darminritonga amy, profile picture
Uploaded bydarminritonga amy
PPTX, PDF92 views

Cobit 4.1 ivo oktavianti

This document discusses COBIT (Control Objectives for Information and Related Technology), which is a framework for IT governance and management. It defines COBIT and its components, including control objectives, control practices, and a process reference model. It also summarizes the changes between COBIT 4.1 and the new COBIT 5 version, such as new governance processes, a revised process model, and a new process capability assessment approach. The document is intended to help users understand COBIT and transition from prior versions to COBIT 5.

Embed presentation

Download to read offline
Di Susun Oleh : Ivo Oktavianti 11353202788 SIF VII H Control & Audit Sistem Informasi Dosen Pembimbing : Muhammad jazzman, S. Kom., M.InfoSys COBIT 4.1
DEFINITION CONTROL  Control is one the managerial functions like planning, organizing, staffing and directing  Management is required by law to establish and maintain an adequate system of internal controls.
DEFINITIONS AUDIT Audit is an objective examination and evaluation of the financial statements of an organization to make sure that the records are a fair and axxurate representation of the transactions they claim to represent. Audit information technology or IT (information technology) is also known as the audit or audit information system (information system audit) is the testing of the control activities of the infrastructure unit groups of a system / information technology. Internal Auditing is an indepent, objective, assurance and consulting activity design to add value and improve an organization’s operations.
COBIT Cobit is a frameword for developing, implementing, monitoring and improving information technologi (IT) governance and management practices. The cobit frameword is published by the IT Governance institute and the information System Audit and Control Association (ISACA). Cobit is a good –practice framework created by international professional association ISACA for IT Management and IT Governance.
What Is Cobit?  Authoritative, Up-Date, International set of generally accepted IT control objectives and control practices for day-to-day use by business managers and auditor  Struktured and organized to provide a powerful control model
TRANSITION MESSAGE  COBIT 4.1, Val IT and Risk IT users who are already engaged in governance of enterprise IT (GEIT) implementation activities can transition to COBIT 5 and benefit from the latest and improved guidance that it provides during the next iterations of their enterprise’s improvement life cycle.  COBIT 5 builds on previous versions of COBIT (and Val IT and Risk IT) and so enterprises can also build on what they have developed using earlier versions
COBIT 4.1 – IT Governance Framework  Internationally accepted good practices  Managemen-oriented  Supported by tools and training  Freely available  Sharing knowladge and leveraging expert volunteers  Continually Evoloving  Maintained by reputable not-for-profit organisations  Maps 100 percent to COSO  Maps Strongly to all major related standards
COBIT SOURCES  Professional Standars for Internal control and auditing (COSO, IFAC, AICPA, IIA,etc)  Technical Standards (ISO, EDIFACT,etc)  Codes of Conduct  Qualification Criteria for IT system and processes (ISO9000,ITSEC. TCSEC.etc)  Industry practices and requirements from  Industry forums (ESF,14)
COBIT FRAMEWORK  Documents relationships among information criteria, IT resources, and IT Processes Link control objectives and control practices to business processes and business objectives  Assists in confirming that appropriate IT processes are in places  Facilitates evaluation and assurance methods.
STAKEHOLDER VALUE AND BUSINESS OBJECTIVES  Enterprises exist to create value for their stakeholders. Consequently, any enterprise— commercial or not—will have value creation as a governance objective.  Value creation means: Realising benefits at an optimal resource cost while optimising risk.
Continue Principle 1. Meeting Stakeholder Needs:  Stakeholder needs have to be transformed into an enterprise’s actionable strategy.  The COBIT 5 goals cascade translates stakeholder needs into specific, practical and customised goals within the context of the enterprise, IT-related goals and enabler goals.
Cont...  Stakeholder needs can be related to a set of generic enterprise goals.  These enterprise goals have been developed using the Balanced Scorecard (BSC) dimensions. (Kaplan, Robert S.; Norton, David P.; The Balanced Scorecard: Translating Strategy into Action, Harvard University Press, USA, 1996)  The enterprise goals are a list of commonly used goals that an enterprise has defined for itself.  Although this list is not exhaustive, most enterprise-specific goals can be easily mapped onto one or more of the generic enterprise goals.
