COBIT 5 Basic Concepts

CODBIT 5 Presentation Summary
of the full presentation that can be found at
http://theProjectLeaders.org
Spyros Ktenas | http://open-works.org/?e=spyros-ktenas
Use of content from “COBIT 5®, A Business Framework for the
Governance and Management of Enterprise IT”, An ISACA®
Framework.
1

Spyros Ktenas - http://open-works.org/profiles/spyros-ktenas
CONTENTS
Introduction
History
Drivers for the Development of COBIT
Benefits
Format
Principles
Enablers
Implementation
Process Capability Model
2
COBITBasicConcepts

CONTROL OBJECTIVES FOR INFORMATION AND RELATED
TECHNOLOGY (COBIT)
 Information is the key element of the 21st century
 It has a lifecycle (created, used, retained, disclosed and
destroyed).
 Technology is used in all lifecycle stages
 Quality of information -> Quality of Decisions
 COBIT is a good-practice framework created by
international professional association ISACA for
information technology management and IT
governance. COBIT provides an implementable "set of
controls over information technology and organizes
them around a logical framework of IT-related processes
and enablers.”
3

DRIVERS FOR THE DEVELOPMENT OF COBIT
 More stakeholders around IT
 Increased dependency on third party suppliers
 Ever-increasing volume of information
 IT is an integral part of the business
 A need for an end-to-end management and governance
framework
 Provide further guidance in the area of innovation and
emerging technologies
 Better control over user-based IT solutions
 Alignment with other guidance and integration of ISACA
(coming from Information Systems Audit and Control
Association) frameworks
4

COBIT 5 BENEFITS
 Provides a comprehensive framework that assists
enterprises in achieving their objectives for the
governance and management of enterprise IT
 Holistic, integrated and complete view of enterprise
governance and management of IT
 Creates common language between IT and business
 It is consistent with generally accepted corporate
governance standards – so helps to meet regulatory
requirements.
5

COBIT 5 PRINCIPLES
1. Meeting stakeholder needs
2. Covering enterprise end-to-end
3. Applying a single Integrated Framework
4. Enabling a holistic approach
5. Separating Governance from Management
6

GOALS CASCADE
 Goals Cascade
Is the mechanism to translate stakeholder needs in to specific, actionable and customized goals
(Enterprise, IT-related, Enabler goals)
Stakeholder Drivers (Environment, Technology…)
Step1
Stakeholder Needs (Benefits Realization, Risk Optimization, Resource Optimization)
Cascade to Stakeholder needs and enterprise goals
Step 2
Enterprise goals (COBIT 5 Enterprise goals table)
Cascade to Detailed mapping: Enterprise Goals to IT related goals (COBIT provides scorecards and
mapping tables)
Step 3
IT related goals (COBIT 5 IT related goals table)
Cascade to Detailed mapping: IT related goals to IT related processes (COBIT provides scorecards
and mapping tables)
Step 4
Enabler Goals (Process, organization structures, information) (COBIT provides scorecards and
mapping tables) 7

PRINCIPLE 1: MEETING STAKEHOLDER NEEDS
 Enterprise Goals
8

PRINCIPLE 1: MEETING STAKEHOLDER NEEDS
 IT Related Goals
9

PRINCIPLE 2: COVERING ENTERPRISE END TO END
10
• Governance Enablers
Governance enablers are the organisational resources for governance, such as frameworks,
principles, structures, processes and practices, through or towards which action is directed and
objectives can be attained
• Governance Scope
Governance can be applied to the entire enterprise, an entity, a tangible or intangible asset, etc.
That is, it is possible to define different views of the enterprise to which governance is applied,
and it is essential to define this scope of the governance system well. The scope of COBIT 5 is the
enterprise—but in essence COBIT 5 can deal with any of the different views.
• Roles, Activities and Relationships
A last element is governance roles, activities and relationships. It defines who is involved in
governance, how they are involved, what they do and how they interact, within the scope of any
governance system.

