If It s not a Business Initiative, It s not COBIT 5

Similar documents
Translate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests.

Selftestengine COBIT5 36q

September 17, 2012 Pittsburgh ISACA Chapter

Braindumps COBIT5 50q

COBIT 5 for Information Security. Dr. Derek J. Oliver Co-Chair, COBIT 5 Task Force

and COBIT 5 ISACA STRATEGIC ADVISORY BOARD VICE PRESIDENT STRATEGY & INNOVATION CA TECHNOLOGIES 2012 ISACA. All Rights Reserved.

Introduction to COBIT 5

COBIT 5. COBIT 5 Online Collaborative Environment

ISACA All Rights Reserved.

Evidence Management for the COBIT 5 Assessment Programme By Jorge E. Barrera N., CISA, CGEIT, CRISC, COBIT (F), ITIL V3F, PMP

COBIT 5. COBIT 5 Online Collaborative Environment

Understanding the Challenge and Incredible Potential of IT Governance

2012 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval

COBIT 5. COBIT 5 Online Collaborative Environment

Portfolio, Program and Project Management Using COBIT 5

COBIT 5. COBIT 5 Online Collaborative Environment

CGEIT Certification Job Practice

Using Risk Management to achieve good IT Governance. Carl Sackey CISA, CISM, CRISC, ISO LA/LI

COBIT 5: IT is complicated. IT governance does not have to be

Technology s Role in Enterprise Risk Management

ISACA. The recognized global leader in IT governance, control, security and assurance

Governance, COBIT and the Cloud a match made in the sky! Robert E Stroud CGEIT International Vice President ISACA Treasurer, Director Audit,

Call for Articles. By Sudarsan Jayaraman, CISA, CISM, BS LA, COBIT (F), ITIL V3 Expert, ISO LA, ISO LA, ISO 9001 LA

Achieving Business/IT Alignment through COBIT 5

HANDOUT A: DESIGNING, IMPLEMENTING AND SUSTAINING A METRICS PROGRAM

COBIT 5. Isaca - COBIT 5 COBIT 5 Foundation Version: 4.0

ISO/IEC Process Mapping to COBIT 4.1 to Derive a Balanced Scorecard for IT Governance

Feature. Unlocking Hidden Value in ERP System Acquisitions Using Risk Management. Risk. Monitoring. Residual Risk Acceptance.

IT and Security Governance. Jacqueline Johnson

Driving Enterprise IT Strategy Alignment and Creating Value Using the COBIT 5 Goals Cascade

Canadian business perspectives on the governance of enterprise IT (GEIT)

COBIT 5 Foundation Exam

Information and Communication Technology

CGEIT ITEM DEVELOPMENT GUIDE

CGEIT QAE ITEM DEVELOPMENT GUIDE

Understanding the Challenge and Incredible Potential of IT Governance

Annex 1 (Integrated frameworks on Business/IT alignment) Annex 2 Goals Cascade, adapted from COBIT5

Implementation of Service Integration in a Multiprovider Environment Using COBIT 5

Cobit 5! Not just for your Auditor!! Fusion (Cobit as an approach to Business & IT Alignment)! Integra(on

An IT Governance Journey April Disclaimer: opinion being those of presenter(s) and not necessarily State Farm

CISA, CISM, CGEIT, CRISC, CISSP, ABCI, AMIIB, MCA, PMP

PMO In A Box. Prepared for UBS

IT Governance Overview

Federal Segment Architecture Methodology Overview

Gaining and Maintaining IT & Business Alignment. presented by Robert Sheesley for PMI Pittsburgh Chapter

Enterprise Governance of IT

"IT Governance Helping Business Survival

Head of Architecture (Enterprise Architect) Grade: Assistant Director Strategy & Architecture

Business Process Improvement by Evans Incorporated

TABLE OF CONTENTS 2. INFORMATION TECHNOLOGY IN A BUSINESS ENVIRONMENT 15

Changes Reviewed by Date. JO Technology Manager - Samer Huwwari JO Manager, Risk & Control Technology: Issa Laty. CIO, Jordan- Mohammad Aburoub

CITIBANK N.A JORDAN. Governance and Management of Information and Related Technologies Guide

STRATEGIC ASSET MANAGEMENT POLICY

NOAALink and the CSI Process

COBIT 5 for Business Benefits Realization: A Preview. Sushil Chatterji, CGEIT

Gain strategic insight into business services to help optimize IT.

