This lecture provides quick and direct insight about Information technologies governance using COBIT 5 framework. COBIT 5 in its fifth edition released by information systems audit and control association (www.isaca.org) in 2012 to supersede the version 4.1 / 2007. It also included ISACA’s VAL-IT model that aimed to manage the financial perspective of IT as well as RISK-IT framework.
The lecture was part of ISACA- Riyadh chapter activities in April 2015 under the sponsorship of Al-Fisal University.
Capability assessment of IT Governance using COBIT 4 Process Assessment Model (PAM). Presented for Information System Department, Universitas Bakrie - Indonesia
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITMark Constable
Frameworks assist enterprises in creating repeatable processes that can help in value creation, but sometimes it is difficult to thumb through a framework publication and completely understand how to use it. In this webinar we will explore ISACAs updated COBIT 2019 Framework and walk through examples on how to leverage its value. By using typical use cases, we will explore how to create a tailored governance framework for the governance and management of enterprise information and technology using COBIT 2019.
Learning Objectives:
- Understand the key elements of the COBIT 2019 framework and where to find them in the publications.
- Explore how to adopt a tailored enterprise governance framework for the governance and management of information and technology.
- Examine typical use cases that enterprises encounter when using the framework and walk through how to use COBIT 2019 to solve these.
High Level Agenda
- Framework introduction
- Governance and framework principles
- Governance systems and components
- Governance and management objectives
- Performance management
- Designing a tailored governance system through use cases
- Closing and questions
About the host: Mark is an internationally known Governance, Risk and Compliance expert specializing in information assurance, IT strategy and service management. With over 28 years of professional experience Mark has a wide array of industry experience including government, health care, finance and banking, manufacturing, and technology services. He has held roles spanning from CIO to IT consulting and is considered a thought leader in frameworks such as COBIT, NIST, ITIL and multiple ISO standards. Mark routinely speaks at US and international conferences and earned the ISACA John Kuyers award twice for Best Speaker/Conference contributor. Mark also holds the CGEIT and CRISC certifications.
Watch recording here: https://apmg-international.com/events/cobit-2019-use-cases-tailoring-governance-your-enterprise-it
IT Governance or Corporate governance of information technology is a subset discipline of corporate
governance, focused on information and technology (IT) and its performance and risk management.
The interest in IT Governance is due to the ongoing need within organizations to focus value creation efforts
on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders.
Governance of IT
COBIT Background
COBIT and Other frameworks
COBIT Principles
COBIT Goals
COBIT Objectives
COBIT Components
COBIT Design factors
COBIT Focus areas
COBIT Performance management
Designing and implementing a governance system
Capability assessment of IT Governance using COBIT 4 Process Assessment Model (PAM). Presented for Information System Department, Universitas Bakrie - Indonesia
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITMark Constable
Frameworks assist enterprises in creating repeatable processes that can help in value creation, but sometimes it is difficult to thumb through a framework publication and completely understand how to use it. In this webinar we will explore ISACAs updated COBIT 2019 Framework and walk through examples on how to leverage its value. By using typical use cases, we will explore how to create a tailored governance framework for the governance and management of enterprise information and technology using COBIT 2019.
Learning Objectives:
- Understand the key elements of the COBIT 2019 framework and where to find them in the publications.
- Explore how to adopt a tailored enterprise governance framework for the governance and management of information and technology.
- Examine typical use cases that enterprises encounter when using the framework and walk through how to use COBIT 2019 to solve these.
High Level Agenda
- Framework introduction
- Governance and framework principles
- Governance systems and components
- Governance and management objectives
- Performance management
- Designing a tailored governance system through use cases
- Closing and questions
About the host: Mark is an internationally known Governance, Risk and Compliance expert specializing in information assurance, IT strategy and service management. With over 28 years of professional experience Mark has a wide array of industry experience including government, health care, finance and banking, manufacturing, and technology services. He has held roles spanning from CIO to IT consulting and is considered a thought leader in frameworks such as COBIT, NIST, ITIL and multiple ISO standards. Mark routinely speaks at US and international conferences and earned the ISACA John Kuyers award twice for Best Speaker/Conference contributor. Mark also holds the CGEIT and CRISC certifications.
Watch recording here: https://apmg-international.com/events/cobit-2019-use-cases-tailoring-governance-your-enterprise-it
IT Governance or Corporate governance of information technology is a subset discipline of corporate
governance, focused on information and technology (IT) and its performance and risk management.
