This courseware was designed for the training entitled 'Governance and Management of Enterprise IT with COBIT 5 Framework' with the objective of understanding COBIT 5 Framework as well as achieving IT Governance effectiveness using the respective framework.
IT Governance – The missing compass in a technology changing worldPECB
The webinar covers:
• Overview of IT Governance
• Benefits of IT Governance
• IT Governance implementation : Approach and Methodology
• Key critical success factors
Presenter:
This webinar was presented by Mr. Oladapo Ogundeji, from Digital Jewels and PECB partner.
Link of the recorded session published on YouTube: https://youtu.be/Ux_Yk4JLy0M
IT Governance – The missing compass in a technology changing worldPECB
The webinar covers:
• Overview of IT Governance
• Benefits of IT Governance
• IT Governance implementation : Approach and Methodology
• Key critical success factors
Presenter:
This webinar was presented by Mr. Oladapo Ogundeji, from Digital Jewels and PECB partner.
Link of the recorded session published on YouTube: https://youtu.be/Ux_Yk4JLy0M
Governance of IT
COBIT Background
COBIT and Other frameworks
COBIT Principles
COBIT Goals
COBIT Objectives
COBIT Components
COBIT Design factors
COBIT Focus areas
COBIT Performance management
Designing and implementing a governance system
COBIT is a good-practice framework created by international professional association ISACA for information technology management and IT governance. COBIT provides an implementable "set of controls over information technology and organizes them around a logical framework of IT-related processes and enablers.”
You can find the full presentation at http://theProjectLeaders.org
Capability assessment of IT Governance using COBIT 4 Process Assessment Model (PAM). Presented for Information System Department, Universitas Bakrie - Indonesia
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITMark Constable
Frameworks assist enterprises in creating repeatable processes that can help in value creation, but sometimes it is difficult to thumb through a framework publication and completely understand how to use it. In this webinar we will explore ISACAs updated COBIT 2019 Framework and walk through examples on how to leverage its value. By using typical use cases, we will explore how to create a tailored governance framework for the governance and management of enterprise information and technology using COBIT 2019.
Learning Objectives:
- Understand the key elements of the COBIT 2019 framework and where to find them in the publications.
- Explore how to adopt a tailored enterprise governance framework for the governance and management of information and technology.
- Examine typical use cases that enterprises encounter when using the framework and walk through how to use COBIT 2019 to solve these.
High Level Agenda
- Framework introduction
- Governance and framework principles
- Governance systems and components
- Governance and management objectives
- Performance management
- Designing a tailored governance system through use cases
- Closing and questions
About the host: Mark is an internationally known Governance, Risk and Compliance expert specializing in information assurance, IT strategy and service management. With over 28 years of professional experience Mark has a wide array of industry experience including government, health care, finance and banking, manufacturing, and technology services. He has held roles spanning from CIO to IT consulting and is considered a thought leader in frameworks such as COBIT, NIST, ITIL and multiple ISO standards. Mark routinely speaks at US and international conferences and earned the ISACA John Kuyers award twice for Best Speaker/Conference contributor. Mark also holds the CGEIT and CRISC certifications.
Watch recording here: https://apmg-international.com/events/cobit-2019-use-cases-tailoring-governance-your-enterprise-it
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB
The webinar covers:
• Overview of description and principles of COBIT 5.0
• How COBIT is adopted by ISO/IEC 38500
• Complementary values that ISO 38500 and COBIT 5.0 bring to each other
• How companies can use this approach for maximum benefits
Presenter:
This webinar was presented by PECB Trainer Orlando Olumide Odejide, Chief Trainer for Training Heights Limited and an experienced Enterprise Architect.
Link of the recorded session published on YouTube: https://www.youtube.com/watch?v=lnrji3A6C0I
This presentation is intended to assist CIO's with setting up a formal IT Governance model for their college or university. There are two companion files also in Slideshare linked at the end of an IT Governance Committee Charter and an IT Project Governance Guideline.
IT Governance - Capability Assessment using COBIT 5Eryk Budi Pratama
(re-upload)
Capability assessment of IT Governance using COBIT 5 Process Assessment Model (PAM). Presented for Information System Department, Universitas Bakrie - Indonesia
This presentation explains COBIT (Control Objectives for Information and Related Technology) standard.
Courtesy:
http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
COBIT 5 IT Governance Model: an Introductionaqel aqel
This lecture provides quick and direct insight about Information technologies governance using COBIT 5 framework. COBIT 5 in its fifth edition released by information systems audit and control association (www.isaca.org) in 2012 to supersede the version 4.1 / 2007. It also included ISACA’s VAL-IT model that aimed to manage the financial perspective of IT as well as RISK-IT framework.
The lecture was part of ISACA- Riyadh chapter activities in April 2015 under the sponsorship of Al-Fisal University.
Governance of IT
COBIT Background
COBIT and Other frameworks
COBIT Principles
COBIT Goals
COBIT Objectives
COBIT Components
COBIT Design factors
COBIT Focus areas
COBIT Performance management
Designing and implementing a governance system
COBIT is a good-practice framework created by international professional association ISACA for information technology management and IT governance. COBIT provides an implementable "set of controls over information technology and organizes them around a logical framework of IT-related processes and enablers.”
You can find the full presentation at http://theProjectLeaders.org
Capability assessment of IT Governance using COBIT 4 Process Assessment Model (PAM). Presented for Information System Department, Universitas Bakrie - Indonesia
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITMark Constable
Frameworks assist enterprises in creating repeatable processes that can help in value creation, but sometimes it is difficult to thumb through a framework publication and completely understand how to use it. In this webinar we will explore ISACAs updated COBIT 2019 Framework and walk through examples on how to leverage its value. By using typical use cases, we will explore how to create a tailored governance framework for the governance and management of enterprise information and technology using COBIT 2019.
Learning Objectives:
- Understand the key elements of the COBIT 2019 framework and where to find them in the publications.
- Explore how to adopt a tailored enterprise governance framework for the governance and management of information and technology.
- Examine typical use cases that enterprises encounter when using the framework and walk through how to use COBIT 2019 to solve these.
High Level Agenda
- Framework introduction
- Governance and framework principles
- Governance systems and components
- Governance and management objectives
- Performance management
- Designing a tailored governance system through use cases
- Closing and questions
About the host: Mark is an internationally known Governance, Risk and Compliance expert specializing in information assurance, IT strategy and service management. With over 28 years of professional experience Mark has a wide array of industry experience including government, health care, finance and banking, manufacturing, and technology services. He has held roles spanning from CIO to IT consulting and is considered a thought leader in frameworks such as COBIT, NIST, ITIL and multiple ISO standards. Mark routinely speaks at US and international conferences and earned the ISACA John Kuyers award twice for Best Speaker/Conference contributor. Mark also holds the CGEIT and CRISC certifications.
Watch recording here: https://apmg-international.com/events/cobit-2019-use-cases-tailoring-governance-your-enterprise-it
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB
The webinar covers:
• Overview of description and principles of COBIT 5.0
• How COBIT is adopted by ISO/IEC 38500
• Complementary values that ISO 38500 and COBIT 5.0 bring to each other
• How companies can use this approach for maximum benefits
Presenter:
This webinar was presented by PECB Trainer Orlando Olumide Odejide, Chief Trainer for Training Heights Limited and an experienced Enterprise Architect.