National Stock Exchange of India Limited

Enterprise Architecture Development

Digital Transformation for Rapid Responsiveness

Agile Master Data Management

CSPA within the Enterprise Architecture (part 1)

Labnaf All-in-one Strategy & Architecture Framework

Governance and Management of Information and Related Technologies Guide. Prepared for Jordan Ahli Bank

Information and Technology. Governance. System for

A Case Study Implementing COBIT 5

Role of Internal Audit in Transformational Change

Assessment of IT Operations. Frameworks* An Overview

The EFQM 2013 Model Changes. Implications for Organizations

Purposing the entirety of COBIT5 for the Assurance Professional. Ross E. Wescott MA CISA CIA CCP CUERME Wescott & Associates

Enterprise Architecture: A Governance Framework

COBIT 5 and ITIL Adaptation at a Saudi Municipality

GSR Management System - A Guide for effective implementation

Internal Audit of ICT Governance in WFP. Office of the Inspector General Internal Audit Report AR/15/11

Business Benefits by Aligning IT best practices

LIFECYCLE APPROACH TO SERVICE MANAGEMENT ROLES WHITE PAPER

Enterprise Security Architecture A Top-down Approach. Contextual Security Architecture. Logical Security Architecture. Physical Security Architecture

SHIFTING TO THE CLOUD: UNDERSTANDING IT INVESTMENT MANAGEMENT BEYOND YOUR DATA CENTER WALLS

ISACA Systems Implementation Assurance February 2009

The Balanced Scorecard: Translating Strategy into Results

Principles, Policies and Frameworks. Processes. Organisational Structures. Culture, Ethics and Behaviour. Information

SOX perspective of internal control & COSO, COBIT Control frameworks.

GOVERNANCE OF INFORMATION TECHNOLOGY (IT)

IT GOVERNANCE AND MANAGED SERVICES Creating a win-win relationship

PM Architecture Design as a Critical Success Factor in CMMI Model Implementation

Firm Profile TURNING RISKS INTO OPPORTUNITIES

Creating an Agile PMO via Scrum

PMO QUICK TIP GUIDE FOR ESTABLISHING, SUSTAINING, AND ADVANCING YOUR PMO. Quick Tip Guide compliments of PMO Symposium San Diego, California, USA

A META-MODEL FOR THE SPATIAL CAPABILITY ARCHITECTURE

Facilitated Methods Greta Blash, PMP, PMI-ACP, PMI-PBA

COBIT 5: a bridge too far or a giant leap forward? A view from the field

Education Quality Development for Excellence Performance with Higher Education by Using COBIT 5

Business Architecture Fundamentals

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00

Why PMOs Fail: Is Your Organization at Risk?

The IT Management Mistakes Report 2016

Exam Questions OG0-091

Auditing Identity & Access Management: Addressing the Root Causes

Enterprise Architecture: The Strategic Tool for Innovation in Tough Times

Optimize your PeopleSoft 9.2 Investment with a Competency Center

Transcription:

If It s not a Business Initiative, It s not COBIT 5 Steve Romero CISSP PMP CPM Romero Consulting Core Competencies C22 CRISC CGEIT CISM CISA 1 9/13/2013 1

COBIT Page 11 COBIT 5 product family 2

COBIT Page 13 What is COBIT 5? COBIT 5 provides a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of enterprise IT. Helps create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use. Enables IT to be governed and managed in a holistic manner for the entire enterprise. Generic useful for enterprises of all sizes, whether commercials, not-for-profit, or public sector 3

