integrity and confidentiality risks
Cost-efficiency of processes and operations
Confirmation of reliability, effectiveness and compliance
Performance indicators (or performance drivers) define measures that determine how
well business, IT function or IT process is performing in enabling the goals to be
reached. They often measure the availability of appropriate capabilities, practices and
skills, and the outcome of underlying activities.
33. Maintain enterprise
reputation and
leadership
Ensure that IT
services can
resist and
recover from
attacks
Detect and resolve
unauthorised
access to
information,
applications and
infrastructure.
Understand
security
requirements,
vulnerabilities
and threats
Numbers of incidents
causing public
embarassment
Number of
actual IT
incidents with
business impact
Number of
actual incidents
because of
unauthorised
access
Frequency of
review of the
type of security
events to be
monitored
is measured by is measured by is measured by is measured by
Business goals IT goals Process goals Activity goals
Define Goals
MeasureAchievement
Indicate Perfomance
Improveandreallign
Outcome
mesures
Business metrics
Performance
indicators
Outcome
mesures
IT metrics
Performance
indicators
Outcome
mesures
Process metrics
Performance
indicators
34. •Effectiveness
•Efficiency
•Confidentiality
•Integrity
•Availability
•Compliance
•Reliability
•Applications
•Information
•Infrastructure
•People
PO1 Define a strategic IT plan.
PO2 Define the information
architecture.
PO3 Determine technological
direction.
PO4 Define the IT processes, org
and relationship
PO5 Manage the IT investment.
PO6 Communicate management
aims and direction.
PO7 Manage IT human resources.
PO8 Manage quality.
PO9 Assess and manage IT risks.
PO10 Manage projects.
ME1 Monitor and evaluate IT
performance.
ME2 Monitor and evaluate
internal control.
ME3 Ensure compliance w/
external
requirements.
ME4 Provide IT governance.
DS1 Define and manage
service levels.
DS2 Manage third-party
services.
DS3 Manage performance
and capacity.
DS4 Ensure continuous
service.
DS5 Ensure systems
security.
DS6 Identify and allocate
costs.
DS7 Educate and train
AI1 Identify automated
solutions.
AI2 Acquire and maintain
application software.
AI3 Acquire and maintain tech
infrastructure.
AI4 Enable operation and use.
AI5 Procure IT resources.
BUSINESS OBJECTIVES
GOVERNANCE OBJECTIVES
INFORMATION
CRITERIA
PLAN AND
ORGANIZE
ACQUIRE AND
IMPLEMENT
DELIVERY AND
SUPPORT
MONITOR AND
EVALUATE
IT RESOUCES.