cobit - all together now! - · pdf filecobit ® 5 all together now! geoff harmer phd,...

47
1 COBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com

Upload: doantruc

Post on 21-Mar-2018

229 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

1

COBIT® 5All together now!

Geoff HarmerPhD, CEng, FBCS, CITP, CGEIT

Maat ConsultingReading, UK

www.maatconsulting.com

Page 2: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

2

Copyright NoticeCOBIT is © 1996, 1998, 2000, 2005 2012 ISACA and IT Governance Institute.

COBIT, Val IT, Risk IT, BMIS, ITAF, TGF are the registered trade marks of ISACA and the IT Governance Institute

ISO is a registered trademarks of the International Organisation for Standards.

BS is a registered trademark of British Standards Institute

ITIL, PRINCE2 and MSP are registered trademarks of the Cabinet Office, UK

IT-CMF is a registered trademark of Innovation Value Institute

CMM and CMMI - DEV are US Registered trademark of Software Engineering Institute, Carnegie Mellon University

PMBOK is a registered trademark of Project Management Institute

TOGAF is a registered trademark of The Open Group

Course design and content: © 2012 Maat Consulting Ltd. All rights reserved.

Neither ISACA nor ITGI endorse, sponsor or are otherwise affiliated with this COBIT 5 presentation content and they do not warrant or guarantee its accuracy

Maat Consulting Ltd is always seeking improvements and welcomes comments on these materials to: [email protected]

Page 3: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

3

Agenda

� Introduction to COBIT 5� Dive deeper

� Framework� 5 Principles

� 7 Enablers

� Domains and processes

� Management practices

� Process capability assessment� Current and future ISACA resources for COBIT

®5

� Summary

Based on COBIT 5 (2012)

Page 4: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

4

Introduction to COBIT® 5

“A business framework for the governance and management of enterprise IT”

ISACA

Page 5: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

5

COBIT®: Audit to GEIT in 16 years

Scope

2012

COBIT 5

Governance of Enterprise IT

2005/7

COBIT 4.0/4.1

IT GovernanceVal IT

2.02008

Risk IT2009

2000

COBIT 3

Management

1998

COBIT 2

Control

1996

COBIT 1

Audit

Based on COBIT 5 (2012)

Page 6: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

6

Approach to the design of COBIT® 5

� Aims to be the only business framework for the governance and management of enterprise IT

� Integrates ISACA’s frameworks and knowledge resources� COBIT® 4.1 ( IT governance and management)

� Val ITTM (Value delivery)� Risk IT TM (Risk management)� BMISTM (Business Model for Information Security)

� ITAFTM ( IT Audit Framework)� TGFTM (Taking Governance Forward)� Board Briefing on IT Governance 2 nd Edition

� Integrates other major frameworks and standards� Particularly ISO 38500:2008 Corporate Governance of IT

� Plus latest enterprise governance and management techniques

Based on COBIT 5 (2012)

All together now!

Page 7: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

7

COBIT® documents: 10 April 2012

� COBIT®

5: A Business Framework for Governance & Management of Enterprise IT� Main guidance document

� COBIT®

5: Enabling Processes� 5 domains, 37 processes & 208 governance/management practices

� COBIT®

5: Implementation� Includes a toolkit: PowerPoint

®slide sets and PDF docs

� No equivalent of the COBIT®

4.1 Assessment Excel®

tool

Based on COBIT 5 (2012)

Page 8: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

8

“COBIT® 5: A Business Framework …”

� The main guidance document� Contents:

� Executive summary� Description of framework components

� 5 principles

� 7 enablers

� Overview of implementation guidance

� Overview of COBIT®

Process Capability Model (PCM)

Based on COBIT 5 (2012)

Page 9: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

9

COBIT® 5: Governance v. Management

� Governance (EDM)� Evaluates stakeholder needs, conditions and options� Sets direction by prioritisation and decision making� Monitors performance, compliance and progress against agreed

direction� Responsibility: Board; Leader: Chairperson

� Management (PBRM)� Plans , builds , runs and monitors activities� Aligned with governance body’s direction� With goal of achieving enterprise objectives� Responsibility: Executive management; Leader: CEO

Page 10: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

10

Management & Governance Practices

Control Objectives

Management Practices

Management Practices

COBIT® 4.1

Val ITTM

Risk IT TM

GovernancePractices

ManagementPractices

COBIT® 5

193

15

210

22

9

Page 11: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

11

COBIT® 5: 5 Principles

1. Meeting stakeholder needs2. Covering the enterprise end-to-end3. Single integrated framework4. Holistic approach of 7 enterprise enablers5. Separating governance from management

Based on COBIT 5 (2012)

Page 12: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

12

COBIT® 5: 7 Enterprise Enablers

Based on COBIT 5 (2012)