COBIT Page 14 What is COBIT 5? IT and the Business COBIT 5 addresses the governance and management of information and related technology from an enterprise-wide, end-to-end perspective, including the activities and responsibilities of both the IT function and non-it business functions. Really, COBIT means business The end-to-end aspect is further supported by COBIT 5 coverage of all critical business elements, e.g. processes, organizational structures, principles & policies, culture, skills, information, service capabilities. 4

COBIT Page 15 COBIT 5 objectives Building on the current widely recognized and accepted COBIT framework, link together and reinforce all other major ISACA frameworks and guidance. Connect to and align with other major frameworks and standards (ISO 38500, ITIL, EA, NIST etc.) Incorporate familiar components such as a Domain/Process model, Governance/Management Best Practices, RACI charts, and process input/output linkages. Provide a renewed and authoritative full-spectrum framework for the governance and management of enterprise IT. 5

COBIT 5 objectives Building on the current widely recognized and accepted COBIT framework Linking together and reinforce all other major ISACA frameworks/guidance 6

COBIT Page 15 COBIT 5 objectives Connect to and align with other major frameworks and standards (ISO 38500, ITIL, EA, NIST etc.) IT Infrastructure Library (ITIL) ISO Standards The Open Group Architecture Framework (TOGAF) Project Management Body Of Knowledge (PMBOK) Val IT (value framework - ITGI) Risk IT (risk framework - ITGI) Business Model for Information Security (BMIS - ITGI) IT Assurance Framework (ITAF - ITGI) IT Governance Board Briefing (ITGI) Taking Governance Forward (ITGI) 7

COBIT 5 objectives Incorporate familiar components such as a Domain Process model, RACI charts, Governance Management Best Practices, and process input and output linkages. 8

COBIT Page 14 COBIT 5 objectives Provide a renewed and authoritative full-spectrum framework for the governance and management of enterprise IT. Governance Ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions, and options Sets direction through prioritization and decision making Monitors performance, compliance, and progress against the agreed upon direction and objectives Management Plans, builds, runs, & monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives 9

COBIT Page 15 COBIT 5 benefits Incorporating an operational model, and a common language for all parts of the business involved in IT activities, is one of the most important and critical steps toward good governance. It provides a framework for: Integrating Best Practices Communicating with Stakeholders Measuring & Monitoring IT Performance 10

COBIT Page 15 COBIT 5 benefits Provides enterprise-wide benefits Enables benefits realization Ensures business-user satisfaction with IT engagement and services Fosters the view of IT as a key enabler Assures compliance with relevant laws, regulations, and policies 11

COBIT Page 15 COBIT 5 benefits Key Business Benefits End-to-end enterprise governance and management of IT Transparency in decision making Key IT Benefits Agility of IT to respond to business needs Alignment of IT tasks/activities with business needs Optimization of: IT assets & resources IT-related business risk Cost performance of IT 12

COBIT Page 13 COBIT 5 (GEIT) principles 13

COBIT Page 17 Principle 1: Meeting stakeholder needs Enterprises exist to create value for stakeholders, therefore value creation is a governance objective. Value creation is achieved through: Benefits realization Risk optimization Resource optimization Value creation means different things to different stakeholders. 14

Value creation means different things to different stakeholders COBIT Page 17 Varying values sometimes conflict Governance enables negotiation and decision amongst value interests considering ALL stakeholders by asking the questions: For whom are the benefits? Who bears the risk? What resources are required? Stakeholder needs are influenced by a number of drivers: Strategy changes Changing business (mission) & regulatory environment Technology evolution 15

COBIT Page 17 Principle 1: Meeting stakeholder needs Stakeholder needs cascade to enterprise goals This cascade provides the link between stakeholder needs and practical goals by translating these into increasing levels of detail and specificity: Stakeholder Needs Enterprise Goals IT related Goals» Enabler Goals (e.g. process goals) Understanding how stakeholder needs relate to enterprise & IT-related goals is essential Allows setting specific goals at every level of the enterprise in support of the overall goals and stakeholder requirements 16

