COBIT 5. Jimmy Heschl. Process Analytics and Control. Wien, April 12
|
|
- Melvin Hopkins
- 6 years ago
- Views:
Transcription
1
2 COBIT 5 Process Analytics and Control Wien, April 12 Anmerkung: Sämtliche Informationen und Abbildungen dieser Präsentation unterliegen dem Urheber- und Werknutzungsrecht und anderen Bestimmungen. Jegliche Vervielfältigung, insbesonders jene zur kommerziellen Verwendung ist vom Autor ausdrücklich zu genehmigen.
3 Zur Person bwin.party, COBIT & J ustiz St i egl Wirtschaftsinfor m atik KP M G Ernst & Y oung Pragmatisc h e Gov e rnance auf Basis von S tandards, wie C OBIT sic h ert ver l ässlichkeit. 3
4 Zur Person bwin.party, COBIT & J ustiz St I egl Wirtschaftsinfor M atik KP M G Ernst & Y oung Pragmatisc H e Gov E rnance auf Basis von S tandards, wie C OBIT sic H ert ver L ässlichkeit 4
5 Der Anspruch Provide a renewed and authoritative governance and management framework for enterprise information and related technology (GEIT & MEIT). Linking together and reinforcing all other major ISACA frameworks and guidance such as: COBIT, Val IT, Risk IT, BMIS, ITAF, Board Briefing, TGF Connect to other major frameworks and standards in the marketplace (COSO, ITIL, ISO standards, etc.). 5
6 COBIT 5 - Entwicklung Gruppen Task Force Future Framework ( ) COBIT 5 Task Force Core Development Team Professional Support Team (PwC) Researcher Vorgehen Design durch Task Force Ausarbeitung durch Development Team Development Workshops Public Exposure Drafts Stress Tests SME Reviews 6
7 Was ist neu? Fokus Enterprise Governance over IT Scope Business & IT Methode Enabler Produkt Knowledge Base & Views und einiges mehr. 7
8 Publikationen Zum Release (10. April 2012) - COBIT Framework - Enabling Processes - Implementation Guide In Entwicklung - COBIT 5 for Security - COBIT 5 for Risk - COBIT 5 for Assurance - COBIT Online Replacement - COBIT 5 Assessment Programme In Planung - COBIT 5 for Performance - COBIT 5: Enabling Information (Enabler Guide) - More to come - COBIT Trainings - Ab Mai erste Kurse 8
9 Evolution of Scope Governance of Enterprise IT IT Governance Management Val IT 2.0 (2008) Control Audit Risk IT (2009) COBIT1 COBIT2 COBIT3 COBIT4.0 COBIT4.1 COBIT 5 9
10 COBIT 5 - Principles Meeting Stakeholder Needs Separating Governance From Management COBIT 5 Principles Covering the Enterprise End-to-End Enabling A Holistic Approach Applying a Single Integrated Framework 10
11 Meeting Stakeholder Needs Meeting Stakeholder s Needs Separating Governance From Management Enabling A Holistic Approach COBIT 5 Principles Applying a Single Integrated Framework Covering the Enterprise End-to-End Stakeholder Drivers (Environment, Technology, Evolution, ) Drive Governance Objective: Value Creation Benefits Realisation Resource Optimisation Risk Optimisation Jimmy Heschl 11
12 Meeting Stakeholder s Needs 12
13 Internal Stakeholders IT Manager How do we deliver IT services, as required by the business and directed by the board? Board, Executive, and Business Manager How do we define business direction for IT, deliver value, and manage risks? Risk and Compliance Manager How do we ensure that policies, regulations, and laws are complied with and new risks identified? IT Auditor How do we provide independent assurance of IT value delivery and risk mitigation? 13
14 External Stakeholders External Auditor I need to know whether the figures reported are correct and the control system is reliable? External Stakeholders Customers I need you to keep my private information secure on your computer system. Regulator How can we be assured that the organization has a business continuity plan? Remains in the country? Pays taxes? Keeps an employer of choice? Protects data and knowledge? mycompany? Anonymous How can I get access to the data? Suppliers Do we have assurance that confidential information about our company is not sent to our competitors? 14
15 Meeting Stakeholder Needs Separating Governance From Management COBIT Jim my He 5 Principles schl Covering the Enterprise End-to-End Stakeholder Drivers (Environment, Technology Evolution, ) Enabling A Holistic Approach Applying a Single Integrated Framework Stakeholder Needs Benefits Realisation Jiimmy Resource H eschl Optimisation Risk Optimisation Cascade to Enterprise Goals Cascade to IT Related Goals Cascade to Enabler Goals 15
16 Meeting Stakeholder Needs Covering the Enterprise End-to-End Separating Governance From Management Enabling A Holistic Approach COBIT 5 Principles Applying a Single Integrated Framework Covering the Enterprise End-to-End Governance Objective: Value Creation Benefits Realisation Resource Optimisation Risk Optimisation Governance Enablers Governance Scope Governance Roles, Activities and Relationships 16
17 Meeting Stakeholder Needs Separating Governance From Management COBIT Jim my He 5 Principles schl Covering the Enterprise End-to-End Governance Roles, Activities and Relationships Enabling A Holistic Approach Applying a Single Integrated Framework Delegate Set Direction Instruct & Align Owners and Stakeholders Accountability Governing Body Jim my He schl Monitor Management Report Operations & Execution 17
18 Meeting Stakeholder Needs Separating Governance from Management Separating Governance From Management Enabling A Holistic Approach COBIT Jim my He 5 Principles schl Applying a Single Integrated Framework Covering the Enterprise End-to-End Governance Jim my He schl Evaluate Direct Monitor Plan Build Run Monitor Management 18
19 Meeting Stakeholder Needs Aktualisierte Definitionen Separating Governance From Management Enabling A Holistic Approach COBIT Jim my He 5 Principles schl Applying a Single Integrated Framework Covering the Enterprise End-to-End Governance Governance Grafik: ensures Jjimmy that HHHeeeschl enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against plans. Management Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives. 19
20 GRC - Three Different Areas (often mixed up) Governance Risk Compliance Scope Evaluate, direct and monitor risk, value and resources. Probability of uncertain future events. Conforming to a rule. Question Are we getting the benefits? Are things going wrong? Are we doing things in accordance to requirements? (And: Can we prove it or shall we hide it?) Stakeholder Owners Management Owners Management Law enforcement Auditors Management Reaction Get the most out of it. Avoid it. Document it (CMA). 20
21 Meeting Stakeholder Needs Separating Governance From Management COBIT Jim my He 5 Principles schl Covering the Enterprise End-to-End Applying a Single Integrated Framework Enabling A Holistic Approach Applying a Single Integrated Framework Existing ISACA Guidance New ISACA Guidance Materials Other Standards and Frameworks COBIT 5 Knowledge Base COBIT 5 Enablers COBIT 5 Products COBIT 5 Framework COBIT 5 Enabler Guides COBIT 5 Practice Guides COBIT 5 Online 21
22 Meeting Stakeholder Needs Enabling a Holistic Approach Separating Governance From Management Enabling A Holistic Approach COBIT Jim my He 5 Principles schl Applying a Single Integrated Framework Covering the Enterprise End-to-End COBIT 5 Enablers Processes Organisational Structures Culture, Ethics & Behaviour Frameworks, Policies and Procedures Information Services Infrastructure Applications Resources People, Skills & Competences 22
23 Enabler Performance Management Enabler Dimension Meeting Stakeholder Needs Separating Governance From Management COBIT Jim my He 5 Principles schl Covering the Enterprise End-to-End Enabler Structure Enabling A Holistic Approach Applying a Single Integrated Framework Stakeholders Goals Life Cycle Good Practices Internal Stakeholders External Stakeholders Intrinsic Quality Contextual Quality (Relevance, Effectiveness) Accessibility and Security Plan Design Build/Acquire/ Create/Implement Use/Operate Evaluate/Monitor Update/Dispose Practices, Activities, Detailed Activities Work Products (Inputs/Outputs) Metrics for Achievement of Goals (Lag Indicators) Metrics for Application of Practice (Lead Indicators) Are Stakeholder Needs Addressed? Are Enabler Goals Achieved? Is Life Cycle Managed? Are Good Practices Applied? 23
24 Key Enabler: Processes Governance of Enterprise IT Evaluate Direct Monitor Plan (APO) Build (BAI) Run (DSS) Monitor (MEA) Management of Enterprise IT 24