Link of the recorded session published on YouTube: https://www.youtube.com/watch?v=lnrji3A6C0I
This presentation is intended to assist CIO's with setting up a formal IT Governance model for their college or university. There are two companion files also in Slideshare linked at the end of an IT Governance Committee Charter and an IT Project Governance Guideline.
IT Governance - Capability Assessment using COBIT 5Eryk Budi Pratama
(re-upload)
Capability assessment of IT Governance using COBIT 5 Process Assessment Model (PAM). Presented for Information System Department, Universitas Bakrie - Indonesia
This presentation explains COBIT (Control Objectives for Information and Related Technology) standard.
Courtesy:
http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
COBIT 5 IT Governance Model: an Introductionaqel aqel
This lecture provides quick and direct insight about Information technologies governance using COBIT 5 framework. COBIT 5 in its fifth edition released by information systems audit and control association (www.isaca.org) in 2012 to supersede the version 4.1 / 2007. It also included ISACA’s VAL-IT model that aimed to manage the financial perspective of IT as well as RISK-IT framework.
The lecture was part of ISACA- Riyadh chapter activities in April 2015 under the sponsorship of Al-Fisal University.
The slides are created for 'Management Information System' subject of SEIT under University of Pune, INDIA.
Subject Teacher: Mr. Tushar B Kute,
Sandip Institute of Technology and Research Centre, Nashik.
HD version: http://1drv.ms/1eR5OQf
This is my publication on how the integration of the TOGAF Enterprise Architecture framework, the SABSA Enterprise Security Architecture framework, and Information Governance discipline add up to a robust and successful Information Security Management Program.
Keller Graduate School of Management class - PM600 - this was the final presentation - created and presented by Scott Lang & Rajeshwer Subramanian
We were a 2 man team working over the length of the course creating and developing this project.
Hoping to show presentation skills and the understanding of the principles of project management
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
Cyber Security is one of the major challenges facing organisations within all industries. This presentation will examine the integration of an Enterprise Architecture approach with an Enterprise Security Architecture approach (TOGAF and SABSA) and propose a generic framework.
Download this presentation at http://opengroup.co.za/presentations
IT Governance & Leadership 17 - 20 November 2014 Dubai, UAE360 BSI
Information and related technology have become increasingly crucial in the sustainability, growth and management of value and risk in most enterprises. As a result, IT has moved from a support role to a central position within enterprises.
The enhanced role of IT for enterprise value creation and risk management has been accompanied by an increased emphasis on the Governance and Management of Enterprise IT (GEIT).
Enterprise stakeholders and the governing board wish to ensure that IT fulfills the goals of the enterprise. GEIT is an integral part of overall corporate governance.
GEIT addresses the definition and implementation of processes, structures and relational mechanisms within the enterprise that enable business and IT staff to
execute their responsibilities in support of creating or sustaining business value.
In this course you will learn and understand how to assess and evaluate an organization’s GEIT and make sure that IT is properly aligned with the business objectives.
COBIT 5 can help enterprises create optimal value from IT by maintaining a balance between realizing benefits, optimizing risk management and leveraging resources. The COBIT 5.0 addresses both business and IT functional areas and provides a governance, management and operational framework for enterprises of all sizes, whether commercial, not-for-profit or public sector.
Contact Kris at kris@360bsi.com to register.
High-performing organizations achieve results by utilizing portfolio management to select the right projects at the right time with the right resources based on a data-driven selection methodology. Portfolio management adds value to an organization’s bottom line by optimizing the organization’s capacity and capabilities to meet the demands of an ever changing market and technology trends. It does this by providing insight and global visibility of the organizations approved set of strategic criteria against a backdrop of organizational constraints. This presentation provides a few of the value creation processes that implementing a best in class portfolio management solution can provide to your organization.
To learn more: http://developingaculturethatworks.com/
Proposal of a Framework of Lean Governance and Management of Enterprise ITMehran Misaghi
Technology and Information are vital to the success of companies.
To leverage the successes in IT projects, companies have at their
disposal, references globally accepted as good practices (COBIT,
ITIL, PMBOK, ISO, TOGAF, etc.). In spite of this, it is still great
the magnitude of spending on IT projects poorly designed or
improperly implemented. This paper presents a brief description
of standards and good practices related to governance and
management of enterprise IT, defines the Lean Thinking, Lean IT, the Processes Management, the Portfolio, Program and Project
Management, and the Work System Theory, and highlights the
purpose of them, showing their characteristics and suggests a
Framework of Lean Governance and Management of Enterprise
IT, by demonstrating how the standards and good practices
presented can work together, because it advocates that the Lean
Thinking, the Process, Portfolio, Program, and Project
Management, and the Work System Theory complement the
standards and good practices of Governance and Management of
Enterprise IT with an approach not referenced in these standards
and good practic
Frameworks to drive value from your investment in Information TechnologyJohn Halliday
This PDF presentation aims to assist the C-Suite (CEO, CIO, CRO, CSO), Board Members and Audit and Risk Committees to be aware of good IT governance frameworks and references and thereby have Value conversations with IT professionals (and assist IT professionals to drive, and prepare for these conversations). It will cover a wide range of frameworks and references. Enjoy!
Insights and guidance on IT governance strategy, risk management and implementation of resources through interactive sessions and mini-case studies.
Establish an IT Governance Framework
Ensure that enterprise’s IT investment is in line with
its strategic objectives.
Learn to manage enterprise risk
Discuss how to manage resources , budget utilization
and resource allocation
Identify how to manage performance, return on investments and avoidance of idle investments .
Discussing how to deal with frauds occurred in e-banking channels by implementing end-to-end controls (deterrent, preventive, detective, responsive, corrective and recovery), the line of defences as well as deploying numerous anti-fraud strategies.
Utilizing Internet for Fraud Examination and InvestigationGoutama Bachtiar
1st Session titled Redefining Fraud, Examination, Investigation and Cyber Crime delivered for Indonesia's Risk Management Certification Agency named Badan Sertifikasi Manajemen Resiko (BSMR).
The seminar itself titled 'Preventing Fraud within E-Channels in Banking Sector'.
Valuing Information Management and IT ArchitectureGoutama Bachtiar
Delivered in guest lecture session for International Business Accounting Program, Faculty of Business and Management, Petra Christian University, Surabaya, East Java, Indonesia.
Riding and Capitalizing the Next Wave of Information TechnologyGoutama Bachtiar
Delivered in guest lecture session for International Business Accounting Program, Faculty of Business and Management, Petra Christian University, Surabaya, East Java, Indonesia.
The Team Member and Guest Experience - Lead and Take Care of your restaurant team. They are the people closest to and delivering Hospitality to your paying Guests!
Make the call, and we can assist you.
408-784-7371
Foodservice Consulting + Design
Oprah Winfrey: A Leader in Media, Philanthropy, and Empowerment | CIO Women M...CIOWomenMagazine
This person is none other than Oprah Winfrey, a highly influential figure whose impact extends beyond television. This article will delve into the remarkable life and lasting legacy of Oprah. Her story serves as a reminder of the importance of perseverance, compassion, and firm determination.