Cont...  The goals cascade is not ‘new’ to COBIT.  It was introduced in COBIT 4.0 in 2005.  Those COBIT users who have applied the thinking to their enterprises have found value.  BUT not everyone has recognized this value.  The goals cascade supports the COBIT 5 stakeholder needs principle that is fundamental to COBIT and has therefore been made prominent early in the COBIT 5 guidance.  The goals cascade has been revisited and updated for the COBIT 5 release.
Governance and Management Defined  Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed- on enterprise objectives to be achieved; setting direction through prioritisation and decision making; and monitoring performance and compliance against agreed- on direction and objectives (EDM).  Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM).
AREAS OF CHANGE  The following slides summarise the major changes in COBIT 5 content and how they may impact GEIT implementation/improvement:  New GEIT Principles  Increased Focus on Enablers  New Process Reference Model  New and Modified Processes  Practices and Activities  Goals and Metrics  Inputs and Outputs  RACI Charts  Process Capability Maturity Models and Assessments
New GEIT Principles  Val IT and Risk IT frameworks are principles-based.  Feedback indicated that principles are easy to understand and put into an enterprise context, allowing value to be derived from the supporting guidance more effectively.  ISO/IEC 38500 also incorporates principles to underpin its messages to achieve the same market benefit delivery, although the principles in this standard and COBIT 5 are not the same
INCREASED FOCUS ON ENABLERS COBIT 4.1 did not have enablers! Yes it did—they were not called enablers but they were there, explicitly or implicitly.
Cont...  Information, infrastructure, applications (services) and people (people, skills and competencies) were COBIT 4.1 resources.  Principles, policies and frameworks were mentioned in a few COBIT 4.1 processes.  Processes were central to COBIT 4.1 use.  Organisational structure was implied through the responsible, accountable, consulted or informed (RACI) roles and their definitions.  Culture, ethics and behaviour were mentioned in a few COBIT 4.1 processes.
New Process Reference Model  COBIT 5 is based on a revised process reference model with a new governance domain and several new and modified processes that now cover enterprise activities end-to-end, i.e., business and IT function areas.  COBIT 5 consolidates COBIT 4.1, Val IT and Risk IT into one framework, and has been updated to align with current best practices, e.g., ITIL V3 2011, TOGAF.  The new model can be used as a guide for adjusting as necessary the enterprise’s own process model (just like COBIT 4.1).
Cont...  COBIT 5 introduces five new governance processes that have leveraged and improved COBIT 4.1, Val IT and Risk IT governance approaches.  This guidance:  Helps enterprises to further refine and strengthen executive management-level GEIT practices and activities  Supports GEIT integration with existing enterprise governance practices and is aligned with ISO/IEC 38500
NEW AND MODIFIED PROCESSES COBIT 5 has clarified management level processes and integrated COBIT 4.1, Val IT and Risk IT content into one process reference model
NEW AND MODIFIED PROCESSES  COBIT 5 processes now cover end-to-end business and IT activities, i.e., a full enterprise-level view.  This provides for a more holistic and complete coverage of practices reflecting the pervasive enterprisewide nature of IT use.  It makes the involvement, responsibilities and accountabilities of business stakeholders in the use of IT more explicit and transparent
INPUTS AND OUTPUTS  COBIT 5 provides inputs and outputs for every management practice, whereas COBIT 4.1 only provided these at the process level.  This provides additional detailed guidance for designing processes to include essential work products and to assist with interprocess integration.
Process Capability Models and Assessments  COBIT 5 discontinues the COBIT 4.1, Val IT and Risk IT CMM- based capability maturity modelling approach.  COBIT 5 will be supported by a new process capability assessment approach based on ISO/IEC 15504, and the COBIT Assessment Programme has already been established for COBIT 4.1 as an alternative to the CMM approach.  The COBIT 4.1, Val IT and Risk IT CMM-based approaches are not considered compatible with the ISO/IEC 15504 approach because the methods use different attributes and measurement scales.
PROCESS CAPABILITY MODELS AND ASSESSMENTS  COBIT 4.1, Val IT and Risk IT users wishing to move to the new COBIT Assessment Programme approach will need to realign their previous ratings, adopt and learn the new method, and initiate a new set of assessments in order to gain the benefits of the new approach.  Although some of the information gathered from previous assessments may be reusable, care will be needed in migrating this information forward because there are significant differences in requireme
Cont...  COBIT 4.1, Val IT and Risk IT users wishing to continue with the CMM-based approach, either as an interim or ongoing approach, can use the COBIT 5 guidance, but must use the COBIT 4.1 generic attribute table without the high-level maturity models.
TERIMAKASIH