Processes

Organisational Structures

Culture, Ethicsand Behaviour

Information Service Infrastructure& Applications

People, Skills& Competencies

Principles, Policiesand Frameworks

Res

ourc

es

Res

ourc

es

Page 13: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

13

Summary of COBIT®

5

5 Principles allow

Building of a governance and management framework

Based on 7 enablers that

Optimise information and technology investment and its use to benefit stakeholders

Based on COBIT 5 (2012)

Page 14: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

14

Dive deeper into COBIT® 5

“A business framework for the governance and management of enterprise IT”

ISACA

Page 15: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

15

COBIT® 5: The 5 Principles

1. Meeting stakeholders’ needs2. Covering the enterprise end-to-end3. Single integrated framework4. Holistic approach of 7 enterprise enablers5. Separating governance from management

Based on COBIT 5 (2012)

Page 16: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

16

What are Stakeholders’ needs?

� Internal Stakeholders� Board� CxOs� Business process owners & managers� Risk and security managers� HR managers� IT managers and IT audit� IT users

� Needs� Value from IT� Performance of IT� Strategic use of new technology� Compliance with regulations� IT-related risk control� Control IT costs (+ sourcing options)� IT skills� IT programme/project control

� External Stakeholders� Shareholders� Business partners and suppliers� Regulators./government� Customers� External users� External auditors

� Needs� Security/reliability of partners?� Is enterprise compliant?� Effective enterprise internal

controls?

Based on COBIT 5 (2012)

Page 17: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

17

Stakeholders’ Needs

BenefitsRealisation

RiskOptimisation

ResourceOptimisation

Governance Objective: Value Creation

Based on COBIT 5 (2012)

Page 18: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

18

Meeting Stakeholders’ NeedsStakeholder

Drivers

Enterprise Goals

Enabler Goals(Processes +++)

PESTLE

Stakeholder NeedsBenefits

RealisationRisk

OptimisationResource

Optimisation

IT-related Goals

Influence

Cascade

Cascade

Goals Cascade

Governance Requirements

Based on COBIT 5 (2012)

Cascade

Page 19: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

19

Covering the Enterprise End-to-End

� COBIT® 5 covers governance & management of IT (GEIT)

� Integrates GEIT into Enterprise Governance� Seamless integration since aligned with latest views� Not focused ONLY on the IT function

� Covers all functions and processes with the enterprise

� IT is like all other assets in an enterprise

Based on COBIT 5 (2012)

Page 20: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

20

Single Integrated Framework

COSO

TOGAF

ISO 38500

PRINCE2PMBOK

ITIL 2011COSOERM

ISO 9001

ISO 31000ISO 27000

ISO 20000BS 25999 CEAF

FEA

King III

MSP

Kotter

UK CCCGOECD CG

CMMI––––DEV

Page 21: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

21

Enabling a Holistic Approach - 1

Processes

Organisational Structures

Culture, EthicsAnd Behaviour

Information Service Infrastructure& Applications

People, Skills& Competencies

Principles, Policiesand Frameworks

Res

ourc

es

Res

ourc

es

The 7 Enablers

Based on COBIT 5 (2012)

Page 22: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

22

Enabling a Holistic Approach - 2

� Enablers must be interconnected� Inputs from other enablers

� Outputs to benefit other enablers

Processes InformationPeople, Skillsand Competencies

Information

OrganisationalStructures

Based on COBIT 5 (2012)

Page 23: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

23

Enabler Performance Management

� Metrics for Achievement of Goals (LAG indicators)� Stakeholders’ needs addressed?� Enabler Goals achieved?

� Metrics for Application of Practice (LEAD indicators)� Lifecycle managed?� Good practices applied?

Based on COBIT 5 (2012)

Page 24: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

24

Separating Governance from Management

Evaluate

MonitorDirect

Run(DSS)

Build(BAI)

Plan(APO)

Monitor(MEA)

ManagementFeedback

Business Needs

Governance

ManagementISO 38500

COBIT 5 Based on COBIT 5 (2012)

Based on ISO 38500 (2008)

Page 25: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

25

Domains & Processes

Page 26: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

26

COBIT® 5: Processes (37)

Align, Plan and Organise (APO)

Build, Acquire and Implement (BAI)

Deliver, Service and Support (DSS)

Monitor,Evaluate

AndAssess(MEA)

Processes for Management of Enterprise IT

Processes for Governance of Enterprise IT

Evaluate, Direct and Monitor (EDM)EDM01 – EDM05

APO01 – APO13

BAI01 – BAI010

DSS01 – DSS06

MEA01–

MEA03

13

36

10

5

Based on COBIT 5 (2012)