Modern Database Management 12th Global Edition by Hoffer solution manual.docxssuserf63bd7
https://qidiantiku.com/solution-manual-for-modern-database-management-12th-global-edition-by-hoffer.shtml
name:Solution manual for Modern Database Management 12th Global Edition by Hoffer
Edition:12th Global Edition
author:by Hoffer
ISBN:ISBN 10: 0133544613 / ISBN 13: 9780133544619
type:solution manual
format:word/zip
All chapter include
Focusing on what leading database practitioners say are the most important aspects to database development, Modern Database Management presents sound pedagogy, and topics that are critical for the practical success of database professionals. The 12th Edition further facilitates learning with illustrations that clarify important concepts and new media resources that make some of the more challenging material more engaging. Also included are general updates and expanded material in the areas undergoing rapid change due to improved managerial practices, database design tools and methodologies, and database technology.
Artificial intelligence (AI) offers new opportunities to radically reinvent the way we do business. This study explores how CEOs and top decision makers around the world are responding to the transformative potential of AI.
Governance and Management of Enterprise IT with COBIT 5 Framework
1. March 2014Governance and Management of Enterprise IT with COBIT 5
Governance and Management of
Enterprise IT with COBIT 5 Framework
Goutama Bachtiar
IT Advisor, Auditor and Consultant
v2.2 as of March 2014
2. March 2014Governance and Management of Enterprise IT with COBIT 5
Profile of Training Lead
Advisor at six companies.
ISACA International Chapter Subject Matter
Expert.
ISACA International Chapter Journal Reviewer.
ISACA International Chapter Certification
Exam and QAE Developer.
Reviewer Panel at two international journals.
Have audited and consulted 30+ companies.
Have written 300+ manuscripts, articles and
pieces in IT space.
2
3. March 2014Governance and Management of Enterprise IT with COBIT 5
Importance of Information
Information is a key resource for all
enterprises.
Information is
created, used, retained, disclosed and
destroyed.
Technology plays a key role in these actions.
Technology is becoming pervasive in all
aspects of business and personal life.
What benefits do information and
technology bring to enterprises?
3
4. March 2014Governance and Management of Enterprise IT with COBIT 5
WhyDoes IT Need a Control
Framework?
Any of these conditions sound familiar?
Increasing pressure to leverage technology in business
strategies
Growing complexity of IT environments
Fragmented IT infrastructures
Communication gap between business and IT
managers
IT service levels that are disappointing from internal IT
functions and from increasingly outsourced IT
providers
IT costs perceived to be out of control
Marginal ROI/productivity gains on technology
investments
Impaired organizational flexibility and nimbleness to
change
4
5. March 2014Governance and Management of Enterprise IT with COBIT 5
Increasing dependence on information and systems
delivering this information
Increasing vulnerabilities and a wide spectrum of threats
Scale and cost of current and future investments in
information and information systems
Need for complying with regulations
Potential for technologies to dramatically change
organizations and business practices, create new
opportunities and reduce costs
Recognition by many organizations of potential benefits
technology can yield
Successful organizations understand and
manage risks associated with implementing
new technologies
WhyDoes IT Need a Control
Framework? (cont’d)
5
6. March 2014Governance and Management of Enterprise IT with COBIT 5
IT provides value
Cost, time and functionality are as expected
IT does not provide surprises
Risks are mitigated
IT pushes the envelope
New opportunities and innovations for
process, product and services
To ensure that
Management needs to get IT under control.
WhyDoes IT Need a Control
Framework? (cont’d)
6
7. March 2014Governance and Management of Enterprise IT with COBIT 5
Board and Executive
•To ensure management follows and
implements the strategic direction for
IT
Management
•To make IT investment decisions
•To balance risk and control investment
•To benchmark existing and future IT
environment
Who Needs a Control
Framework?
7
8. March 2014Governance and Management of Enterprise IT with COBIT 5
Users
• To obtain assurance on security and control
of products and services they acquire
internally or externally
Auditors
• To substantiate opinions to management on
internal controls
• To advise on what minimum controls are
necessary
Who Needs a Control
Framework? (cont’d)
8
9. March 2014Governance and Management of Enterprise IT with COBIT 5
Increase acceptance and reduce time to implement IT
governance
A guide for formal audits and reviews
Use results of audits to plan improvements
Achieving primary goals for IT governance: transform
organizational practices and pursue improved processes
A credible source for management's decision on controls
Impresses and helps IT operations managers with its ability to
assist in understanding what auditors want
For business to communicate requirements and concerns
Reference to ensure identification of all major risk areas
Improves communications and relations with IT management
Why and How COBIT is Used? 9
10. March 2014Governance and Management of Enterprise IT with COBIT 5
To improve audit approach/programmes
To support audit work with detailed audit
guidelines
To provide guidance for IT governance
As a valuable benchmark for IS/IT control
To improve IS/IT controls
To standardise audit approach/programmes
Why and How COBIT is Used?
(cont’d)
10
11. March 2014Governance and Management of Enterprise IT with COBIT 5
Enterprise Benefits
Enterprises and their executives strive to:
Maintain quality information to support business
decisions.
Generate business value from IT-enabled
investments, i.e., achieve strategic goals and
realise business benefits through effective and
innovative use of IT.
Achieve operational excellence through reliable and
efficient application of technology.
Maintain IT-related risk at an acceptable level.
Optimise the cost of IT services and technology.
How can these benefits be realized to create
enterprise stakeholder value?
11
12. March 2014Governance and Management of Enterprise IT with COBIT 5
Stakeholder Value
Delivering enterprise stakeholder value requires
good governance and management of
information and technology (IT) assets.
Enterprise boards, executives and management
have to embrace IT like any other significant part
of the business.
External legal, regulatory and contractual
compliance requirements related to enterprise
use of information and technology are
increasing, threatening value if breached.
12
13. March 2014Governance and Management of Enterprise IT with COBIT 5
COBIT 5 provides a
comprehensive framework
that assists enterprises
to achieve their goals and
deliver value through
effective governance and
management of enterprise
IT.
13
14. March 2014Governance and Management of Enterprise IT with COBIT 5
►Has internationally accepted good practices
►Is management-oriented and supported by tools and training
►Is freely downloadable and continually evolves
►Allows the knowledge of expert volunteers to be shared and
leveraged
►Is maintained by a reputable not-for-profit organization
►Fully maps to COSO and all major, related standards
►Is a reference, not an ‘off-the-shelf’ cure
Enterprises still need to analyze control requirements and customize
COBIT based on:
►Value drivers
►Risk profile
►IT infrastructure, organization and project portfolio
COBIT: Value and Limitations 14
15. March 2014Governance and Management of Enterprise IT with COBIT 5
An organization depends on reliable and timely data and
information. COBIT components provide a comprehensive
framework for delivering value while managing risk and
control over data and information.
Business Strategy
Information
Criteria
IT Resources
IT Processes
COBIT Components 15
16. March 2014Governance and Management of Enterprise IT with COBIT 5
►Aligned with other standards and good practices and
should be used together with them.
►COBIT’s framework and supporting best practices
provide a well-managed and flexible IT environment in
an organization.