More Related Content

PPT
Cobit5 compare-with-4.1
byAVASP - Ambiente Virtual de Aprendizado de São Paulo
 
PPTX
Cobit 5 - An Overview
byAnurag Purohit
 
PPTX
Cobit5
byISACA-Istanbul
 
PPTX
Lailatul izzati
byLailatul Izzati
 
PPTX
Darmin ritonga 11353205418
bydarminritonga amy
 
PPTX
Uas dwi widiastuti
byDwi Widiastuti
 
PPT
Cobit® 5 Comparação com Cobit® 4
bybrunise
 
PDF
Comparación de CobiT 5 con CobiT 4.1
bySlime Argentina
 
Cobit5 compare-with-4.1
byAVASP - Ambiente Virtual de Aprendizado de São Paulo
 
Cobit 5 - An Overview
byAnurag Purohit
 
Cobit5
byISACA-Istanbul
 
Lailatul izzati
byLailatul Izzati
 
Darmin ritonga 11353205418
bydarminritonga amy
 
Uas dwi widiastuti
byDwi Widiastuti
 
Cobit® 5 Comparação com Cobit® 4
bybrunise
 
Comparación de CobiT 5 con CobiT 4.1
bySlime Argentina
 

What's hot

PPTX
Cobit
byifourkhushbooshah
 
PPTX
COBIT5 Introduction
byMohammad Reda Katby
 
PPT
Cobit5 introduction
byMarkus Yaldu
 
PPTX
Itil,cobit and ıso27001
byBurcu Pelin TELLİ
 
PDF
COBIT 5 Basic Concepts
bySpyros Ktenas
 
PPT
Cobit Foundation Training
byvyomlabs
 
PDF
Qap cobit2019-20181111
byPatrick Soenen
 
PPTX
COBIT 5 - Principal 5 Separating Governance From Management
byMohammad Reda Katby
 
PDF
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
byCTE Solutions Inc.
 
PDF
Cobit 4.1 Highlights
bygeoffharmer
 
PPTX
COBIT 5 & 4.1 Comparison
byAnthony Dehnashi
 
PPTX
Cobit5 owerwiev and implementation proposal
byEmilio Gratton
 
PDF
DevOps, BA and COBIT don’t really align, or do they?
byIIBA-Canberra
 
PPTX
COBIT 5 - Principal 3 Applying A Single Integrated Framework
byMohammad Reda Katby
 
PPTX
Audit rizkie hafizzah
byRizkie Hafizzah
 
PDF
COBIT 5 FAQ
byMas'ud Adhi Saputra
 
PDF
Cobit 5 introduction plgr
byPedro Garcia Repetto
 
PDF
Multi Model Performance Improvement
byGeorge Brotbeck
 
PDF
I Forum GSTI - David Bathiely
byMarcos Andre
 
Cobit
byifourkhushbooshah
 
COBIT5 Introduction
byMohammad Reda Katby
 
Cobit5 introduction
byMarkus Yaldu
 
Itil,cobit and ıso27001
byBurcu Pelin TELLİ
 
COBIT 5 Basic Concepts
bySpyros Ktenas
 
Cobit Foundation Training
byvyomlabs
 
Qap cobit2019-20181111
byPatrick Soenen
 
COBIT 5 - Principal 5 Separating Governance From Management
byMohammad Reda Katby
 
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
byCTE Solutions Inc.
 