25 Processes for Governance of Enterprise IT Evaluate, Direct & Monitor EDM1 Set and Maintain the Governance Framework EDM2 Ensure Benefits Delivery EDM3 Ensure Risk Optimisation EDM4 Ensure Resource Optimisation EDM5 Ensure Stakeholder Transparency Processes for Management of Enterprise IT Align, Plan & Organise Grafik: Jimmy Heschhl APO1 Define the Management Framework for IT APO2 Manage Strategy APO3 Manage Enterprise Architecture APO4 Manage Innovation APO5 Manage Portfolio APO6 Manage Budget & Costs APO7 Manage Human Resources Monitor, Evaluate & Assess APO8 Manage Relationships APO9 Manage Service Agreements APO10 Manage Suppliers APO11 Manage Quality APO12 Manage Risks APO13 Manage Security MEA1 Monitor & Evaluate Performance and Conformance Build, Acquire & Implement BAI1 Manage Programmes and Projects BAI2 Define Requirements BAI3 Identify & Build Solutions BAI4 Manage Availability & Capacity BAI5 Enable organisational Change BAI6 Manage Changes BAI7 Accept & Transition Changes MEA2 Monitor System of Internal Control BAI8 Manage Knowledge BAI9 Manage Assets BAI10 Manage Configuration Deliver, Service & Support DSS1 Manage Operations DSS2 Manage Service Requests & Incidents DSS3 Manage Problems DSS4 Manage Continuity DSS5 Manage Security Administration DSS6 Manage Business Process Controls MEA3 Monitor and Assess Compliance with External Requirements
26 Processes for Governance of Enterprise IT Evaluate, Direct & Monitor (DEM) Governance Framework Benefits Delivery Risk Optimisation Resource Optimisation Stakeholder Transparency Processes for Management of Enterprise IT Align, Plan & Organise (APO) Grafik: Jimmy Heschhl Management Framework Budget & Costs Quality Strategy Human Resources Risks Enterprise Architecture Relationships Security Mgmt. Innovation Service Agreements Portfolio Suppliers Monitor, Evaluate & Assess 1 Performance Conformance Build, Acquire & Implement (BAI) Programs & Projects Manage Changes Define Requirements Accept & Transition Identify & Build Solutions Knowledge Availability & Capacity Assets Organisational Change Configuration 2 System of Internal Control Deliver, Service & Support (DSS) Requests & Operations Problems Continuity Incidents Security Admin. Business Controls 3 Compliance
27 Processes for Governance of Enterprise IT Evaluate, Direct & Monitor (DEM) Governance Framework Benefits Delivery Risk Optimisation Resource Optimisation Stakeholder Transparency Processes for Management of Enterprise IT Align, Plan & Organise (APO) Grafik: Jimmy Heschhl Management Framework Strategy Enterprise Architecture Innovation Portfolio Monitor, Evaluate & Assess Budget & Costs Quality Human Resources Risks Relationships Security Mgmt. Service Agreements Suppliers Performance Conformance Build, Acquire & Implement (BAI) Programs & Projects Define Requirements Identify & Build Solutions Availability & Capacity Organisational Change System of Internal Control Manage Changes Accept & Transition Knowledge Assets Configuration Deliver, Service & Support (DSS) Requests & Operations Problems Continuity Incidents Security Admin. Business Controls Compliance
28 Processes for Governance of Enterprise IT Evaluate, Direct & Monitor (DEM) Governance Framework Benefits Delivery Risk Optimisation Resource Optimisation Stakeholder Transparency Processes for Management of Enterprise IT Align, Plan & Organise (APO) Grafik: Jimmy Heschhl Management Framework Strategy Enterprise Architecture Innovation Portfolio Monitor, Evaluate & Assess Budget & Costs Quality Human Resources Risks Relationships Security Mgmt. Service Agreements Suppliers Performance Conformance Build, Acquire & Implement (BAI) Programs & Projects Define Requirements Identify & Build Solutions Availability & Capacity Organisational Change System of Internal Control Manage Changes Accept & Transition Knowledge Assets Configuration Deliver, Service & Support (DSS) Requests & Operations Problems Continuity Incidents Security Admin. Business Controls Compliance
29 Processes for Governance of Enterprise IT Evaluate, Direct & Monitor (DEM) Governance Framework Benefits Delivery Risk Optimisation Resource Optimisation Stakeholder Transparency Processes for Management of Enterprise IT Align, Plan & Organise (APO) Grafik: Jimmy Heschhl Management Framework Strategy Enterprise Architecture Innovation Portfolio Monitor, Evaluate & Assess Budget & Costs Quality Human Resources Risks Relationships Security Mgmt. Service Agreements Suppliers Performance Conformance Build, Acquire & Implement (BAI) Programs & Projects Define Requirements Identify & Build Solutions Availability & Capacity Organisational Change System of Internal Control Manage Changes Accept & Transition Knowledge Assets Configuration Deliver, Service & Support (DSS) Requests & Operations Problems Continuity Incidents Security Admin. Business Controls Compliance
30 Processes for Governance of Enterprise IT Evaluate, Direct & Monitor (DEM) Governance Framework Benefits Delivery Risk Optimisation Resource Optimisation Stakeholder Transparency Processes for Management of Enterprise IT Align, Plan & Organise (APO) Grafik: Jimmy Heschhl Management Framework Budget & Costs Quality Strategy Human Resources Risks Enterprise Architecture Relationships Security Mgmt. Innovation Service Agreements Portfolio Suppliers Monitor, Evaluate & Assess 1 Performance Conformance Build, Acquire & Implement (BAI) Programs & Projects Manage Changes Define Requirements Accept & Transition Identify & Build Solutions Knowledge Availability & Capacity Assets Organisational Change Configuration 2 System of Internal Control Deliver, Service & Support (DSS) Requests & Operations Problems Continuity Incidents Security Admin. Business Controls 3 Compliance
31 Prozesse für die Chefs Behaupten, bestimmen, motzen (Evaluate, Direct & Monitor) Wohin, sog I. (EDM1 - Set and Maintain the Governance Framework) Wos bringts? (EDM2 - Ensure Benefits Delivery) Aufpassen! (EDM3 - Ensure Risk Optimisation) Des geht mit weniger! (EDM4 - Ensure Resource Optimisation) Vastehst? (EDM5 - Ensure Stakeholder Transparency) Prozesse für die Hackler Hinbiegen, raunzen und amoi schau n (Align, Plan & Organise) Grafik: Jimmy Heschhl Wia, sog I. (APO1 - Define the Management Framework for IT) Heats zua. (APO2 - Manage Strategy) Wos, des ois? (APO3 - Manage Enterprise Architecture) Wos neigs. (APO4 - Manage Innovation) So vü arbeit! (APO5 - Manage Portfolio) Vü z teia! (APO6 - Manage Budget & Costs) G frasta. (APO7 - Manage Human Resources) Motzen, raunzen, g scheit reden (Monitor, Evaluate & Assess) De scho wieder! (APO8 - Manage Relationships) So weit und mehr ned. (APO9 - Manage Service Agreements) Mehr G frasta. (APO10 - Manage Suppliers) Bla Bla. (APO11 - Manage Quality) Feig! (APO12 - Manage Risks) Finger weg! (APO13 - Manage Security) Passt scho. (MEA1 - Monitor & Evaluate Performance and Conformance) Probieren, erschleichen, hinstell n (Build, Acquire & Implement) Wo fang ma an? (BAI1 - Manage Programmes and Projects) Sog I da ned! (BAI8 - Manage Knowledge) Wos woits? (BAI2 - Define Requirements) Meins! (BAI9 - Manage Assets) Schau ma moi! (BAI3 - Identify & Build Solutions) A Meins! (BAI10 - Manage Configuration) Wie vü denn no? (BAI4 - Manage Availability & Capacity) Tats ihr amoi wos! (BAI5 - Enable organisational Change) Fang ma uns net an! (BAI6 - Manage Changes) Fang! (BAI7 - Accept & Transition Changes) Na geh! (MEA2 - Monitor System of Internal Control) Gleich selber machen, helf n und wurscht ln (Deliver, Service & Support) Auf geht s. (DSS1 - Manage Operations) Gschamster Diener. (DSS2 - Manage Service Requests & Incidents) Ned scho wieder. (DSS3 - Manage Problems) Oha! (DSS4 - Manage Continuity) Finger weg, wirkli! (DSS5 - Manage Security Administration) s Eingmochte. (DSS6 - Manage Business Process Controls) Jo eh! (MEA3 - Monitor and Assess Compliance with External Requirements) 31