►Provides a control environment that is responsive to
business needs and serves management and audit
functions in terms of their control responsibilities.
►Provides tools to manage IT activities.
COBIT Advantages 16
17. March 2014Governance and Management of Enterprise IT with COBIT 5
►Focuses on improving IT governance in organizations.
►Provides a framework to manage and control IT activities and
supports five requirements for a control framework.
Has general
acceptability
amongst
organizations
Helps meet
regulatory
requirements
Control
Framework
Defines a
common
language
Provides
sharper
business
Ensures
process
orientation
focus
COBIT and IT Governance 17
18. March 2014Governance and Management of Enterprise IT with COBIT 5
Business Focus
►Achieves sharper business
focus by aligning IT with
business objectives.
►Measurement of IT
performance focus on IT’s
contribution to enabling and
extending the business
strategy.
►Ensuring the primary focus
is value delivery and not
technical excellence as an
end in itself.
Has general
acceptability
amongst
organizations
Defines a
common
language
Ensures
process
orientation
Helps meet
regulatory
requirements
Provides
sharper
business
Control
Framework
focus
COBIT and IT Governance (cont’d)18
19. March 2014Governance and Management of Enterprise IT with COBIT 5
Process Orientation
►When organizations
implement COBIT, their
focus is more process-
oriented.
►Incidents and problems no
longer divert attention from
processes.
►Exceptions can be clearly
defined as part of standard
processes.
►With process ownership
defined, assigned and
accepted, better to maintain
control through periods of
rapid change or
organizationalcrisis.
Has general
acceptability
amongst
organizations
Defines a
common
language
Helps meet
regulatory
requirements
Provides
sharper
business
Ensures
process
orientation
Control
Framework
focus
COBIT and IT Governance (cont’d)19
20. March 2014Governance and Management of Enterprise IT with COBIT 5
General Acceptability
►A proven and globally
accepted standard for
increasing contribution of
IT to organizational
success.
►It continues to improve
and develop to keep pace
with good practices.
►IT professionals from all
over the world contribute
their ideas and time to
regular review meetings.
Has general
acceptability
amongst
organisations
Defines a
common
language
Helps meet
regulatory
requirements
Provides
sharper
business
Ensures
process
orientation
Control
Framework
focus
COBIT and IT Governance (cont’d)20
21. March 2014Governance and Management of Enterprise IT with COBIT 5
Regulatory Requirements
►Recent corporate scandals
have increased regulatory
pressures on boards of
directors to report their
status and ensure that
internal controls are
appropriate.
►Organizations constantly
need to improve IT
performance and
demonstrate adequate
controls over their IT
activities.
►De facto response to
regulatory IT requirements.
Has general
acceptability
amongst
organizations
Defines a
common
language
Provides
sharper
business
Ensures
process
orientation
Helps meet
regulatory
requirements
Control
Framework
focus
COBIT and IT Governance (cont’d)21
22. March 2014Governance and Management of Enterprise IT with COBIT 5
Common Language
►Everybody on the same
page by defining critical
terms and providing a
glossary.
►Co-ordination within
and across project
teams and
organizations can play
a key role in the
success of any project.
►Common language
helps build confidence
and trust.
Has general
acceptability
amongst
organisations
Provides
sharper
business
Ensures
process
orientation
Defines a
common
language
Helps meet
regulatory
requirements
Control
Framework
focus
COBIT and IT Governance (cont’d)22
Has general
acceptability
amongst
organizations
Defines a
common
language
Provides
sharper
business
Ensures
process
orientation
Helps meet
regulatory
requirements
Control
Framework
23. March 2014Governance and Management of Enterprise IT with COBIT 5
It is based on premise that IT needs to deliver
information that an enterprise requires to achieve its
objectives.
i
IT Resources
and Processes
Information
Business
Processes
Business
Objectives
provide
to
for
achieving
It helps align IT with the business by focusing on business
information requirements and organizing IT resources. COBIT
provides the framework and guidance to implement IT
governance.
COBIT: Premise 23
24. March 2014Governance and Management of Enterprise IT with COBIT 5
Link management’s IT expectations with management’s IT
responsibilities
The objective is to facilitate IT governance to deliver IT value whilst
managing IT risks.
Business Strategy
Information
Criteria
IT Resources
IT Processes
COBIT: Principle 24
25. March 2014Governance and Management of Enterprise IT with COBIT 5
As a control and governance framework for IT, it focuses on two key areas:
► Providing info required to support business objectives and requirements
► Treating info as the result of combined application of IT-related resources
needed to be managed by IT processes
Processes
Activities
Domains
IT Processes
Effectiveness
Efficiency
Confidentiality
Integrity
Availability
Compliance
Reliability
IT Resources
Applications
Information
Infrastructure
People
IT Process
Business Requirement
Control Approach
Consideration
• ……………………………
• ……………………………
• ……………………..……..
Information Criteria
COBIT: Premise 25
26. March 2014Governance and Management of Enterprise IT with COBIT 5
It describes how IT processes deliver information the
business needs to achieve its objectives.
For controlling this delivery, COBIT provides three key
components, each forming a dimension of the COBIT cube.
Business Requirements for Information Criteria
IT Resources
IT Processes
COBIT: Cube 26
27. March 2014Governance and Management of Enterprise IT with COBIT 5
► COBIT describes the IT life cycle with the help of four domains:
Plan and Organize
Acquire and Implement
Deliver and Support
Monitor and Evaluate
► Processes are series of activities with natural control breaks.
► 34 processes across the four domains specifying what business needs
to achieve its objectives.
► Activities are actions that are required to achieve measurable results.
Moreover, activities have life cycles and include many discrete tasks.
Processes
Activities
Domains IT Resources
Information Criteria
IT Processes
COBIT Cube: IT Processes 27
28. March 2014Governance and Management of Enterprise IT with COBIT 5
Plan and Organize (PO)
► Objectives
Formulating strategy and tactics
Identifying how IT can best contribute to achieving business objectives
Planning, communicating and managing the realization of the strategic vision
Implementing organizational and technological infrastructure
► Scope
Are IT and the business strategically aligned?
Is the enterprise achieving optimum use of its resources?
Does everyone in the organization understand the IT objectives?
Are IT risks understood and being managed?
Is the quality of IT systems appropriate for business needs?
IT and Business
COBIT Cube: IT Domains 28
29. March 2014Governance and Management of Enterprise IT with COBIT 5
Have a look at COBIT process model
PO1 Define a strategic IT plan.
PO2 Define the information architecture.
PO3 Determine technological direction.
PO4 Define the IT processes, organisation
and relationships.
PO5 Manage the IT investment.
PO6 Communicate management aims and
direction.
PO7 Manage IT human resources.
PO8 Manage quality.
PO9 Assess and manage IT risks.
PO10 Manage projects.
Plan and Organise
Plan and
Organize
Deliver and
Support
Acquire and
Implement
Monitor and
Evaluate
IT Processes
COBIT Cube: IT Domains (cont’d)29
30. March 2014Governance and Management of Enterprise IT with COBIT 5
Acquire and Implement (AI)
► Objectives:
Identifying, developing, acquiring, implementing and integrating IT
solutions
Changes in and maintenance of existing systems
► Scope:
Are new projects likely to deliver solutions that meet business needs?