Page 27: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

27

Evaluate, Direct and Monitor (EDM)

EDM01 Ensure Governance Framework Setting and MaintenanceEDM02 Ensure Benefits DeliveryEDM03 Ensure Risk OptimisationEDM04 Ensure Resource OptimisationEDM05 Ensure Stakeholder Transparency

Based on COBIT 5 (2012)

Page 28: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

28

Align, Plan and Organise (APO)

APO01 Manage the IT Management FrameworkAPO02 Manage StrategyAPO03 Manage Enterprise ArchitectureAPO04 Manage InnovationAPO05 Manage PortfolioAPO06 Manage Budget and CostsAPO07 Manage Human ResourcesAPO08 Manage RelationshipsAPO09 Manage Service AgreementsAPO10 Manage SuppliersAPO11 Manage QualityAPO12 Manage RiskAPO13 Manage Security

Based on COBIT 5 (2012)

Page 29: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

29

Build, Acquire and Implement (BAI)

BAI01 Manage Programmes and ProjectsBAI02 Manage Requirements DefinitionBAI03 Manage Solution, Identification and BuildBAI04 Manage Availability and CapacityBAI05 Manage Organisational Change EnablementBAI06 Manage ChangesBAI07 Manage Change Acceptance and TransitioningBAI08 Manage KnowledgeBAI09 Manage AssetsBAI10 Manage Configuration

Based on COBIT 5 (2012)

Page 30: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

30

Deliver, Service and Support (DSS)

DSS01 Manage OperationsDSS02 Manage Service Requests and IncidentsDSS03 Manage ProblemsDSS04 Manage ContinuityDSS05 Manage Security ServicesDSS06 Manage Business Process Controls

Based on COBIT 5 (2012)

Page 31: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

31

Monitor, Evaluate and Assess (MEA)

MEA01 Monitor, Evaluate and Assess Performance and ConformanceMEA02 Monitor, Evaluate and Assess the System of Internal ControlsMEA03 Monitor, Evaluate and Assess Compliance with External Requirements

Based on COBIT 5 (2012)

Page 32: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

32

Processes new to COBIT® 5

Adopted from other frameworks and standardsEDM01 – EDM05 The 5 Governance processes

APO03 Manage Enterprise ArchitectureAPO04 Manage InnovationAPO05 Manage PortfolioAPO06 Manage Budget and CostsAPO08 Manage RelationshipsAPO10 Manage SuppliersAPO13 Manage SecurityBAI05 Manage Organisational Change EnablementBAI08 Manage KnowledgeBAI09 Manage AssetsDSS05 Manage Security ServiceDSS06 Manage Business Process Controls

Based on COBIT 5 (2012)

Page 33: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

33

What’s in each COBIT® 5 process?

� Process Name, Area (Gov. or Mgt.) and Domain� Process Description (a paragraph)� Process Purpose Statement (a paragraph)� Process Goals and Metrics� RACI chart

� For each governance/management practice� 26 roles used

� Practices, Inputs, Outputs and Activities� Related guidance

� Other frameworks and standards

No maturity model

Based on COBIT 5 (2012)

Page 34: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

34

Governance Practices

E.g. Ensure Benefits Delivery (EDM02)� EDM02.01 Evaluate value optimisation

� EDM02.02 Direct value optimisation� EDM02.03 Monitor value optimisation

� Each Governance process has 3 Governance practices� Evaluate, Direct and Monitor

� Each Governance practice has between 3 & 8 activities� Each Governance practice has inputs and outputs

Based on COBIT 5 (2012)

Page 35: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

35

Management Practices

E.g. Manage Service Requests and Incidents (DSS02)� DSS02.01 Define incident & service request classification schemes � DSS02.02 Record, classify and prioritise requests and incidents� DSS02.03 Verify, approve and fulfil service requests

� DSS02.04 Investigate, diagnose and allocate incidents� DSS02.05 Resolve and recover from incidents� DSS02.06 Close service requests and incidents

� DSS02.07 Track status and produce reports

� Each Management practice has between 2 &13 activities � Each Management practice has inputs and outputs

Based on COBIT 5 (2012)

Page 36: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

36

NB: Processes are only 1 of 7 EnablersProcess assessment alone won’t assess IT Governance maturity

COBIT® 5 Process Capability Model

� Replacement for Maturity Models: � COBIT®, Val ITTM, Risk ITTM

� Based on COBIT® 4.1 Process Assessment Model (PAM)� Which itself is based on ISO/IEC 15504-2:

� Process Assessment: Performing an assessment

Based on COBIT 5 (2012)

Page 37: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

37

How COBIT®

5 PCM works – 1

0 – Incomplete Process (1 attribute)Process not implemented or fails to achieve its purpose

1 – Performed Process (1 attribute)Implemented process achieves its purpose

2 – Managed Process (2 attributes)Performed process is managed (planned, monitored, adjusted).Its Work Products are established, controlled, maintained.

3 – Established Process (2 attributes)Managed process uses a defined process that can achieve outcomes

4 – Predictable Process (2 attributes)Established process operates within defined limits to meet outcomes

5 – Optimising Process (2 attributes)Predictable process: continually improved to meet current/projected bus. goals

Based on COBIT 5 (2012)

Process Capability Levels

Page 38: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

38

How COBIT® 5 PCM works – 2

1. Lower level must be achieved else can’t go to next level2. Significant distinction between Cap. L1 & Cap. L2 - L5

� Cap. Level 1 requires:� Process performance attributes to be largely achieved

� i.e. process works and outcomes achieved

� Whereas, Cap. Level 2 – L5 add different attributes to it

� So, Capacity Level 1 is a Significant Achievement!

Based on COBIT 5 (2012)

Page 39: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

39

Current & future COBIT® 5 resources

July 2012COBIT 5 for Information SecurityProfessional

In planningCOBIT 5 OnlineProfessional

C4.1 PAM upgrade?

COBIT Assessment Programme ?Professional

In developmentCOBIT 5 for RiskProfessional

In developmentCOBIT 5 for AssuranceProfessional

7810 April 2012COBIT 5 ImplementationProfessional

In developmentCOBIT 5: Enabling InformationEnabler

23010 April 2012COBIT 5: Enabling ProcessesEnabler

9410 April 2012COBIT 5: A Business Framework…Framework

PagesPublication DateTitleGuide type

Based on COBIT 5 (2012)

Page 40: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

40

Summary

Page 41: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

41

5 key facts about COBIT® 5

1. Leads to more value from information and technology� Improved risk management� Improved business-IT communication� Improved delivery of business objectives� Improved business competitiveness and lower costs

2. Is a business framework for GEIT� Meets needs of business execs. and IT leaders

3. Provides effective decision making� Systematic approach that clarifies goals

4. Addresses needs of stakeholders� An end-end framework integrating 80+ other approaches

5. Based on collective wisdom of 95 global experts.

Based on COBIT 5 (2012)

Page 42: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

42

COBIT® integrates…

� ITIL® (ITSM)� ISO 20000 (ITSM)� PRINCE2®, PMBOK® (ProjMan)� ISO 27000 (InfoSec)� TOGAF® (Enterprise Architecture)� Basel III (Banking compliance)� PCI DSS (Data card security standard)� COSO (Internal and financial controls)� Sarbanes- Oxley (Financial practice &

corporate governance)

Based on COBIT 5 (2012)

Page 43: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

43

COBIT 5: Training Roadmap

Foundation

IT Process Level

Implementation Assessor

6/2012

9/2012

12/2012

All have certificates

Page 44: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

44

Is there a COBIT® 5 competitor?

� Maybe, but not at the level of COBIT®’s user-base� Nearest that includes governance and management is:

� IT Capability Maturity Framework (IT-CMF®) V1.0: 2010

� From Innovation Value Institute (IVI) – consortium of “blue-chips”

� 4 macro-capabilities = domains

� Managing IT like a business (13 critical capabilities= processes)

� Managing the IT Budget (4)

� Managing the IT Capability (13)� Managing IT for Business Value (3)

� Based on a maturity assessment approach to improvement

� Qualifications: 5 tiers up to MSc in IT Management available

http://ivi.nuim.ie/itcmf.shtml

33 critical capabilities

Uses 80+ frameworks and standards!Based on IT-CMF (2010)

Page 45: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

45

References

COBIT 4.1 (2007), COBIT 4.1 Framework, Rolling Meadows, Illinois, USA, ISACA

COBIT 5 (2012), A Business Framework for the Governance and Management of Enterprise IT, Rolling Meadows, Illinois, USA , ISACA

ISO 15504-2 (2003) Process assessment: Performing an assessment, Geneva, ISO

ISO 38500 (2008), Corporate governance of information technology, Geneva , ISO

IT-CMF (2010), IT Capability Maturity Framework, Maynooth, Irish Republic , Innovation Value Institute

Risk IT (2009), Risk IT Framework, Rolling Meadows, Illinois, USA , ISACAVal IT 2.0 (2008), Val IT V2.0 Framework, Rolling Meadows, Illinois, USA ,

ISACA

Page 46: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

46

Any Further Questions?

Page 47: COBIT - all together now! -  · PDF fileCOBIT ® 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT ... ITIL 2011 COSO ERM ISO 9001 ISO 31000 ISO 27000 ISO

47

Education and Consultancyfor IT Best Practices

www.maatconsulting.com