Cobit 4.1 Highlights
bygeoffharmer
 
COBIT 5 & 4.1 Comparison
byAnthony Dehnashi
 
Cobit5 owerwiev and implementation proposal
byEmilio Gratton
 
DevOps, BA and COBIT don’t really align, or do they?
byIIBA-Canberra
 
COBIT 5 - Principal 3 Applying A Single Integrated Framework
byMohammad Reda Katby
 
Audit rizkie hafizzah
byRizkie Hafizzah
 
COBIT 5 FAQ
byMas'ud Adhi Saputra
 
Cobit 5 introduction plgr
byPedro Garcia Repetto
 
Multi Model Performance Improvement
byGeorge Brotbeck
 
I Forum GSTI - David Bathiely
byMarcos Andre
 

Viewers also liked

PDF
Mairead Loughman Dissertation FINAL 240716
byMairéad Loughman
 
PPT
Qualidade
bytourlinesviagens
 
PPS
Páscoa
bysantuario13
 
PPT
Memória flora teles 3
byfloraqteles
 
PPSX
Sampa desconhecida tom ze
byDanielle Ribeiro
 
PPT
Genética 01
byJoselito Oliveira Neto
 
ODP
Composição da comoc
byluiseveraldo
 
PPTX
Cobit 4.1 ivo oktavianti
bydarminritonga amy
 
PPTX
Cobit 4.1 ivooktavianti
byIvo Oktavianti
 
DOCX
Cv ivo oktavianti
byIvo Oktavianti
 
DOCX
Cv ivo oktavianti
bydarminritonga amy
 
PPSX
My professional life
bySabrina Speicys
 
PPTX
Jéssica melo, jéssica rosa, patricia, rita. 11ºj
byanaoliveira541960
 
PPS
Nota de falecimento
bySimplesmentePinto
 
PPTX
Justica Yorkshire Lana
byLana Yorkshire
 
PDF
O Reino Messiânico 3 - Paz
byCarlos Almeida
 
PDF
Simulado completo aluno
byRicardo Bruno Nunes
 
DOCX
T.d vírus
byJoselito Oliveira Neto
 
DOCX
Is that what we want to live with
byBhaswati Guha Majumder
 
PPT
Memória flora teles 1
byfloraqteles
 
Mairead Loughman Dissertation FINAL 240716
byMairéad Loughman
 
Qualidade
bytourlinesviagens
 
Páscoa
bysantuario13
 
Memória flora teles 3
byfloraqteles
 
Sampa desconhecida tom ze
byDanielle Ribeiro
 
Genética 01
byJoselito Oliveira Neto
 
Composição da comoc
byluiseveraldo
 
Cobit 4.1 ivo oktavianti
bydarminritonga amy
 
Cobit 4.1 ivooktavianti
byIvo Oktavianti
 
Cv ivo oktavianti
byIvo Oktavianti
 
Cv ivo oktavianti
bydarminritonga amy
 
My professional life
bySabrina Speicys
 
Jéssica melo, jéssica rosa, patricia, rita. 11ºj
byanaoliveira541960
 
Nota de falecimento
bySimplesmentePinto
 
Justica Yorkshire Lana
byLana Yorkshire
 
O Reino Messiânico 3 - Paz
byCarlos Almeida
 
Simulado completo aluno
byRicardo Bruno Nunes
 
T.d vírus
byJoselito Oliveira Neto
 
Is that what we want to live with
byBhaswati Guha Majumder
 
Memória flora teles 1
byfloraqteles
 

Similar to Cobit 4.1 ivo oktavianti

PPTX
Cobit 4.1 indri
bydwiza indri
 
PPTX
Donna Febriani
byDonna Febriani
 
PPTX
COBIT stands for (Control Objectives for Information and Related Technology
byMahmoudElmahdy23
 