COBIT Page 18 Principle 1: Meeting stakeholder needs Goals Cascade 17

COBIT Page 22 Principle 1: Meeting stakeholder needs 18

COBIT Page 19 Enterprise Goals Stakeholder value of business investments Portfolio of competitive products and services Managed business risks (safeguarding of assets) Compliance with external laws and regulations Financial transparency Customer oriented service culture Business service continuity and availability Agile responses to a changing business environment Information based strategic decision making Optimization of service delivery costs Optimization of business process functionality Optimization of business process costs Managed business change programs Operational and staff productivity Compliance with internal policies Skilled and motivated people Product and business innovation culture 19

COBIT Page 55 Principle 1: Meeting stakeholder needs Stakeholder needs cascade to enterprise goals 20

COBIT Page 19 IT-related Goals Alignment of IT and business strategy Optimization of IT assets, resources, and IT compliance and support for business capabilities compliance with external laws / regulations Enablement and support of business Commitment of executive management for processes by integrating applications and making IT related decisions technology into business processes Managed IT related business risks Delivery of programs delivering benefits, on Realized benefits from IT enabled time, on budget, and meeting requirements investments and services portfolio and quality standards Transparency of IT costs, benefits, and risk Availability of reliable and useful Delivery of IT services in line with business information for decision making requirements IT compliance with internal policies Adequate use of applications, information, Competent and motivated business and IT and technology solutions personnel IT agility Knowledge, expertise, and initiatives for Security of information, processing business innovation infrastructure, and applications 21

COBIT Page 50 Principle 1: Meeting stakeholder needs Enterprise goals cascade to IT-related goals 22

COBIT Page 52 Principle 1: Meeting stakeholder needs IT-related goals cascade to Enabler goals (processes) 23

COBIT Page 53 Principle 1: Meeting stakeholder needs IT-related goals cascade to Enabler goals (processes) 24

COBIT Page 23 Principle 2: Covering enterprise end-to-end Enterprise-wide end-to-end governance and management of information technology Integrates IT governance into any enterprise governance Covers all required functions and processes required to govern and manage enterprise information and related technologies All relevant internal and external IT services Internal and external business functions 25

COBIT Page 24 Principle 2: Covering enterprise end-to-end Governance Enablers (Principle 4) Frameworks, principles, structures, processes, practices Governance Scope - definable Enterprise, entity, or tangible asset Roles, activities and relationships 26

COBIT Page 22 Steve: No business leaders? No COBIT 5 ITG Information Technology Governance BTG Business Technology Governance GEIT Governance of Enterprise Information Technology 27

COBIT Page 25 Principle 3: Applying a single integrated framework Integrates existing ISACA guidance on governance and management of enterprise IT Aligns with current relevant standards & frameworks Simple architecture for structuring a consistent body of guidance materials 28

COBIT Page 61 Principle 3: Applying a single integrated framework 29

COBIT Page 25 Principle 3: Applying a single integrated framework Framework Integrator Enablers: Principles, Policies, & Frameworks Processes Organizational Structures Cultures, Ethics, Behaviors Information Services Infrastructure Applications People, Skills, & Competencies 30

COBIT Page 11 Principle 3: Applying a single integrated framework 31

COBIT Page 27 Principle 4: Enabling a holistic approach Purpose of enablers is to implement an effective & efficient governance and management system for enterprise IT Defined as anything that facilitates achievement of enterprise governance objectives, including resources such as information and people IT related goals define what enablers should achieve 32

COBIT Page 27 Principle 4: Enabling a holistic approach COBIT 5 enablers 33

COBIT Page 27 Principle 4: Enabling a holistic approach Enabler model purpose A governance system is a complex interaction amongst all enablers Having a simple, structured, and uniform way to analyze each enabler can facilitate adoption and successful integration Enablers all have certain elements in common therefore a generic model standardizes conceptualization 34