The interest in IT Governance is due to the ongoing need within organizations to focus value creation efforts
on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders.
Governance of IT
COBIT Background
COBIT and Other frameworks
COBIT Principles
COBIT Goals
COBIT Objectives
COBIT Components
COBIT Design factors
COBIT Focus areas
COBIT Performance management
Designing and implementing a governance system
This is a summary of Control Objectives for Information and related Technology audit framework. Anyone can understand COBIT-19 framework within few slides. COBIT was published by ITGI, a nonprofit research entity created by ISACA
IT Governance - Capability Assessment using COBIT 5Eryk Budi Pratama
(re-upload)
Capability assessment of IT Governance using COBIT 5 Process Assessment Model (PAM). Presented for Information System Department, Universitas Bakrie - Indonesia
IT Governance – The missing compass in a technology changing worldPECB
The webinar covers:
• Overview of IT Governance
• Benefits of IT Governance
• IT Governance implementation : Approach and Methodology
• Key critical success factors
Presenter:
This webinar was presented by Mr. Oladapo Ogundeji, from Digital Jewels and PECB partner.
Link of the recorded session published on YouTube: https://youtu.be/Ux_Yk4JLy0M
COBIT is a good-practice framework created by international professional association ISACA for information technology management and IT governance. COBIT provides an implementable "set of controls over information technology and organizes them around a logical framework of IT-related processes and enablers.”
You can find the full presentation at http://theProjectLeaders.org
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
This courseware was designed for the training entitled 'Governance and Management of Enterprise IT with COBIT 5 Framework' with the objective of understanding COBIT 5 Framework as well as achieving IT Governance effectiveness using the respective framework.
This presentation is intended to assist CIO's with setting up a formal IT Governance model for their college or university. There are two companion files also in Slideshare linked at the end of an IT Governance Committee Charter and an IT Project Governance Guideline.
COBIT 5 - Principal 3 Applying A Single Integrated FrameworkMohammad Reda Katby
COBIT 5 is a single and integrated framework because: It aligns with other latest relevant standards and frameworks, and thus allows the enterprise to use COBIT 5 as the
overarching governance and management framework integrator
This is a summary of Control Objectives for Information and related Technology audit framework. Anyone can understand COBIT-19 framework within few slides. COBIT was published by ITGI, a nonprofit research entity created by ISACA
IT Governance - Capability Assessment using COBIT 5Eryk Budi Pratama
(re-upload)
Capability assessment of IT Governance using COBIT 5 Process Assessment Model (PAM). Presented for Information System Department, Universitas Bakrie - Indonesia
IT Governance – The missing compass in a technology changing worldPECB
The webinar covers:
• Overview of IT Governance
• Benefits of IT Governance
• IT Governance implementation : Approach and Methodology
• Key critical success factors
Presenter:
This webinar was presented by Mr. Oladapo Ogundeji, from Digital Jewels and PECB partner.
Link of the recorded session published on YouTube: https://youtu.be/Ux_Yk4JLy0M
COBIT is a good-practice framework created by international professional association ISACA for information technology management and IT governance. COBIT provides an implementable "set of controls over information technology and organizes them around a logical framework of IT-related processes and enablers.”
You can find the full presentation at http://theProjectLeaders.org
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
This courseware was designed for the training entitled 'Governance and Management of Enterprise IT with COBIT 5 Framework' with the objective of understanding COBIT 5 Framework as well as achieving IT Governance effectiveness using the respective framework.
This presentation is intended to assist CIO's with setting up a formal IT Governance model for their college or university. There are two companion files also in Slideshare linked at the end of an IT Governance Committee Charter and an IT Project Governance Guideline.
COBIT 5 - Principal 3 Applying A Single Integrated FrameworkMohammad Reda Katby
COBIT 5 is a single and integrated framework because: It aligns with other latest relevant standards and frameworks, and thus allows the enterprise to use COBIT 5 as the
overarching governance and management framework integrator
Webinar: Roadmap to Implementing Managed ServicesKSM Consulting
This slide deck walks you through how to find and select the right managed service provider for your organization.
From stability and security of your IT environment to the elimination of day-to-day IT challenges bogging internal IT teams to a renewed focus on strategic initiatives, companies are turning to managed IT services for business growth.
