process capability attribute indicators (pcais) level 1 to ... · (cobit, val it, risk it, bmis...)...
TRANSCRIPT
COBIT 5Principles
1. Meeting Stakeholder
Needs
5. SeperatingGovernance
fromManagement
2. Covering theEnterpriseEnd-to-end
3. Applying aSingle
IntegratedFramework
4. Enabling aHolistic
Approach
Governance Objectives: Value Creation
BenefitsRealisation
ResourceOptimisation
RiskOptimisation
StakeholderNeeds
Dri
ve
4. Culture, Ethicsand Behaviour
2. Processes 3. OrganizationalStructures
5. Information6. Services,
Infrastructureand Applications
7. People,Skills and
Competencies
Resources
1. Principles, Policies and Frameworks
Enablers
COBIT 5Principles
Value Creation
Principles, policies and frameworks are the
vehicle to translate the desired behaviour into practical guidance for
day-to-day management.
A process describes an organized set of practices and
activities to achieve certain objectives and produce a set of outputs in support of achieving
overall IT-related goals.
Organizational structures are the key decision-making
entities in an enterprise.
Culture, ethics and behaviour of individuals
and of the enterprise are very often underestimated
as a success factor in governance and
management activities.
Information is pervasive throughout any organization and includes all information produced and used by the enterprise. Information is required for keeping
the organization running and well governed, but at the operational level, information is very often the key
product of the enterprise itself.
Services, infrastructure and applications include the infrastructure, technology and applications that provide the enterprise with information
technology processes and services.
People, skills and competencies are linked to people
and are required for successful completion
of all activities and for making correct decisions and taking corrective actions.
Data
Information Knowledge
Value
Generate and ProcessBusiness Process
Transform Transform
Drive
Create
IT Processes
Information Cycle
Contextual Goals
RelevancyCompleteness
AppropriatenessConcisenessConsistency
UnderstandabilityEase of Manipulation
Def
ineta
rget
state
Assess
current
state
Recogniseneed toact
Monitor
and
evaluate
Ope
rate
and
mea
sure
Embe
d ne
wap
proa
ches
Sustain
Establish desireto change
Form
implem
entation
team
Operate
and use
Identify roleplayers
Com
mun
icate
outc
ome
Review
effectiveness
Initiate programme
Define problem
s and
opportunities
Rea
lise
bene
fits
Execute plan
Plan programme
Def
ine ro
ad m
ap
Programme management(outer ring)
Change enablement(middle ring)
Continual improvement life cycle(inner ring)
Level 5
Level 4
Level 3
Level 2
Level 1
Level 0
Cap
ab
ilit
y D
ime
nsi
on
Process Dimension
PA5.2 Continuous optimizationPA5.1 Process innovationPA4.2 Process controlPA4.1 Process measurementPA3.2 Process deploymentPA3.1 Process definitionPA2.2 Performance managementPA2.1 Work product management
PA1.1 Process performanceBP : Base practices (Level 1)WP : Work products (Level 1)
GP : Generic Practice (Levels 2 to 5 only)GR : Generic Resource (Not defined)GWP : Generic Work Product (Levels 2 to 5 only)
EDM Evaluate, Direct,Monitor
APO Align Plan and Organize
BAI - Build, Acquire and Implement
DSS Deliver, Service andSupport
MEA Monitor, Evaluate & Assess
COBIT 5 Processes
Process AttributesLevel 1 to 5
Process Capability Attribute Indicators (PCAIs)Level 1 to 5
Process Performance Indicators
COBIT 5 PCAIs
Process Assessment Model
ImplementationLife Cycle
Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; monitoring performance, compliance and
progress against agreed direction and objectives.
Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives
© Copyright 2014 by Service Management Art Inc. All rights reserved. These materials include COBIT 5 & 4.1, which is used with the permission of ISACA. ©1996-2012 ITGI.
COBIT is a registered trademark of the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI).NOT FOR RESALE, Version 2.3
Existing ISACAGuidance
(COBIT, Val IT,Risk IT, BMIS...)
