Uploaded byEryk Budi Pratama
IT Governance - Capability Assessment using COBIT 5
This document discusses an IT governance capability assessment using COBIT 5's Process Assessment Model (PAM). It provides an overview of COBIT 5 and its framework, domains, product family, and how it covers other standards. It then explains PAM and the process for a self-assessment using PAM. This includes scoping the assessment, performing the self-assessment, and the methodology for an IT governance engagement, which involves process mapping, workshops, determining IT capabilities and operational effectiveness.
In this document
Powered by AI
Introduction to IT Governance, presentation by Eryk Budi Pratama, covering objectives and governance of enterprise IT.
Explains COBIT 5 framework updates, emphasizing domains like EDM, APO, BAI, DSS, and relationships with ISO standards.
Introduction to the COBIT Process Assessment Model (PAM) including its workflow, capabilities, and assessment process.
Details on self-assessment steps including scoping IT processes based on business drivers and performing assessments.
General approach for engagement delivery including IT process mapping, assessment, and improvement recommendations.
Closing remarks and gratitude for participation in the presentation.
More Related Content
Similar to IT Governance - Capability Assessment using COBIT 5
![Vibe Coding vs. Spec-Driven Development [Free Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/vibecodingvsspecdrivendevelopment-251209105622-43f455e7-thumbnail.jpg?width=640&height=640&fit=bounds)
IT Governance - Capability Assessment using COBIT 5
- 1. IT Governance Capability Assessmentusing COBIT 5 PAM Eryk Budi Pratama Presented for Information System Faculty– Universitas Bakrie
- 2. Objectives IT Governance Governance ofEnterprise IT Domain, Product Family, Coverage COBIT 5 Framework PAM using COBIT 5 Process Assessment Model (PAM) Self Assessment Guide using COBIT 5 Self Assessment Methodology for IT Governance Engagement Engagement Delivery Approach
- 3. IT Governance Governance ofEnterprise IT
- 4. IT Governance Old Way COBIT4.1 Val ITRisk IT
- 5. Corporate Governance ofIT Based on ISO 38500 Source: http://www.qaiglobalservices.com/wp-content/uploads/2016/05/Fig-4.jpg
- 6. Governance of EnterpriseIT COBIT 5 - Principles and Area Risk Management Focus Area
- 7.
- 8. COBIT 5 Domain ❑ Evaluate,Direct, Monitor (EDM) ❑ Align, Plan, Organize (APO) ❑ Build, Acquire, Implement (BAI) ❑ Deliver, Service, Support (DSS) A Business Framework for the Governance and Management of Enterprise IT
- 9. COBIT 5 COBIT 5Product Family
- 10. COBIT 5 COBIT 5Coverage of Other Standards and Frameworks Standard Description ISO 38500 Governance of IT for the organization ISO 31000 Enterprise Risk Management ISO 27000 Information Security Management ISO 20000 IT Service Management Framework Description TOGAF Enterprise Architecture by OpenGroup PMBOK Project Management by PMI PRINCE2 Project Management by APMG ITIL IT Service Management by AXELOS CMMI Capability Maturity Model Integration
- 11.
- 12. COBIT 5 PAM COBITProcess Assessment Model (PAM) Workflow Source: This figure is reproduced from ISO/IEC 15504-2, with the permission of ISO/IEC at www.iso.org. Copyright remains with ISO/IEC.
- 13. COBIT 5 PAM COBITProcess Assessment Model (PAM) Workflow
- 14. COBIT 5 PAM ProcessCapability Level and Attributes Rating Levels Levels and Necessary Ratings
- 15. COBIT 5 PAM AssessmentProcess
- 16.
- 17. Self Assessment Step 1– Scoping (Process Step) Identify relevant business drivers for the assessment of IT processes •On the basis of these business drivers, define the objective of the assessment. •The prioritisation and selection of one or more COBIT 5 processes for inclusion in the process assessment should be based on the business drivers for the assessment. Identify and prioritise the enterprise’s IT processes that should be included within the scope of the assessment •Utilise the business drivers and assessment objectives identified previously, along with, as appropriate, the COBIT 5 process mappings contained in the scoping tool kit. •For example, if the objective of the assessment is to assist IT management in identifying and prioritising improvement initiatives related to one or more specified goals identified, the COBIT process mappings may be useful to identify the processes most closely related to those IT goals. Perform a preliminary scoping selection of target processes for inclusion in the assessment, based on the previous prioritisation •Ensure that they will satisfy the identified business drivers and meet the objectives of the assessment. Confirm the preliminary selection of target COBIT 5 processes with the project sponsor and key stakeholders of the process assessment Finalise the COBIT 5 processes to be included in the assessment
- 18. Self Assessment Step 1– Scoping (Process Step) Enterprise Goal Hierarchy IT-related Goals Hierarchy Self-Diagnostic Mapping of COBIT 5 Processes to IT Goals to Business Goals to IT Balanced Scorecard Mapping COBIT 5 Processes to IT Goals (subset of information contained in item above) Self-diagnostic Tool
- 19. Self Assessment Step 2– Perform Self Assessment
- 20. Self Assessment Step 2– Perform Self Assessment
- 21.
- 22. Engagement Delivery Approach GeneralDelivery Approach Process mapping of current IT process to COBIT 5 Working Group & Discussion Report Assessment IT Capabilities Operational Effectiveness & Workshop IT Goals, IT Framework risk IT Issues, and Remediation Roadmap based on COBIT 5 Maturity Level based on COBIT 5 Strategy and recommendation report for IT process improvement Output
- 23. Engagement Delivery Approach GeneralDelivery Approach Working Group & Discussion Report Assessment IT Capabilities Operational Effectiveness & Workshop ▪ Determine the organizational structure and the members involved in the project as well as the duties and responsibiliti es of each party ▪ Create detailed work plans and activities to be performed ▪ Determine communication methods and information paths ▪ Defines a list of required infor mation ▪ Conducting a Kick-Off meeting with all related parties to assign key business process owner over 37 sub-areas of COBIT 5 ▪ Determining the target and the schedule of the interview ▪ Collect data / documents and information on current state of existing IT processes based on 37 major sub-areas in COBIT 5 ▪ Review relevant documents and information ▪ Discuss with key parties in the IT process ▪ Determine the level of IT capabilities with COBIT 5 tools ▪ Determine the level of IT capability for 37 major sub areas of COBIT 5 in the client ▪ Discussions with client’s mana gement are related to IT capability level reports that have been assessed by consultant ▪ Provide monitoring tools related to improvements that will be done by the client ▪ Organize workshop schedules to report the result of IT governance capability level assessments ▪ Describes the review methodology used ▪ Displays observations regarding existing IT processes and gaps based on COBIT 5 ▪ Exposure to the results of Operational Effectiveness i mplementation ▪ Presentation of recommendations for improvement of client’s IT process
- 24.