If you find yourself evaluating MSPs, possibly even your current provider, this slide deck will provide direction on how to establish a long-term, high-value relationship with the right partner.
In this slide deck, you will learn:
• Evaluation criteria for selecting your managed service provider
• The right questions to ask to uncover a managed service provider that will fulfill your unique needs
• Tips on building a long-term relationship
Supporting material for my Webinar to the ACS - June2017Daljit Banger
The attached slide deck was used to Support a webinar for the Australian Computer Society (Queensland) on June 1st 2017.
Some previously used slides with modified content and some additional slides to support the webinar theme
Full Webinar Video can be seen at https://youtu.be/_41-izCm5rw
The slides are created for 'Management Information System' subject of SEIT under University of Pune, INDIA.
Subject Teacher: Mr. Tushar B Kute,
Sandip Institute of Technology and Research Centre, Nashik.
[WSO2Con EU 2017] Digital Architecture: A Reference Architecture for a Digita...WSO2
Enterprise architects, CTOs, and Chief Digital Officers (CDOs) are struggling to identify the correct digital architecture for their enterprise. In this slide deck, Asanka explores the business architecture as well as the technical architecture of an enterprise and the connection between them. He will share his experience to help you institute your digital architecture and build adaptive digital products and services for your consumers.
Enterprise Architecture Workshop London - July 17th 2017Daljit Banger
Slides from The BCS EA Conference in London on the 17th July - Focus was on the group exercise of defining and linking architectural artefacts with various project types
Keller Graduate School of Management class - PM600 - this was the final presentation - created and presented by Scott Lang & Rajeshwer Subramanian
We were a 2 man team working over the length of the course creating and developing this project.
Hoping to show presentation skills and the understanding of the principles of project management
Personally designed (content + graphics design), officially accredited COBIT®5 Foundation courseware.
COBIT® is a trademark of ISACA® registered in the United States and other countries.
Trademarks are properties of the holders, who are not affiliated with courseware author.
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...PECB
Using IT Governance as a tool for measuring IT performance. COBIT 5 has provided generic metrics at strategic levels [Enterprise metrics], Tactical level [IT Goals metrics] and Operation Level [Process metrics]. We will highlight the benefits and objectives of the measurements, and then provide an approach along with suggestions on the time/frequency of measurement.
The webinar covers:
• The relation between ISO 27001 and ISO 20000
• How much does project management fit in with both of them
• Integration of information security and IT Services
Presenter:
Adnan Hafiz is an IT GRC, Security Consultant and Lead Auditor and a PECB Certified Trainer with over 10 years of significant, progressive experience in Information Technology field, focusing on Information Security, IT Governance, ISO Standards Implementation & Compliance, IT Service Management, Risk Management, Information Security & IT Service Management Audits, Software Project Management and Process Improvement.
Link of the recorded session published on YouTube: https://youtu.be/0se77tjLL4c
The COBIT 5 framework describes seven categories of enablers
• Principles, policies and frameworks are the vehicle to translate the desired behaviour into practical guidance for
day-to-day management.
• Processes describe an organised set of practices and activities to achieve certain objectives and produce a set of
outputs in support of achieving overall IT-related goals.
• Organisational structures are the key decision-making entities in an enterprise.
• Culture, ethics and behaviour of individuals and of the enterprise are very often underestimated as a success factor
in governance and management activities.
• Information is pervasive throughout any organisation and includes all information produced and used by the
enterprise. Information is required for keeping the organisation running and well governed, but at the operational
level, information is very often the key product of the enterprise itself.
• Services, infrastructure and applications include the infrastructure, technology and applications that provide the
enterprise with information technology processing and services.
• People, skills and competencies are linked to people and are required for successful completion of all activities and
for making correct decisions and taking corrective actions.
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF aqel aqel
This session will discuss how COBIT 5 can facilitate addressing and mitigating cyber security threats in coordination with the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cyber security. COBIT 5 structured approach utilizing its tested processes will result the following:
More focused and less redundant approach to handle cyber-security threats,
Efficient utilization of available security resources, and
Maintain Clear responsibilities and structured organizational change.
Toward an organizational E-readiness Modelaqel aqel
Many leaders and executives are wondering what preparations their firms should have in order to be ready to transform into digital era? Organisational e-readiness is a complimentary part of global, regional and national readiness to digital era. This book argues the importance of e-readiness assessment in a structured and quantitative way that contain relevant and valid criteria to assess readiness within organization from various and balanced perspectives. The proposed organizational e-readiness model consists of five interrelated categories; these are strategy, business process, technology, changeability, and ICT security.