PPTX
Co5bit
byAnne Starr
 
PPTX
COBIT5 Framework Compare With41 Studying
byssuser8325ba
 
PPTX
Cobit 2019 framework by ISACA
byMDFazlaRabbiAbir
 
PPTX
Introduction to COBIT 5 and IT management
byChristian F. Nissen
 
PPTX
COBIT
byERUMSULAYMAN1
 
PPT
Use COBIT for IT SAVINGS
bySanjiv Arora
 
PPTX
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
byaqel aqel
 
PDF
Cobit 5 Overview.pdfCobit 5 Overview.pdfCobit 5 Overview.pdf
bymacraaiclass
 
PDF
How to pass cobit exam
byEgyptian Engineers Association
 
PDF
COBIT®5 - Foundation
byMirosław Dąbrowski C-level IT manager, CEO, Agile, ICF Coach, Speaker
 
PPTX
Isaca presentation
bymangsur_ali
 
PPTX
Cobit 5 Business Framework -Governance and Management of Enterprise IT
byBalasubramanian.C PMP®,ITIL®,PRINCE2®,COBIT®5
 
PPT
02. cobit5 introduction
byMulyadi Yusuf
 
PDF
Cobit5 laminate
byclaudiocj7
 
PPTX
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
byssuserd1791e
 
PDF
Cobi t 4.1-brochure
byDeloitte
 
PPTX
information system and computers
by9535814851
 
Cobit 4.1 indri
bydwiza indri
 
Donna Febriani
byDonna Febriani
 
COBIT stands for (Control Objectives for Information and Related Technology
byMahmoudElmahdy23
 
Co5bit
byAnne Starr
 
COBIT5 Framework Compare With41 Studying
byssuser8325ba
 
Cobit 2019 framework by ISACA
byMDFazlaRabbiAbir
 
Introduction to COBIT 5 and IT management
byChristian F. Nissen
 
COBIT
byERUMSULAYMAN1
 
Use COBIT for IT SAVINGS
bySanjiv Arora
 
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
byaqel aqel
 
Cobit 5 Overview.pdfCobit 5 Overview.pdfCobit 5 Overview.pdf
bymacraaiclass
 
How to pass cobit exam
byEgyptian Engineers Association
 
COBIT®5 - Foundation
byMirosław Dąbrowski C-level IT manager, CEO, Agile, ICF Coach, Speaker
 
Isaca presentation
bymangsur_ali
 
Cobit 5 Business Framework -Governance and Management of Enterprise IT
byBalasubramanian.C PMP®,ITIL®,PRINCE2®,COBIT®5
 
02. cobit5 introduction
byMulyadi Yusuf
 
Cobit5 laminate
byclaudiocj7
 
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
byssuserd1791e
 
Cobi t 4.1-brochure
byDeloitte
 
information system and computers
by9535814851
 

Recently uploaded

PPTX
Campfens "The Data Qualify Challenge: Publishers, institutions, and funders r...
byNational Information Standards Organization (NISO)
 
PPTX
ICH Harmonization A Global Pathway to Unified Drug Regulation.pptx
byDr. Smita Kumbhar
 