Are new projects likely to be delivered on time and within budget?
Will the new systems work properly when implemented?
Will changes be made without upsetting current business operations?
New Projects Organization
?
COBIT Cube: IT Domains (cont’d)30
31. March 2014Governance and Management of Enterprise IT with COBIT 5
Plan and
Organize
Deliver and
Support
Acquire and
Implement
Monitor and
Evaluate
IT Processes
AI1 Identify automated solutions.
AI2 Acquire and maintain application
software.
AI3 Acquire and maintain technology
infrastructure.
AI4 Enable operation and use.
AI5 Procure IT resources.
AI6 Manage changes.
AI7 Install and accredit solutions and
changes.
Acquire and Implement
COBIT Cube: IT Domains (cont’d)31
32. March 2014Governance and Management of Enterprise IT with COBIT 5
Deliver and Support (DS)
►Objectives:
The actual delivery of required services, including service delivery
The management of security, continuity, data and operational
facilities
Service support for users
►Scope:
Are IT services being delivered in line with business priorities?
Are IT costs optimized?
Is the workforce able to use IT systems productively and safely?
Are adequate confidentiality, integrity and availability in place?
IT Services Business Priorities
COBIT Cube: IT Domains (cont’d)32
33. March 2014Governance and Management of Enterprise IT with COBIT 5
DS1 Define and manage service levels.
DS2 Manage third-party services.
DS3 Manage performance and capacity.
DS4 Ensure continuous service.
DS5 Ensure systems security.
DS6 Identify and allocate costs.
DS7 Educate and train users.
DS8 Manage service desk and incidents.
DS9 Manage the configuration.
DS10 Manage problems.
DS11 Manage data.
DS12 Manage the physical environment.
DS13 Manage operations.
Deliver and Support
Plan and
Organise
Deliver and
Support
Acquire
and
Implement
Monitor
and
Evaluate
IT Processes
COBIT Cube: IT Domains (cont’d)33
34. March 2014Governance and Management of Enterprise IT with COBIT 5
Monitor and Evaluate (ME)
►Objectives:
Performance management
Monitoring of internal control
Regulatory compliance
Governance
►Scope:
Is IT’s performance measured to detect problems before too late?
Does management ensure internal controls are effective and
efficient?
Can IT performance be linked to business goals?
Are risk, control, compliance and performance measured and
reported?
IT Performance
COBIT Cube: IT Domains (cont’d)34
35. March 2014Governance and Management of Enterprise IT with COBIT 5
ME1 Monitor and evaluate IT
performance.
ME2 Monitor and evaluate internal
control.
ME3 Ensure compliance with
external requirements.
ME4 Provide IT governance.
Monitor and Evaluate
Plan and
Organize
Deliver
and
Support
Acquire
and
Implement
Monitor
and
Evaluate
IT Processes
COBIT Cube: IT Domains (cont’d)35
36. March 2014Governance and Management of Enterprise IT with COBIT 5
►To satisfy business objectives, information needs to
conform to specific control criteria, which COBIT refers to as
business requirements for information.
►Broadly, information criteria are based on the following
requirements:
Quality
Fiduciary
Security
Fiduciary Requirements
Security Requirements
Quality Requirements
Information Criteria
IT Resources
IT Processes
COBIT Cube: Information Criteria 36
37. March 2014Governance and Management of Enterprise IT with COBIT 5
Effectiveness
Deals with information being relevant and pertinent to the
business process as well as being delivered in a
timely, correct, consistent and usable manner
Efficiency
Concerns the provision of information through the
optimal (most productive and economical) use of
resources
Confidentiality Concerns the protection of sensitive
information from unauthorised disclosure
Integrity
Relates to the accuracy and completeness of
information as well as to its validity in accordance
with business values and expectations
Availability
Relates to information being available when required by the
business process now and in the future. It also concerns the
safeguarding of necessary resources and associated capabilities.
Compliance
Deals with complying with those laws, regulations and contractual arrangements
to which the business process is subject, i.e., externally imposed business
criteria as well as internal policies
Reliability Relates to the provision of appropriate information for management to operate the
entity and to exercise its fiduciary and governance responsibilities
Fiduciary Requirement
Security Requirements
Quality Requirements
Information Criteria
IT Resources
IT Processes
COBIT Cube: Information Criteria (cont’d) 37
38. March 2014Governance and Management of Enterprise IT with COBIT 5
► IT processes manage IT resources to generate, deliver and store the information that the
organization needs to achieve its objectives.
► The IT resources identified in COBIT are defined as:
Applications are automated user systems and manual procedures that process
information.
Information is data that are input, processed and output by information systems, in
whatever form used by the business.
Infrastructure includes the technology and facilities, such as hardware, operating
systems and networking, that enable the processing of applications.
People are the personnel required to
plan, organize, acquire, implement, deliver, support, monitor and evaluate information
systems and services. They may be internal, outsourced or contracted, as required.
Applications
Information
Infrastructure
People
IT
Resources
Information Criteria
IT Processes
COBIT Cube: IT Resources 38
39. March 2014Governance and Management of Enterprise IT with COBIT 5
IT resources are managed by IT processes to
achieve IT goals that respond to the business
requirements
COBIT 5 Cube
40. March 2014Governance and Management of Enterprise IT with COBIT 5
Interrelationships with COBIT Components
40
43. March 2014Governance and Management of Enterprise IT with COBIT 5
Governance and Management
Governance ensures that enterprise objectives are
achieved by:
Evaluating stakeholder needs, conditions and
options
Setting direction through prioritisation and decision
making
Monitoring performance, compliance and progress
against agreed-on direction and objectives (EDM)
Managementplans, builds, runs and monitors
activities in alignment with the direction set by the
governance body to achieve the enterprise objectives
(PBRM)
43
44. March 2014Governance and Management of Enterprise IT with COBIT 5
In Short…
It brings together the five principles that
allow the enterprise to build an effective
governance and management framework
Based on a holistic set of seven enablers
that optimises information and technology
investment and use for the benefit of
stakeholders
44
46. March 2014Governance and Management of Enterprise IT with COBIT 5
Governance of Enterprise IT
COBIT 5
IT Governance
COBIT4.0/4.1
Management
COBIT3
Control
COBIT2
Audit
COBIT1
COBIT 5: Complete Business
Framework
2005/720001998
Evolutionofscope
1996 2012
Val IT 2.0
(2008)
Risk IT
(2009)
46
48. March 2014Governance and Management of Enterprise IT with COBIT 5
Five COBIT 5 Principles
1. Meeting Stakeholder Needs
2. Covering the Enterprise End-to-end
3. Applying a Single Integrated
Framework
4. Enabling a Holistic Approach
5. Separating Governance From
Management
48
49. March 2014Governance and Management of Enterprise IT with COBIT 5
Meeting Stakeholder Needs
Enterprises exist to create value for their
stakeholders
49
50. March 2014Governance and Management of Enterprise IT with COBIT 5
Meeting Stakeholder Needs
Enterprises have many stakeholders, and ‘creating
value’ means different—and sometimes conflicting—
things to each of them.
Governance is about negotiating and deciding
amongst different stakeholders’ value interests.