32 IT Related Goals Related Metrics Percent enterprise strategic goals and requirements supported by IT strategic goals. Stakeholder satisfaction with scope of the planned portfolio of programmes and services. Percent IT value drivers mapped to business value drivers. Related Metrics Percent IT-enabled investments where benefit realisation monitored through full economic life cycle. Percent IT services where expected benefits realised. Percent IT-enabled investments where claimed benefits met or exceeded. Related Metrics Process Description Maintain an awareness of information technology and related service trends, identify innovation opportunities, and plan how to benefit from innovation in relation to business needs. Analyse what opportunities for business innovation or improvement can be created by emerging technologies, services or IT-enabled business innovation, as well as through existing established technologies and by business and IT process innovation. Influence strategic planning and enterprise architecture decisions. Process Purpose Statement Process Model Achieve competitive advantage, business innovation, and improved operational effectiveness and efficiency by exploiting information technology developments. Alignment of IT and business strategy Process Goals Relevant stakeholders are engaged in the programmes and projects. Related Metrics Percent stakeholders effectively engaged. Level of stakeholder satisfaction with involvement. The programme and project activities are executed according to the plans. Realised benefits from IT-enabled investments and services portfolio. Related Metrics Percent deviations from plan addressed. Percent stakeholder signoffs for stage-gate reviews of active programmes. Frequency of status reviews Related Metrics Descriptive Domain, Number, Name Process Description Process Purpose Statement Process Management IT Related Goals & Metrics Process Goals & Metrics Roles & Responsibilities Process Design & Operation Management Practices Activities Inputs & Outputs Related Guidance APO13.01 APO13.02 Management Practice Management BAI06.01: Practice Evaluate, prioritise and authorise change requests Evaluate all requests for change to determine the impact on business processes and IT services, assess Management BAI06.01: Practice whether Evaluate, it will prioritise adversely and affect authorise the operational change environment requests and introduce unacceptable risks. Ensure that Evaluate changes all requests are logged, for change prioritised, to determine categorised, the impact assessed, on business authorised, processes planned and and IT services, scheduled. assess Management BAI06.01: Practice Evaluate, prioritise and authorise change requests whether it will adversely affect the operational environment and introduce unacceptable risks. Ensure that Evaluate all requests for change to determine the impact on business processes and IT services, assess Management BAI06.01: Practice Evaluate, changes prioritise are logged, and authorise prioritised, change categorised, requests assessed, authorised, planned and scheduled. whether it will adversely Inputs affect the operational environment and introduce Output unacceptable risks. Ensure that Evaluate all requests for change to determine the impact on business processes and IT services, assess BAI06.01: Evaluate, changes prioritise are logged, and authorise prioritised, change categorised, requests assessed, authorised, planned and scheduled. whether it will adversely Inputs affect Fromthe operational Description environment and introduce Output unacceptable Description risks. Ensure that Destination Evaluate all requests for change to determine Integrated the impact and on configured business solution processes and IT services, Root cause assess changes are logged, prioritised, analyses and From BAI03.05 categorised, assessed, authorised, planned and scheduled. whether it will adversely Inputs affect the operational Description Internal components environment and introduce Output unacceptable Description risks. recommendations Ensure that Destination changes are logged, prioritised, categorised, Integrated assessed, and configured authorised, solution planned and Root scheduled. cause analyses and InputsFrom BAI03.05 Description DSS02.03 components Approved service requests Output Description Approved requests for changeinternal recommendations Destination BAI07.01 Integrated and configured solution Root cause analyses and InputsFrom BAI03.05 Description DSS02.03 components DSS03.03 Approved Proposed service requests solutions Output to Description known errors Approved Change requests plan for and changeinternal recommendations Destination schedule BAI07.01 BAI07.01 Integrated and configured solution Root cause analyses and From BAI03.05 Description DSS02.03 components DSS03.03 Approved DSS03.03 Proposed service requests Identified solutions sustainable to Description known errors Approved solutions Change requests plan for and changeinternal recommendations Destination schedule BAI07.01 BAI07.01 Integrated and configured solution Root cause analyses and BAI03.05DSS02.03 DSS03.03 Approved DSS03.03 Proposed service requests DSS04.08 Identified solutions Approved sustainable to known errors Approved changes solutions Change requests plan for and changeinternal components recommendations schedule BAI07.01 BAI07.01 to the plans DSS02.03 DSS03.03 Approved DSS03.03 Proposed service requests DSS04.08 Identified solutions Root cause analyses and DSS06.01 Approved sustainable to known errors Approved changes solutions Change requests plan for and change schedule BAI07.01 BAI07.01 to the plans recommendations DSS03.03 DSS03.03 Proposed DSS04.08 Identified solutions Root cause analyses and DSS06.01 Approved sustainable to known errors changes solutions Change plan and schedule BAI07.01 to the plans recommendations DSS03.03 DSS04.08 Identified Root cause analyses and DSS06.01 Approved sustainable changes solutions to the plans recommendations DSS04.08 Root cause analyses and DSS06.01 Approved changes to the plans recommendations Root cause analyses and DSS06.01 recommendations Key Management Practice Establish and maintain an Information Security Management System (ISMS) Define and manage an information security treatment plan Privacy Officer Business Continuity Manager Information Security Manager Service Manager Head IT Administration Head IT Operations Head Development Head Architect Chief Information Officer Audit Compliance Head Human Resources Enterprise Risk Committee Architecture Board Chief Information Security Officer Chief Risk Officer Value Management Office Project Management Office Steering Committee Strategy Executive Committee Business Process Owners Business Executives Chief Operating Officer Chief Financial Officer Chief Executive Officer Board C C C I C I I C A C C C C R I I I R I R C C C C C C C I I C A C C C C R C C C R C R C C APO13.03 Monitor and review the ISMS C R C R A C C R R R R R R R R R Management Practice Management APO13.01: Practice Establish and maintain an Information Security Management System (ISMS) Establish and maintain an information security management system (ISMS) that provides a standard, APO13.01: Establish and maintain an Information Security Management System (ISMS) Management formal and continuous approach to security management for information, enabling secure technology and Establish Practice and maintain an information security management system (ISMS) that provides a standard, business processes that are aligned with business requirements and enterprise security management. APO13.01: formal Establish and continuous and maintain approach an Information to security management Security Management for information, System enabling (ISMS) secure technology and Management Establish Practice business and maintain processes Activities an information that are aligned security with management business requirements system (ISMS) and that enterprise provides security a standard, management. formal and continuous approach to security management for information, enabling secure technology and Management APO13.01: Practice Establish Activities and Define maintain the scope an Information and boundaries Security of the ISMS Management in terms of System the characteristics (ISMS) of the enterprise, the organisation, Establish business and maintain processes an its information location, that are assets aligned security and with management technology, business and requirements system including (ISMS) details and that enterprise of and provides justification security a standard, for management. any exclusions from the scope. APO13.01: Define the scope and boundaries of the ISMS in terms of the characteristics of the enterprise, the organisation, formal Establish and continuous and maintain approach an Information to security management Security Management for information, System enabling (ISMS) secure technology and Establish Activities its location, Define assets an ISMS and technology, in accordance and with including enterprise details policy of and and justification aligned with for the any enterprise, exclusions the from organization, the scope. its business and maintain processes an information that are location, aligned security assets with management and business technology. requirements system (ISMS) and that enterprise provides security a standard, management. formal and continuous Define approach the Define scope an to and ISMS security boundaries in accordance management of the with ISMS for enterprise in information, terms of policy the enabling characteristics and aligned secure with of technology the enterprise, and the organization, organisation, its business processes Activities its location, that are location, assets aligned Align assets and with the technology, and business ISMS technology. with and requirements the including overall enterprise details and enterprise of approach and justification security to the for management. any exclusions of security. from the scope. Activities Define the Define scope an Align and ISMS boundaries the Obtain ISMS accordance with management of the with ISMS overall enterprise in authorisation enterprise terms of policy the approach to characteristics and implement aligned to the and with management of operate the enterprise, or change of security. the the organization, organisation, ISMS. its its location, location, assets assets and technology, and technology. and including details of and justification for any exclusions from the scope. Define the scope and boundaries Obtain management Prepare of the ISMS and in authorisation maintain terms of a the Statement to characteristics implement of Applicability and of operate the enterprise, that or describes change the the organisation, the ISMS. scope of the ISMS. its location, Define assets an Align ISMS and the technology, in ISMS accordance with and the with including overall enterprise enterprise details policy of approach and and justification aligned to the with management for the any enterprise, exclusions of security. the from organization, the scope. its location, assets and Prepare technology. Define and maintain and communicate a Statement Information of Applicability security that management describes the roles scope and of the responsibilities. ISMS. Define an ISMS Obtain accordance management with enterprise authorisation policy to and implement aligned and with operate the enterprise, or change the the organization, ISMS. its location, Align assets the and ISMS technology. with Define the overall and Communicate communicate enterprise the approach Information ISMS approach. to security the management management of security. roles and responsibilities. Prepare and maintain a Statement of Applicability that describes the scope of the ISMS. Align the Obtain ISMS with management the overall Communicate authorisation enterprise the approach to ISMS implement approach. to the and management operate or change of security. the ISMS. Define and communicate Information security management roles and responsibilities. Obtain management Prepare and authorisation maintain a Statement to implement of Applicability and operate that or describes change the the ISMS. scope of the ISMS. Communicate the ISMS approach. Prepare Define and maintain and communicate a Statement Information of Applicability security that management describes the roles scope and of the responsibilities. ISMS. Define and Communicate communicate the Information ISMS approach. security management roles and responsibilities. Communicate the ISMS approach. Related Standard ISO/IEC ITILV PMBOK PRINCE2 Detailed Reference 0.1 Release management process 12. Transition Planning and Support 15. Release and Deployment 16. Service Validation and Testing 17. Evaluation PMBOK quality assurance and acceptance of all products. PRINCE2 product-based planning 32
33 Process Model Descriptive Domain, Number, Name Process Description Process Purpose Statement Process Management IT Related Goals & Metrics Process Goals & Metrics Roles & Responsibilities Process Design & Operation Management Practices Activities Inputs & Outputs Related Guidance IT Stakeholder IT Professionals 33
34 Process Description & Process Purpose Statement Process Description Maintain an awareness of information technology and related service trends, identify innovation opportunities, and plan how to benefit from innovation in relation to business needs. Analyse what opportunities for business innovation or improvement can be created by emerging technologies, services or IT-enabled business innovation, as well as through existing established technologies and by business and IT process innovation. Influence strategic planning and enterprise architecture decisions. Process Purpose Statement Achieve competitive advantage, business innovation, and improved operational effectiveness and efficiency by exploiting information technology developments. 34
35 IT Related Goals and Metrics IT Related Goals Alignment of IT and business strategy Related Metrics Percent enterprise strategic goals and requirements supported by IT strategic goals. Stakeholder satisfaction with scope of the planned portfolio of programmes and services. Percent IT value drivers mapped to business value drivers. Realised benefits from IT-enabled investments and services portfolio. Related Metrics Percent IT-enabled investments where benefit realisation monitored through full economic life cycle. Percent IT services where expected benefits realised. Percent IT-enabled investments where claimed benefits met or exceeded.... Related Metrics 35
36 Process Goals and Metrics Process Goals Relevant stakeholders are engaged in the programmes and projects. Related Metrics Percent stakeholders effectively engaged. Level of stakeholder satisfaction with involvement. The programme and project activities are executed according to the plans. Related Metrics Percent deviations from plan addressed. Percent stakeholder signoffs for stage-gate reviews of active programmes. Frequency of status reviews.... Related Metrics 36
37 Function RACI Chart Key Management Practice Board Chief Executive Officer Chief Financial Officer Chief Operating Officer Business Executives Business Process Owners Strategy Executive Committee Steering Committee Project Management Office Value Management Office Chief Risk Officer Chief Information Security Officer Architecture Board Enterprise Risk Committee Head Human Resources Compliance Audit Chief Information Officer Head Architect Head Development Head IT Operations Head IT Administration Service Manager Information Security Manager Business Continuity Manager Privacy Officer APO13.01 Establish and maintain an Information Security Management System (ISMS) C C C I C I I C A C C C C R I I I R I R C C APO13.02 Define and manage an information security treatment plan C C C C C I I C A C C C C R C C C R C R C C APO13.03 Monitor and review the ISMS C R C R A C C R R R R R R R R R RACI: Who is Responsible (Zuständig) Accountable (Verantwortlich) Consulted (Befragt) Informed (Informiert) 37
38 Management Practice & Activities Management Practice APO13.01: Establish and maintain an Information Security Management System (ISMS) Establish and maintain an information security management system (ISMS) that provides a standard, formal and continuous approach to security management for information, enabling secure technology and business processes that are aligned with business requirements and enterprise security management. Activities Define the scope and boundaries of the ISMS in terms of the characteristics of the enterprise, the organisation, its location, assets and technology, and including details of and justification for any exclusions from the scope. Define an ISMS in accordance with enterprise policy and aligned with the enterprise, the organization, its location, assets and technology. Align the ISMS with the overall enterprise approach to the management of security. Obtain management authorisation to implement and operate or change the ISMS. Prepare and maintain a Statement of Applicability that describes the scope of the ISMS. Define and communicate Information security management roles and responsibilities. Communicate the ISMS approach. 38
39 Inputs & Outputs Management Practice BAI06.01: Evaluate, prioritise and authorise change requests Evaluate all requests for change to determine the impact on business processes and IT services, assess whether it will adversely affect the operational environment and introduce unacceptable risks. Ensure that changes are logged, prioritised, categorised, assessed, authorised, planned and scheduled. Inputs Output From BAI03.05 Description Integrated and configured solution components Description Root cause analyses and recommendations Destination Internal DSS02.03 Approved service requests Approved requests for change BAI07.01 DSS03.03 Proposed solutions to known errors Change plan and schedule BAI07.01 DSS03.03 Identified sustainable solutions DSS04.08 Approved changes to the plans DSS06.01 Root cause analyses and recommendations 39
40 Related Guidance Related Standard ISO/IEC ITILV PMBOK PRINCE2 Detailed Reference 0.1 Release management process 12. Transition Planning and Support 15. Release and Deployment 16. Service Validation and Testing 17. Evaluation PMBOK quality assurance and acceptance of all products. PRINCE2 product-based planning 40
41 COBIT 5 Implementation Guide Positioning GEIT within an enterprise Taking the first steps towards improving GEIT Implementation challenges and success factors Enabling GEIT- related organisational and behavioural change Implementing continual improvement that includes change enablement and programme management Using COBIT 5 and its components 41
42 COBIT 5 - Gedanken Migration / Umsetzung Management und Governance der IT. Klarer Stakeholder-Fokus als Treiber. Governance ist nicht Compliance. Governance ist nicht die Erweiterung der IT-Hausaufgaben. Neu-Nummerierung ist nicht Ziel der Sache. Strategie, Planung und Nachhaltigkeit statt ad-hoc Vorgehen. Professionelle Unterstützung ist sinnvoll, Outsourcing keine Option. Allgemein Enabler-Konzept wird noch Zeit brauchen. Erwartungshaltung wird sich steigern. Nach wie vor: Die Bibel ist ein anderes Buch. 42
43 Zusammenfassung COBIT 5 ist hier Wesentliche Neuerungen und Ergänzungen Integration der Frameworks Leichter in der Anwendung als Vorversionen Kompakter Klarer Vollständiger 43
44 Kontakt: LinkedIn, Xing, 44
COBIT 5. COBIT 5 Online Collaborative Environment
COBIT 5 Product Family COBIT 5 Enabler Guides : Enabling es : Enabling Information Other Enabler Guides COBIT 5 Professional Guides Implementation for Information for Assurance for Risk Other Professional
More informationCOBIT 5. COBIT 5 Online Collaborative Environment
COBIT 5 Product Family COBIT 5 COBIT 5 Enabler Guides COBIT 5: Enabling es COBIT 5: Enabling Information Other Enabler Guides COBIT 5 Professional Guides COBIT 5 Implementation COBIT 5 for Information
More informationCOBIT 5. COBIT 5 Online Collaborative Environment
COBIT 5 Product Family COBIT 5 Enabler Guides COBIT 5 COBIT 5: Enabling es COBIT 5: Enabling Information Other Enabler Guides COBIT 5 Professional Guides COBIT 5 Implementation COBIT 5 for Information
More informationCOBIT 5. COBIT 5 Online Collaborative Environment
COBIT 5 Product Family COBIT 5 COBIT 5 Enabler Guides COBIT 5: Enabling es COBIT 5: Enabling Information Other Enabler Guides COBIT 5 Professional Guides COBIT 5 Implementation COBIT 5 for Information
More informationSeptember 17, 2012 Pittsburgh ISACA Chapter
September 17, 2012 Pittsburgh ISACA Chapter What is COBIT? Control Objectives for Information and related Technologies ISACA s guidance on the enterprise governance and management of IT. Builds on more
More informationTranslate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests.
Principles Principle 1 - Meeting stakeholder needs The governing body is ultimately responsible for setting the direction of the organisation and needs to account to stakeholders specifically owners or
More informationIf It s not a Business Initiative, It s not COBIT 5
If It s not a Business Initiative, It s not COBIT 5 Steve Romero CISSP PMP CPM Romero Consulting Core Competencies C22 CRISC CGEIT CISM CISA 1 9/13/2013 1 COBIT Page 11 COBIT 5 product family 2 COBIT Page
More informationCOBIT 5 for Information Security. Dr. Derek J. Oliver Co-Chair, COBIT 5 Task Force
COBIT 5 for Information Security Dr. Derek J. Oliver Co-Chair, COBIT 5 Task Force First, a bit of background Just to level the playing field COBIT 5 Objectives o ISACA Board of Directors: tie together
More informationand COBIT 5 ISACA STRATEGIC ADVISORY BOARD VICE PRESIDENT STRATEGY & INNOVATION CA TECHNOLOGIES 2012 ISACA. All Rights Reserved.
Comparing COBIT4.1 and COBIT 5 ROBERT E STROUD CGEIT CRISC ISACA STRATEGIC ADVISORY BOARD VICE PRESIDENT STRATEGY & INNOVATION CA TECHNOLOGIES 1 2012 ISACA. All Rights Reserved. Comparing COBIT 4.1 and
More informationISACA All Rights Reserved.
Tichaona Zororo CIA, CISA, CISM, CRISC, CRMA, CGEIT, COBIT 5 Certified Assessor B.Sc. Honours Information Systems, PGD Computer Auditing Accredited COBIT 5 Trainer ISACA 2016. Business Value Value
More informationAnnex 1 (Integrated frameworks on Business/IT alignment) Annex 2 Goals Cascade, adapted from COBIT5
Annex (Integrated frameworks on Business/IT alignment) Annex 2 Goals Cascade, adapted from COBIT5 Annex 2 RACI chart for EDM0, Retrieved from COBIT5 Description: R Responsible The one(s) who performs the
More informationSelftestengine COBIT5 36q
Selftestengine COBIT5 36q Number: COBIT5 Passing Score: 800 Time Limit: 120 min File Version: 16.5 http://www.gratisexam.com/ Isaca COBIT 5 COBIT 5 Foundation I have correct many of questions answers.
More informationCOBIT 5 Foundation Exam
COBIT 5 Foundation Exam Sample Paper Multiple Choice Instructions 1. All 50 questions should be attempted. 2. All answers are to be marked on the answer sheet provided. 3. Please use a pencil and NOT ink
More informationBraindumps COBIT5 50q
Braindumps COBIT5 50q Number: COBIT5 Passing Score: 800 Time Limit: 120 min File Version: 16.5 http://www.gratisexam.com/ Isaca COBIT 5 COBIT 5 Foundation I have correct many of questions answers. If there
More informationIntroduction to COBIT 5
Introduction to COBIT 5 Executive Summary Information is a key resource for all enterprises, and from the time that information is created to the moment that it is destroyed, technology plays a significant
More information2012 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval
Presented by 2012 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system or transmitted in any form by any
More informationIT and Security Governance. Jacqueline Johnson
IT and Security Governance Jacqueline Johnson Background Control Objectives for Information and related Technology Developed by IT Governance Institute (ITGI) Not incremental High level standard 5 principles
More informationIT Audit Process. Prof. Mike Romeu. February 13, IT Audit Process. Prof. Mike Romeu
February 13, 2017 1 IT Assurance and COBIT 5 Enablers Enablers are factors that, individually and collectively, influence whether something will work. 2. Processes 3. Organizational Structures 4. Culture,
More informationLog of Changes Implemented to the COBIT 5 Product Family
Log of Changes Implemented to the COBIT 5 Product Family All of the edits detailed below up to were available to all downloaders as of. Anyone receiving the pdf files on or after already have the corrections
More informationAchieving Business/IT Alignment through COBIT 5
Achieving Business/IT Alignment through COBIT 5 Prof. dr. Wim Van Grembergen University of Antwerp Antwerp Management School wim.vangrembergen@ua.ac.be Intro: EGIT and COBIT 5 Definition of EGIT Enterprise
More informationCGEIT Certification Job Practice
CGEIT Certification Job Practice Job Practice A job practice serves as the basis for the exam and the experience requirements to earn the CGEIT certification. This job practice consists of task and knowledge
More informationInformation and Technology. Governance. System for
2019 strategy goals size Role of IT Sourcing model for IT Compliance requirements Etc. Design Factors SME Risk DevOps Etc. Priority governance management objectives Specific guidance from focus areas Target
More informationPortfolio, Program and Project Management Using COBIT 5
DISCUSS THIS ARTICLE Portfolio, Program and Project Using COBIT 5 By Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP COBIT Focus 11 September 2017 Many
More informationChanges Reviewed by Date. JO Technology Manager - Samer Huwwari JO Manager, Risk & Control Technology: Issa Laty. CIO, Jordan- Mohammad Aburoub
Governance and Management of Information and Related Technologies Guide 2017 Revision History Changes Reviewed by Date Version Author JO Technology Manager - Samer Huwwari JO Manager, Risk & Control Technology:
More informationEnterprise Architecture at Work
The Enterprise Engineering Series Enterprise Architecture at Work Modelling, Communication and Analysis Bearbeitet von Marc Lankhorst 1. Auflage 2012. Buch. xxvi, 338 S. Hardcover ISBN 978 3 642 29650
More informationEnterprise Governance of IT
Enterprise Governance of IT Prof. dr. Wim Van Grembergen University of Antwerp (UA) Antwerp Management School (AMS) IT Alignment and Governance Research Institute (ITAG) wim.vangrembergen@ua.ac.be What
More informationCOBIT 5.0: Capability Level of Information Technology Directorate General of Treasury
COBIT 5.0: Capability Level of Information Technology Directorate General of Treasury Dian Utami Setya 1, Wella 2 Department of Information System, Faculty of Engineering and Informatics, Universitas Multimedia
More informationCobit 5! Not just for your Auditor!! Fusion (Cobit as an approach to Business & IT Alignment)! Integra(on
Cobit 5! Not just for your Auditor!! Fusion (Cobit as an approach to Business & IT Alignment)! Integra(on Cobit 5! John Krogh Twitter: @jakrogh Blog: www.johnakrogh.com! proven experience proven tactics
More informationCOBIT 5: IT is complicated. IT governance does not have to be
COBIT 5: IT is complicated. IT governance does not have to be ค ณวรางคณา ม ส กะส งข - นายกสมาคมผ ตรวจสอบและควบค มระบบสารสนเทศภาคพ น กร งเทพฯ และ Director, Assurance RCS PricewaterhouseCoopers ABAS Ltd.