PDF
Projecte de la porta de primer B: L'antic Egipte
byeduardrubio1
 
PPTX
How to Manage Reception Report in Odoo 18 Inventory
byCeline George
 
PPTX
How to Configure Push & Pull Rule in Odoo 18 Inventory
byCeline George
 
PPTX
Filipino 11-Tekstong Prosidyural-Final.pptx
byMargieBAlmoza
 
PPTX
How to Manage Line Discounts in Odoo 18 POS
byCeline George
 
PPTX
Pig- piggy bank in Big Data Analytics.ppt.pptx
byVarshini M
 
PPTX
How to use search_read method in Odoo 18
byCeline George
 
PPTX
How to Manage Package Reservation in Odoo 18 Inventory
byCeline George
 
PDF
1ST APPLICATION FOR ANNULMENT (4)8787666.pdf
bykonstantinantountoum1
 
PPTX
Pain. definition, causes, factor influencing pain & pain assessment.pptx
byPompi Begum
 
PDF
Unit-III pdf (Basic listening Skill, Effective Writing Communication & Writin...
bySayyadTarannum
 
PPTX
Vitamins and mineral deficiency , signs and symptoms associated with exercise
byvirupa chandrika reddy
 
PDF
Blood Group Incompatibility: Rh Factor and Erythroblastosis Fetalis
bySudhandraKarthi
 
PPTX
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
PDF
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
PDF
DHA/HAAD/MOH/DOH OPTOMETRY MCQ PYQ. .pdf
byAnmol Singh
 
PDF
All Students Workshop 25 Yoga Wellness by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
PPTX
ATTENTION -PART 2.pptx Shilpa Hotakar for I semester BSc students
bySHILPA HOTAKAR
 
Campfens "The Data Qualify Challenge: Publishers, institutions, and funders r...
byNational Information Standards Organization (NISO)
 
ICH Harmonization A Global Pathway to Unified Drug Regulation.pptx
byDr. Smita Kumbhar
 
Projecte de la porta de primer B: L'antic Egipte
byeduardrubio1
 
How to Manage Reception Report in Odoo 18 Inventory
byCeline George
 
How to Configure Push & Pull Rule in Odoo 18 Inventory
byCeline George
 
Filipino 11-Tekstong Prosidyural-Final.pptx
byMargieBAlmoza
 
How to Manage Line Discounts in Odoo 18 POS
byCeline George
 
Pig- piggy bank in Big Data Analytics.ppt.pptx
byVarshini M
 
How to use search_read method in Odoo 18
byCeline George
 
How to Manage Package Reservation in Odoo 18 Inventory
byCeline George
 
1ST APPLICATION FOR ANNULMENT (4)8787666.pdf
bykonstantinantountoum1
 
Pain. definition, causes, factor influencing pain & pain assessment.pptx
byPompi Begum
 
Unit-III pdf (Basic listening Skill, Effective Writing Communication & Writin...
bySayyadTarannum
 
Vitamins and mineral deficiency , signs and symptoms associated with exercise
byvirupa chandrika reddy
 
Blood Group Incompatibility: Rh Factor and Erythroblastosis Fetalis
bySudhandraKarthi
 
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
DHA/HAAD/MOH/DOH OPTOMETRY MCQ PYQ. .pdf
byAnmol Singh
 
All Students Workshop 25 Yoga Wellness by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
ATTENTION -PART 2.pptx Shilpa Hotakar for I semester BSc students
bySHILPA HOTAKAR
 