COBIT Page 28 Principle 4: Enabling a holistic approach Generic enabler model 35

COBIT Page 28 Principle 4: Enabling a holistic approach Enabler dimensions: Stakeholders Stakeholders can be internal or external to the organization, and have their own interests and needs, which can be conflicting Stakeholders needs translate to enterprise goals, then IT related goals, and ultimately to enabler goals 36

COBIT Page 28 Principle 4: Enabling a holistic approach Enablers dimensions: Goals Properties of goals associated with performance metrics are: Outcomes expected of the enabler (associated with Lag indicators) Operation of the enabler itself (associated with Lead indicators) Qualities associated with goals are categorized as follows: Intrinsic quality The extent to which enablers work accurately, objectively, and provide accurate, objective and reputable results Contextual quality The extent to which enablers and their outcomes are fit for purpose given the context in which they operate Access and Security The extent to which enablers and their outcomes are accessible and secured 37

COBIT Page 29 Principle 4: Enabling a holistic approach Enabler dimensions: Life Cycle Phases consist of: Plan Design Build/acquire & implement Use/operate Evaluate/monitor Update/dispose 38

COBIT Page 29 Principle 4: Enabling a holistic approach Enabler dimensions: Good practice Guidance as to how best implement the enabler Good Practice can be: Internal provided within COBIT 5 External provided outside COBIT 5 Work Products (inputs/outputs) 39

COBIT Page 29 Principle 4: Enabling a holistic approach Enabler performance management To manage performance of enablers, metrics associated with the following enabler dimensions must be developed, implemented, and monitored: Stakeholders: Are stakeholder needs addressed? Goals: Are enabler goals achieved? Life Cycle: Is the enabler life cycle managed? Good Practices: Are good practices applied? 40

COBIT Page 29 Principle 4: Enabling a holistic approach Enabler metrics - measuring either: Achievement of goals (lag indicators) Stakeholder requirements met Enabler goals achieved Application of Good Practice (lead indicators) Life cycle managed Good practices applied 41

COBIT Page 31 Principle 5: Separating governance & mgt. COBIT 5 framework makes a clear distinction between governance and management Different types of activities Require different organizational structures Serve different purposes 42

COBIT Page 33 Principle 5: Separating governance & mgt. 43

COBIT Enabling Processes Process RACI - example 44

COBIT Page 37 COBIT 5 Implementation Guidance Implementation Lifecycle 45

COBIT Page 35 COBIT 5 Implementation Guidance Based on a continual improvement life cycle Not intended as a prescriptive approach or complete solution Designed as a guide to: Assist in the creation of successful outcomes Leverage best practices Avoid commonly encountered pitfalls Supported by an implementation tool kit containing a variety of resources: Self assessment, measurement, and diagnostic tools Presentations aimed at various audiences Related articles & further explanations 46

COBIT Page 35 COBIT 5 Implementation Guidance Implementation areas of focus Considering the enterprise context Creating the appropriate environment Recognizing pain points and trigger events Enabling change Taking a lifecycle approach Making the business case 47

COBIT Page 35 COBIT 5 Implementation Guidance Key factors for successful implementation Top management providing direction and mandate for the initiative and visible ongoing commitment & support All parties supporting governance and management processes need to understand the business & IT objectives Ensuring effective communication and enablement of the necessary changes Tailoring ITG framework as well as other supporting best practices and standards to fit the unique context of the organization Focusing on quick wins and prioritizing the most beneficial improvements 48

The evolution of IT Governance and COBIT IT governance is not new.or even different COBIT is not new but COBIT 5 is very different 49

COBIT 5 engages the business like no COBIT before New COBIT Principles Goals Cascade Holistic Approach 50

COBIT 5 needs the Business Owners and Stakeholders, a.k.a. The Enterprise (GEIT) CEO CFO Business executives Business process owners Business managers Risk managers a.k.a. The Business! Security managers Service managers HR Privacy officers IT users etc. 51

THANK YOU Steven Romero IT Business Value Activist and IT Governance Evangelist steve@itgevangelist.com Twitter @itgevangelist http://www.itgevangelist.com/ CRISC CGEIT CISM CISA 9/13/2013 52

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback