SlideShare a Scribd company logo

ITIL vs. COBIT

Download as PPTX, PDF
Mohsen Yousefi
Mohsen Yousefi

The document compares ITIL and COBIT frameworks. While ITIL focuses specifically on IT service management, COBIT has a broader scope covering governance of enterprise IT. Some key similarities and differences are: - COBIT aims to guide enterprise governance and management of IT across the organization. ITIL provides guidance for IT service providers to enable business value. - COBIT covers a broader scope including principles, policies, processes, organizational structures, culture and more. ITIL focuses specifically on five stages of the service lifecycle. - Both are aligned in their approach to IT service management, with COBIT processes mapping closely to ITIL stages.

Business
1 of 22
ITIL 3 vs. COBIT 5 Similarities & Differences By: Mohsen Yousefi mhsn.yousefi@gmail.com
Purpose and Perspective •COBIT 5aims primarily to guide enterprises on the implementation, operation and, where required, improvement of their overall arrangements relating to governance and management of enterprise IT (GEIT). •ITIL provides guidance and good practice for IT service providers for the execution of ITSM from the perspective of enabling business value.
Key differentiation • COBIT will be embraced because the realization is dawning that Cloud and SaaS (Software as a Service) and BYOD (Bring your own device/technology) are business decisions not IT decisions. • Organizations have failed their IT like a bad parent, and the road to redemption is via better enterprise-level governance of IT, and that's what COBIT 5 is all about. • ITIL V3 Service Strategy actually talks about governance quite a lot but nobody has read it! COBIT has the governance high ground.
COBIT is broader than ITIL in its scope of coverage (GEIT) Scope Enablers: 1. Principles, policies and frameworks 2. Processes 3. Organizational structures 4. Culture, ethics and behavior 5. Information 6. Services, infrastructure and applications 7. People, skills and competencies. Principles: 1.meeting stakeholder needs 2.covering the enterprise end to end 3.applying a single, integrated framework; 4.enabling a holistic approach 5.separating governance from management
ITIL focuses on ITSM and provides much more in-depth guidance in this area, addressing five stages of the service life cycle:  Service strategy  Service design  Service transition  Service operation  Continual service improvement. Scope
 COBIT and ITIL are well aligned in their approach to ITSM.  The COBIT 5 Process Reference Model, Enabling Processes, maps closely to the ITIL v3 stages (as documented in COBIT 5) Similarities
Governance Monitor, Evaluate, Direct (EDM) 1. Ensure Governance Framework Setting and Maintenance 2. Ensure Benefits Delivery 3. Ensure Risk Optimization 4. Ensure Resource Optimization 5. Ensure Stakeholder Transparency Management Align, Plan, Organize (APO) Build, Acquire, Implement (BAI) Deliver, Service, Support (DSS) Measure, Evaluate, Assess (MEA) 1. Manage the IT Management Framework 2. Manage Strategy 3. Manage Enterprise Architecture 4. Manage Innovation 5 .Manage Portfolio 6. Manage Budget and Costs 7. Manage Human Resources 8. Manage Relationships 9. Manage Service Agreements 10. Manage Suppliers 11. Manage Quality 12. Manage Risk 13. Manage Security 1. Manage Programs and Projects 2. Manage Requirements Definition 3. Manage Solutions Identification and Build 4. Manage Availability and Capacity 5. Manage Organizational Change Enablement (Change management) 6. Manage Changes 7. Manage Change Acceptance and Transitioning 8. Manage Knowledge 9. Manage Assets 10. Manage Configuration 1. Manage Operations 2. Manage Service Requests and Incidents 3. Manage Problems 4. Manage Continuity 5. Manage Security Services 6. Manage Business Process Controls 1. Monitor, Evaluate and Assess Performance and Conformance 2. Monitor, Evaluate and Assess the System of Internal Control 3. Monitor, Evaluate and Assess Compliance with External Requirements COBIT 5 Processes Area Domain Process
COBIT 5 Processes- Governance vs. Management Governance and Management Processes: The difference between types of processes lies within the objectives of the processes. The outcome of types of processes is different and intended for a different audience. Governance ensures that enterprise objectives (value delivery, risk optimization and resource optimization) are achieved by Evaluating stakeholder needs, conditions and options; setting Direction through prioritization and decision making; and Monitoring performance, compliance and progress against agreed-on direction and objectives. (EDM) Management Plans, Builds, Runs and Monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM).
COBIT 5 Processes- Governance Processes EDM01: Ensure Governance Framework Setting and Maintenance Process Description Analyze and articulate the requirements for the governance of enterprise IT, and put in place and maintain effective enabling structures, principles, processes and practices, with clarity of responsibilities and authority to achieve the enterprise’s mission, goals and objectives. ‫تعریف‬‫فرایند‬ o‫تحلیل‬‫و‬‫ییان‬‫روشن‬‫و‬‫دقیق‬‫‌های‬‫ی‬‫نیازمند‬‫حاکمیت‬‫فناوری‬‫اطالعات‬‫سازمانی؛‬ o،‫‌سازی‬‫ه‬‫پیاد‬‫حفظ‬‫و‬‫نگهداشت‬،‫ساختارها‬‫اصول‬‫و‬،‫مبانی‬‫فرایندها‬‫و‬‫‌های‬‫ت‬‫فعالی‬ ‌‫توانمندساز‬،‫اثربخش‬‫با‬‫رعایت‬‫وضوح‬‫و‬‫شفافیت‬‫در‬‫‌ها‬‫ت‬‫مسئولی‬‫و‬‫اختیارات؛‬ o‫با‬‫هدف‬‫دستیابی‬‫به‬،‫ماموریت‬‫اهداف‬‫کالن‬‫و‬‫اهداف‬‫کوتا‬‫‌مدت‬‫ه‬(‫عملیاتی‬)‫سازمان‬ Process Purpose Statement Provide a consistent approach integrated and aligned with the enterprise governance approach. To ensure that IT-related decisions are made in line with the enterprise’s strategies and objectives, ensure that IT-related processes are overseen effectively and transparently, compliance with legal and regulatory requirements is confirmed, and the governance requirements for board members are met. ‫بیانیه‬‫هدف‬‫فرایند‬ o‫تدوین‬‫یک‬‫رویکرد‬‌‫ثابت‬‫یکپارچه‬‫و‬‫همراستا‬‫با‬‫رویکرد‬‫حاکمیت‬‫سازمانی‬‫به‬‫منظ‬‫ور‬ ‫اطمینان‬‫از‬: o‫همراستایی‬‫تصمیمات‬‫مرتبط‬‫با‬‫فناوری‬‫اطالعات‬‫با‬‫‌ها‬‫ی‬‫استراتژ‬‫و‬‫اهداف‬‫عملیاتی‬ ‫سازمان؛‬ o‫نظارت‬‫اثربخش‬‫و‬‫شفاف‬‫بر‬‫فرایندهای‬‫مرتبط‬‫با‬‫فناوری‬‫اطالعات؛‬ o‫تطابق‬(‫فرایندهای‬‫مرتبط‬‫با‬‫فناوری‬‫اطالعات‬)‫با‬‫الزامات‬‫قانونی‬‫و‬‫رگوالتوری؛‬ o‫رعایت‬‫الزامات‬‫حاکمیت‬‫هیات‬‫مدیره‬. Process Goals 1. Strategic decision-making model for IT is effective and aligned with the enterprise’s internal and external environment and stakeholder requirements. 2. The governance system for IT is embedded in the enterprise 3. Assurance is obtained that the governance system for IT is operating effectively. ‫فرایند‬ ‫اهداف‬ 1.‫اثربخشی‬‫مدل‬‫‌گیری‬‫م‬‫تصمی‬‫راهبردی‬ ‫برای‬‫فناوری‬‫اطالعات‬‫و‬‫همراستایی‬‫آن‬‫با‬ ‫الزامات‬‫و‬‫‌های‬‫ی‬‫نیازمند‬‫محیط‬‫داخلی‬‫و‬ ‫بیرونی‬‫سازمان‬‫و‬‫نیز‬‫الزامات‬‫و‬‫‌های‬‫ه‬‫خواست‬ ‫ذینفعان‬ 2.‫استقرار‬‫و‬‫‌سازی‬‫ی‬‫جار‬‫سیستم‬‫حاکمیت‬ ‫فناوری‬‫اطالعات‬‫در‬‫درون‬‫سازمان‬ 3.‫حصول‬‫اطمینان‬‫و‬‌‫تضمین‬‌‫اثربخشی‬ ‌‫عملکرد‬‫سیستم‬‫حاکمیت‬‫فناوری‬‫اطالع‬‫ات‬ ‫های‬‫شاخص‬‫مرتبط‬ 1-1-‫سیکل‬‫زمانی‬‫تصمیمات‬‫کلیدی‬(‫عملکرد‬‫به‬‫هدف‬) 1-2-‫سطح‬‫رضایت‬‫ذینفعان‬(‫برداشتی‬) 2-1-‌،‫‌ها‌و‌اختیارات‌تعریف‌شده‬‫ت‬‫‌ها،‌مسئولی‬‫ش‬‫تعداد‌نق‬ ‫تخصیص‌داده‌شده‌و‌پذیرفته‌شده‌توسط‌مدیران‬‫سازمانی‬‌‫و‬ ‫مدیران‌فناوری‌اطالعات‬ 2-2-‫درصد‌فرایندها‌و‌زیرفرایندهایی‌که‌اصول‌حاکمیت‌فن‬‌‫اوری‬ ‫‌سازی‌شده‌و‌قابل‌ردیابی‌است‬‫ه‬‫اطالعات‌در‌آنها‌پیاد‬. 2-3-‌‫تعداد‌موارد‌عدم‌انطباق‌با‌خطوط‌راهنمای‌رفتاری‌و‬ ‫‌ای‬‫ه‬‫حرف‬ 3-1-‫دوره‬‫تناوب‬‫‌های‬‫ی‬‫بازنگر‬‫مستقل‬‫حاکمیت‬‫فناوری‬ ‫اطالعات‬ 3-2-‌‫‌دهی‌از‬‫ش‬‫دوره‌تناوب‌گزار‬(‫وضعیت‬)‌‫حاکمیت‌فناوری‬ ‫اطالعات‌به‌کمیته‌اجرایی‌و‌هیات‌مدیره‬ 3-3-‌‫تعداد‌مسائل‌و‌موضوعات‌گزارش‌شده‌از‌حاکمیت‬ ‌‫فناوری‌اطالعات‬ EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 ResourceOptimization EDM05 Stakeholder Transparency
COBIT 5 Processes- Governance Processes EDM01: Ensure Governance Framework Setting and Maintenance Governance Practice Inputs Outputs EDM01.01: Evaluate the governance system Continually identify and engage with the enterprise’s stakeholders, document an understanding of the requirements, and make a judgment on the current and future design of governance of enterprise IT. • Communications of changed compliance requirements • Business environment trends • Regulations • Governance/decision-making model guidance • Constitution/bylaws/statutes of organization • Enterprise governance guiding principles • Decision-making model • Authority levels •‫شناسایی‬‫و‌درگیر‌ساختن‌مستمر‌ذینفعان‌سازمان‬ •‫‌ها‌و‌الزامات‬‫ه‬‫مستندسازی‌درکی‌از‌نیازها،‌خواست‬ •‫ارزیابی‌در‌مورد‌طراحی‌فعلی‌و‌آتی‌حاکمیت‌فناوری‌اطالعات‌سازمانی‬ EDM01.02: Direct the governance system Inform leaders and obtain their support, buy-in and commitment. Guide the structures, processes and practices for the governance of IT in line with agreed- on governance design principles, decision-making models and authority levels. Define the information required for informed decision making. - • Enterprise governance communications • Reward system approach •‫‌سازی‌رهبران‌و‌جلب‌حمایت،‌موافقت‌و‌تعهد‌آنها‬‫ه‬‫آگا‬ •‫‌های‌حاکمیت‌فناوری‌اطالعات‌در‌راستای‌مصوبات‌اصو‬‫ت‬‫هدایت‌ساختارها،‌فرایندها،‌و‌فعالی‬‌‫ل‬ ‫‌گیری،‌و‌سطوح‌اختیارات‬‫م‬‫‌های‌تصمی‬‫ل‬‫طراحی‌حاکمیت،‌مد‬ •‫‌گیری‌آگاهانه‬‫م‬‫تعریف‌اطالعات‌مورد‌نیاز‌برای‌تصمی‬ EDM01.03: Monitor the governance system Monitor the effectiveness and performance of the enterprise’s governance of IT. Assess whether the governance system and implemented mechanisms (including structures, principles and processes) are operating effectively and provide appropriate oversight of IT. • Performance reports • Status and results of Actions • Results of benchmarking and other evaluations • Results of internal control monitoring and reviews • Results of reviews of self-assessments • Assurance plans • Compliance confirmations • Reports of non-compliance issues and root causes • Compliance assurance reports • Obligations • Audit reports • Feedback on governance effectiveness and performance •‫پایش‌اثربخشی‌و‌عملکرد‌حاکمیت‌سازمانی‌فناوری‌اطالعات‬ •‌‫ارزیابی‌اثربخشی‌عملکرد‌سیستم‌حاکمیت‬(‫فناوری‌اطالعات‬)‫‌های‌پیاده‌شد‬‫م‬‫و‌مکانیز‬‌‫ه‌آن‬ (‫شامل‌ساختارها،‌اصول‌و‌فرایندها‬) •‫ایجاد‌نظارت‌مناسب‌بر‌فناوری‌اطالعات‬ EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 ResourceOptimization EDM05 Stakeholder Transparency
COBIT 5 Processes- Governance Processes EDM02: Ensure Benefits Delivery Process Description Optimize the value contribution to the business from the business processes, IT services and IT assets resulting from investments made by IT at acceptable costs. ‫تعریف‬‫فرایند‬ o‫‌سازی‬‫ه‬‫بهین‬‫ارزش‬‫ایجاد‬‫شده‬‫برای‬‫کسب‬‫و‬‫کار‬‫با‬‫هزینه‬‫قابل‬‫قبول‬ (‫در‬‫اینجا‬)‫ایجاد‬‫ارزش‬‫ناشی‬‫از‬‫‌های‬‫ی‬‫‌گذار‬‫ه‬‫سرمای‬IT‫بوده‬‫و‬‫از‬‫فرایندهای‬‫کسب‬‫و‬ ،‫کار‬‫‌ها‬‫س‬‫سروی‬‫و‬‫‌های‬‫ی‬‫دارای‬‫فناوری‬‫اطالعات‬‫بدست‬‫‌آید‬‫ی‬‫م‬. Process Purpose Statement Secure optimal value from IT-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. ‫بیانیه‬‫هدف‬‫فرایند‬ o‫تامین‬‫ارزش‬‫بهینه‬‫از‬‫طریق‬،‫‌ها‬‫ه‬‫پروژ‬‫‌ها‬‫س‬‫سروی‬‫و‬‫‌های‬‫ی‬‫دارای‬‫فناوری‬‫اطالعات‬ o‫ارائه‬‫مقرون‬‫به‬‫صرفه‬‫راهکارها‬‫و‬‫‌ها‬‫س‬‫سروی‬ o‫ایجاد‬‫تصویر‬‫مطمئن‬‫و‬‫دقیق‬‫از‬‫‌ها‬‫ه‬‫هزین‬‫و‬‫فواید‬‫محتمل‬‫به‬‫‌ای‬‫ه‬‫گون‬‫که‬‫نیازهای‬‫کس‬‫ب‬‫و‬ ‫کار‬‫به‬‫طور‬‫اثربخش‬‫و‬‫کارا‬‫پشتیبانی‬‫شوند‬. Process Goals 1. The enterprise is securing optimal value from its portfolio of approved IT-enabled initiatives, services and assets. 2. Optimal value is derived from IT investment through effective value management practices in the enterprise. 3. Individual IT-enabled investments contribute optimal value. ‫فرایند‬ ‫اهداف‬ .1‫تامین‬‫ارزش‬‫بهینه‬‫از‬‫سبد‬،‫‌ها‬‫ه‬‫پروژ‬ ‫‌ها‬‫س‬‫سروی‬‫و‬‫‌های‬‫ی‬‫دارای‬(‫فناوری‬ ‫اطالعات‬)‫مصوب‬‫سازمان‬ .2‫کسب‬‫ارزش‬‫بهینه‬‫از‬‫‌گذاری‬‫ه‬‫سرمای‬‫بر‬ ‫فناوری‬،‫اطالعات‬‫از‬‫طریق‬‫فرایندهای‬ ‫مدیریت‬‫ارزش‬‫اثربخش‬‫در‬‫سازمان‬ .3‫سهیم‬‫بودن‬‫‌های‬‫ی‬‫‌گذار‬‫ه‬‫سرمای‬ ‫توانمندساز‬‫جداگانه‬‫در‬‫فناوری‬‫اطالعات‬ ‫در‬‫کسب‬‫ارزش‬‫بهینه‬ ‫های‬‫شاخص‬‫مرتبط‬ 1-1-‫سطح‬‫رضایت‬‫مدیران‬‫اجرایی‬‫از‬‫ارزش‬‫بدست‬‫آمده‬‫از‬ ‫فناوری‬‫اطالعات‬‫و‬‫‌های‬‫ه‬‫هزین‬‫آن‬ 1-2-‫اختالف‬‫بین‬‫ترکیب‬‫‌گذاری‬‫ه‬‫سرمای‬‫هدفگذاری‬‫شده‬‫و‬ ‫محقق‬‫شده‬ 1-3-‫سطح‌رضایت‌ذینفعان‬‫از‌توانایی‌سازمان‌در‌کسب‌ارزش‬ ‫‌های‌فناوری‌اطالعات‬‫ه‬‫از‌پروژ‬ 2-1-‫تعداد‌رخدادهایی‌که‌به‌دلیل‌دور‌زدن‌و‌یا‌تالش‌برای‌دو‬‌‫ر‬ ‫‌های‌مدیریت‌ارزش‌اتفاق‌میفتد‬‫ت‬‫زدن‌اصول‌و‌فعالی‬ 2-2-‌‫‌های‌فناوری‌اطالعات‌در‌مجموع‌سبد‬‫ه‬‫سهم‌پروژ‬ ‌‫‌ها،‌زمانی‌که‌ارزش‌در‌تمام‌چرخه‌حیاتش‌مدیریت‬‫ه‬‫پروژ‬ ‫‌شود‬‫ی‬‫م‬. 3-1-‌‫شاخص‌برداشتی‌سطح‌رضایت‌ذینفعان‌از‌حرکت‬ (‫پیشرفت‬)‌‫به‌سمت‌اهداف‌کالن‌شناسایی‌شده‌با‌ارائه‬ ‫ارزش‬ 3-2-‫درصد‌تحقق‌ارزش‌مورد‌انتظار‬ EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 ResourceOptimization EDM05 Stakeholder Transparency
COBIT 5 Processes- Governance Processes EDM02: Ensure Benefits Delivery Governance Practice Inputs Outputs EDM02.01: Evaluate value optimization Continually evaluate the portfolio of IT-enabled investments, services and assets to determine the likelihood of achieving enterprise objectives and delivering value at a reasonable cost. Identify and make judgment on any changes in direction that need to be given to management to optimize value creation. • Strategic road map • Investment return expectations • Selected programs with • return on investment (ROI) milestones • Benefit results and related communication • Stage-gate review results • Evaluation of strategic alignment • Evaluation of investment and services portfolios •‫ارزیابی‬‫مستمر‬‫پورتفوی‬‫‌های‬‫ی‬‫‌گذار‬‫ه‬‫سرمای‬،‫‌ها‬‫ه‬‫پروژ‬‫‌ها‬‫س‬‫سروی‬‫و‬‫‌های‬‫ی‬‫دارای‬‫فناوری‬‫اطالعات‬ ‫بمنظور‬‫تعیین‬‫احتمال‬‫دستیابی‬‫به‬‫اهداف‬‫عملیاتی‬‫سازمان‬‫و‬‫ارائه‬،‫ارزش‬‫ضمن‬‫صرف‬‫هزین‬‫ه‬ ‫معقول‬ •‫شناسایی‬‫و‬‫ارزیابی‬‫در‬‫مورد‬‫هر‬‫گونه‬‫تغییر‬‫در‬‫‌گیری‬‫ت‬‫جه‬‫مدیریت‬‫که‬‫برای‬‫‌سازی‬‫ه‬‫بهین‬‫ای‬‫جاد‬ ‫ارزش‬‫نیاز‬‫است‬. EDM02.02: Direct value optimization Direct value management principles and practices to enable optimal value realization from IT-enabled investments throughout their full economic life cycle. - • Investment types and criteria • Requirements for stage-gate reviews •‫هدایت‬‫و‬‫راهبری‬‫اصول‬‫و‬‫فرایندهای‬‫مدیریت‬‫ارزش‬‫در‬‫طول‬‫چرخه‬‫کامل‬‫حیات‬‫اقتصادی‬‫آنها؛‬‫به‬ ‫منظور‬‫توانمندسازی‬‫دستیابی‬‫به‬‫ارزش‬‫بهینه‬‫از‬‫‌های‬‫ی‬‫‌گذار‬‫ه‬‫سرمای‬‫فناوری‬‫اطالعات‬ EDM02.03: Monitor value optimization Monitor the key goals and metrics to determine the extent to which the business is generating the expected value and benefits to the enterprise from IT-enabled investments and services. Identify significant issues and consider corrective actions. • Investment portfolio performance reports• Feedback on portfolio and program performance • Actions to improve value delivery •‫‌های‌کلیدی‌برای‌تعیین‌میزان‌ایجاد‌ارزش‌مورد‌انتظار‌و‌منافع‌از‬‫ص‬‫پایش‌اهداف‌کالن‌و‌شاخ‬ ‫‌های‌فناوری‌اطالعات‌برای‌سازمان؛‬‫س‬‫‌ها‌و‌سروی‬‫ی‬‫‌گذار‬‫ه‬‫طریق‌سرمای‬ •‫شناسایی‌مسائل‌و‌موضوعات‌با‌اهمیت‌و‌لحاظ‌اقدامات‌اصالحی‬. EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 ResourceOptimization EDM05 Stakeholder Transparency
COBIT 5 Processes- Governance Processes EDM03: Ensure Risk Optimization Process Description Ensure that the enterprise’s risk appetite and tolerance are understood, articulated and communicated, and that risk to enterprise value related to the use of IT is identified and managed. ‫تعریف‬‫فرایند‬ o‫حصول‬‫اطمینان‬‫از‬،‫درک‬‫بیان‬‫شفاف‬‫و‬،‫دقیق‬‫و‬‫نیز‬‫ابالغ‬‫میزان‬‫و‬‫حدود‬‫‌پذی‬‫ک‬‫ریس‬‫ری‬ ‫سازمان؛‬ o‫حصول‬‫اطمینان‬‫از‬‫شناسایی‬‫و‬‫مدیریت‬‫‌های‬‫ک‬‫ریس‬(‫تهدید‬‫‌ها‬‫ه‬‫کنند‬)‫‌های‬‫ش‬‫ارز‬ ‫سازمانی‬‫که‬‫از‬‫کاربرد‬‫فناوری‬‫اطالعات‬‫ناشی‬‫‌شوند‬‫ی‬‫م‬. Process Purpose Statement Ensure that IT-related enterprise risk does not exceed risk appetite and risk tolerance, the impact of IT risk to enterprise value is identified and managed, and the potential for compliance failures is minimized. ‫بیانیه‬‫هدف‬‫فرایند‬ ‫حصول‬‫اطمینان‬‫از‬‫اینکه‬: o‫‌های‬‫ک‬‫ریس‬‫سازمانی‬‫مرتبط‬‫با‬‫فناوری‬‫اطالعات‬‫از‬‫محدوده‬‫‌پذیری‬‫ک‬‫ریس‬‫سازمان‬‫تجاوز‬ ‫‌کنند؛‬‫ی‬‫نم‬ o‫تاثیرات‬‫‌های‬‫ک‬‫ریس‬‫مرتبط‬‫با‬‫فناوری‬‫اطالعات‬‫بر‬‫‌های‬‫ش‬‫ارز‬‫سازمان‬‫شناسایی‬‫و‬‫مدیر‬‫یت‬ ‫‌اند؛‬‫ه‬‫شد‬ o‫پتانسیل‬‫وقوع‬‫عدم‬‫‌ها‬‫ق‬‫انطبا‬(‫با‬‫الزامات‬‫ذینفعان‬‫و‬‫الزامات‬‫قانونی‬)‫به‬‫حداقل‬‫رسی‬‫ده‬ ‫است‬. Process Goals 1. Risk thresholds are defined and communicated and key IT-related risk is known. 2. The enterprise is managing critical IT-related enterprise risk effectively and efficiently. 3. IT-related enterprise risk does not exceed risk appetite and the impact of IT risk to enterprise value is identified and managed. ‫فرایند‬ ‫اهداف‬ .1‫تعیین‬‫حدود‬‫پذیرش‬‫ریسک‬‫و‬‫ابالغ‬‫آن‬‫ها‬‫و‬ ‫شناسایی‬‫‌های‬‫ک‬‫ریس‬‫کلیدی‬‫مرتبط‬‫ب‬‫ا‬ ‫فناوری‬‫اطالعات‬ .2‫مدیریت‬‫‌های‬‫ک‬‫ریس‬‫بحرانی‬‫سازمانی‬ ‫مرتبط‬‫با‬‫فناوری‬‫اطالعات‬‫بطور‬‫اثربخش‬ ‫و‬‫کارا‬‫توسط‬‫سازمان‬ .3‫کنترل‬‫و‬‫نگهداشت‬‫سطح‬‫‌های‬‫ک‬‫ریس‬ ‫سازمانی‬‫مرتبط‬‫با‬‫فناوری‬‫اطالعات‬‫در‬ ‫محدوده‬‫قابل‬،‫پذیرش‬‫و‬‫نیز‬‫شناخت‬‫و‬ ‫مدیریت‬‫تاثیرات‬‫این‬‫گونه‬‫‌ها‬‫ک‬‫ریس‬‫ب‬‫ر‬ ‫‌های‬‫ش‬‫ارز‬‫سازمان‬ ‫های‬‫شاخص‬‫مرتبط‬ 1-1-‫سطح‬‫همراستایی‬‫‌های‬‫ک‬‫ریس‬‫فناوری‬‫اطالعات‬‫و‬ ‫‌های‬‫ک‬‫ریس‬‫سازمانی‬ 1-2-‫تعداد‬‫‌های‬‫ک‬‫ریس‬‫فناوری‬‫اطالعات‬‫شناسایی‬‫و‬‫مدیریت‬ ‫شده‬ 1-3-‫نرخ‬‫به‌روزآوری‌ارزیابی‌عوامل‌ریسک‬ 2-1-‌‫‌های‌فناوری‌اطالعات‬‫ک‬‫‌های‌سازمان‌که‌ریس‬‫ه‬‫درصد‌پروژ‬ ‫‌کنند‬‫ی‬‫را‌لحاظ‌م‬ 2-2-‌‫درصد‌اقدامات‌اجرایی‬(‫کنترل‬/‫کاهش‬)‌‫‌های‬‫ک‬‫ریس‬ ‫‌اند‬‫ه‬‫فناوری‌اطالعات‌که‌به‌موقع‌انجام‌شد‬. 2-3-‌‫‌های‌بحرانی‌که‌بطور‌اثربخش‌کاهش‬‫ک‬‫درصد‌ریس‬ ‫‌اند‬‫ه‬‫یافت‬. 3-1-‫سطح‌تاثیرات‌سازمانی‌غیرمنتظره‬ 3-2-‌‫‌های‌فناوری‌اطالعات‌که‌از‌محدوده‌قابل‬‫ک‬‫درصد‌ریس‬ ‫‌اند‬‫ه‬‫پذیرش‌خارج‌شد‬. EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 ResourceOptimization EDM05 Stakeholder Transparency
COBIT 5 Processes- Governance Processes EDM03: Ensure Risk Optimization Governance Practice Inputs Outputs EDM03.01: Evaluate risk management Continually examine and make judgment on the effect of risk on the current and future use of IT in the enterprise. Consider whether the enterprise’s risk appetite is appropriate and that risk to enterprise value related to the use of IT is identified and managed. • Emerging risk issues and factors • Enterprise risk management principles • Risk analysis results • Risk appetite guidance • Approved risk tolerance levels • Evaluation of risk management activities •‫بررسی‬‫و‬‫ارزیابی‬‫مستمر‬‫بر‬‫تاثیرات‬‫‌ها‬‫ک‬‫ریس‬‫بر‬‫کاربرد‬‫فعلی‬‫و‬‫آتی‬‫فناوری‬‫اطالعات‬‫در‬‫س‬‫ازمان‬ •‫بررسی‬‫متناسب‬‫بودن‬‫سطح‬‫‌پذیری‬‫ک‬‫ریس‬‫سازمان‬ •(‫ارزیابی‬‫عملکرد‬‫سازمان‬)‫در‬‫شناسایی‬‫و‬‫مدیریت‬‫‌های‬‫ک‬‫ریس‬(‫تهدیدات‬)‫‌های‬‫ش‬‫ارز‬‫سازمانی‬ ‫که‬‫به‬‫کاربرد‬(‫بکارگیری‬)‫فناوری‬‫اطالعات‬‫مرتبط‬‫است‬. EDM03.02: Direct risk management Direct the establishment of risk management practices to provide reasonable assurance that IT risk management practices are appropriate to ensure that the actual IT risk does not exceed the board’s risk appetite. • Aggregated risk profile, including status of risk management actions • Enterprise risk management (ERM) profiles and mitigation Plans • Risk management policies • Key objectives to be monitored for risk management • Approved process for measuring risk Management •‫هدایت‬‫و‬‫راهبری‬‫‌سازی‬‫ه‬‫پیاد‬‫فرایندهای‬‫مدیریت‬‫ریسک‬‫به‬‫منظور‬‫ایجاد‬‫تضمین‬‫منطقی‬‫و‬ ‫مناسب‬‫نسبت‬‫به‬‫اینکه‬‫فرایندهای‬‫مدیریت‬‫ریسک‬‫فناوری‬‫اطالعات‬‫برای‬‫پیشگیری‬‫از‬‫ای‬‫نکه‬ ‫‌های‬‫ک‬‫ریس‬‫فناوری‬‫اطالعات‬‫از‬‫محدوده‬‫قابل‬‫پذیرش‬‫برای‬‫هیات‬،‫مدیره‬‫تجاوز‬‫نکنند‬. EDM03.03: Monitor risk management Monitor the key goals and metrics of the risk management processes and establish how deviations or problems will be identified, tracked and reported for remediation. • Risk analysis results • Opportunities for acceptance of greater risk • Results of third-party risk assessments • Risk analysis and risk profile reports for stakeholders • Remedial actions to address risk management deviations • Risk management issues for the board •‫پایش‬‫اهداف‬‫کالن‬‫و‬‫‌های‬‫ص‬‫شاخ‬‫کلیدی‬‫فرایندهای‬‫مدیریت‬‫ریسک‬‫و‬‫تعیین‬‫چگونگی‬ ،‫شناسایی‬‫ردیابی‬‫و‬‫‌دهی‬‫ش‬‫گزار‬‫انحرافات‬‫و‬‫یا‬،‫مشکالت‬‫به‬‫منظور‬‫انجام‬‫اصالحات‬ EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 ResourceOptimization EDM05 Stakeholder Transparency
COBIT 5 Processes- Governance Processes EDM04: Ensure Resource Optimization Process Description Ensure that adequate and sufficient IT-related capabilities (people, process and technology) are available to support enterprise objectives effectively at optimal cost. ‫تعریف‬‫فرایند‬ o‫حصول‬‫اطمینان‬‫از‬‫اینکه‬‫‌های‬‫ت‬‫قابلی‬‫کافی‬‫و‬‫وافی‬(‫شامل‬،‫افراد‬‫فرایندها‬‫و‬‫تکن‬‫ولوژی‬) ‫برای‬‫پشتیبانی‬‫اثربخش‬‫از‬‫اهداف‬‫عملیاتی‬‫سازمان‬‫و‬‫با‬‫هزینه‬‫بهینه‬‫در‬‫دسترس‬ ‫هستند‬. Process Purpose Statement Ensure that the resource needs of the enterprise are met in the optimal manner, IT costs are optimized, and there is an increased likelihood of benefit realization and readiness for future change. ‫بیانیه‬‫هدف‬‫فرایند‬ ‫حصول‬‫اطمینان‬‫از‬‫اینکه‬: o‫منابع‬‫مورد‬‫نیاز‬‫سازمان‬‫بطور‬‫بهینه‬‫برآورده‬‫‌شوند؛‬‫ی‬‫م‬ o‫‌های‬‫ه‬‫هزین‬‫فناوری‬‫اطالعات‬‫بهینه‬‫‌اند؛‬‫ه‬‫شد‬ o‫احتمال‬‫تحقق‬‫سود‬‫و‬‫آمادگی‬‫برای‬‫تغییر‬‫افزایش‬‫یافته‬‫است‬. Process Goals 1. The resource needs of the enterprise are met with optimal capabilities. 2. Resources are allocated to best meet enterprise priorities within budget constraints. 3. Optimal use of resources is achieved throughout their full economic life cycles. ‫فرایند‬ ‫اهداف‬ .1‫تامین‬‫منابع‬‫مورد‬‫نیاز‬‫سازمان‬‫با‬‫سطح‬ ‫‌ای‬‫ه‬‫بهین‬‫از‬‫‌ها‬‫ت‬‫قابلی‬ .2‫تخصیص‬‫منابع‬‫برای‬‫برآورده‬‫کردن‬ ‫‌های‬‫ت‬‫اولوی‬‫سازمان‬‫به‬‫بهترین‬‫شکل‬‫و‬ ‫با‬‫وجود‬‫‌های‬‫ت‬‫محدودی‬‫بودجه‬ .3‫رسیدن‬‫به‬‫استفاده‬‫بهینه‬‫از‬‫منابع‬‫د‬‫ر‬ ‫طول‬‫چرخه‬‫کامل‬‫حیات‬‫اقتصادی‬‫آنها‬ ‫های‬‫شاخص‬‫مرتبط‬ 1-1-‫بازخورد‬‫ذینفعان‬‫نسبت‬‫به‬‫‌سازی‬‫ه‬‫بهین‬‫منابع‬ 1-2-‫تعداد‬‫منافع‬‫حاصل‬‫از‬‫استفاده‬‫بهینه‬‫از‬‫منابع‬(‫مانند‬ ‫‌جویی‬‫ه‬‫صرف‬‫در‬‫‌ها‬‫ه‬‫هزین‬) 1-3-‌‫تعداد‌انحرافات‌از‌برنامه‌کاربرد‌منابع‌و‌راهبردهای‬ ‫معماری‌سازمانی‬ 2-1-‌‫تعداد‌انحرافات‬(‫منحصرا‬)‫از‌اصول‌مدیریت‌منابع‬ 2-2-‫‌هایی‌که‌تخصیص‌منابع‌آنها‌مناسب‌صورت‬‫ه‬‫درصد‌پروژ‬ ‫گرفته‬ 3-1-‫درصد‌کاربرد‌مجدد‌اجزاء‌معماری‬ 3-2-‫‌ها‌با‌سطح‌ریسک‌متوسط‌یا‌باال‬‫ه‬‫‌ها‌و‌برنام‬‫ه‬‫درصد‌پروژ‬ ‫به‌دلیل‌مسائل‌مدیریت‌منابع‬ 3-3-‫‌اند‬‫ه‬‫تعداد‌اهداف‌عملکردی‌مدیریت‌منابع‌که‌محقق‌شد‬. EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 Resource Optimization EDM05 Stakeholder Transparency
COBIT 5 Processes- Governance Processes EDM04: Ensure Resource Optimization Governance Practice Inputs Outputs EDM04.01: Evaluate resource management Continually examine and make judgment on the current and future need for IT- related resources, options for resourcing (including sourcing strategies),and allocation and management principles to meet the needs of the enterprise in the optimal manner. • Gaps and changes required to realize target capability • Skill development plans • Decision results of supplier evaluations • Guiding principles for allocation of resources and capabilities • Guiding principles for enterprise architecture • Approved resources plan •‫بررسی‬‫و‬‫ا‬‫رزیابی‬‫مستمر‬‫منابع‬‫مورد‬‫نیاز‬‫مرتبط‬‫با‬‫فناوری‬،‫اطالعات‬‫‌های‬‫ه‬‫گزین‬‫‌یابی‬‫ع‬‫منب‬(‫شامل‬ ‫‌های‬‫ی‬‫استراتژ‬‫‌یابی‬‫ع‬‫منب‬)،‫و‬‫تخصیص‬‫و‬‫مدیریت‬‫اصولی‬‫که‬‫نیازهای‬‫سازمانی‬‫بطور‬‫بهینه‬‫برآورده‬ ‫شوند‬. EDM04.02: Direct resource management Ensure the adoption of resource management principles to enable optimal use of IT resources throughout their full economic life cycle. - • Communication of resourcing strategies • Assigned responsibilities for resource management • Principles for safeguarding Resources •‫حصول‬‫اطمینان‬‫از‬‫اتخاذ‬‫اصول‬‫مدیریت‬‫منابع‬‫به‬‫منظور‬‫ایجاد‬‫توانمندی‬‫استفاده‬‫بهینه‬‫از‬‫من‬‫ابع‬ ‫فناوری‬،‫اطالعات‬‫در‬‫طول‬‫چرخه‬‫کامل‬‫حیات‬‫اقتصادی‬‫آنها‬ EDM04.03: Monitor resource management Monitor the key goals and metrics of the resource management processes and establish how deviations or problems will be identified, tracked and reported for remediation. - • Feedback on allocation and effectiveness of resources and capabilities • Remedial actions to address resource management deviation •‫پایش‬‫اهداف‬‫کالن‬‫و‬‫‌های‬‫ص‬‫شاخ‬‫کلیدی‬‫فرایندهای‬‫مدیریت‬‫منابع‬‫و‬‫تعیین‬‫چگونگی‬‫شناس‬،‫ایی‬ ‫ردیابی‬‫و‬‫‌دهی‬‫ش‬‫گزار‬‫انحرافات‬‫و‬‫یا‬‫مشکالت‬‫به‬‫منظور‬‫انجام‬‫اصالحات‬ EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 Resource Optimization EDM05 Stakeholder Transparency
COBIT 5 Processes- Governance Processes EDM05: Ensure Stakeholder Transparency Process Description Ensure that enterprise IT performance and conformance measurement and reporting are transparent, with stakeholders approving the goals and metrics and the necessary remedial actions. ‫تعریف‬‫فرایند‬ o‫اطمینان‬‫از‬‫اینکه‬(‫ارتباط‬)‫سنجش‬‫عملکرد‬‫و‬‫ارزیابی‬‫میزان‬‫انطباق‬(‫با‬‫الزامات‬‫ذی‬‫نفعان‬ ‫و‬‫الزامات‬‫قانونی‬)‫و‬‫نیز‬‫‌دهی‬‫ش‬‫گزار‬‫فناوری‬‫اطالعات‬‫سازمانی‬‫در‬‫مقایسه‬‫با‬‫اهداف‬ ،‫کالن‬‫‌ها‬‫ص‬‫شاخ‬‫و‬‫و‬‫اقدامات‬‫اصالحی‬‌‫الزم‬‫مصوب‬‫شده‬‫توسط‬،‫ذینفعان‬‫شفاف‬ ‫است‬. Process Purpose Statement Make sure that the communication to stakeholders is effective and timely and the basis for reporting is established to increase performance, identify areas for improvement, and confirm that IT-related objectives and strategies are in line with the enterprise’s strategy. ‫بیانیه‬‫هدف‬‫فرایند‬ ‫حصول‬‫اطمینان‬‫از‬‫اینکه‬: o‫ارتباطات‬‫با‬‫ذینفعان‬‫اثربخش‬‫و‬‫به‬‫موقع‬‫برقرار‬‫‌شود؛‬‫ی‬‫م‬ o‫پایه‬‫و‬‫اساس‬،‫‌دهی‬‫ش‬‫گزار‬‫افزایش‬‫سطح‬،‫عملکرد‬‫شناسایی‬‫‌ها‬‫ه‬‫زمین‬‫و‬‫نقاط‬‫قابل‬ ،‫بهبود‬‫و‬‫تایید‬‫‌راستایی‬‫م‬‫ه‬‫‌ها‬‫ی‬‫استراتژ‬‫و‬‫اهداف‬‫مرتبط‬‫با‬‫فناوری‬‫اطالعات‬‫با‬ ‫‌های‬‫ی‬‫استراتژ‬‫سازمان‬‫است؛‬ Process Goals 1. Stakeholder reporting is in line with stakeholder requirements. 2. Reporting is complete, timely and accurate. 3. Communication is effective and stakeholders are satisfied. ‫فرایند‬ ‫اهداف‬ .1‫همراستایی‬‫‌دهی‬‫ش‬‫گزار‬‫به‬‫ذینفعان‬‫ب‬‫ا‬ ‫‌ها‬‫ی‬‫نیازمند‬‫و‬‫‌های‬‫ه‬‫خواست‬‫آنها‬ .2‫‌دهی‬‫ش‬‫گزار‬،‫کامل‬‫به‬‫موقع‬‫و‬‫دقیق‬ .3‫برقراری‬‫ارتباطات‬‫اثربخش‬‫و‬‫رضایت‬ ‫ذینفعان‬ ‫های‬‫شاخص‬‫مرتبط‬ 1-1-‫تاریخ‬‫آخرین‬‫به‬‫روز‬‫رسانی‬‫‌های‬‫ی‬‫نیازمند‬‫‌دهی‬‫ش‬‫گزار‬ 1-2-‫درصد‬‫ذینفعانی‬‫که‬‫‌های‬‫ی‬‫نیازمند‬‫‌دهی‬‫ش‬‫گزار‬‫آنها‬‫احصا‬ ‫شده‬ 2-1-‫‌هایی‌که‌به‌موقع‌تحویل‬‫ش‬‫درصد‌گزار‬/‫‌اند‬‫ه‬‫ارائه‌نشد‬. 2-2-‫‌اند‬‫ه‬‫‌هایی‌که‌اشتباه‌داشت‬‫ش‬‫درصد‌گزار‬. 3-1-‫‌دهی‬‫ش‬‫سطح‌رضایت‌ذینفعان‌نسبت‌به‌گزار‬ 3-2-‌‫‌دهی‬‫ش‬‫‌های‌الزامی‌گزار‬‫ی‬‫تعداد‌نقض‌نیازمند‬(‌‫الزامات‬ ‫‌دهی‬‫ش‬‫گزار‬) EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 ResourceOptimization EDM05 Stakeholder Transparency
COBIT 5 Processes- Governance Processes EDM05: Ensure Stakeholder Transparency Governance Practice Inputs Outputs EDM05.01: Evaluate stakeholder reporting requirements Continually examine and make judgment on the current and future requirements for stakeholder communication and reporting, including both mandatory reporting requirements (e.g., regulatory) and communication to other stakeholders. Establish the principles for communication. • Actions to improve value delivery • Risk management issues for the board • Feedback on allocation and effectiveness of resources and capabilities • Refined scope • Evaluation of enterprise reporting requirements • Reporting and communication principles •‫بررسی‬‫و‬‫ارزیابی‬‫مستمر‬‫نیازهای‬‫ارتباطی‬‫و‬‫‌دهی‬‫ش‬‫گزار‬‫حال‬‫و‬‫آتی‬،‫ذینفعان‬‫شامل‬‫نیازهای‬ ‫الزامی‬‫‌دهی‬‫ش‬‫گزار‬(‫مانند‬‫رگوالتوری‬)‫و‬‫نیز‬‫ارتباط‬‫با‬‫سایر‬‫ذینفعان‬ EDM05.02: Direct stakeholder communication and reporting Ensure the establishment of effective stakeholder communication and reporting, including mechanisms for ensuring the quality and completeness of information, oversight of mandatory reporting, and creating a communication strategy for stakeholders. • Risk analysis and risk profile reports for stakeholders • Rules for validating and approving mandatory reports • Escalation guidelines •‫حصول‬‫اطمینان‬‫از‬‫ایجاد‬‫ارتباط‬‫و‬‫‌دهی‬‫ش‬‫گزار‬‫موثر‬‫به‬،‫ذینفعان‬‫شامل‬‫ایجاد‬‫‌هایی‬‫م‬‫مکانیز‬‫برا‬‫ی‬ ‫اطمینان‬‫از‬‫کیفیت‬‫و‬‫جامعیت‬،‫اطالعات‬‫لحاظ‬‫داشتن‬‫‌دهی‬‫ش‬‫گزار‬،‫الزامی‬‫و‬‫اتدوین‬‫استراتژی‬ ‫ارتباط‬‫با‬‫ذینفعان‬ EDM05.03 Monitor stakeholder communication: Monitor the effectiveness of stakeholder communication. Assess mechanisms for ensuring accuracy, reliability and effectiveness, and ascertain whether the requirements of different stakeholders are met. • Assurance review report • Assurance review results • Assessment of reporting effectiveness •‫پایش‬‫اثربخشی‬‫ارتباطات‬‫با‬‫ذینفعان‬. •‫ارزیابی‬‫مکانیزمهای‬‫تضمین‬،‫دقت‬‫قابلیت‬،‫اطمینان‬‫و‬‫اثربخشی‬‫ارتباطات‬ •‫تعیین‬‫وضعیت‬‫تحقق‬‫نیازهای‬‫ذینفعان‬‫مختلف‬ EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 ResourceOptimization EDM05 Stakeholder Transparency
Service Strategy (Portfolio) Service Design (Product Management) Service Transition (Development) Service Operation (Support) Continual Service Improvement (Quality) 1. Strategy Management for IT Services 2. Service Portfolio Management 3. Demand Management 4. Financial Management for IT Services 5. Business Relationships Management 1. Design Coordination 2. Service Catalogue Management 3. Service Level Management 4. Risk Management 5. Capacity Management 6. Availability Management 7. IT Service Continuity Management 8. Information Security Management 9. Compliance Management 10. Architecture Management 11. Supplier Management 1. Change Management 2. Change Evaluation 3. Project Management (Transition Planning and Support) 4. Application Development 5. Release and Deployment Management 6. Service Validation and Testing 7. Service Asset and Configuration Management 8. Knowledge Management 1. Event Management 2. Incident Management 3. Request Fulfillment 4. Access Management 5. Problem Management 6. IT Operations Control 7. Facilities Management 8. Application Management 9. Technical Management 1. Service Review 2. Process Evaluation 3. Definition of CSI Initiatives 4. Monitoring of CSI Initiatives ITIL 3 Processes Stage Process
Process Comparison COBIT Processes Related ITIL Process Governance Governance 1. Ensure Governance Framework Setting and Maintenance - 2. Ensure Benefits Delivery - 3. Ensure Risk Optimization - 4. Ensure Resource Optimization - 5. Ensure Stakeholder Transparency - Management - APO 1. Manage the IT Management Framework - 2. Manage Strategy 1.1 3. Manage Enterprise Architecture 2.10 4. Manage Innovation - 5 .Manage Portfolio 1.2 6. Manage Budget and Costs 1.4 7. Manage Human Resources - 8. Manage Relationships 1.5 9. Manage Service Agreements 2.3 10. Manage Suppliers 2.11 11. Manage Quality - 12. Manage Risk 2.4 13. Manage Security 2.8 Process: Different definition Process: Not available
Process Comparison COBIT Processes Related ITIL Process BAI 1. Manage Programs and Projects 3.3 2. Manage Requirements Definition 1.5 , 2.3 3. Manage Solutions Identification and Build - 4. Manage Availability and Capacity 2.5 , 2.6 5. Manage Organizational Change Enablement (Change management) 3.1 , 3.2 6. Manage Changes 3.1 , 3.2 7. Manage Change Acceptance and Transitioning 3.1 , 2.10 8. Manage Knowledge 3.10 9. Manage Assets 3.7 10. Manage Configuration 3.7 DSS 1. Manage Operations 4 2. Manage Service Requests and Incidents 4.1 , 4.2 , 4.3 3. Manage Problems 4.5 4. Manage Continuity 2.7 5. Manage Security Services 2.8 6. Manage Business Process Controls 5.2 MEA 1. Monitor, Evaluate and Assess Performance and Conformance 2.9 , 5.1 , 5.3 , 5.4 2. Monitor, Evaluate and Assess the System of Internal Control - 3. Monitor, Evaluate and Assess Compliance with External Requirements 2.9 , 1.5 Process: Different definition Process: Not available
Thank you For more questions, please contact with me: mhsn.yousefi@gmail.com www.linkedin.com/in/mohsenyouefi/

Recommended

cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdf
mohammed539963
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
Christian F. Nissen
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
Sherri Booher
 
Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111
Patrick Soenen
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5
Laddawan Rattanaruang
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
 
IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500
Ramiro Cid
 
Cobit 5 - An Overview
Cobit 5 - An OverviewCobit 5 - An Overview
Cobit 5 - An Overview
Anurag Purohit
 

Recommended

cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdf
mohammed539963
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
Christian F. Nissen
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
Sherri Booher
 
Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111
Patrick Soenen
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5
Laddawan Rattanaruang
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
 
IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500
Ramiro Cid
 
Cobit 5 - An Overview
Cobit 5 - An OverviewCobit 5 - An Overview
Cobit 5 - An Overview
Anurag Purohit
 
ITSM Foundation Course Material
ITSM Foundation Course MaterialITSM Foundation Course Material
ITSM Foundation Course Material
stefanhenry
 
ITIL PPT
ITIL PPTITIL PPT
ITIL PPTVikas Aryan
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made Easy
Jerry Bishop
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
Mark Constable
 
What is Cobit
What is CobitWhat is Cobit
What is Cobit
Ben Kalland
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an IntroductionCOBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introduction
aqel aqel
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019
Gregor Polančič
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT Perspective
Sayyed Zakir Ali Rizwe
 
ITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT MappingITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT Mapping
Rob Akershoek
 
IT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability AssessmentIT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability Assessment
Eryk Budi Pratama
 
IT Governance Presentation
IT Governance PresentationIT Governance Presentation
IT Governance Presentation
jmcarden
 
CobiT, Val IT & Balanced Scorecards
CobiT, Val IT & Balanced ScorecardsCobiT, Val IT & Balanced Scorecards
CobiT, Val IT & Balanced ScorecardsMichael Sim
 
COBIT5 Introduction
COBIT5 IntroductionCOBIT5 Introduction
COBIT5 Introduction
Mohammad Reda Katby
 
IT Governance Introduction
IT Governance IntroductionIT Governance Introduction
IT Governance Introduction
Keith Rackley
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
 
It governance
It governanceIt governance
It governance
Mahetab Khan
 
How to implement effective ITSM System
How to implement effective ITSM SystemHow to implement effective ITSM System
How to implement effective ITSM System
Ana Meskovska
 
Frameworks For Predictability
Frameworks For PredictabilityFrameworks For Predictability
Frameworks For Predictability
tlknecht
 
Principal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachPrincipal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic Approach
Mohammad Reda Katby
 

More Related Content

What's hot

ITSM Foundation Course Material
ITSM Foundation Course MaterialITSM Foundation Course Material
ITSM Foundation Course Material
stefanhenry
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made Easy
Jerry Bishop
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
Mark Constable
 
What is Cobit
What is CobitWhat is Cobit
What is Cobit
Ben Kalland
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an IntroductionCOBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introduction
aqel aqel
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019
Gregor Polančič
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT Perspective
Sayyed Zakir Ali Rizwe
 
ITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT MappingITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT Mapping
Rob Akershoek
 
IT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability AssessmentIT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability Assessment
Eryk Budi Pratama
 
IT Governance Presentation
IT Governance PresentationIT Governance Presentation
IT Governance Presentation
jmcarden
 
CobiT, Val IT & Balanced Scorecards
CobiT, Val IT & Balanced ScorecardsCobiT, Val IT & Balanced Scorecards
CobiT, Val IT & Balanced ScorecardsMichael Sim
 
COBIT5 Introduction
COBIT5 IntroductionCOBIT5 Introduction
COBIT5 Introduction
Mohammad Reda Katby
 
IT Governance Introduction
IT Governance IntroductionIT Governance Introduction
IT Governance Introduction
Keith Rackley
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
 
It governance
It governanceIt governance
It governance
Mahetab Khan
 
How to implement effective ITSM System
How to implement effective ITSM SystemHow to implement effective ITSM System
How to implement effective ITSM System
Ana Meskovska
 

What's hot (20)

ITSM Foundation Course Material
ITSM Foundation Course MaterialITSM Foundation Course Material
ITSM Foundation Course Material
 
ITIL PPT
ITIL PPTITIL PPT
ITIL PPT
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made Easy
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
 
What is Cobit
What is CobitWhat is Cobit
What is Cobit
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an IntroductionCOBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introduction
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT Perspective
 
ITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT MappingITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT Mapping
 
IT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability AssessmentIT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability Assessment
 
IT Governance Presentation
IT Governance PresentationIT Governance Presentation
IT Governance Presentation
 
CobiT, Val IT & Balanced Scorecards
CobiT, Val IT & Balanced ScorecardsCobiT, Val IT & Balanced Scorecards
CobiT, Val IT & Balanced Scorecards
 
COBIT5 Introduction
COBIT5 IntroductionCOBIT5 Introduction
COBIT5 Introduction
 
IT Governance Introduction
IT Governance IntroductionIT Governance Introduction
IT Governance Introduction
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
It governance
It governanceIt governance
It governance
 
How to implement effective ITSM System
How to implement effective ITSM SystemHow to implement effective ITSM System
How to implement effective ITSM System
 

Similar to ITIL vs. COBIT

Frameworks For Predictability
Frameworks For PredictabilityFrameworks For Predictability
Frameworks For Predictability
tlknecht
 
Principal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachPrincipal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic Approach
Mohammad Reda Katby
 
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)
Sam Mandebvu
 
Implementing IT Service Management: A Guide to Success
Implementing IT Service Management: A Guide to SuccessImplementing IT Service Management: A Guide to Success
Implementing IT Service Management: A Guide to Success
Dave Cornelius - Value Contributor-agility and innovation
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB
 
Understanding Governance
Understanding GovernanceUnderstanding Governance
Understanding Governance
Network Intelligence India
 
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist, LLC
 
Cobit Training course
Cobit Training courseCobit Training course
Cobit Training course
Iman Baradari
 
Data Governance: Description, Design, Delivery
Data Governance: Description, Design, DeliveryData Governance: Description, Design, Delivery
Data Governance: Description, Design, Delivery
InnoTech
 
Syzygal cobit5-brc
Syzygal cobit5-brcSyzygal cobit5-brc
Syzygal cobit5-brc
Syzygal
 
Cobit 4.1 indri
Cobit 4.1 indriCobit 4.1 indri
Cobit 4.1 indri
dwiza indri
 
20180530123152_PPT8-TOPIK8-R0-IT Governance Instruments.pptx
20180530123152_PPT8-TOPIK8-R0-IT Governance Instruments.pptx20180530123152_PPT8-TOPIK8-R0-IT Governance Instruments.pptx
20180530123152_PPT8-TOPIK8-R0-IT Governance Instruments.pptx
BambangEkoSantoso
 
2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke
2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke
2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke
Mayk Campelo
 
CGEIT Course Content InfosecTrain.pdf
CGEIT Course Content InfosecTrain.pdfCGEIT Course Content InfosecTrain.pdf
CGEIT Course Content InfosecTrain.pdf
infosec train
 
CGEIT Course Content InfosecTrain
CGEIT Course Content InfosecTrainCGEIT Course Content InfosecTrain
CGEIT Course Content InfosecTrain
ShivamSharma909
 
Proposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise ITProposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise IT
Mehran Misaghi
 
Cobit 4.1 ivo oktavianti
Cobit 4.1 ivo oktaviantiCobit 4.1 ivo oktavianti
Cobit 4.1 ivo oktavianti
darminritonga amy
 

Similar to ITIL vs. COBIT (20)

Frameworks For Predictability
Frameworks For PredictabilityFrameworks For Predictability
Frameworks For Predictability
 
Principal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachPrincipal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic Approach
 
Co5bit
Co5bitCo5bit
Co5bit
 
Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007
 
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)
 
Implementing IT Service Management: A Guide to Success
Implementing IT Service Management: A Guide to SuccessImplementing IT Service Management: A Guide to Success
Implementing IT Service Management: A Guide to Success
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
 
Understanding Governance
Understanding GovernanceUnderstanding Governance
Understanding Governance
 
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
 
Cobit Training course
Cobit Training courseCobit Training course
Cobit Training course
 
Data Governance: Description, Design, Delivery
Data Governance: Description, Design, DeliveryData Governance: Description, Design, Delivery
Data Governance: Description, Design, Delivery
 
Syzygal cobit5-brc
Syzygal cobit5-brcSyzygal cobit5-brc
Syzygal cobit5-brc
 
Cobit 4.1 indri
Cobit 4.1 indriCobit 4.1 indri
Cobit 4.1 indri
 
20180530123152_PPT8-TOPIK8-R0-IT Governance Instruments.pptx
20180530123152_PPT8-TOPIK8-R0-IT Governance Instruments.pptx20180530123152_PPT8-TOPIK8-R0-IT Governance Instruments.pptx
20180530123152_PPT8-TOPIK8-R0-IT Governance Instruments.pptx
 
2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke
2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke
2 -governanca_de_tic_-_uma_visao_do_mercado_gartner_-_claudio_chauke
 
CGEIT Course Content InfosecTrain.pdf
CGEIT Course Content InfosecTrain.pdfCGEIT Course Content InfosecTrain.pdf
CGEIT Course Content InfosecTrain.pdf
 
CGEIT Course Content InfosecTrain
CGEIT Course Content InfosecTrainCGEIT Course Content InfosecTrain
CGEIT Course Content InfosecTrain
 
Proposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise ITProposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise IT
 
Rcmppt
RcmpptRcmppt
Rcmppt
 
Cobit 4.1 ivo oktavianti
Cobit 4.1 ivo oktaviantiCobit 4.1 ivo oktavianti
Cobit 4.1 ivo oktavianti
 

Recently uploaded

Premium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern BusinessesPremium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern Businesses
SynapseIndia
 
What are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdfWhat are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdf
HumanResourceDimensi1
 
The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...
awaisafdar
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
usawebmarket
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
creerey
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
agatadrynko
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
uae taxgpt
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
dylandmeas
 
Attending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learnersAttending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learners
Erika906060
 
Skye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto AirportSkye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto Airport
marketingjdass
 
Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...
Lviv Startup Club
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
seri bangash
 
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
BBPMedia1
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
ofm712785
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
Operational Excellence Consulting
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
Workforce Group
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
dylandmeas
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
BBPMedia1
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
LR1709MUSIC
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
Ben Wann
 

Recently uploaded (20)

Premium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern BusinessesPremium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern Businesses
 
What are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdfWhat are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdf
 
The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...The Parable of the Pipeline a book every new businessman or business student ...
The Parable of the Pipeline a book every new businessman or business student ...
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
 
Attending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learnersAttending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learners
 
Skye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto AirportSkye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto Airport
 
Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
 
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
 

ITIL vs. COBIT

  • 1. ITIL 3 vs. COBIT 5 Similarities & Differences By: Mohsen Yousefi mhsn.yousefi@gmail.com
  • 2. Purpose and Perspective •COBIT 5aims primarily to guide enterprises on the implementation, operation and, where required, improvement of their overall arrangements relating to governance and management of enterprise IT (GEIT). •ITIL provides guidance and good practice for IT service providers for the execution of ITSM from the perspective of enabling business value.
  • 3. Key differentiation • COBIT will be embraced because the realization is dawning that Cloud and SaaS (Software as a Service) and BYOD (Bring your own device/technology) are business decisions not IT decisions. • Organizations have failed their IT like a bad parent, and the road to redemption is via better enterprise-level governance of IT, and that's what COBIT 5 is all about. • ITIL V3 Service Strategy actually talks about governance quite a lot but nobody has read it! COBIT has the governance high ground.
  • 4. COBIT is broader than ITIL in its scope of coverage (GEIT) Scope Enablers: 1. Principles, policies and frameworks 2. Processes 3. Organizational structures 4. Culture, ethics and behavior 5. Information 6. Services, infrastructure and applications 7. People, skills and competencies. Principles: 1.meeting stakeholder needs 2.covering the enterprise end to end 3.applying a single, integrated framework; 4.enabling a holistic approach 5.separating governance from management
  • 5. ITIL focuses on ITSM and provides much more in-depth guidance in this area, addressing five stages of the service life cycle:  Service strategy  Service design  Service transition  Service operation  Continual service improvement. Scope
  • 6.  COBIT and ITIL are well aligned in their approach to ITSM.  The COBIT 5 Process Reference Model, Enabling Processes, maps closely to the ITIL v3 stages (as documented in COBIT 5) Similarities
  • 7. Governance Monitor, Evaluate, Direct (EDM) 1. Ensure Governance Framework Setting and Maintenance 2. Ensure Benefits Delivery 3. Ensure Risk Optimization 4. Ensure Resource Optimization 5. Ensure Stakeholder Transparency Management Align, Plan, Organize (APO) Build, Acquire, Implement (BAI) Deliver, Service, Support (DSS) Measure, Evaluate, Assess (MEA) 1. Manage the IT Management Framework 2. Manage Strategy 3. Manage Enterprise Architecture 4. Manage Innovation 5 .Manage Portfolio 6. Manage Budget and Costs 7. Manage Human Resources 8. Manage Relationships 9. Manage Service Agreements 10. Manage Suppliers 11. Manage Quality 12. Manage Risk 13. Manage Security 1. Manage Programs and Projects 2. Manage Requirements Definition 3. Manage Solutions Identification and Build 4. Manage Availability and Capacity 5. Manage Organizational Change Enablement (Change management) 6. Manage Changes 7. Manage Change Acceptance and Transitioning 8. Manage Knowledge 9. Manage Assets 10. Manage Configuration 1. Manage Operations 2. Manage Service Requests and Incidents 3. Manage Problems 4. Manage Continuity 5. Manage Security Services 6. Manage Business Process Controls 1. Monitor, Evaluate and Assess Performance and Conformance 2. Monitor, Evaluate and Assess the System of Internal Control 3. Monitor, Evaluate and Assess Compliance with External Requirements COBIT 5 Processes Area Domain Process
  • 8. COBIT 5 Processes- Governance vs. Management Governance and Management Processes: The difference between types of processes lies within the objectives of the processes. The outcome of types of processes is different and intended for a different audience. Governance ensures that enterprise objectives (value delivery, risk optimization and resource optimization) are achieved by Evaluating stakeholder needs, conditions and options; setting Direction through prioritization and decision making; and Monitoring performance, compliance and progress against agreed-on direction and objectives. (EDM) Management Plans, Builds, Runs and Monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM).
  • 9. COBIT 5 Processes- Governance Processes EDM01: Ensure Governance Framework Setting and Maintenance Process Description Analyze and articulate the requirements for the governance of enterprise IT, and put in place and maintain effective enabling structures, principles, processes and practices, with clarity of responsibilities and authority to achieve the enterprise’s mission, goals and objectives. ‫تعریف‬‫فرایند‬ o‫تحلیل‬‫و‬‫ییان‬‫روشن‬‫و‬‫دقیق‬‫‌های‬‫ی‬‫نیازمند‬‫حاکمیت‬‫فناوری‬‫اطالعات‬‫سازمانی؛‬ o،‫‌سازی‬‫ه‬‫پیاد‬‫حفظ‬‫و‬‫نگهداشت‬،‫ساختارها‬‫اصول‬‫و‬،‫مبانی‬‫فرایندها‬‫و‬‫‌های‬‫ت‬‫فعالی‬ ‌‫توانمندساز‬،‫اثربخش‬‫با‬‫رعایت‬‫وضوح‬‫و‬‫شفافیت‬‫در‬‫‌ها‬‫ت‬‫مسئولی‬‫و‬‫اختیارات؛‬ o‫با‬‫هدف‬‫دستیابی‬‫به‬،‫ماموریت‬‫اهداف‬‫کالن‬‫و‬‫اهداف‬‫کوتا‬‫‌مدت‬‫ه‬(‫عملیاتی‬)‫سازمان‬ Process Purpose Statement Provide a consistent approach integrated and aligned with the enterprise governance approach. To ensure that IT-related decisions are made in line with the enterprise’s strategies and objectives, ensure that IT-related processes are overseen effectively and transparently, compliance with legal and regulatory requirements is confirmed, and the governance requirements for board members are met. ‫بیانیه‬‫هدف‬‫فرایند‬ o‫تدوین‬‫یک‬‫رویکرد‬‌‫ثابت‬‫یکپارچه‬‫و‬‫همراستا‬‫با‬‫رویکرد‬‫حاکمیت‬‫سازمانی‬‫به‬‫منظ‬‫ور‬ ‫اطمینان‬‫از‬: o‫همراستایی‬‫تصمیمات‬‫مرتبط‬‫با‬‫فناوری‬‫اطالعات‬‫با‬‫‌ها‬‫ی‬‫استراتژ‬‫و‬‫اهداف‬‫عملیاتی‬ ‫سازمان؛‬ o‫نظارت‬‫اثربخش‬‫و‬‫شفاف‬‫بر‬‫فرایندهای‬‫مرتبط‬‫با‬‫فناوری‬‫اطالعات؛‬ o‫تطابق‬(‫فرایندهای‬‫مرتبط‬‫با‬‫فناوری‬‫اطالعات‬)‫با‬‫الزامات‬‫قانونی‬‫و‬‫رگوالتوری؛‬ o‫رعایت‬‫الزامات‬‫حاکمیت‬‫هیات‬‫مدیره‬. Process Goals 1. Strategic decision-making model for IT is effective and aligned with the enterprise’s internal and external environment and stakeholder requirements. 2. The governance system for IT is embedded in the enterprise 3. Assurance is obtained that the governance system for IT is operating effectively. ‫فرایند‬ ‫اهداف‬ 1.‫اثربخشی‬‫مدل‬‫‌گیری‬‫م‬‫تصمی‬‫راهبردی‬ ‫برای‬‫فناوری‬‫اطالعات‬‫و‬‫همراستایی‬‫آن‬‫با‬ ‫الزامات‬‫و‬‫‌های‬‫ی‬‫نیازمند‬‫محیط‬‫داخلی‬‫و‬ ‫بیرونی‬‫سازمان‬‫و‬‫نیز‬‫الزامات‬‫و‬‫‌های‬‫ه‬‫خواست‬ ‫ذینفعان‬ 2.‫استقرار‬‫و‬‫‌سازی‬‫ی‬‫جار‬‫سیستم‬‫حاکمیت‬ ‫فناوری‬‫اطالعات‬‫در‬‫درون‬‫سازمان‬ 3.‫حصول‬‫اطمینان‬‫و‬‌‫تضمین‬‌‫اثربخشی‬ ‌‫عملکرد‬‫سیستم‬‫حاکمیت‬‫فناوری‬‫اطالع‬‫ات‬ ‫های‬‫شاخص‬‫مرتبط‬ 1-1-‫سیکل‬‫زمانی‬‫تصمیمات‬‫کلیدی‬(‫عملکرد‬‫به‬‫هدف‬) 1-2-‫سطح‬‫رضایت‬‫ذینفعان‬(‫برداشتی‬) 2-1-‌،‫‌ها‌و‌اختیارات‌تعریف‌شده‬‫ت‬‫‌ها،‌مسئولی‬‫ش‬‫تعداد‌نق‬ ‫تخصیص‌داده‌شده‌و‌پذیرفته‌شده‌توسط‌مدیران‬‫سازمانی‬‌‫و‬ ‫مدیران‌فناوری‌اطالعات‬ 2-2-‫درصد‌فرایندها‌و‌زیرفرایندهایی‌که‌اصول‌حاکمیت‌فن‬‌‫اوری‬ ‫‌سازی‌شده‌و‌قابل‌ردیابی‌است‬‫ه‬‫اطالعات‌در‌آنها‌پیاد‬. 2-3-‌‫تعداد‌موارد‌عدم‌انطباق‌با‌خطوط‌راهنمای‌رفتاری‌و‬ ‫‌ای‬‫ه‬‫حرف‬ 3-1-‫دوره‬‫تناوب‬‫‌های‬‫ی‬‫بازنگر‬‫مستقل‬‫حاکمیت‬‫فناوری‬ ‫اطالعات‬ 3-2-‌‫‌دهی‌از‬‫ش‬‫دوره‌تناوب‌گزار‬(‫وضعیت‬)‌‫حاکمیت‌فناوری‬ ‫اطالعات‌به‌کمیته‌اجرایی‌و‌هیات‌مدیره‬ 3-3-‌‫تعداد‌مسائل‌و‌موضوعات‌گزارش‌شده‌از‌حاکمیت‬ ‌‫فناوری‌اطالعات‬ EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 ResourceOptimization EDM05 Stakeholder Transparency
  • 10. COBIT 5 Processes- Governance Processes EDM01: Ensure Governance Framework Setting and Maintenance Governance Practice Inputs Outputs EDM01.01: Evaluate the governance system Continually identify and engage with the enterprise’s stakeholders, document an understanding of the requirements, and make a judgment on the current and future design of governance of enterprise IT. • Communications of changed compliance requirements • Business environment trends • Regulations • Governance/decision-making model guidance • Constitution/bylaws/statutes of organization • Enterprise governance guiding principles • Decision-making model • Authority levels •‫شناسایی‬‫و‌درگیر‌ساختن‌مستمر‌ذینفعان‌سازمان‬ •‫‌ها‌و‌الزامات‬‫ه‬‫مستندسازی‌درکی‌از‌نیازها،‌خواست‬ •‫ارزیابی‌در‌مورد‌طراحی‌فعلی‌و‌آتی‌حاکمیت‌فناوری‌اطالعات‌سازمانی‬ EDM01.02: Direct the governance system Inform leaders and obtain their support, buy-in and commitment. Guide the structures, processes and practices for the governance of IT in line with agreed- on governance design principles, decision-making models and authority levels. Define the information required for informed decision making. - • Enterprise governance communications • Reward system approach •‫‌سازی‌رهبران‌و‌جلب‌حمایت،‌موافقت‌و‌تعهد‌آنها‬‫ه‬‫آگا‬ •‫‌های‌حاکمیت‌فناوری‌اطالعات‌در‌راستای‌مصوبات‌اصو‬‫ت‬‫هدایت‌ساختارها،‌فرایندها،‌و‌فعالی‬‌‫ل‬ ‫‌گیری،‌و‌سطوح‌اختیارات‬‫م‬‫‌های‌تصمی‬‫ل‬‫طراحی‌حاکمیت،‌مد‬ •‫‌گیری‌آگاهانه‬‫م‬‫تعریف‌اطالعات‌مورد‌نیاز‌برای‌تصمی‬ EDM01.03: Monitor the governance system Monitor the effectiveness and performance of the enterprise’s governance of IT. Assess whether the governance system and implemented mechanisms (including structures, principles and processes) are operating effectively and provide appropriate oversight of IT. • Performance reports • Status and results of Actions • Results of benchmarking and other evaluations • Results of internal control monitoring and reviews • Results of reviews of self-assessments • Assurance plans • Compliance confirmations • Reports of non-compliance issues and root causes • Compliance assurance reports • Obligations • Audit reports • Feedback on governance effectiveness and performance •‫پایش‌اثربخشی‌و‌عملکرد‌حاکمیت‌سازمانی‌فناوری‌اطالعات‬ •‌‫ارزیابی‌اثربخشی‌عملکرد‌سیستم‌حاکمیت‬(‫فناوری‌اطالعات‬)‫‌های‌پیاده‌شد‬‫م‬‫و‌مکانیز‬‌‫ه‌آن‬ (‫شامل‌ساختارها،‌اصول‌و‌فرایندها‬) •‫ایجاد‌نظارت‌مناسب‌بر‌فناوری‌اطالعات‬ EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 ResourceOptimization EDM05 Stakeholder Transparency
  • 11. COBIT 5 Processes- Governance Processes EDM02: Ensure Benefits Delivery Process Description Optimize the value contribution to the business from the business processes, IT services and IT assets resulting from investments made by IT at acceptable costs. ‫تعریف‬‫فرایند‬ o‫‌سازی‬‫ه‬‫بهین‬‫ارزش‬‫ایجاد‬‫شده‬‫برای‬‫کسب‬‫و‬‫کار‬‫با‬‫هزینه‬‫قابل‬‫قبول‬ (‫در‬‫اینجا‬)‫ایجاد‬‫ارزش‬‫ناشی‬‫از‬‫‌های‬‫ی‬‫‌گذار‬‫ه‬‫سرمای‬IT‫بوده‬‫و‬‫از‬‫فرایندهای‬‫کسب‬‫و‬ ،‫کار‬‫‌ها‬‫س‬‫سروی‬‫و‬‫‌های‬‫ی‬‫دارای‬‫فناوری‬‫اطالعات‬‫بدست‬‫‌آید‬‫ی‬‫م‬. Process Purpose Statement Secure optimal value from IT-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. ‫بیانیه‬‫هدف‬‫فرایند‬ o‫تامین‬‫ارزش‬‫بهینه‬‫از‬‫طریق‬،‫‌ها‬‫ه‬‫پروژ‬‫‌ها‬‫س‬‫سروی‬‫و‬‫‌های‬‫ی‬‫دارای‬‫فناوری‬‫اطالعات‬ o‫ارائه‬‫مقرون‬‫به‬‫صرفه‬‫راهکارها‬‫و‬‫‌ها‬‫س‬‫سروی‬ o‫ایجاد‬‫تصویر‬‫مطمئن‬‫و‬‫دقیق‬‫از‬‫‌ها‬‫ه‬‫هزین‬‫و‬‫فواید‬‫محتمل‬‫به‬‫‌ای‬‫ه‬‫گون‬‫که‬‫نیازهای‬‫کس‬‫ب‬‫و‬ ‫کار‬‫به‬‫طور‬‫اثربخش‬‫و‬‫کارا‬‫پشتیبانی‬‫شوند‬. Process Goals 1. The enterprise is securing optimal value from its portfolio of approved IT-enabled initiatives, services and assets. 2. Optimal value is derived from IT investment through effective value management practices in the enterprise. 3. Individual IT-enabled investments contribute optimal value. ‫فرایند‬ ‫اهداف‬ .1‫تامین‬‫ارزش‬‫بهینه‬‫از‬‫سبد‬،‫‌ها‬‫ه‬‫پروژ‬ ‫‌ها‬‫س‬‫سروی‬‫و‬‫‌های‬‫ی‬‫دارای‬(‫فناوری‬ ‫اطالعات‬)‫مصوب‬‫سازمان‬ .2‫کسب‬‫ارزش‬‫بهینه‬‫از‬‫‌گذاری‬‫ه‬‫سرمای‬‫بر‬ ‫فناوری‬،‫اطالعات‬‫از‬‫طریق‬‫فرایندهای‬ ‫مدیریت‬‫ارزش‬‫اثربخش‬‫در‬‫سازمان‬ .3‫سهیم‬‫بودن‬‫‌های‬‫ی‬‫‌گذار‬‫ه‬‫سرمای‬ ‫توانمندساز‬‫جداگانه‬‫در‬‫فناوری‬‫اطالعات‬ ‫در‬‫کسب‬‫ارزش‬‫بهینه‬ ‫های‬‫شاخص‬‫مرتبط‬ 1-1-‫سطح‬‫رضایت‬‫مدیران‬‫اجرایی‬‫از‬‫ارزش‬‫بدست‬‫آمده‬‫از‬ ‫فناوری‬‫اطالعات‬‫و‬‫‌های‬‫ه‬‫هزین‬‫آن‬ 1-2-‫اختالف‬‫بین‬‫ترکیب‬‫‌گذاری‬‫ه‬‫سرمای‬‫هدفگذاری‬‫شده‬‫و‬ ‫محقق‬‫شده‬ 1-3-‫سطح‌رضایت‌ذینفعان‬‫از‌توانایی‌سازمان‌در‌کسب‌ارزش‬ ‫‌های‌فناوری‌اطالعات‬‫ه‬‫از‌پروژ‬ 2-1-‫تعداد‌رخدادهایی‌که‌به‌دلیل‌دور‌زدن‌و‌یا‌تالش‌برای‌دو‬‌‫ر‬ ‫‌های‌مدیریت‌ارزش‌اتفاق‌میفتد‬‫ت‬‫زدن‌اصول‌و‌فعالی‬ 2-2-‌‫‌های‌فناوری‌اطالعات‌در‌مجموع‌سبد‬‫ه‬‫سهم‌پروژ‬ ‌‫‌ها،‌زمانی‌که‌ارزش‌در‌تمام‌چرخه‌حیاتش‌مدیریت‬‫ه‬‫پروژ‬ ‫‌شود‬‫ی‬‫م‬. 3-1-‌‫شاخص‌برداشتی‌سطح‌رضایت‌ذینفعان‌از‌حرکت‬ (‫پیشرفت‬)‌‫به‌سمت‌اهداف‌کالن‌شناسایی‌شده‌با‌ارائه‬ ‫ارزش‬ 3-2-‫درصد‌تحقق‌ارزش‌مورد‌انتظار‬ EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 ResourceOptimization EDM05 Stakeholder Transparency
  • 12. COBIT 5 Processes- Governance Processes EDM02: Ensure Benefits Delivery Governance Practice Inputs Outputs EDM02.01: Evaluate value optimization Continually evaluate the portfolio of IT-enabled investments, services and assets to determine the likelihood of achieving enterprise objectives and delivering value at a reasonable cost. Identify and make judgment on any changes in direction that need to be given to management to optimize value creation. • Strategic road map • Investment return expectations • Selected programs with • return on investment (ROI) milestones • Benefit results and related communication • Stage-gate review results • Evaluation of strategic alignment • Evaluation of investment and services portfolios •‫ارزیابی‬‫مستمر‬‫پورتفوی‬‫‌های‬‫ی‬‫‌گذار‬‫ه‬‫سرمای‬،‫‌ها‬‫ه‬‫پروژ‬‫‌ها‬‫س‬‫سروی‬‫و‬‫‌های‬‫ی‬‫دارای‬‫فناوری‬‫اطالعات‬ ‫بمنظور‬‫تعیین‬‫احتمال‬‫دستیابی‬‫به‬‫اهداف‬‫عملیاتی‬‫سازمان‬‫و‬‫ارائه‬،‫ارزش‬‫ضمن‬‫صرف‬‫هزین‬‫ه‬ ‫معقول‬ •‫شناسایی‬‫و‬‫ارزیابی‬‫در‬‫مورد‬‫هر‬‫گونه‬‫تغییر‬‫در‬‫‌گیری‬‫ت‬‫جه‬‫مدیریت‬‫که‬‫برای‬‫‌سازی‬‫ه‬‫بهین‬‫ای‬‫جاد‬ ‫ارزش‬‫نیاز‬‫است‬. EDM02.02: Direct value optimization Direct value management principles and practices to enable optimal value realization from IT-enabled investments throughout their full economic life cycle. - • Investment types and criteria • Requirements for stage-gate reviews •‫هدایت‬‫و‬‫راهبری‬‫اصول‬‫و‬‫فرایندهای‬‫مدیریت‬‫ارزش‬‫در‬‫طول‬‫چرخه‬‫کامل‬‫حیات‬‫اقتصادی‬‫آنها؛‬‫به‬ ‫منظور‬‫توانمندسازی‬‫دستیابی‬‫به‬‫ارزش‬‫بهینه‬‫از‬‫‌های‬‫ی‬‫‌گذار‬‫ه‬‫سرمای‬‫فناوری‬‫اطالعات‬ EDM02.03: Monitor value optimization Monitor the key goals and metrics to determine the extent to which the business is generating the expected value and benefits to the enterprise from IT-enabled investments and services. Identify significant issues and consider corrective actions. • Investment portfolio performance reports• Feedback on portfolio and program performance • Actions to improve value delivery •‫‌های‌کلیدی‌برای‌تعیین‌میزان‌ایجاد‌ارزش‌مورد‌انتظار‌و‌منافع‌از‬‫ص‬‫پایش‌اهداف‌کالن‌و‌شاخ‬ ‫‌های‌فناوری‌اطالعات‌برای‌سازمان؛‬‫س‬‫‌ها‌و‌سروی‬‫ی‬‫‌گذار‬‫ه‬‫طریق‌سرمای‬ •‫شناسایی‌مسائل‌و‌موضوعات‌با‌اهمیت‌و‌لحاظ‌اقدامات‌اصالحی‬. EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 ResourceOptimization EDM05 Stakeholder Transparency
  • 13. COBIT 5 Processes- Governance Processes EDM03: Ensure Risk Optimization Process Description Ensure that the enterprise’s risk appetite and tolerance are understood, articulated and communicated, and that risk to enterprise value related to the use of IT is identified and managed. ‫تعریف‬‫فرایند‬ o‫حصول‬‫اطمینان‬‫از‬،‫درک‬‫بیان‬‫شفاف‬‫و‬،‫دقیق‬‫و‬‫نیز‬‫ابالغ‬‫میزان‬‫و‬‫حدود‬‫‌پذی‬‫ک‬‫ریس‬‫ری‬ ‫سازمان؛‬ o‫حصول‬‫اطمینان‬‫از‬‫شناسایی‬‫و‬‫مدیریت‬‫‌های‬‫ک‬‫ریس‬(‫تهدید‬‫‌ها‬‫ه‬‫کنند‬)‫‌های‬‫ش‬‫ارز‬ ‫سازمانی‬‫که‬‫از‬‫کاربرد‬‫فناوری‬‫اطالعات‬‫ناشی‬‫‌شوند‬‫ی‬‫م‬. Process Purpose Statement Ensure that IT-related enterprise risk does not exceed risk appetite and risk tolerance, the impact of IT risk to enterprise value is identified and managed, and the potential for compliance failures is minimized. ‫بیانیه‬‫هدف‬‫فرایند‬ ‫حصول‬‫اطمینان‬‫از‬‫اینکه‬: o‫‌های‬‫ک‬‫ریس‬‫سازمانی‬‫مرتبط‬‫با‬‫فناوری‬‫اطالعات‬‫از‬‫محدوده‬‫‌پذیری‬‫ک‬‫ریس‬‫سازمان‬‫تجاوز‬ ‫‌کنند؛‬‫ی‬‫نم‬ o‫تاثیرات‬‫‌های‬‫ک‬‫ریس‬‫مرتبط‬‫با‬‫فناوری‬‫اطالعات‬‫بر‬‫‌های‬‫ش‬‫ارز‬‫سازمان‬‫شناسایی‬‫و‬‫مدیر‬‫یت‬ ‫‌اند؛‬‫ه‬‫شد‬ o‫پتانسیل‬‫وقوع‬‫عدم‬‫‌ها‬‫ق‬‫انطبا‬(‫با‬‫الزامات‬‫ذینفعان‬‫و‬‫الزامات‬‫قانونی‬)‫به‬‫حداقل‬‫رسی‬‫ده‬ ‫است‬. Process Goals 1. Risk thresholds are defined and communicated and key IT-related risk is known. 2. The enterprise is managing critical IT-related enterprise risk effectively and efficiently. 3. IT-related enterprise risk does not exceed risk appetite and the impact of IT risk to enterprise value is identified and managed. ‫فرایند‬ ‫اهداف‬ .1‫تعیین‬‫حدود‬‫پذیرش‬‫ریسک‬‫و‬‫ابالغ‬‫آن‬‫ها‬‫و‬ ‫شناسایی‬‫‌های‬‫ک‬‫ریس‬‫کلیدی‬‫مرتبط‬‫ب‬‫ا‬ ‫فناوری‬‫اطالعات‬ .2‫مدیریت‬‫‌های‬‫ک‬‫ریس‬‫بحرانی‬‫سازمانی‬ ‫مرتبط‬‫با‬‫فناوری‬‫اطالعات‬‫بطور‬‫اثربخش‬ ‫و‬‫کارا‬‫توسط‬‫سازمان‬ .3‫کنترل‬‫و‬‫نگهداشت‬‫سطح‬‫‌های‬‫ک‬‫ریس‬ ‫سازمانی‬‫مرتبط‬‫با‬‫فناوری‬‫اطالعات‬‫در‬ ‫محدوده‬‫قابل‬،‫پذیرش‬‫و‬‫نیز‬‫شناخت‬‫و‬ ‫مدیریت‬‫تاثیرات‬‫این‬‫گونه‬‫‌ها‬‫ک‬‫ریس‬‫ب‬‫ر‬ ‫‌های‬‫ش‬‫ارز‬‫سازمان‬ ‫های‬‫شاخص‬‫مرتبط‬ 1-1-‫سطح‬‫همراستایی‬‫‌های‬‫ک‬‫ریس‬‫فناوری‬‫اطالعات‬‫و‬ ‫‌های‬‫ک‬‫ریس‬‫سازمانی‬ 1-2-‫تعداد‬‫‌های‬‫ک‬‫ریس‬‫فناوری‬‫اطالعات‬‫شناسایی‬‫و‬‫مدیریت‬ ‫شده‬ 1-3-‫نرخ‬‫به‌روزآوری‌ارزیابی‌عوامل‌ریسک‬ 2-1-‌‫‌های‌فناوری‌اطالعات‬‫ک‬‫‌های‌سازمان‌که‌ریس‬‫ه‬‫درصد‌پروژ‬ ‫‌کنند‬‫ی‬‫را‌لحاظ‌م‬ 2-2-‌‫درصد‌اقدامات‌اجرایی‬(‫کنترل‬/‫کاهش‬)‌‫‌های‬‫ک‬‫ریس‬ ‫‌اند‬‫ه‬‫فناوری‌اطالعات‌که‌به‌موقع‌انجام‌شد‬. 2-3-‌‫‌های‌بحرانی‌که‌بطور‌اثربخش‌کاهش‬‫ک‬‫درصد‌ریس‬ ‫‌اند‬‫ه‬‫یافت‬. 3-1-‫سطح‌تاثیرات‌سازمانی‌غیرمنتظره‬ 3-2-‌‫‌های‌فناوری‌اطالعات‌که‌از‌محدوده‌قابل‬‫ک‬‫درصد‌ریس‬ ‫‌اند‬‫ه‬‫پذیرش‌خارج‌شد‬. EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 ResourceOptimization EDM05 Stakeholder Transparency
  • 14. COBIT 5 Processes- Governance Processes EDM03: Ensure Risk Optimization Governance Practice Inputs Outputs EDM03.01: Evaluate risk management Continually examine and make judgment on the effect of risk on the current and future use of IT in the enterprise. Consider whether the enterprise’s risk appetite is appropriate and that risk to enterprise value related to the use of IT is identified and managed. • Emerging risk issues and factors • Enterprise risk management principles • Risk analysis results • Risk appetite guidance • Approved risk tolerance levels • Evaluation of risk management activities •‫بررسی‬‫و‬‫ارزیابی‬‫مستمر‬‫بر‬‫تاثیرات‬‫‌ها‬‫ک‬‫ریس‬‫بر‬‫کاربرد‬‫فعلی‬‫و‬‫آتی‬‫فناوری‬‫اطالعات‬‫در‬‫س‬‫ازمان‬ •‫بررسی‬‫متناسب‬‫بودن‬‫سطح‬‫‌پذیری‬‫ک‬‫ریس‬‫سازمان‬ •(‫ارزیابی‬‫عملکرد‬‫سازمان‬)‫در‬‫شناسایی‬‫و‬‫مدیریت‬‫‌های‬‫ک‬‫ریس‬(‫تهدیدات‬)‫‌های‬‫ش‬‫ارز‬‫سازمانی‬ ‫که‬‫به‬‫کاربرد‬(‫بکارگیری‬)‫فناوری‬‫اطالعات‬‫مرتبط‬‫است‬. EDM03.02: Direct risk management Direct the establishment of risk management practices to provide reasonable assurance that IT risk management practices are appropriate to ensure that the actual IT risk does not exceed the board’s risk appetite. • Aggregated risk profile, including status of risk management actions • Enterprise risk management (ERM) profiles and mitigation Plans • Risk management policies • Key objectives to be monitored for risk management • Approved process for measuring risk Management •‫هدایت‬‫و‬‫راهبری‬‫‌سازی‬‫ه‬‫پیاد‬‫فرایندهای‬‫مدیریت‬‫ریسک‬‫به‬‫منظور‬‫ایجاد‬‫تضمین‬‫منطقی‬‫و‬ ‫مناسب‬‫نسبت‬‫به‬‫اینکه‬‫فرایندهای‬‫مدیریت‬‫ریسک‬‫فناوری‬‫اطالعات‬‫برای‬‫پیشگیری‬‫از‬‫ای‬‫نکه‬ ‫‌های‬‫ک‬‫ریس‬‫فناوری‬‫اطالعات‬‫از‬‫محدوده‬‫قابل‬‫پذیرش‬‫برای‬‫هیات‬،‫مدیره‬‫تجاوز‬‫نکنند‬. EDM03.03: Monitor risk management Monitor the key goals and metrics of the risk management processes and establish how deviations or problems will be identified, tracked and reported for remediation. • Risk analysis results • Opportunities for acceptance of greater risk • Results of third-party risk assessments • Risk analysis and risk profile reports for stakeholders • Remedial actions to address risk management deviations • Risk management issues for the board •‫پایش‬‫اهداف‬‫کالن‬‫و‬‫‌های‬‫ص‬‫شاخ‬‫کلیدی‬‫فرایندهای‬‫مدیریت‬‫ریسک‬‫و‬‫تعیین‬‫چگونگی‬ ،‫شناسایی‬‫ردیابی‬‫و‬‫‌دهی‬‫ش‬‫گزار‬‫انحرافات‬‫و‬‫یا‬،‫مشکالت‬‫به‬‫منظور‬‫انجام‬‫اصالحات‬ EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 ResourceOptimization EDM05 Stakeholder Transparency
  • 15. COBIT 5 Processes- Governance Processes EDM04: Ensure Resource Optimization Process Description Ensure that adequate and sufficient IT-related capabilities (people, process and technology) are available to support enterprise objectives effectively at optimal cost. ‫تعریف‬‫فرایند‬ o‫حصول‬‫اطمینان‬‫از‬‫اینکه‬‫‌های‬‫ت‬‫قابلی‬‫کافی‬‫و‬‫وافی‬(‫شامل‬،‫افراد‬‫فرایندها‬‫و‬‫تکن‬‫ولوژی‬) ‫برای‬‫پشتیبانی‬‫اثربخش‬‫از‬‫اهداف‬‫عملیاتی‬‫سازمان‬‫و‬‫با‬‫هزینه‬‫بهینه‬‫در‬‫دسترس‬ ‫هستند‬. Process Purpose Statement Ensure that the resource needs of the enterprise are met in the optimal manner, IT costs are optimized, and there is an increased likelihood of benefit realization and readiness for future change. ‫بیانیه‬‫هدف‬‫فرایند‬ ‫حصول‬‫اطمینان‬‫از‬‫اینکه‬: o‫منابع‬‫مورد‬‫نیاز‬‫سازمان‬‫بطور‬‫بهینه‬‫برآورده‬‫‌شوند؛‬‫ی‬‫م‬ o‫‌های‬‫ه‬‫هزین‬‫فناوری‬‫اطالعات‬‫بهینه‬‫‌اند؛‬‫ه‬‫شد‬ o‫احتمال‬‫تحقق‬‫سود‬‫و‬‫آمادگی‬‫برای‬‫تغییر‬‫افزایش‬‫یافته‬‫است‬. Process Goals 1. The resource needs of the enterprise are met with optimal capabilities. 2. Resources are allocated to best meet enterprise priorities within budget constraints. 3. Optimal use of resources is achieved throughout their full economic life cycles. ‫فرایند‬ ‫اهداف‬ .1‫تامین‬‫منابع‬‫مورد‬‫نیاز‬‫سازمان‬‫با‬‫سطح‬ ‫‌ای‬‫ه‬‫بهین‬‫از‬‫‌ها‬‫ت‬‫قابلی‬ .2‫تخصیص‬‫منابع‬‫برای‬‫برآورده‬‫کردن‬ ‫‌های‬‫ت‬‫اولوی‬‫سازمان‬‫به‬‫بهترین‬‫شکل‬‫و‬ ‫با‬‫وجود‬‫‌های‬‫ت‬‫محدودی‬‫بودجه‬ .3‫رسیدن‬‫به‬‫استفاده‬‫بهینه‬‫از‬‫منابع‬‫د‬‫ر‬ ‫طول‬‫چرخه‬‫کامل‬‫حیات‬‫اقتصادی‬‫آنها‬ ‫های‬‫شاخص‬‫مرتبط‬ 1-1-‫بازخورد‬‫ذینفعان‬‫نسبت‬‫به‬‫‌سازی‬‫ه‬‫بهین‬‫منابع‬ 1-2-‫تعداد‬‫منافع‬‫حاصل‬‫از‬‫استفاده‬‫بهینه‬‫از‬‫منابع‬(‫مانند‬ ‫‌جویی‬‫ه‬‫صرف‬‫در‬‫‌ها‬‫ه‬‫هزین‬) 1-3-‌‫تعداد‌انحرافات‌از‌برنامه‌کاربرد‌منابع‌و‌راهبردهای‬ ‫معماری‌سازمانی‬ 2-1-‌‫تعداد‌انحرافات‬(‫منحصرا‬)‫از‌اصول‌مدیریت‌منابع‬ 2-2-‫‌هایی‌که‌تخصیص‌منابع‌آنها‌مناسب‌صورت‬‫ه‬‫درصد‌پروژ‬ ‫گرفته‬ 3-1-‫درصد‌کاربرد‌مجدد‌اجزاء‌معماری‬ 3-2-‫‌ها‌با‌سطح‌ریسک‌متوسط‌یا‌باال‬‫ه‬‫‌ها‌و‌برنام‬‫ه‬‫درصد‌پروژ‬ ‫به‌دلیل‌مسائل‌مدیریت‌منابع‬ 3-3-‫‌اند‬‫ه‬‫تعداد‌اهداف‌عملکردی‌مدیریت‌منابع‌که‌محقق‌شد‬. EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 Resource Optimization EDM05 Stakeholder Transparency
  • 16. COBIT 5 Processes- Governance Processes EDM04: Ensure Resource Optimization Governance Practice Inputs Outputs EDM04.01: Evaluate resource management Continually examine and make judgment on the current and future need for IT- related resources, options for resourcing (including sourcing strategies),and allocation and management principles to meet the needs of the enterprise in the optimal manner. • Gaps and changes required to realize target capability • Skill development plans • Decision results of supplier evaluations • Guiding principles for allocation of resources and capabilities • Guiding principles for enterprise architecture • Approved resources plan •‫بررسی‬‫و‬‫ا‬‫رزیابی‬‫مستمر‬‫منابع‬‫مورد‬‫نیاز‬‫مرتبط‬‫با‬‫فناوری‬،‫اطالعات‬‫‌های‬‫ه‬‫گزین‬‫‌یابی‬‫ع‬‫منب‬(‫شامل‬ ‫‌های‬‫ی‬‫استراتژ‬‫‌یابی‬‫ع‬‫منب‬)،‫و‬‫تخصیص‬‫و‬‫مدیریت‬‫اصولی‬‫که‬‫نیازهای‬‫سازمانی‬‫بطور‬‫بهینه‬‫برآورده‬ ‫شوند‬. EDM04.02: Direct resource management Ensure the adoption of resource management principles to enable optimal use of IT resources throughout their full economic life cycle. - • Communication of resourcing strategies • Assigned responsibilities for resource management • Principles for safeguarding Resources •‫حصول‬‫اطمینان‬‫از‬‫اتخاذ‬‫اصول‬‫مدیریت‬‫منابع‬‫به‬‫منظور‬‫ایجاد‬‫توانمندی‬‫استفاده‬‫بهینه‬‫از‬‫من‬‫ابع‬ ‫فناوری‬،‫اطالعات‬‫در‬‫طول‬‫چرخه‬‫کامل‬‫حیات‬‫اقتصادی‬‫آنها‬ EDM04.03: Monitor resource management Monitor the key goals and metrics of the resource management processes and establish how deviations or problems will be identified, tracked and reported for remediation. - • Feedback on allocation and effectiveness of resources and capabilities • Remedial actions to address resource management deviation •‫پایش‬‫اهداف‬‫کالن‬‫و‬‫‌های‬‫ص‬‫شاخ‬‫کلیدی‬‫فرایندهای‬‫مدیریت‬‫منابع‬‫و‬‫تعیین‬‫چگونگی‬‫شناس‬،‫ایی‬ ‫ردیابی‬‫و‬‫‌دهی‬‫ش‬‫گزار‬‫انحرافات‬‫و‬‫یا‬‫مشکالت‬‫به‬‫منظور‬‫انجام‬‫اصالحات‬ EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 Resource Optimization EDM05 Stakeholder Transparency
  • 17. COBIT 5 Processes- Governance Processes EDM05: Ensure Stakeholder Transparency Process Description Ensure that enterprise IT performance and conformance measurement and reporting are transparent, with stakeholders approving the goals and metrics and the necessary remedial actions. ‫تعریف‬‫فرایند‬ o‫اطمینان‬‫از‬‫اینکه‬(‫ارتباط‬)‫سنجش‬‫عملکرد‬‫و‬‫ارزیابی‬‫میزان‬‫انطباق‬(‫با‬‫الزامات‬‫ذی‬‫نفعان‬ ‫و‬‫الزامات‬‫قانونی‬)‫و‬‫نیز‬‫‌دهی‬‫ش‬‫گزار‬‫فناوری‬‫اطالعات‬‫سازمانی‬‫در‬‫مقایسه‬‫با‬‫اهداف‬ ،‫کالن‬‫‌ها‬‫ص‬‫شاخ‬‫و‬‫و‬‫اقدامات‬‫اصالحی‬‌‫الزم‬‫مصوب‬‫شده‬‫توسط‬،‫ذینفعان‬‫شفاف‬ ‫است‬. Process Purpose Statement Make sure that the communication to stakeholders is effective and timely and the basis for reporting is established to increase performance, identify areas for improvement, and confirm that IT-related objectives and strategies are in line with the enterprise’s strategy. ‫بیانیه‬‫هدف‬‫فرایند‬ ‫حصول‬‫اطمینان‬‫از‬‫اینکه‬: o‫ارتباطات‬‫با‬‫ذینفعان‬‫اثربخش‬‫و‬‫به‬‫موقع‬‫برقرار‬‫‌شود؛‬‫ی‬‫م‬ o‫پایه‬‫و‬‫اساس‬،‫‌دهی‬‫ش‬‫گزار‬‫افزایش‬‫سطح‬،‫عملکرد‬‫شناسایی‬‫‌ها‬‫ه‬‫زمین‬‫و‬‫نقاط‬‫قابل‬ ،‫بهبود‬‫و‬‫تایید‬‫‌راستایی‬‫م‬‫ه‬‫‌ها‬‫ی‬‫استراتژ‬‫و‬‫اهداف‬‫مرتبط‬‫با‬‫فناوری‬‫اطالعات‬‫با‬ ‫‌های‬‫ی‬‫استراتژ‬‫سازمان‬‫است؛‬ Process Goals 1. Stakeholder reporting is in line with stakeholder requirements. 2. Reporting is complete, timely and accurate. 3. Communication is effective and stakeholders are satisfied. ‫فرایند‬ ‫اهداف‬ .1‫همراستایی‬‫‌دهی‬‫ش‬‫گزار‬‫به‬‫ذینفعان‬‫ب‬‫ا‬ ‫‌ها‬‫ی‬‫نیازمند‬‫و‬‫‌های‬‫ه‬‫خواست‬‫آنها‬ .2‫‌دهی‬‫ش‬‫گزار‬،‫کامل‬‫به‬‫موقع‬‫و‬‫دقیق‬ .3‫برقراری‬‫ارتباطات‬‫اثربخش‬‫و‬‫رضایت‬ ‫ذینفعان‬ ‫های‬‫شاخص‬‫مرتبط‬ 1-1-‫تاریخ‬‫آخرین‬‫به‬‫روز‬‫رسانی‬‫‌های‬‫ی‬‫نیازمند‬‫‌دهی‬‫ش‬‫گزار‬ 1-2-‫درصد‬‫ذینفعانی‬‫که‬‫‌های‬‫ی‬‫نیازمند‬‫‌دهی‬‫ش‬‫گزار‬‫آنها‬‫احصا‬ ‫شده‬ 2-1-‫‌هایی‌که‌به‌موقع‌تحویل‬‫ش‬‫درصد‌گزار‬/‫‌اند‬‫ه‬‫ارائه‌نشد‬. 2-2-‫‌اند‬‫ه‬‫‌هایی‌که‌اشتباه‌داشت‬‫ش‬‫درصد‌گزار‬. 3-1-‫‌دهی‬‫ش‬‫سطح‌رضایت‌ذینفعان‌نسبت‌به‌گزار‬ 3-2-‌‫‌دهی‬‫ش‬‫‌های‌الزامی‌گزار‬‫ی‬‫تعداد‌نقض‌نیازمند‬(‌‫الزامات‬ ‫‌دهی‬‫ش‬‫گزار‬) EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 ResourceOptimization EDM05 Stakeholder Transparency
  • 18. COBIT 5 Processes- Governance Processes EDM05: Ensure Stakeholder Transparency Governance Practice Inputs Outputs EDM05.01: Evaluate stakeholder reporting requirements Continually examine and make judgment on the current and future requirements for stakeholder communication and reporting, including both mandatory reporting requirements (e.g., regulatory) and communication to other stakeholders. Establish the principles for communication. • Actions to improve value delivery • Risk management issues for the board • Feedback on allocation and effectiveness of resources and capabilities • Refined scope • Evaluation of enterprise reporting requirements • Reporting and communication principles •‫بررسی‬‫و‬‫ارزیابی‬‫مستمر‬‫نیازهای‬‫ارتباطی‬‫و‬‫‌دهی‬‫ش‬‫گزار‬‫حال‬‫و‬‫آتی‬،‫ذینفعان‬‫شامل‬‫نیازهای‬ ‫الزامی‬‫‌دهی‬‫ش‬‫گزار‬(‫مانند‬‫رگوالتوری‬)‫و‬‫نیز‬‫ارتباط‬‫با‬‫سایر‬‫ذینفعان‬ EDM05.02: Direct stakeholder communication and reporting Ensure the establishment of effective stakeholder communication and reporting, including mechanisms for ensuring the quality and completeness of information, oversight of mandatory reporting, and creating a communication strategy for stakeholders. • Risk analysis and risk profile reports for stakeholders • Rules for validating and approving mandatory reports • Escalation guidelines •‫حصول‬‫اطمینان‬‫از‬‫ایجاد‬‫ارتباط‬‫و‬‫‌دهی‬‫ش‬‫گزار‬‫موثر‬‫به‬،‫ذینفعان‬‫شامل‬‫ایجاد‬‫‌هایی‬‫م‬‫مکانیز‬‫برا‬‫ی‬ ‫اطمینان‬‫از‬‫کیفیت‬‫و‬‫جامعیت‬،‫اطالعات‬‫لحاظ‬‫داشتن‬‫‌دهی‬‫ش‬‫گزار‬،‫الزامی‬‫و‬‫اتدوین‬‫استراتژی‬ ‫ارتباط‬‫با‬‫ذینفعان‬ EDM05.03 Monitor stakeholder communication: Monitor the effectiveness of stakeholder communication. Assess mechanisms for ensuring accuracy, reliability and effectiveness, and ascertain whether the requirements of different stakeholders are met. • Assurance review report • Assurance review results • Assessment of reporting effectiveness •‫پایش‬‫اثربخشی‬‫ارتباطات‬‫با‬‫ذینفعان‬. •‫ارزیابی‬‫مکانیزمهای‬‫تضمین‬،‫دقت‬‫قابلیت‬،‫اطمینان‬‫و‬‫اثربخشی‬‫ارتباطات‬ •‫تعیین‬‫وضعیت‬‫تحقق‬‫نیازهای‬‫ذینفعان‬‫مختلف‬ EDM01 GovernanceFramework SettingandMaintenance EDM02 BenefitsDelivery EDM03 RiskOptimization EDM04 ResourceOptimization EDM05 Stakeholder Transparency
  • 19. Service Strategy (Portfolio) Service Design (Product Management) Service Transition (Development) Service Operation (Support) Continual Service Improvement (Quality) 1. Strategy Management for IT Services 2. Service Portfolio Management 3. Demand Management 4. Financial Management for IT Services 5. Business Relationships Management 1. Design Coordination 2. Service Catalogue Management 3. Service Level Management 4. Risk Management 5. Capacity Management 6. Availability Management 7. IT Service Continuity Management 8. Information Security Management 9. Compliance Management 10. Architecture Management 11. Supplier Management 1. Change Management 2. Change Evaluation 3. Project Management (Transition Planning and Support) 4. Application Development 5. Release and Deployment Management 6. Service Validation and Testing 7. Service Asset and Configuration Management 8. Knowledge Management 1. Event Management 2. Incident Management 3. Request Fulfillment 4. Access Management 5. Problem Management 6. IT Operations Control 7. Facilities Management 8. Application Management 9. Technical Management 1. Service Review 2. Process Evaluation 3. Definition of CSI Initiatives 4. Monitoring of CSI Initiatives ITIL 3 Processes Stage Process
  • 20. Process Comparison COBIT Processes Related ITIL Process Governance Governance 1. Ensure Governance Framework Setting and Maintenance - 2. Ensure Benefits Delivery - 3. Ensure Risk Optimization - 4. Ensure Resource Optimization - 5. Ensure Stakeholder Transparency - Management - APO 1. Manage the IT Management Framework - 2. Manage Strategy 1.1 3. Manage Enterprise Architecture 2.10 4. Manage Innovation - 5 .Manage Portfolio 1.2 6. Manage Budget and Costs 1.4 7. Manage Human Resources - 8. Manage Relationships 1.5 9. Manage Service Agreements 2.3 10. Manage Suppliers 2.11 11. Manage Quality - 12. Manage Risk 2.4 13. Manage Security 2.8 Process: Different definition Process: Not available
  • 21. Process Comparison COBIT Processes Related ITIL Process BAI 1. Manage Programs and Projects 3.3 2. Manage Requirements Definition 1.5 , 2.3 3. Manage Solutions Identification and Build - 4. Manage Availability and Capacity 2.5 , 2.6 5. Manage Organizational Change Enablement (Change management) 3.1 , 3.2 6. Manage Changes 3.1 , 3.2 7. Manage Change Acceptance and Transitioning 3.1 , 2.10 8. Manage Knowledge 3.10 9. Manage Assets 3.7 10. Manage Configuration 3.7 DSS 1. Manage Operations 4 2. Manage Service Requests and Incidents 4.1 , 4.2 , 4.3 3. Manage Problems 4.5 4. Manage Continuity 2.7 5. Manage Security Services 2.8 6. Manage Business Process Controls 5.2 MEA 1. Monitor, Evaluate and Assess Performance and Conformance 2.9 , 5.1 , 5.3 , 5.4 2. Monitor, Evaluate and Assess the System of Internal Control - 3. Monitor, Evaluate and Assess Compliance with External Requirements 2.9 , 1.5 Process: Different definition Process: Not available
  • 22. Thank you For more questions, please contact with me: mhsn.yousefi@gmail.com www.linkedin.com/in/mohsenyouefi/

Editor's Notes

  1. Whether employee-owned hardware and software are supported or not, they pose security risks to the organization if they connect to the corporate network or access corporate data. To minimize the risk and accommodate consumer technologies, many businesses are implementing BYOD policies.
  2. Next level: management practice Activities