Cobit 4.1 ivo oktavianti

  • 1.
    Di Susun Oleh: Ivo Oktavianti 11353202788 SIF VII H Control & Audit Sistem Informasi Dosen Pembimbing : Muhammad jazzman, S. Kom., M.InfoSys COBIT 4.1
  • 2.
    DEFINITION CONTROL  Controlis one the managerial functions like planning, organizing, staffing and directing  Management is required by law to establish and maintain an adequate system of internal controls.
  • 3.
    DEFINITIONS AUDIT Audit isan objective examination and evaluation of the financial statements of an organization to make sure that the records are a fair and axxurate representation of the transactions they claim to represent. Audit information technology or IT (information technology) is also known as the audit or audit information system (information system audit) is the testing of the control activities of the infrastructure unit groups of a system / information technology. Internal Auditing is an indepent, objective, assurance and consulting activity design to add value and improve an organization’s operations.
  • 4.
    COBIT Cobit is aframeword for developing, implementing, monitoring and improving information technologi (IT) governance and management practices. The cobit frameword is published by the IT Governance institute and the information System Audit and Control Association (ISACA). Cobit is a good –practice framework created by international professional association ISACA for IT Management and IT Governance.
  • 5.
    What Is Cobit? Authoritative, Up-Date, International set of generally accepted IT control objectives and control practices for day-to-day use by business managers and auditor  Struktured and organized to provide a powerful control model
  • 6.
    TRANSITION MESSAGE  COBIT4.1, Val IT and Risk IT users who are already engaged in governance of enterprise IT (GEIT) implementation activities can transition to COBIT 5 and benefit from the latest and improved guidance that it provides during the next iterations of their enterprise’s improvement life cycle.  COBIT 5 builds on previous versions of COBIT (and Val IT and Risk IT) and so enterprises can also build on what they have developed using earlier versions
  • 7.
    COBIT 4.1 –IT Governance Framework  Internationally accepted good practices  Managemen-oriented  Supported by tools and training  Freely available  Sharing knowladge and leveraging expert volunteers  Continually Evoloving  Maintained by reputable not-for-profit organisations  Maps 100 percent to COSO  Maps Strongly to all major related standards
  • 8.
    COBIT SOURCES  ProfessionalStandars for Internal control and auditing (COSO, IFAC, AICPA, IIA,etc)  Technical Standards (ISO, EDIFACT,etc)  Codes of Conduct  Qualification Criteria for IT system and processes (ISO9000,ITSEC. TCSEC.etc)  Industry practices and requirements from  Industry forums (ESF,14)
  • 9.
    COBIT FRAMEWORK  Documentsrelationships among information criteria, IT resources, and IT Processes Link control objectives and control practices to business processes and business objectives  Assists in confirming that appropriate IT processes are in places  Facilitates evaluation and assurance methods.
  • 10.
    STAKEHOLDER VALUE ANDBUSINESS OBJECTIVES  Enterprises exist to create value for their stakeholders. Consequently, any enterprise— commercial or not—will have value creation as a governance objective.  Value creation means: Realising benefits at an optimal resource cost while optimising risk.
  • 11.
    Continue Principle 1. MeetingStakeholder Needs:  Stakeholder needs have to be transformed into an enterprise’s actionable strategy.  The COBIT 5 goals cascade translates stakeholder needs into specific, practical and customised goals within the context of the enterprise, IT-related goals and enabler goals.
  • 12.
    Cont...  Stakeholder needscan be related to a set of generic enterprise goals.  These enterprise goals have been developed using the Balanced Scorecard (BSC) dimensions. (Kaplan, Robert S.; Norton, David P.; The Balanced Scorecard: Translating Strategy into Action, Harvard University Press, USA, 1996)  The enterprise goals are a list of commonly used goals that an enterprise has defined for itself.  Although this list is not exhaustive, most enterprise-specific goals can be easily mapped onto one or more of the generic enterprise goals.
  • 13.
    Cont...  The goalscascade is not ‘new’ to COBIT.  It was introduced in COBIT 4.0 in 2005.  Those COBIT users who have applied the thinking to their enterprises have found value.  BUT not everyone has recognized this value.  The goals cascade supports the COBIT 5 stakeholder needs principle that is fundamental to COBIT and has therefore been made prominent early in the COBIT 5 guidance.  The goals cascade has been revisited and updated for the COBIT 5 release.
  • 14.