Managing human resources at data centers 1.0aqel aqel
This presentation discusses set of topics related to human resources (HR) who are working in data-centers. A common HR life cycle approach was followed that starts by hiring, developing and/or managing, and ending by transitioning datacenter worker to a new stage that might include rotating to another job within the organization.
HR Planning is based on business requirements, nature of technology implemented and available budgets. Some best practices for hiring and managing human resources were discussed including organizing, motivation and risks optimization. The paper includes lots of globally accredited best practices and controls that facilitate operations excellence.
e-government summit - may 2013 - Riyadh - Saudi Arabia - opening note by aqel...aqel aqel
in May 2013, I was honored to be the opening note speaker at e-Government summit conference hold in Riyadh – Saudi Arabia. I would like to share my short presentation with all professional communities.
Successful leaders and managers are always keen to expect the unexpected and plan for it. the More you plan is the less you react, and the less you react, the less you make mistakes.
Disruptions to your business can result in data risk, revenue loss, and Failure to deliver services
That’s why organizations need strong business continuity planning.
Senior Project and Engineering Leader Jim Smith.pdfJim Smith
I am a Project and Engineering Leader with extensive experience as a Business Operations Leader, Technical Project Manager, Engineering Manager and Operations Experience for Domestic and International companies such as Electrolux, Carrier, and Deutz. I have developed new products using Stage Gate development/MS Project/JIRA, for the pro-duction of Medical Equipment, Large Commercial Refrigeration Systems, Appliances, HVAC, and Diesel engines.
My experience includes:
Managed customized engineered refrigeration system projects with high voltage power panels from quote to ship, coordinating actions between electrical engineering, mechanical design and application engineering, purchasing, production, test, quality assurance and field installation. Managed projects $25k to $1M per project; 4-8 per month. (Hussmann refrigeration)
Successfully developed the $15-20M yearly corporate capital strategy for manufacturing, with the Executive Team and key stakeholders. Created project scope and specifications, business case, ROI, managed project plans with key personnel for nine consumer product manufacturing and distribution sites; to support the company’s strategic sales plan.
Over 15 years of experience managing and developing cost improvement projects with key Stakeholders, site Manufacturing Engineers, Mechanical Engineers, Maintenance, and facility support personnel to optimize pro-duction operations, safety, EHS, and new product development. (BioLab, Deutz, Caire)
Experience working as a Technical Manager developing new products with chemical engineers and packaging engineers to enhance and reduce the cost of retail products. I have led the activities of multiple engineering groups with diverse backgrounds.
Great experience managing the product development of products which utilize complex electrical controls, high voltage power panels, product testing, and commissioning.
Created project scope, business case, ROI for multiple capital projects to support electrotechnical assembly and CPG goods. Identified project cost, risk, success criteria, and performed equipment qualifications. (Carrier, Electrolux, Biolab, Price, Hussmann)
Created detailed projects plans using MS Project, Gant charts in excel, and updated new product development in Jira for stakeholders and project team members including critical path.
Great knowledge of ISO9001, NFPA, OSHA regulations.
User level knowledge of MRP/SAP, MS Project, Powerpoint, Visio, Mastercontrol, JIRA, Power BI and Tableau.
I appreciate your consideration, and look forward to discussing this role with you, and how I can lead your company’s growth and profitability. I can be contacted via LinkedIn via phone or E Mail.
Jim Smith
678-993-7195
jimsmith30024@gmail.com
The case study discusses the potential of drone delivery and the challenges that need to be addressed before it becomes widespread.
Key takeaways:
Drone delivery is in its early stages: Amazon's trial in the UK demonstrates the potential for faster deliveries, but it's still limited by regulations and technology.
Regulations are a major hurdle: Safety concerns around drone collisions with airplanes and people have led to restrictions on flight height and location.
Other challenges exist: Who will use drone delivery the most? Is it cost-effective compared to traditional delivery trucks?
Discussion questions:
Managerial challenges: Integrating drones requires planning for new infrastructure, training staff, and navigating regulations. There are also marketing and recruitment considerations specific to this technology.
External forces vary by country: Regulations, consumer acceptance, and infrastructure all differ between countries.