The governance system should consider all
stakeholders when making benefit, resource and risk
assessment decisions.
For each decision, the following can and should be
asked:
-Who receives the benefits?
-Who bears the risk?
-What resources are required?
50
51. March 2014Governance and Management of Enterprise IT with COBIT 5
Meeting Stakeholder Needs
Stakeholder needs have
to be transformed into
an enterprise’s practical
strategy.
The COBIT 5 goals
cascade translates
stakeholder needs into
specific, practical and
customised goals within
the context of the
enterprise, IT-related
goals and enabler goals.
51
52. March 2014Governance and Management of Enterprise IT with COBIT 5
Meeting Stakeholder Needs(cont.)
Benefits of the COBIT 5 goals cascade:
It allows the definition of priorities for
implementation, improvement and assurance of
enterprise governance of IT based on enterprise
strategic objectives and related risk
In practice, the goals cascade:
Defines relevant and tangible goals and objectives
at various levels of responsibility
Filters the knowledge base of COBIT 5, based on
enterprise goals to extract relevant guidance for
inclusion in specific implementation, improvement
or assurance projects
Clearly identifies and communicates how
(sometimes very operational) enablers are
important to achieve enterprise goals
52
53. March 2014Governance and Management of Enterprise IT with COBIT 5
Covering the Enterprise End-to-end
It addresses the governance and management of
information and related technology from an enterprise
wide, end-to-end perspective
It means:
Integrates governance of enterprise IT into
enterprise governance, i.e., the governance system
for enterprise IT proposed by COBIT 5 integrates
seamlessly in any governance system because
COBIT 5 aligns with the latest views on governance
Covers all functions and processes within the
enterprise; COBIT 5 does not focus only on the
‘IT function’, but treats information and related
technologies as assets that need to be dealt with
just like any other asset by everyone in the
enterprise
53
54. March 2014Governance and Management of Enterprise IT with COBIT 5
Covering the Enterprise End-to-end
54
55. March 2014Governance and Management of Enterprise IT with COBIT 5
Applying a Single Integrated Framework
It aligns with the latest relevant other standards
and frameworks:
Enterprise: COSO, COSO ERM, ISO/IEC
9000, ISO/IEC 31000
IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000
series, TOGAF, PMBOK/PRINCE2, CMMI
Use it as the overarching governance and
management framework integrator
ISACA plans a capability to facilitate COBIT user
mapping of practices and activities to third-party
references
55
56. March 2014Governance and Management of Enterprise IT with COBIT 5
Enabling a Holistic Approach
COBIT 5 enablers are:
Factors that, individually and
collectively, influence whether something will
work—in the case of COBIT, governance and
management over enterprise IT
Driven by the goals cascade, i.e., higher-level
IT-related goals define what the different
enablers should achieve
Described by COBIT 5 framework in seven
categories
56
57. March 2014Governance and Management of Enterprise IT with COBIT 5
Enabling a Holistic Approach (cont’d) 57
58. March 2014Governance and Management of Enterprise IT with COBIT 5
1. Processes—Describe an organised set of practices and activities to
achieve certain objectives and produce a set of outputs in support of
achieving overall IT-related goals
2. Organisational structures—Are the key decision-making entities in an
organisation
3. Culture, ethics and behaviour—Of individuals and of the organisation;
very often underestimated as a success factor in governance and
management activities
4. Principles, policies and frameworks—Are the vehicles to translate the
desired behaviour into practical guidance for day-to-day management
5. Information—Is pervasive throughout any organisation, i.e., deals with
all information produced and used by the enterprise. Information is
required for keeping the organisation running and well governed, but at
the operational level, information is very often the key product of the
enterprise itself.
6. Services, infrastructure and applications—Include the infrastructure,
technology and applications that provide the enterprise with information
technology processing and services
7. People, skills and competencies—Are linked to people and are
required for successful completion of all activities and for making correct
decisions and taking corrective actions
58
Enabling a Holistic Approach (cont’d)
59. March 2014Governance and Management of Enterprise IT with COBIT 5
Systemic governance and management through
interconnected enablers—To achieve the main objectives of the
enterprise, it must always consider an interconnected set of
enablers, i.e., each enabler:
Needs the input of other enablers to be fully
effective, e.g., processes need
information, organisational structures need skills
and behaviour
Delivers output to the benefit of other
enablers, e.g., processes deliver
information, skills and behaviour make
processes efficient
This is a KEY principle emerging from the ISACA development
work around the Business Model for Information Security (BMIS).
59
Enabling a Holistic Approach (cont’d)
61. March 2014Governance and Management of Enterprise IT with COBIT 5
Separating Governance From Management
These two disciplines:
Encompass different types of activities
Require different organisational structures
Serve different purposes
Governance—In most
enterprises, governance is the responsibility of
the board of directors under the leadership of
the chairperson.
Management—In most
enterprises, management is the responsibility
of the executive management under the
leadership of the CEO.
61
62. March 2014Governance and Management of Enterprise IT with COBIT 5
Separating Governance From Management 62
• Governance ensures that stakeholders needs,
conditions and options are evaluated to determine
balanced, agreed-on enterprise objectives to be
achieved; setting direction through prioritisation
and decision making; and monitoring
performance and compliance against agreed-on
direction and objectives (EDM)
• Management plans, builds, runs and monitors
activities in alignment with the direction set by the
governance body to achieve the enterprise
objectives (PBRM)
64. March 2014Governance and Management of Enterprise IT with COBIT 5
Separating Governance From Management
COBIT 5 framework describes seven categories of
enablers(Principle #4).
An enterprise can organise its processes as it sees
fit, as long as all necessary governance and
management objectives are covered
Smaller enterprises may have fewer processes
while larger and more complex enterprises may
have many processes, all to cover the same
objectives.
COBIT 5 includes a process reference model
(PRM), which defines and describes in detail a
number of governance and management
processes.
64
65. March 2014Governance and Management of Enterprise IT with COBIT 5
The Need for IT Governance
65
Organizations require a structured approach for
managing these and other challenges
This will ensure that there are agreed objectives for
IT, good management controls in place and effective
monitoring of performance to keep on track and avoid
unexpected outcomes
Keeping
IT Running
Security
Value/Cost
Managing
Complexity
Aligning
IT with
Business
Regulatory
Compliance
66. March 2014Governance and Management of Enterprise IT with COBIT 5
Enterprise governance is a set
of responsibilities and
practices exercised by the
board and executive
management with the goal
of:
• Providing strategic direction
• Ensuring that objectives are
achieved
• Ascertaining that risks are
managed appropriately
• Verifying that the enterprise’s
resources are used
responsibly
RESOURCE
MANAGEMENT
www.itgi.orgwww.itgi.org
The Need for IT Governance (cont’d)
66
67. March 2014Governance and Management of Enterprise IT with COBIT 5
Enterprise governance is about:
Conformance
• Adhering to legislation, internal
policies, audit
requirements, etc.
Performance
• Improving
profitability, efficiency, effective
ness, growth, etc.
Enterprise governance and IT governance require a balance between
conformance and performance goals directed by the board.
Performance
Conformance
Enterprise Governance Drives IT
Governance
67
68. March 2014Governance and Management of Enterprise IT with COBIT 5
Value delivery
Focuses on ensuring the linkage of business and IT plans;
on defining, maintaining and validating the IT value
proposition; and on aligning IT operations with enterprise
operations
Is about executing the value proposition throughout the delivery
cycle, ensuring that IT delivers the promised benefits against the
strategy, concentrating on optimising costs and proving the
intrinsic value of IT
Is about the optimal investment in, and the proper
management of, critical IT resources: applications,
information, infrastructure and people. Key issues relate to
the optimisation of knowledge and infrastructure.
Requires risk awareness by senior corporate officers, a clear
understanding of the enterprise’s appetite for risk,
understanding of compliance requirements, transparency
about the significant risks to the enterprise, and embedding
of risk management responsibilities in the organisation
Tracks and monitors strategy implementation, project
completion, resource usage, process performance and
service delivery, using, for example, balanced scorecards
that translate strategy into action to achieve goals
measurable beyond conventional accounting
Performance
measurement
Risk management
Resource
management
Strategic
alignment
IT Governance Focus Areas
68
69. March 2014Governance and Management of Enterprise IT with COBIT 5
Making IT Governance Work
Make IT governance a workable solution—able to deal
with the challenges and pitfalls presented by IT.
Focus as much on improving performance and enabling
competitive advantage as preventing problems.
Make IT governance a shared responsibility between the
business (customer) and the IT service provider, with the
full commitment and direction of the board.
Align IT governance within a wider enterprise governance
scheme.
Boards and executive management need to extend
enterprise governance to include IT, provide the necessary
leadership and organisational structures, and insist on
well-managed and properly controlled processes.
69
70. March 2014Governance and Management of Enterprise IT with COBIT 5
Business Management
Set direction for IT, monitor results and
insist on corrective measures
Defines business requirements for IT and
ensures that value is delivered and risks are
managed
Delivers and improves IT services
as required by the business
Provides independent assurance to
demonstrate that IT delivers what is
needed
Measures compliance with policies
and focuses on alerts to new risks
Risk and Compliance
IT Audit
IT Management
Board and Executive
IT Governance Stakeholders
70
71. March 2014Governance and Management of Enterprise IT with COBIT 5
COBIT:
Starts from business requirements
Is process-oriented, organizing IT activities into
a generally accepted process model
Identifies the major IT resources to be
leveraged
Defines the management control objectives to
be considered
Incorporates major international standards
Has become the de facto standard for overall
control of IT
Bridge the gaps between business risks, control needs and
technical issues. It provides good practices across a domain
and process framework and presents activities in a
manageable and logical structure.
IT resources need to be managed by a set of naturally
grouped processes. COBIT provides a framework that
achieves this objective.
Framework for IT Governance 71
72. March 2014Governance and Management of Enterprise IT with COBIT 5
COBIT Help Implementing Effective IT
Governance
It brings following advantages to an IT governance
implementation effort:
Enables mapping of IT goals to business goals and vice versa
Better alignment, based on a business focus
A view of what IT does that is understandable to management
Clear ownership and responsibilities based on process
orientation
General acceptability with third parties and regulators
Shared understanding amongst all stakeholders, based on a
common language
Fulfilment of the COSO requirements for the IT control
environment
73. March 2014Governance and Management of Enterprise IT with COBIT 5
We will consider and use a variety of IT models, standards
and best practices. These must be understood in order to
consider how they can be used together, with COBIT acting
as the consolidator (‘umbrella’).
COBIT
ISO 9000
ISO 17799
ITIL
COSO
WHAT HOW
SCOPE OF COVERAGE
COBIT and Other IT Management Frameworks
73
74. March 2014Governance and Management of Enterprise IT with COBIT 5
PERFORMANCE:
Business Goals
CONFORMANCE
Basel II, SOX, etc.
Enterprise Governance
IT Governance
ISO
9001:2000
ISO
17799
ISO
20000
Best Practice Standards
QA
Procedures
Processes and Procedures
Drivers
COBIT
COSO
Security
Principles
ITIL
Balanced
Scorecard
Where Does COBIT Fit?
74
75. March 2014Governance and Management of Enterprise IT with COBIT 5
Governance, Risk and Compliance
An increasingly used ‘umbrella term’
that covers these three areas of
enterprise activities.
These areas of activity are
progressively being more aligned and
integrated to improve enterprise
performance and delivery of
stakeholder needs.
75
76. March 2014Governance and Management of Enterprise IT with COBIT 5
GRC Definitions
Governance—Exercise of authority; control;
government; arrangement.
Risk (management )—Hazard; danger; peril;
exposure to loss, injury, or destruction (The act or art
of managing; the manner of
treating, directing, carrying on, or using, for a
purpose; conduct; administration; guidance; control)
Compliance—The act of complying; a yielding;
as to a desire, demand, or proposal; concession;
submission
Webster’s Online Dictionary
76
77. March 2014Governance and Management of Enterprise IT with COBIT 5
Types of Governance
Different types of governance exist:
Corporate governance
Project governance
Information technology governance
Environmental governance
Economic and financial governance
Each type has one or more sources of
guidance, each with similar goals but
often varying terms and techniques for
their achievement.
77
78. March 2014Governance and Management of Enterprise IT with COBIT 5
Implementing Governance
Integration of GRC activities
implementation within an enterprise
requires a systemic approach for
reliably achieving the business goals
of its stakeholders.
Such approaches are typically based
on enablers of various types i.e.
principles, policies, frameworks, organi
zational structures.
78
79. March 2014Governance and Management of Enterprise IT with COBIT 5
A GRC Model Example
From OCEG Red Book GRC Capability
Model version 2.1.
79
80. March 2014Governance and Management of Enterprise IT with COBIT 5
Corporate Governance of IT
ISO/IEC 38500: 2008 on Corporate governance of
information technology
1.1 Scope
It provides guiding principles for directors of organizations
(including owners, board
members, directors, partners, senior executives, or similar)
on the effective, efficient, and acceptable use of Information
Technology (IT) within their organizations.
It applies to the governance of management processes
(and decisions) relating to the information and
communication services used by an organization
These processes could be controlled by IT specialists
within the organization or external service providers, or by
business units within the organization.
80
81. March 2014Governance and Management of Enterprise IT with COBIT 5
Corporate Governance of IT (cont’d)
ISO/IEC 38500: 2008
Corporate governance of information technology
2.1 Principles
2.1.1 Principle 1: Responsibility
2.1.2 Principle 2: Strategy
2.1.3 Principle 3: Acquisition
2.1.4 Principle 4: Performance
2.1.5 Principle 5: Conformance
2.1.6 Principle 6: Human Behavior
81
82. March 2014Governance and Management of Enterprise IT with COBIT 5
Corporate Governance of IT (cont’d)
ISO/IEC 38500: 2008
Corporate governance of information technology
2.2 Model
Directors should govern IT through three main
tasks:
a) Evaluate the current and future use of IT.
b) Direct preparation and implementation of plans
and policies to ensure that use of IT meets business
objectives.
c) Monitor conformance to policies, and
performance against the plans.
82
84. March 2014Governance and Management of Enterprise IT with COBIT 5
Governance in COBIT 5
Governance ensures that enterprise objectives are
achieved by evaluating stakeholder needs, conditions
and options; setting direction through prioritisation and
decision making; and monitoring
performance, compliance and progress against agreed
direction and objectives(EDM).