PRINCIPLE 3: APPLYING A SINGLE INTEGRATED NETWORK
11
 There are many IT-related standards and good practices, each providing
guidance on a subset of IT activities. COBIT 5 aligns with other relevant
standards and frameworks at a high level, and thus can serve as the
overarching framework for governance and management of enterprise IT
 ISACA Frameworks that map to COBIT 5
CBIT 4.1 (Control Objectives)
Val IT (Key Managements Practices)
Risk IT (Management Practices)
COBIT sits on top of other frameworks like ITIL (Service Management), PRINCE
2 (Project Management) etc.

PRINCIPLE 4: ENABLING A HOLISTIC APPROACH
12
 Efficient and effective governance and management of enterprise IT
require a holistic approach, taking into account several interacting
components
 COBIT 5 Defines a set of enables to support the implementation of a
comprehensive governance and management system for enterprise IT
 Emphasizing the importance of the whole and the interdependence of its
parts.
 7 Enterprise Enabler Categories
Enablers are factors that, individually and collectively, influence whether something will work—in this case, governance and
management over enterprise IT
1. Principles, Policies and Frameworks
2. Processes
3. Organisational Structures
4. Culture, Ethics and Behavior
5. Information (resources)
6. Services Infrastructures and Applications(resources)
7. People Skills and Competencies (resources)

PRINCIPLE 4: ENABLING A HOLISTIC APPROACH
13
 Life cycle—Each enabler has a life cycle, from inception through an
operational/useful life until disposal. This applies to information,
structures, processes, policies, etc. The phases of the life cycle consist of:
– Plan (includes concepts development and concepts selection)
– Design
– Build/acquire/create/implement
– Use/operate
– Evaluate/monitor
– Update/dispose
 Good practices—For each of the enablers, good practices can be defined.
Good practices support the achievement of the enabler goals. COBIT 5
provides examples of good practices for some enablers provided by COBIT
5 (e.g., processes). For other enablers, guidance from other standards,
frameworks, etc., can be used.

PRINCIPLE 5: SEPARATING GOVERNANCE FROM
MANAGEMENT
14
 Governance ensures that stakeholder needs, conditions and options are
evaluated to determine balanced, agreed-on enterprise objectives to be
achieved; setting direction through prioritisation and decision making;
and monitoring performance and compliance against agreed-on direction
and objectives.
In most enterprises, overall governance is the responsibility of the board of
directors under the leadership of the chairperson. Specific governance
responsibilities may be delegated to special organisational structures at an
appropriate level, particularly in larger, complex enterprises
 Management plans, builds, runs and monitors activities in alignment
with the direction set by the governance body to achieve the enterprise
objectives.
In most enterprises, management is the responsibility of the executive
management under the leadership of the chief executive officer (CEO).

MANAGEMENT #2
15
 Clear distention between Governance and Management
 Governance - Leadership, sets the directions and monitors against the
direction
 Management - Deliver and achieve the governance objectives
 Interactions
 Governance: Direct, Evaluate, Monitor
 Management: Plan (APO), Build(BAI), Run (DSS), Monitor (MEA)
 Align, Plan and Organize (APO)
 Build, Acquire and Implement (BAI)
 Deliver, Service and Support (DSS)
 Monitor, Evaluate and Assess (MEA)
Together, these five principles enable the enterprise to build an effective
governance and management framework that optimises information and
technology investment and use for the benefit of stakeholders.

MANAGEMENT #3
16
 37 Governance and Management Processes
Process Reference Model

COBIT 5 IMPLEMENTATION
17
 The Enterprise Context
Understand both enterprise internal and external factors as they apply to
change management
Ethics and culture
Applicable laws, regulations and policies
Mission, vision and values
Governance policies and practices
Business plans and strategic intentions
Operating model
Management style
Risk appetite
Capabilities and available resources
Industry practices

18
 Success Factors
 Top management providing the direction and mandate for the
initiative, as well as visible ongoing commitment and support
 All parties supporting the governance and management processes to
understand the business and IT objectives
 Ensuring effective communication and enablement of the necessary
changes
 Tailoring COBIT and other supporting good practices and standards to
fit the unique context of the enterprise
 Focussing on quick wins and prioritising the most beneficial
improvements that are easiest to implement

19
 Implementation Lifecycle
Programme Management
Quality, time, cost
Change Enablement
Addressing the behavioral and cultural aspects
Continual Improvement Life Cycle
To identify that this is not a one-off project.