Demographics matter: Younger generations might be more receptive to drone delivery, while older populations might have concerns.
Stakeholders for Amazon: Customers, regulators, aviation authorities, and competitors are all stakeholders. Regulators likely hold the greatest influence as they determine the feasibility of drone delivery.
Oprah Winfrey: A Leader in Media, Philanthropy, and Empowerment | CIO Women M...CIOWomenMagazine
This person is none other than Oprah Winfrey, a highly influential figure whose impact extends beyond television. This article will delve into the remarkable life and lasting legacy of Oprah. Her story serves as a reminder of the importance of perseverance, compassion, and firm determination.
The Team Member and Guest Experience - Lead and Take Care of your restaurant team. They are the people closest to and delivering Hospitality to your paying Guests!
Make the call, and we can assist you.
408-784-7371
Foodservice Consulting + Design
Artificial intelligence (AI) offers new opportunities to radically reinvent the way we do business. This study explores how CEOs and top decision makers around the world are responding to the transformative potential of AI.
1. IT Governance Using COBIT 5:
An Introduction
BY:
AQEL M. AQEL
A C C R E D I T E D T R A I N E R B Y A P M G
1
TUESDAY 28-APRIL-2015
E-mail: aqel.aqel@gmail.com
2. 2
P. O. BOX 40496 – 11499
Riyadh - Saudi Arabia
aqel.aqel@gmail.com
+966-502-104-007
Aqel Mohammed Aqel, CISA, MBA, CSSGB, COBIT5
Information Technology & Management Consultant
Information Systems Audit & Control Association – Riyadh Chapter
CISA Coordinator and Research Director
• Certified information System Auditor
• Master of Business Administration- UK
• Certified as Lean Six Sigma Green Built
• Certified COBIT-5 Trainer (Foundation)
• Member of Association for Strategic Planning
http://www.linkedin.com/in/aqelmaqel
http://www.facebook.com/aqel.m.aqel
https://www.youtube.com/channel/UCR0wCpIHdhu5TBsWn-Ar5YA
3. Topics for tonight session
Overview: COBIT, the past and present
The Five Principles
COBIT Processes
Enablers
Process Assessment Model (PAM)
Implementation Overview
Closure
3
4. Why Develop COBIT 5?
ISACA want “Tie together and reinforce all ISACA knowledge assets with
COBIT.”
Provide a renewed and authoritative governance and management
framework for enterprise information and related technology
Integrate all other major ISACA frameworks and guidance
Align with other major frameworks and standards
4
5. Governance of Enterprise IT
COBIT 5
IT Governance
COBIT4.0/4.1
Management
COBIT3
Control
COBIT2
Audit
COBIT1
2005/720001998
Evolution
1996 2012
Val IT 2.0
(2008)
Risk IT
(2009)
BMIS
(2010)
The Evolution of COBIT 5
5
6. Drivers for the development of
a Framework
Provide guidance in:
◦ Enterprise architecture
◦ Asset and service management
◦ Emerging sourcing and organization models
◦ Innovation and emerging technologies
End to end business and IT responsibilities
Controls for user-initiated and user-controlled IT solutions
A need for the enterprise to:
◦ Achieve increased value creation
◦ Obtain business user satisfaction
◦ Achieve compliance with relevant laws, regulations and policies
6
7. COBIT 5 Product Family
7
S O U R C E : C O B I T 5 , I S A C A
8. COBIT and Other IT
Governance Frameworks
COBIT
ISO 9000
ISO 27002
ITIL
COSO
WHAT
HOW
SCOPE OF COVERAGE
8
9. COBIT 5 Mapping Specifics ..1
ISO/IEC 38500
o ISO’s 6 principles map to COBIT 5
o ITIL v3 The following 5 areas and domains are covered by ITIL v3:
o A subset of process in the DSS domain
o A sunset of processes in the BAI domain
o Some process in the APO domain
ISO/IEC 27000
o Security and IT-related processes in domains EDM, APO and DSS
o Some monitoring of security monitoring activities in MEA
ISO/IEC 31000
o Risk management related activities in EDM and APO
9
10. COBIT 5 Mapping Specifics ..2
TOGAF (The Open Group Architecture Framework)
o Resource-related processes in EDM
o TOGAF components of the architecture board and governance areas
o Enterprise architecture processes of APO
PRINCE2
o Programme and project management processes in the BAI domain
o Portfolio related processes in the APO domain
CMMI ISO 15504
o Some organisational and quality-related processes in the APO domain
o Application –building and acquisition related processes in BAI
10
12. COBIT 5 Principles
A Principle general truth, that helps people
determine the appropriate decision, given
the circumstance at hand. They are
guidelines that provide an indication of
what to do, but not how to do it. For
example:
◦ Team members ensure they are in
attendance when they feel responsibility
for the success of the team
Policies or Procedures define specifically
what and how to do something - they
define specific actions or behaviors. For
example:
◦ Team Members who attend late, on more than
three occasions, will receive a formal warning.
12
S O U R C E : C O B I T 5 , I S A C A
13. Principle 1:
Meeting Stakeholder Needs
Enterprises have many stakeholders
Governance is about
Negotiating, & Deciding amongst different stakeholders’ value interests
Considering all stakeholders when making benefit, resource and risk assessment decisions
For each decision, ask:
◦ For whom are the benefits?
◦ Who bears the risk?
◦ What resources are required?
13
14. Principle 1:
Meeting Stakeholder Needs
Enterprises exist to
create value for
their stakeholders
Value creation:
realizing benefits
at an optimal
resource cost
while optimizing
risk.
14
S O U R C E : C O B I T 5 , I S A C A
19. Principle 2:
Covering the Enterprise End–to–End
Main elements of the governance approach:
Governance Enablers comprising
◦ The organizational resources for governance
◦ The enterprise’s resources
◦ A lack of resources or enablers may affect the ability of the enterprise to
create value
Governance Scope comprising
◦ The whole enterprise
◦ An entity, a tangible or intangible asset, etc.
19
20. Principle 2:
Covering the Enterprise End–to–End
Governance roles, activities and relationships
◦ Define Who is involved in governance
◦ How they are involved
◦ What they do and
◦ How they interact
COBIT 5 defines the difference between governance and management
activities in principle 5
20
21. Principle 3:
Applying a Single Integrated Framework
COBIT 5:
◦ Aligns with the latest relevant standards and frameworks
◦ Is complete in enterprise coverage
◦ Provides a basis to integrate effectively other frameworks, standards and
practices used
◦ Integrates all knowledge previously dispersed over different ISACA
frameworks
◦ Provides a simple architecture for structuring guidance materials and
producing a consistent product set
21
22. Principle 4:
Enabling a Holistic Approach
COBIT 5 defines a set of enablers to support the implementation of a
comprehensive governance and management system for enterprise IT.
COBIT 5 enablers are:
Factors that, individually and collectively, influence whether something will
work
Driven by the goals cascade
Described by the COBIT 5 framework in seven categories
22
24. Principle 4:
Enabling a Holistic Approach
Enablers:
1. Principles, policies and frameworks
2. Processes
3. Organizational structures
4. Culture, ethics and behaviour
5. Information
6. Services, infrastructure and applications
7. People, skills and competencies
24
25. Principle 4:
Enabling a Holistic Approach
COBIT 5 enabler dimensions:
All enablers have a set of common dimensions that:
◦ Provide a common, simple and structured way to deal with enablers
◦ Allow an entity to manage its complex interactions
◦ Facilitate successful outcomes of the enablers
25
27. Principle 5:
Separating Governance from Management
The COBIT 5 framework makes a clear distinction between governance and
management
Governance and management
◦ Encompass different types of activities
◦ Require different organizational structures
◦ Serve different purposes
COBIT 5: Enabling Processes differentiates the activities associated with each
27
28. Principle 5:
Separating Governance from Management
Governance ensures that stakeholder needs, conditions and options are:
◦ Evaluated to determine balanced, agreed-on enterprise objectives to be achieved
◦ Setting direction through prioritization and decision making
◦ Monitoring performance, compliance and progress against agreed direction and objectives
(EDM)
Management plans, builds, runs and monitors activities in alignment with the
direction set by the governance body to achieve the enterprise objectives (PBRM)
28
30. Concept
Based on PLAN-DO-CHECK-ACT
Integrated 5 sets of processes that which covers Governance and
management of Enterprise IT:
1. Evaluate, Plan and Monitor
2. Align, Plan and Organize
3. Build, Acquire and Implement
4. Deliver, Service and Support
5. Monitor, Evaluate and Assess
30
34. Enabler 1 Principles, Policies &
Frameworks…1
The purpose: to convey the governing body’s and management’s
direction and instructions.
They are instruments to communicate the rules of the enterprise, in
support of the governance objectives and enterprise.
o Differences between principles and policies –
o Principles need to be limited in number
o Put in simple language, expressing as clearly as possible the core values of the enterprise
o Policies are more detailed guidance on how to put principles into practice
34
35. Enabler 1 Principles, Policies &
Frameworks…2
The characteristics of good policies; they should
o Be effective – achieve their purpose
o Be efficient – especially when implementing them
o Non-intrusive – Should make sense and be logical to those who have to comply with them.
Policies should have a mechanism (framework) in place where they
can be effectively managed and users know where to go. Specifically
they should be:
o Comprehensive, covering all required areas
o Open and flexible allowing for easy adaptation and change.
o Current and up to date
The purpose of a policy life cycle is that it must support a policy
framework in order to achieve defined goals.
35
36. Enabler 2: Processes
COBIT 5 Enablers: Processes complements COBIT 5 and
contains a detailed reference guide to the processes that
are defined in the COBIT 5 process reference model:
◦ The COBIT 5 goals cascade is recapitulated and complemented with a set of
example metrics for the enterprise goals and the IT-related goals. An
example is given in the appendix
◦ The COBIT 5 process model is explained and its components defined.
◦ The Enabler process guide which is referenced in this module contains the
detailed process information for all 37 COBIT 5 processes shown in the
process reference model.
36
37. Enabler 2 – Process continued – PRM
Structure…2
Each process is divided into :
o Process Description
o Process Purpose statement
o IT-related Goals (from the Goals cascade see example in the Appendix)
o Each IT-related goal is associated with a set of generic related metrics
o Process Goals (Also from the Goals cascade mechanism and is referred to as Enabler Goals.
o Each Process Goal is associated or related with a set of generic metrics.
o Each Process contains a set of Management Practices
o These are associated with a generic RACI chart (Responsible, Accountable, Consulted, Informed)
o Each management practices contains a set of inputs and outputs (called work products in
module PC)
o Each management Practice is associated with a set of activities
37
38. Enabler 3 Organisational Structures
A number of Good Practices of organisational structure can be distinguished
such as:
o Operating principles – The practical arrangements regarding how the structure will operate,
such as meeting frequency documentation and other rules
o Span of control – The boundaries of the organisation structure’s decision rights.
o Level of authority – The decisions that the structure is authorised to take.
o Delegation of responsibility – The structure can delegate a subset of its decision rights to
other structures reporting to it.
o Escalation procedures – The escalation path for a structure describes the required actions in
case of problems in making decisions.
38
39. Enabler 4 Culture, Ethics and Behaviour
Good practices for creating, encouraging and maintaining desired
behaviour throughout the enterprise include:
o Communication throughout the enterprise of desired behaviours and
corporate values.
o Awareness of desired behaviour, strengthened by senior management
example.
o senior management and the executives ‘walk the talk’ so to speak.
o Incentives to encourage and deterrents to enforce desired behaviour.
o Rules and norms which provide more guidance and will typically be found in
a Code of Ethics
39
40. Enabler 5 Information
Importance of the Information Quality categories and dimensions;
o The concept of information criteria was introduced in COBIT 3rd edition in 2000 and played a
key role in COBIT 4.1; these were very important to be able show how to meet business
requirements.
Importance of Information Criteria
o COBIT 4.1 introduced us to the concept of 7 Key Information criteria to meet Business
requirements. This concept has been retained but translated differently in Figure 9 below:
Figure 26 Appendix F.
40
41. Enabler 6 –Services, Infrastructure and
Applications
The five architecture principles that govern the implementation and
use of IT-Related resources
o Architecture Principles are overall guidelines that govern the implementation and use of IT-related
resources within the enterprise. Examples of such principles:
o Reuse – Common components of the architecture should be used when designing and
implementing solutions as part of the target or transition architectures.
o Buy vs. build – Solutions should be purchased unless there is an approved rationale for developing
them internally.
o Simplicity – The enterprise architecture should be designed and maintained to be simple as
possible while still meeting enterprise requirements.
o Agility – The enterprise architecture should incorporate agility to meet changing business needs in
an effective and efficient manner.
o Openness - The enterprise architecture should leverage open industry standards.
41
42. Enabler 6 –Services, Infrastructure and
Applications Cont.
Relationship To other Enablers
o Information – is a service capability that is leveraged through processes to deliver internal and
external services.
o Cultural and behavioural aspects – relevant when a service-oriented culture needs to be built
o Process inputs and outputs – Most of the inputs and outputs (work products) of the process
management practices and activities in the PRM include service capabilities.
Consider other frameworks such as:
o ITIL 3
o TOGAF (www.opengroup.org/togaf ) which provides an integrated information infrastructure
reference model.
42
43. Enabler 7 – People, Skills and
Competencies
Identify the good practices of people, Skills and Competencies,
specifically:
o Described by different skill levels for different roles.
o Defining Skill requirements for each role
o Mapping skill categories to COBIT 5 process domains (APO; BAI etc.)
o These correspond to the IT-related activities undertaken, e.g. business
analysis, information management etc.
o Using external sources for good practices such as:
The Skills Framework for the information age (SFIA)
43
45. What is a Process Assessment
Process assessment: an activity that can be performed either as part
of a process improvement initiative or as part of a capability
determination approach
Purpose: to continually improve the enterprise’s effectiveness and
efficiency
It provides an understandable, logical, repeatable, reliable and robust
methodology for assessing the capability of IT processes.
COBIT 5 switched to ISO 15504 Approach rather than CMMI.
Source: ISO/IEC 15504-4
45
46. Advantages of the ISO 15504 Approach
A robust assessment process based on ISO 15504
An alignment of COBIT’s maturity model scale with the international
standard
A new capability-based assessment model which includes:
o Specific process requirements derived from COBIT 4.1& COBIT 5
o Ability to achieve process attributes based on ISO 15504
o Evidence requirements
Assessor qualifications and experiential requirements
Results in a more robust, objective and repeatable assessment
46
47. Key ISO 15504 definitions
ISO 15504 defines the following key terms:
◦ Process purpose – The high-level measurable objectives of performing the
process and the likely outcomes of effective implementation of the process.
◦ Process outcomes - An observable result of a process (Note: An outcome is
an artefact, a significant change of state or the meeting of specified
constraints.)
◦ Base practices – The activities that, when consistently performed, contribute
to achieving the process purpose
◦ Work product - An artefact associated with the execution of a process –
defined in terms of process ‘inputs’ and process ‘outputs’.
47
48. Differences between the Capability &
Process Dimension
ISO 15504 defines two levels:
o A Capability Dimension which focuses on the process capability dimension
(levels 1 to 5) based on process attribute indicators (PAI) that are solely deals
with Generic attributes
o A Process dimension that contains additional indicators for process for
process performance assessment based on very specific performance
indicators.
o ** Note that the PRM or process reference model is used only for this
dimension at LEVEL 1. Levels 2 to 5 focuses only on the Capability dimension
based on generic attributes. The next slide demonstrates this concept.
48
49. Process capability levels
Level 0 Incomplete
process
Incomplete
The process is not implemented or fails to
achieve its purpose
Level 1 Performed process
PA.1.1 Process Performance attribute
Performed
The process is implemented and
achieves its process purpose
Level 2 Managed Process
PA.2.1 Performance Management attribute
PA.2.2 Work Product Management attribute
Managed
The process is managed i.e. (planned, monitored
and adjusted) work products are appropriately
established, controlled & maintained.
Level 4 Predictable Process
PA.4.1 Process Measurement attribute
PA.4.2 Process Control attribute
Predictable
The process is enacted consistently
within defined limits
Level 5 Optimizing process
PA.5.1 Process Innovation attribute
PA.5.2 Process Optimization attribute
Optimizing
The process is continuously improved to meet relevant
current and projected business goals
Level 3 Established Process
PA.3.1 Process Definition attribute
PA.3.2 Process Deployment attribute
Established
A defined process is used based on a
standard process.
49
49
50. Assessment Process Activities
50
1 – Initiation
2 – Planning the Assessment
3 – Briefing
4 – Data Collection
5 – Data Validation
6 – Process Rating
7 – Reporting
50
53. Thank
you
53
For Further Questions, Please
Communicate With Aqel:
aqel.aqel@gmail.com
+966-502-104-007
For Arabic lectures about IT Governance - المعلومات تقنية حوكمة حول محاضرات الى استمع
https://www.youtube.com/watch?v=itKgLtT4Les