    Governance and ManagementDefined  Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed- on enterprise objectives to be achieved; setting direction through prioritisation and decision making; and monitoring performance and compliance against agreed- on direction and objectives (EDM).  Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM).
  • 15.
    AREAS OF CHANGE The following slides summarise the major changes in COBIT 5 content and how they may impact GEIT implementation/improvement:  New GEIT Principles  Increased Focus on Enablers  New Process Reference Model  New and Modified Processes  Practices and Activities  Goals and Metrics  Inputs and Outputs  RACI Charts  Process Capability Maturity Models and Assessments
  • 16.
    New GEIT Principles Val IT and Risk IT frameworks are principles-based.  Feedback indicated that principles are easy to understand and put into an enterprise context, allowing value to be derived from the supporting guidance more effectively.  ISO/IEC 38500 also incorporates principles to underpin its messages to achieve the same market benefit delivery, although the principles in this standard and COBIT 5 are not the same
  • 17.
    INCREASED FOCUS ONENABLERS COBIT 4.1 did not have enablers! Yes it did—they were not called enablers but they were there, explicitly or implicitly.
  • 18.
    Cont...  Information, infrastructure,applications (services) and people (people, skills and competencies) were COBIT 4.1 resources.  Principles, policies and frameworks were mentioned in a few COBIT 4.1 processes.  Processes were central to COBIT 4.1 use.  Organisational structure was implied through the responsible, accountable, consulted or informed (RACI) roles and their definitions.  Culture, ethics and behaviour were mentioned in a few COBIT 4.1 processes.
  • 19.
    New Process ReferenceModel  COBIT 5 is based on a revised process reference model with a new governance domain and several new and modified processes that now cover enterprise activities end-to-end, i.e., business and IT function areas.  COBIT 5 consolidates COBIT 4.1, Val IT and Risk IT into one framework, and has been updated to align with current best practices, e.g., ITIL V3 2011, TOGAF.  The new model can be used as a guide for adjusting as necessary the enterprise’s own process model (just like COBIT 4.1).
  • 20.
    Cont...  COBIT 5introduces five new governance processes that have leveraged and improved COBIT 4.1, Val IT and Risk IT governance approaches.  This guidance:  Helps enterprises to further refine and strengthen executive management-level GEIT practices and activities  Supports GEIT integration with existing enterprise governance practices and is aligned with ISO/IEC 38500
  • 21.
    NEW AND MODIFIEDPROCESSES COBIT 5 has clarified management level processes and integrated COBIT 4.1, Val IT and Risk IT content into one process reference model
  • 22.
    NEW AND MODIFIEDPROCESSES  COBIT 5 processes now cover end-to-end business and IT activities, i.e., a full enterprise-level view.  This provides for a more holistic and complete coverage of practices reflecting the pervasive enterprisewide nature of IT use.  It makes the involvement, responsibilities and accountabilities of business stakeholders in the use of IT more explicit and transparent
  • 23.
    INPUTS AND OUTPUTS COBIT 5 provides inputs and outputs for every management practice, whereas COBIT 4.1 only provided these at the process level.  This provides additional detailed guidance for designing processes to include essential work products and to assist with interprocess integration.
  • 24.
    Process Capability Modelsand Assessments  COBIT 5 discontinues the COBIT 4.1, Val IT and Risk IT CMM- based capability maturity modelling approach.  COBIT 5 will be supported by a new process capability assessment approach based on ISO/IEC 15504, and the COBIT Assessment Programme has already been established for COBIT 4.1 as an alternative to the CMM approach.  The COBIT 4.1, Val IT and Risk IT CMM-based approaches are not considered compatible with the ISO/IEC 15504 approach because the methods use different attributes and measurement scales.
  • 25.
    PROCESS CAPABILITY MODELSAND ASSESSMENTS  COBIT 4.1, Val IT and Risk IT users wishing to move to the new COBIT Assessment Programme approach will need to realign their previous ratings, adopt and learn the new method, and initiate a new set of assessments in order to gain the benefits of the new approach.  Although some of the information gathered from previous assessments may be reusable, care will be needed in migrating this information forward because there are significant differences in requireme
  • 26.
    Cont...  COBIT 4.1,Val IT and Risk IT users wishing to continue with the CMM-based approach, either as an interim or ongoing approach, can use the COBIT 5 guidance, but must use the COBIT 4.1 generic attribute table without the high-level maturity models.
  • 27.