More informationIT Assurance Services And Role Of CA In BPO-KPO. IT Enabled Services And Emerging Technologies
IT Assurance Services And Role Of CA In BPO-KPO IT Enabled Services And Emerging Technologies Chapter 2: Facilitated e-learning Part 1 of 2 CA M S Mehta, FCA 1 IT Assurance Services and Role of CA in BPO-KPO
More informationGovernance and Management of Information and Related Technologies Guide. Prepared for Jordan Ahli Bank
Governance and Management of Information and Related Technologies Guide Prepared for Jordan Ahli Bank 2017 Revision History Changes Reviewed by Approval Date Version Author ISACA Peter Tessin Feb 2017
More informationAssessment of IT Operations. Frameworks* An Overview
Assessment of IT Operations Leveraging Industry Standard Frameworks* An Overview *COBIT 5, ITIL,CMM,other SPEAKER BIOGRAPHY Sameer Gupta is a director in KPMG's Consulting Practice and has over 25 years
More informationUnderstanding the Challenge and Incredible Potential of IT Governance
Understanding the Challenge and Incredible Potential of IT Governance REALIZING THE MOST VALUE FROM TECHNOLOGY THROUGH BUSINESS GOV ERNANC E O F IT Governance defined gov er nance noun (ˈgə-vər-nən(t)s)
More informationService Strategy Quick Reference Guide
Service Strategy Quick Reference Guide To enable service providers to think and act in a strategic manner to achieve strategic goals or objectives through the use of strategic assets Value Creation through
More informationFeature. Unlocking Hidden Value in ERP System Acquisitions Using Risk Management. Risk. Monitoring. Residual Risk Acceptance.
Feature Gregory Zoughbi, CISA, CISM, CGEIT, CRISC, COBIT 4.1 (F), ABCP, CISSP, ITIL Expert, PMP, TOGAF 9 (C), is an advisor to chief information officers (CIOs) and chief executive officers (CEOs) on the
More informationISO/IEC Process Mapping to COBIT 4.1 to Derive a Balanced Scorecard for IT Governance
DISCUSS THIS ARTICLE ISO/IEC 27001 Process Mapping to COBIT 4.1 to Derive a Balanced Scorecard for IT Governance By Christopher Oparaugo, CISM, CGEIT, CRISC COBIT Focus 14 December 2015 The balanced scorecard
More informationNext Generation IT Strategy: Approaching the Digital Enterprise. Elmar Hassler, Business Transformation Service, SAP Österreich GmbH
Next Generation IT Strategy: Approaching the Digital Enterprise Elmar Hassler, Business Transformation Service, SAP Österreich GmbH 27.04.2016, Linz SAP S/4HANA reimagines businesses for the digital economy
More informationISO/IEC INTERNATIONAL STANDARD. Corporate governance of information technology. Gouvernance des technologies de l'information par l'entreprise
INTERNATIONAL STANDARD ISO/IEC 38500 First edition 2010-06-01 Corporate governance of information technology Gouvernance des technologies de l'information par l'entreprise Reference number ISO/IEC 38500:2008(E)
More informationISO/IEC Service Management. Your implementation guide
ISO/IEC 20000-1 Service Management Your implementation guide ISO/IEC 20000-1 Service Management Implementation Guide What is ISO/IEC 20000-1? ISO/IEC 20000-1 is the international standard for Service Management
More informationImplementation of Service Integration in a Multiprovider Environment Using COBIT 5
Knowledge. Proficiency. Implementation Implementation of Service Integration in a Multiprovider Environment Using COBIT 5 MARTIN ANDENMATTEN / CISA, CGEIT, CRISC, ITIL Master Published in COBIT Focus 28
More informationTechnology s Role in Enterprise Risk Management
FEATURE Technology s Role in Enterprise Risk Management www.isaca.org/currentissue The new COSO ERM framework document, Enterprise Risk Management Integrating With Strategy and, 1 is expected to have a
More informationTopics. Background Approach Status
16 th September 2014 Topics Background Approach Status Background e-governance in India National e-governance Plan 2006 31 Mission Mode Projects Quality Assurance in e-governance Quality Assessment of
More informationDoes Assurance Add Value? (We Don t Know What We Don t Know Until We Know It) John Mitchell. PhD, MBA, CEng, CITP, FBCS, CFIIA, CISA, CGEIT, QiCA, CFE
Does Assurance Add Value? (We Don t Know What We Don t Know Until We Know It) John Mitchell PhD, MBA, CEng, CITP, FBCS, CFIIA, CISA, CGEIT, QiCA, CFE LHS Business Control Tel: +44 (0)7774 145638 47 Grangewood
More informationITSM, ITIL & ISO/IEC Implementation Toolkit List of Contents
Page: 1 of 5 SMS 1 Blank Templates SMS 1.01 Guidance on templates SMS Basic Meeting Agenda Template SMS Contact List Template SMS Contact Map Template SMS Procedure Template SMS Process RACI Template SMS
More informationAn IT Governance Journey April Disclaimer: opinion being those of presenter(s) and not necessarily State Farm
An IT Governance Journey April 2018 Disclaimer: opinion being those of presenter(s) and not necessarily State Farm Agenda Opportunities Getting Ready COBIT 5 Application Benefits IT Governance Pattern
More informationBT Identity and Access Management Quick Start Service
BT Identity and Access Management Quick Start Service The BT Identity and Access Management Quick Start Service enables organisations to rapidly assess their Identity and Access Management (IAM) implementation
More informationIT risks and controls
Università degli Studi di Roma "Tor Vergata" Master of Science in Business Administration Business Auditing Course IT risks and controls October 2017 Agenda I IT GOVERNANCE IT evolution, objectives, roles
More information"IT Governance Helping Business Survival
"IT Governance Helping Business Survival Steve Crutchley CEO & Founder Consult2Comply www.consult2comply.com Introduction Steve Crutchley Founder & CEO of Consult2Comply 39 Years IT & Business Experience
More informationInternational Civil Aviation Organization FIRST INFORMATION MANAGEMENT PANEL (IMP/1) Montreal, Canada January, 25 30, 2015
International Civil Aviation Organization WORKING PAPER 15/01/2015 rev. 0 FIRST INFORMATION MANAGEMENT PANEL (IMP/1) Montreal, Canada January, 25 30, 2015 Agenda Item 5: Review and elaborate on concepts,
More informationThe Integrated Architecture Framework Explained
The Integrated Architecture Framework Explained Why, What, How Bearbeitet von Jack van't Wout, Maarten Waage, Herman Hartman, Max Stahlecker, Aaldert Hofman 1st Edition. 2010. Buch. XVIII, 246 S. Hardcover
More informationCertificate in Internal Audit IV
Certificate in Internal Audit IV The Senior Audit Role auditing key business activities Who should attend? Senior Auditors Audit Managers and those about to be appointed to that role Auditors that need
More informationD ENABLE. Dimension 4 competence title and generic description level 1 level 2 level 3 level 4 level 5 knowledge skills
Dim 1 Dimension 2 Dimension 3 Dimension 4 competence title and generic description level 1 level 2 level 3 level 4 level 5 knowledge skills D ENABLE D.1 Information Security Strategy Development Defines
More informationJob Description. No of Direct Reports : 0. Titles of Direct Reports: Size of Department: 5. Budget Responsibility (direct) :
Job Description Job Title : Department : Compliance Analyst Information Technology Reporting to (Job Title) : Director of Risk, Security & Compliance No of Direct Reports : 0 Titles of Direct Reports:
More information6. IT Governance 2006
6. IT Governance 2006 Introduction The Emerging Enterprise Model 3 p IT is an integral part of the business p IT governance is an integral part of corporate governance 4 Challenges for the IT IT gets more
More informationCall for Articles. By Sudarsan Jayaraman, CISA, CISM, BS LA, COBIT (F), ITIL V3 Expert, ISO LA, ISO LA, ISO 9001 LA
Volume 3, July 2013 In This Issue: Why, When and How to Migrate to COBIT 5 COBIT 5 for Assurance Available Now Risk Assessment Management Using COBIT 5 Top 5 Reasons COBIT 5 Training Is Critical Evidence
More informationENERGY QUEENSLAND LIMITED INTERNAL AUDIT CHARTER. [April 2017]
ENERGY QUEENSLAND LIMITED INTERNAL AUDIT CHARTER [April 2017] 1. SCOPE AND PURPOSE ENERGY QUEENSLAND LIMITED INTERNAL AUDIT CHARTER s ( Energy Queensland ) Internal Auditing (IA) function provides assurance
More informationPrinciples, Policies and Frameworks. Processes. Organisational Structures. Culture, Ethics and Behaviour. Information
Feature Steven De Haes, Ph.D., is an associate professor at the University of Antwerp and Antwerp Management School (Belgium), co-editor-in-chief of the International Journal on IT/Business Alignment and
More informationDriving Enterprise IT Strategy Alignment and Creating Value Using the COBIT 5 Goals Cascade
DISCUSS THIS ARTICLE Driving Enterprise IT Strategy Alignment and Creating Value Using the COBIT 5 Goals Cascade By Tichaona Zororo, CISA, CISM, CRISC, CGEIT, Certified COBIT 5 Assessor, CIA, CRMA COBIT
More informationIT Management & Governance Tool Assess the importance and effectiveness of your core IT processes
IT & Governance Tool Assess the importance and effectiveness of your core IT processes STRATEGY& GOVERNANCE IT & Governance Framework APPS EDM01 ITRG04 DATA &BI ITRG06 IT Governance Application Portfolio
More informationAdvanced Audit Techniques
Advanced Audit Techniques Who should attend? Senior Auditors Audit Managers and those about to be appointed to that role Auditors that need to audit technical or complex business areas Assurance professionals
More informationAdvanced Audit Techniques
Certificate in Internal Audit 4 Advanced Audit Techniques Who should attend? Senior Auditors Audit Managers and those about to be appointed to that role Auditors that need to audit projects, contracts
More informationCITIBANK N.A JORDAN. Governance and Management of Information and Related Technologies Guide
CITIBANK N.A JORDAN Governance and Management of Information and Related Technologies Guide 2018 Table of Contents 1. OVERVIEW... 2 2. Governance of Enterprise IT... 3 3. Principles of Governance of Enterprise
More informationSAP SuccessFactors Performance & Goals. Product Road Map
SAP SuccessFactors Performance & Goals Product Road Map Legal disclaimer The information in this presentation is confidential and proprietary to SAP and may not be disclosed without the permission of SAP.
More informationOwnership Thinking KPI im Unternehmen definieren und messen
C4B Finance & Controlling Benchmarking Circle Ownership Thinking KPI im Unternehmen definieren und messen Berlin, 18. November 2017 Seite 1 Fachabteilungen und Mitarbeiter wissen oft nicht wo sie mit ihrer
More informationEvidence Management for the COBIT 5 Assessment Programme By Jorge E. Barrera N., CISA, CGEIT, CRISC, COBIT (F), ITIL V3F, PMP
Volume 3, July 2013 Come join the discussion! Jorge E. Barrera N. will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 22 July 2013. Evidence Management for
More informationVacancy reference: Applications close: Friday 27 April 2018
ENTERPRISE ARCHITECT At Unitywater we operate in a flexible, inclusive and exciting environment where no two days are ever the same. We continually pursue efficiencies and innovation to meet challenging
More informationSenior Manager. Develop and design effective enterprise solutions that meet the business requirements while ensuring alignment to the IT strategy.
Position title: Senior Enterprise Architect Security, Risk & IAM Reporting to: Networks, Communications, Security & IAM Architecture Manager Division: IT Evaluated level of the position: ICE 2 Stratum
More informationEducation Quality Development for Excellence Performance with Higher Education by Using COBIT 5
Education Quality Development for Excellence Performance with Higher Education by Using COBIT 5 Kemkanit Sanyanunthana Abstract The purpose of this research is to study the management system of information
More informationCOBIT 5 for Business Benefits Realization: A Preview. Sushil Chatterji, CGEIT
COBIT 5 for Business Benefits Realization: A Preview Sushil Chatterji, CGEIT AGENDA About the Publication Business Benefits: Why the time is NOW Short primer on Enterprise and IT Strategic Planning Business
More informationDeveloping a successful governance strategy. By Muhammad Iqbal Hanafri, S.Pi., M.Kom. IT GOVERNANCE STMIK BINA SARANA GLOBAL
Developing a successful governance strategy By Muhammad Iqbal Hanafri, S.Pi., M.Kom. IT GOVERNANCE STMIK BINA SARANA GLOBAL it governance By NATIONAL COMPUTING CENTRE The effective use of information technology
More informationMapping ISO/IEC 27001:2005 -> ISO/IEC 27001:2013
Mapping ISO/IEC 27001:2005 -> ISO/IEC 27001:2013 Carlos Bachmaier http://excelente.tk/ - 20140218 2005 2013 In 2005 0 Introduction 0 Process approach PDCA In 2013 0 No explicit process approach ISMS part
More informationIS STRATEGY & ICT GOVERNANCE PLAN FOR VICROADS
IS STRATEGY & ICT GOVERNANCE PLAN FOR VICROADS A Proposal Report Assignment: A02 - IS Strategy & ICT Governance Report Subject: IS Strategy & Governance (ISYS900038 Sem 1 2014) Group X: Ahmed Dédeche Prashanth
More informationDigital plant life cycle record a new standard for efficient PV O&M
Digital plant life cycle record a new standard for efficient PV O&M Christian Bertsch-Engel, CEE Group Johannes Schmidt, Institut für Angewandte Informatik (InfAI) e. V. Amsterdam, 27 September 2017 Motivation
More informationPRINCE2 - Quality Management Strategy
Created/updated 05/11/17 PRINCE2 - Quality Management Strategy Downloaded from stakeholdermap.com. Visit Prince2 Templates for more Prince2 downloads. Get a Mind Map Quality Management Strategy template
More informationGovernance SPICE. Using COSO and COBIT Process Assessment Models BPM GOSPEL
Governance SPICE Using COSO and COBIT Process Assessment Models Linking Governance to Sustainable Value Creation BPM GOSPEL (LLP-LDV-TOI-2010-HU-001) This project has been funded with support from the
More informationComplexity Metrics in Engineering Design
Complexity Metrics in Engineering Design Managing the Structure of Design Processes Bearbeitet von Matthias Kreimeyer, Udo Lindemann 1. Auflage 2011. Buch. xiii, 403 S. Hardcover ISBN 978 3 642 20962 8
More informationApplying Integrated Assurance Management Scenarios for Governance Capability Assessment
Applying Integrated Assurance Management Scenarios for Governance Capability Assessment János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract. The well established
More informationInternal Audit of ICT Governance in WFP. Office of the Inspector General Internal Audit Report AR/15/11
Fighting Hunger Worldwide Internal Audit of ICT Governance in WFP Office of the Inspector General Internal Audit Report AR/15/11 Contents Page I. Executive summary 3 II. Context and scope 5 III. Results
More informationExploring Differences between Large and Medium Organizations Corporate Governance of Information Technology
Exploring Differences between Large and Medium Organizations Corporate Governance of Information Technology UWCISA Symposium Professor Carla Wilkin, Department of Accounting, Monash University Paul Couchman
More informationSAP SuccessFactors Succession & Development. Product Road Map
SAP SuccessFactors Succession & Development Product Road Map Legal disclaimer The information in this presentation is confidential and proprietary to SAP and may not be disclosed without the permission
More informationPurposing the entirety of COBIT5 for the Assurance Professional. Ross E. Wescott MA CISA CIA CCP CUERME Wescott & Associates
Purposing the entirety of COBIT5 for the Assurance Professional Ross E. Wescott MA CISA CIA CCP CUERME Wescott & Associates The Conference that Counts, Albany New York Monday March 19, 2018 ROSS WESCOTT
More informationCOBIT 5. Isaca - COBIT 5 COBIT 5 Foundation Version: 4.0
Isaca - COBIT 5 COBIT 5 Foundation Version: 4.0 1 QUESTION: 1 Which principle is key for the governance and management of enterprise IT? A. ManagingIT Operations B. InsureResourceOptimization C. Enabling
More informationThe Value of IT Frameworks
The Value of IT Frameworks Recent views from Chief Information Officers Results from the CIONET survey of European CIO s on the business value of IT Frameworks What s next. Table of Contents _ 2 Introduction...
More informationKING III IT GOVERNANCE ALIGNED TO. Simon Liell-Cock Julio Graham Peter Hill CISA CISM CGEIT
IT GOVERNANCE ALIGNED TO KING III Simon Liell-Cock Julio Graham Peter Hill CISA CISM CGEIT IT Governance Network South Africa USA UK Switzerland www.itgovernance.co.za info@itgovernance.com 0825588732
More informationITIL: Service Offerings & Agreements Course 02 Service Offerings & Agreements
ITIL: Service Offerings & Agreements Course 02 Service Offerings & Agreements Slide 1 Course Service Offerings & Agreements Topics Covered Learning Objectives Terms-to-Know Introduction Principles Context
More informationISACA. The recognized global leader in IT governance, control, security and assurance
ISACA The recognized global leader in IT governance, control, security and assurance High-level session overview 1. CRISC background information 2. Part I The Big Picture CRISC Background information About
More informationCGMA Competency Framework
CGMA Competency Framework Technical skills CGMA Competency Framework 1 Technical skills : This requires a basic understanding of the business structures, operations and financial performance, and includes
More informationISO 9001:2015. Quality Manual Template.
www.iso-9001-checklist.co.uk Insert your company s name or logo, and address. This quality manual is the property of Your Company. It must not be reproduced in whole or in part or otherwise disclosed without
More informationRisk Advisory Services Developing your organisation s governance for competitive advantage
Advisory Services Developing your organisation s governance for competitive advantage The Deloitte Advisory Platform of Services can help you to govern your strategic plan to guide your operations measure
More informationModule 6: Business Application Software Audit. Chapter 1: Business Application Software Audit
Module 6: Business Application Software Audit Chapter 1: Business Application Software Audit 1 Basic Learning Objectives Task Statement Knowledge Statement 2 Learning Objectives Business application software
More informationGOVERNANCE OF INFORMATION TECHNOLOGY (IT)
GOVERNANCE OF INFORMATION TECHNOLOGY (IT) Preface "Доверяй, но проверяй. Доверяй, но проверяй Trust, but verify GOVERNANCE OF INFORMATION TECHNOLOGY (IT) Chapter 1 "For there are very few so foolish that
More informationCORESafety Safety and Health Principles
CORESafety Safety and Health Principles Principle 1 Leadership Development Identifying and developing employees in leadership positions who can: Influence safety and health performance improvement. Positively
More informationCertificate in Internal Audit 3. Advanced Audit Techniques
Certificate in Internal Audit 3 Advanced Audit Techniques Who should attend? Senior Auditors Audit Managers and those about to be appointed to that role Auditors that need to audit projects, contracts
More informationInformation and Communication Technology
ISSA Guidelines Information and Communication Technology Extended edition 2016 Open access version The ISSA Guidelines for Social Security Administration consist of internationally-recognized professional
More informationTABLE OF CONTENTS 2. INFORMATION TECHNOLOGY IN A BUSINESS ENVIRONMENT 15
. INTRODUCTION. INFORMATION TECHNOLOGY IN A BUSINESS ENVIRONMENT.. THE ORGANIZATION AS A SYSTEM...... Business processes...................................................... The value chain...... Value
More information1. You should attempt all 40 questions. Each question is worth one mark. 3. The pass mark for this exam is 26 out of 40 (65%).
The ITIL Foundation Examination Sample Paper D Question Booklet Multiple Choice Examination Duration: 60 minutes Instructions 1. You should attempt all 40 questions. Each question is worth one mark. 2.
More informationDigital Talent. Dr. Elisabeth Denison
Digital Dr. Elisabeth Denison WomenPower, April 28, 2017 The Leading Professional Services Firm 2 It s a VUCA* World Die größte Gefahr für unser Geschäft ist, dass ein Tüftler irgendetwas erfindet, was
More informationCGEIT QAE ITEM DEVELOPMENT GUIDE
CGEIT QAE ITEM DEVELOPMENT GUIDE TABLE OF CONTENTS PURPOSE OF THE CGEIT ITEM DEVELOPMENT GUIDE 3 PURPOSE OF THE CGEIT QAE... 3 CGEIT EXAM STRUCTURE... 3 WRITING QUALITY ITEMS... 3 MULTIPLE-CHOICE ITEMS...
More informationContents. viii. List of figures. List of tables. OGC s foreword. 6 Organizing for Service Transition 177. Chief Architect s foreword.
iii Contents List of figures List of tables OGC s foreword Chief Architect s foreword Preface Acknowledgements v vii viii 1 Introduction 1 ix xi xii 1.1 Overview 3 1.2 Context 3 1.3 Goal and scope of Transition
More informationITIL Foundation Instructor-led Live Online Training Program
Course Outline Service management as a practice Describe the concept of best practices in the public domain Describe and explain why ITIL is successful Define and explain the concept of a service Define
More information