Managementplans, builds, runs and monitors
activities in alignment with the direction set by the
governance body to achieve the enterprise objectives
(PBRM).
84
85. March 2014Governance and Management of Enterprise IT with COBIT 5
Governance in COBIT 5 (cont’d)
• The COBIT 5 process reference model subdivides the
IT-related practices and activities of the enterprise into
two main areas—governance and management—with
management further divided into domains of processes
• The GOVERNANCE domain contains five governance
processes; within each process, evaluate, direct and
monitor (EDM) practices are defined.
•01 Ensure governance framework setting and maintenance.
•02 Ensure benefits delivery.
•03 Ensure risk optimization.
•04 Ensure resource optimization.
•05 Ensure stakeholder transparency.
85
86. March 2014Governance and Management of Enterprise IT with COBIT 5
Governance in COBIT 5 (cont’d) 86
87. March 2014Governance and Management of Enterprise IT with COBIT 5
Risk Management in COBIT 5
• GOVERNANCE domain contains five governance
processes, one of which focuses on stakeholder risk-
related objectives: EDM03 Ensure risk optimization.
• Process Description
Ensurethe enterprise’s risk appetite and toleranceare
understood, articulated and communicated. Risk to
enterprise value related to use of IT is identified and
managed.
• Process Purpose Statement
EnsureIT-related enterprise risk doesn’t exceed risk
appetite and risk tolerance. Impact of IT risk to
enterprise value is identified and managed. The
potential for compliance failures is minimized.
87
88. March 2014Governance and Management of Enterprise IT with COBIT 5
Risk Management in COBIT 5 (cont’d)
• MANAGEMENT Align, Plan and Organise domain
contains a risk-related process: APO12 Manage
risk.
• Process Description
Continually identify, assess and reduce IT-related
risk within levels of tolerance set by enterprise
executive management.
• Process Purpose Statement
Integrate management of IT-relatedenterprise
risk with overall ERM, and balance costs and
benefits of managing IT-related enterprise risk.
88
89. March 2014Governance and Management of Enterprise IT with COBIT 5
Risk Management in COBIT 5 (cont’d)89
90. March 2014Governance and Management of Enterprise IT with COBIT 5
Risk Management in COBIT 5 (cont’d)
• All enterprise activities have associated risk exposures
resulting from environmental threats that exploit enabler
vulnerabilities
• EDM03 Ensure risk optimization
Ensuresenterprise stakeholders approach torisk is
articulated to direct how risks facing enterprise will
be treated.
• APO12 Manage risk
ProvidesERM arrangements to ensure stakeholder
direction is followed by the enterprise.
• All other processes include practices and activities
that are designed to treat related risk (avoid,
reduce/mitigate/control, share/transfer/accept).
90
91. March 2014Governance and Management of Enterprise IT with COBIT 5
Risk Management in COBIT 5 (cont’d)
COBIT 5 suggests accountabilities, and responsibilities for
enterprise roles and governance/management structures
(RACI charts) for each process. These include risk-
related roles.
91
92. March 2014Governance and Management of Enterprise IT with COBIT 5
Compliance in COBIT 5
• The MANAGEMENT Monitor, Evaluate and Assess
domain contains a compliance focused process:
MEA03 Monitor, evaluate and assess compliance
with external requirements.
• Process Description
Evaluate that IT processes and IT-supported business
processes are compliant with laws, regulations and
contractual requirements. Obtain assurance that the
requirements have been identified and complied with,
and integrate IT compliance with overall enterprise
compliance.
• Process Purpose Statement
Ensure that the enterprise is compliant with all
applicable external requirements.
92
94. March 2014Governance and Management of Enterprise IT with COBIT 5
Compliance in COBIT 5 (cont’d)
• Legal and regulatory compliance is a key part of
the effective governance of an enterprise, hence
its inclusion in the GRC term and in the COBIT 5
Enterprise Goals and supporting enabler process
structure (MEA03).
• In addition to MEA03, all enterprise activities
include control activities that are designed to
ensure compliance not only with externally
imposed legislative or regulatory requirements
but also with enterprise governance-determined
principles, policies and procedures.
94
95. March 2014Governance and Management of Enterprise IT with COBIT 5
Compliance in COBIT 5 (cont’d)
COBIT 5 suggests accountabilities, and responsibilities for
enterprise roles and governance/management structures
(RACI charts) for each process. These include a
compliance-related role.
95
96. March 2014Governance and Management of Enterprise IT with COBIT 5
Summary
• COBIT 5 framework includes necessary guidance to
support enterprise GRC objectives and supporting
activities:
• Governance activities related to GEIT (5
processes)
• Risk management process—and supporting
guidance for risk management across the GEIT
space
• Compliance—a specific focus on compliance
activities within the framework and how they fit
within the complete enterprise picture
• Inclusion of GRC arrangements within the business
framework for GEIT helps enterprises to avoid the
main issue with GRC arrangements—silos of activity!
96
98. March 2014Governance and Management of Enterprise IT with COBIT 5
COBIT 5 Implementation 98
• The improvement of GEIT is widely recognised by top
management as an essential part of enterprise
governance.
• Information and pervasiveness of IT are increasingly
part of every aspect of business and public life.
• The need to drive more value from IT investments
and manage an increasing array of IT-related risk has
never been greater.
• Increasing regulation and legislation over business
use of information is also driving heightened
awareness of the importance of a well-governed and
managed IT environment.
99. March 2014Governance and Management of Enterprise IT with COBIT 5
COBIT 5 Implementation (cont’d)
99
• ISACA has developed the COBIT 5 framework to
help enterprises implement sound governance
enablers.
• Indeed, implementing good GEIT is almost
impossible without engaging an effective
governance framework. Best practices and
standards are also available to underpin COBIT 5.
• Frameworks, best practices and standards are
useful only if they are adopted and adapted
effectively.
• There are challenges that need to be overcome and
issues that need to be addressed if GEIT is to be
implemented successfully.
100. March 2014Governance and Management of Enterprise IT with COBIT 5
COBIT 5 Implementation (cont’d)
100
It covers the following subjects:
• Positioning GEIT within an enterprise
• Taking the first steps towards improving GEIT
• Implementation challenges and success factors
• Enabling GEIT-related organisational and
behavioural change
• Implementing continual improvement that
includes change enablement and programme
management
• Using COBIT 5 and its components
101. March 2014Governance and Management of Enterprise IT with COBIT 5
COBIT 5 Implementation (cont’d)
101
102. March 2014Governance and Management of Enterprise IT with COBIT 5
COBIT 5
Future Supporting Products
104. March 2014Governance and Management of Enterprise IT with COBIT 5
COBIT 5 Future Supporting Products
104
• Professional Guides
• COBIT 5 for Information Security
• COBIT 5 for Assurance
• COBIT 5 for Risk
• Enabler Guides
• COBIT 5: Enabling Information
• COBIT Online Replacement
• COBIT Assessment Programme
• Process Assessment Model (PAM): Using COBIT 5
• Assessor Guide: Using COBIT 5
• Self-assessment Guide: Using COBIT 5