Information and Technology. Governance. System for

Transcription

1 2019 strategy goals size Role of IT Sourcing model for IT Compliance requirements Etc. Design Factors SME Risk DevOps Etc. Priority governance management objectives Specific guidance from focus areas Target capability performance management guidance Inputs to COBIT 2019 COBIT 2019 COBIT 5 Stards, Frameworks, Regulations Community Contribution COBIT Core Publications Focus Area Tailored System for Information Technology COBIT Core Reference Model of Management Objectives COBIT 2019 Framework: Introduction Methodology COBIT 2019 Framework: Management Objectives COBIT 2019 Design Guide: Designing an Information Technology Solution COBIT 2019 Implementation Guide: Implementing Optimizing an Information Technology Solution MEA01 Managed Performance Conformance Monitoring MEA02 Managed System of Internal Control MEA03 Managed Compliance with External Figure 4.1 COBIT Overview MEA04 Managed Assurance EDM01 Ensured Framework Setting Maintenance APO01 Managed I&T Management Framework APO02 Managed EDM02 Ensured Benefits Delivery APO03 Managed Architecture EDM03 Ensured Risk Optimization APO04 Managed Innovation APO05 Managed Portfolio EDM04 Ensured Resource Optimization APO06 Managed Budget Costs EDM05 Ensured Engagement APO07 Managed Human Resources APO09 Managed APO08 Managed Service APO10 Managed APO11 Managed APO12 Managed APO13 Managed APO014 Managed Relationships Agreements Vendors Quality Risk Data BAI03 Manage BAI01 Managed BAI02 Managed BAI04 Managed BAI07 Managed Solutions BAI05 Managed Programs Availability BAI06 Managed IT Change Identification Organizational Definition Capacity IT Changes Acceptance Build Change Transitioning BAI08 Managed BAI09 Managed BAI10 Managed BAI11 Managed Knowledge Assets Configuration Projects DSS01 Managed DSS02 Managed DSS05 Managed DSS06 Managed Operations Service Requests DSS03 Managed DSS04 Managed Business Incidents Problems Continuity Services Process Controls

2 Figure 2.1 COBIT s Boards Executive Management Business Managers IT Managers Assurance Providers Risk Management Internal s Benefit of COBIT Provides insights on how to get value from the use of I&T explains relevant board responsibilities Provides guidance on how to organize monitor performance of I&T across the enterprise Helps to underst how to obtain the I&T solutions enterprises require how best to exploit new technology for new strategic opportunities Provides guidance on how best to build structure the IT department, manage performance of IT, run an efficient effective IT operation, control IT costs, align IT strategy to business priorities, etc. Helps manage dependency on external service providers, get assurance over IT, ensure the existence of an effective efficient system of interal controls Helps to ensure the identitication management of all IT-related risk External s Regulators Business Partners IT Vendors Helps to ensure the enterprise is compliant with applicable rules regulations has the right governance system in place to manage sustain compliance Helps to ensure that a business partner s operations are secure, reliable compliant with applicable rules regulations Helps to ensure that an IT vendor s operations are secure, relaible compliant with applicable rules regulations Figure 3.1 System Principles 1. Provide Value 2. Holistic Approach 3. Dynamic System 4. Distinct From Management 5. Tailored to Needs 6. End-to-End System Figure 3.2 Framework Principles 1. Based on Conceptual Model 2. Open Flexible 3. Aligned to Major Stards

3 Figure 4.16 COBIT Goals Cascade Drivers Needs Cascade to Goals Cascade to Alignment Goals Cascade to Management Objectives Figure 4.3 COBIT Components of a System Processes Services, Infrastructure Applications Organizational Structures People, Skills Competencies System Principles, Policies, Procedures Culture, Ethics Behavior Information

4 2019 Figure 4.2 COBIT Core Model EDM01 Ensured Framework Setting Maintenance APO01 Managed I&T Management Framework APO08 Managed Relationships BAI01 Managed Programs BAI08 Managed Knowledge DSS01 Managed Operations EDM02 Ensured Benefits Delivery APO02 Managed APO03 Managed Architecture APO09 Managed Service Agreements APO10 Managed Vendors BAI02 Managed Definition BAI03 Managed Solutions Identification Build BAI09 Managed Assets BAI10 Managed Configuration DSS02 Managed Service Requests Incidents DSS03 Managed Problems EDM03 Ensured Risk Optimization APO04 Managed Innovation APO11 Managed Quality BAI04 Managed Availability Capacity BAI11 Managed Projects DSS04 Managed Continuity EDM04 Ensured Resource Optimization APO05 Managed Portfolio APO06 Managed Budget Costs APO12 Managed Risk APO13 Managed BAI05 Managed Organizational Change BAI06 Managed IT Changes DSS05 Managed Services DSS06 Managed Business Process Controls EDM05 Ensured Engagement APO07 Managed Human Resources APO014 Managed Data BAI07 Managed IT Change Acceptance Transitioning MEA01 Managed Performance Conformance Monitoring MEA02 Managed System of Internal Control MEA03 Managed Compliance With External MEA04 Managed Assurance INTERNATIONAL HEADQUARTERS 1700 E. Golf Road Suite 400 Schaumburg, IL USA isaca.org

5 Figure 4.4 COBIT Design Factors Goals Risk Profile I&T-Related Issues Threat Lscape Compliance Role of IT Sourcing Model for IT IT Implementation Methods Technology Adoption Size Future Factors The globally recognized COBIT Framework, which helps ensure effective enterprise governance of information technology, has been updated with new information guidance, facilitating easier, tailored implementation strengthening COBIT s continuing role as an important driver of innovation business transformation. This document provides an overview of the COBIT 2019 guidance. This excerpt is available as a complimentary PDF at for purchase in hard copy at We encourage you to share this document with your enterprise leaders, team members, clients /or consultants. Additional information is available at isaca.org/cobit. Figure 7.1 Impact of Design Factors on a Management System 1. Management Objective Priority Target Capability Levels Design Factors Impact 3. Specific Focus Areas 2. Component Variations

6 Figure 7.2 System Design Workflow 1. Underst the enterprise context 2. Determine the initial scope of the governance system. 3. Refine the scope of the governance system. 4. Conclude the governance system design. 1.1 Underst enterprise 1.2 Underst enterprise goals. 1.3 Underst the risk profile. 1.4 Underst current I&T-related issues. 2.1 Consider enterprise 2.2 Consider enterprise goals apply the COBIT goals cascade. 2.3 Consider the risk profile of the enterprise. 2.4 Consider current I&T-related issues. 3.1 Consider the threat lscape. 3.2 Consider compliance requirements. 3.3 Consider the role of IT. 3.4 Consider the sourcing model. 3.5 Consider IT implementation methods. 3.6 Consider the IT adoption 3.7 Consider enterprise size. 4.1 Resolve inherent priority conflicts. 4.2 Conclude the governance system design. Figure 8.1 COBIT Implementation Road Map 6 Did we get there? Realize benefits 5 How do we get there? 7 How do we keep the momentum going? Embed new Execute plan approaches Review effectiveness Operate use Operate Sustain measure Implement improvements Monitor evaluate Build Identify role players Plan program 4 What needs to be done? 1 What are the drivers? Initiate program Establish desire to change Recognize need to act improvements state Define current target Assess state team outcome Communicate implementation Form Define problems opportunities Define road map 2 Where are we now? 3 Where do we want to be? Program management (outer ring) Change enablement (middle ring) Continual improvement life cycle (inner ring)