COBIT 5 PROCESS CAPABILITY MODEL
20
 Based on ISO/IEC 15504- Identifies process assessment
as an activity performed either as part of a process
improvement initiative or as part of a capability
determination approach.
 The purpose of process capability determination is to
identify the strengths, weaknesses and risks of selected
processes.
 A capability is carried out at process level, whereas a
maturity assessment is carried out at organizational
level.

21
 6 Capability levels
 Level 0: Incomplete process (not implemented or fails to archive
its purpose)
 Level 1: Performed process (achieves its process purpose)
 Level 2: Managed process (implemented in a managed fashion,
planned, monitored and adjusted. Its products are appropriately
established controlled and maintained)
 Level 3: Established process (implemented using defined
process)
 Level 4: Predictable process (the process operated within
defined limits to achieve its outcomes)
 Level 5: Optimising process (the process is continuously
improved to meet relevant current and predicted business
goals)

22
 9 Process Attributes
 Level 1: Performed process
PA.1.1 Process Performance Attribute (is a measure of the extent to which the
process purpose is achieved (only relevant to Level 1)
 Level 2 Managed
PA.2.1 Performance Management Attribute
PA.2.2 Work Management Attribute
 Level 3 Established
PA.3.1 Definition Attribute
PA.3.2 Deployment Attribute
 Level 4 Predictable
PA.4.1 Process Measurement Attribute
PA.4.2 Process Control Attribute
 Level 5 Optimizing
PA.5.1 Innovation Attribute
PA.5.2 Optimisation Attribute

COBIT 5 OVERVIEW/SUMMARY
Full presentation Available at http://theProjectLeaders.org
23
5 Principles
1. Meeting stakeholder needs
2. Covering enterprise end-to-
end
3. Applying a single Integrated
Framework
4. Enabling a holistic approach
5. Separating Governance from
Management
Goals Cascade (COBIT 5 provides detailed mapping tables)
Stakeholder Drivers -> Stakeholder Needs ->Enterprise Goals -> IT Related Goals -> Enabler Goals
Covering the Enterprise End-to-end
Owners and Stakeholders Delegate <->AccountableGoverning Body Set Direction <->MonitorManagement Instruct and Align <->Report Operations and Execution
7 Enabler categories
1. Principles, Policies and Frameworks
2. Processes
3. Organisational Structures
4. Culture, Ethics and Behavior
5. Information (resources)
6. Services Infrastructures and
Applications(resources)
7. People Skills and Competencies (resources)
Governance and Management Processes (37 in total)
Governance—five processes; evaluate, direct and monitor
Management—four domains; plan, build, run and monitor
Domains:
Align, Plan and Organise (APO) – Build, Acquire and Implement (BAI) –
Deliver, Service and Support (DSS) – Monitor, Evaluate and Assess (MEA)
Implementation life cycle components
1. Core continual improvement life cycle
2. Enablement of change
3. Management of the programme
7 phases for every component
Process Capability Model
Level 0: Incomplete process
Level 1: Performed process
Level 2: Managed process
Level 3: Established process
Level 4: Predictable process
Level 5: Optimising process
“COBIT 5®, A Business Framework for the Governance and Management of Enterprise IT”, An ISACA® Framework.

THANK YOU!
24
CODBIT Presentation Summary
This was a summary of the full presentation that can be found
at http://theProjectLeaders.org

COBIT 5 Basic Concepts

More Related Content

What's hot

Similar to COBIT 5 Basic Concepts

More from Spyros Ktenas

Recently uploaded

In this document

COBIT 5 Basic Concepts