- Current Guidance and Contents- Structure for Future Contents
COBIT 5 Knowledge Base
Content Filterfor Knowledge Base
COBIT 5 Product Family
COBIT 5
COBIT 5 OnlineCollaborativeEnvironment
COBIT 5 Professional Guides
COBIT 5 Enabler Guides
New ISACAGuidanceMaterials
OtherStandards
andFrameworks
Enablers providestructure to the
COBIT 5knowledge base
ServiceCapabilities
Skills andCompetencies
Principlesand Policies
Information
OrganizationalStructures
Culture,Ethics,
Behaviour
Processes
COBIT 5Enablers
SingleIntegratedFramework
COBIT 5 ImplementationCOBIT 5
for InformationSecurity
COBIT 5for Assurance
COBIT 5for Risk
Other ProfessionalGuides
Other EnablerGuides
COBIT 5:Enabling Information
COBIT 5:Enabling Processes
COBIT 5 Online Collaborative Environment
COBIT 5
COBIT 5 Enabler Guides
COBIT 5 Professional Guides
Product Family
BenefitsRealization
ResourceOptimization
RiskOptimization
Governance Objective: Value Creation
GovernanceEnablers
GovernanceScope
Roles, Activities and Relationships
Governance & Management
• Intrinsic Quality• Contextual Quality (Relevance, Effectiveness)• Accessibility and Security
• Plan• Design• Build/Acquire/ Create/Implement• Use/Operate• Evaluate/Monitor• Update/Dispose
• Practices• Work Products (Inputs/Outputs)
• Internal Stakeholders• External Stakeholders
Stakeholders Goals Life Cycle Good Practices
En
ab
ler
Dim
en
sio
nE
nab
ler
Pe
rfo
rman
ceM
an
age
me
nt Are Stakeholders
Needs Addressed?Are Enabler
Goals Achieved?Is Life CycleManaged?
Are Good PracticesApplied?
Metrics for Achievement of Goals(Lag Indicators)
Metrics for Application of Practice(Lead Indicators)
Enablers: Generic
Management Feedback
Business Needs
Governance
Management
Evaluate
Direct Monitor
Plan(APO)
Build(BAI)
Run(DSS)
Monitor(MEA)
Align, Plan & Organise...
Build, Acquire & Implement...
Deliver, Service & Support
Processes for Management of Enterprise IT
Evaluate, Direct and Monitor
Processes for Governance of Enterprise IT
DSS01 ManageOperations
DSS03 ManageProblems
DSS04 ManageContinuity
DSS05 ManageSecurityServices
DSS06 ManageBusiness
Process Controls
DSS02 ManageService Requests
and Incidents
BAI01 ManageProgrammes and
Projects
BAI02 ManageRequirements
Definition
BAI03 ManageSolutions
Identificationand Build
BAI04 ManageAvailability
and Capacity
BAI05 ManageOrganizational
ChangeEnablement
BAI06 ManageChanges
BAI07 ManageChange
Acceptance andTransitioning
BAI08 ManageKnowledge
BAI09 ManageAssets
BAI010 ManageConfiguration
Monitor, Evaluate
and Assess
MEA01 Monitor,Evaluate and AssessPerformance and
Conformance
MEA02 Monitor,Evaluate and Assess
the System of InternalControl
MEA03 Monitor,Evaluate and AssessCompliance With
External Requirements
APO01 Managethe IT Management
Framework
APO02 ManageStrategy
APO03 ManageEnterprise
Architecture
APO04 ManageInnovation
APO05 ManagePortfolio
APO06 ManageBudget and Costs
APO07 ManageHuman Resources
APO08 ManageRelationships
APO09 ManageService
Agreements
APO10 ManageSuppliers
APO11 ManageQuality
APO12 ManageRisk
APO13 ManageSecurity
EDM01 EnsureGovernance
Framework Settingand Maintenance
EDM02 EnsureBenefits Delivery
EDM03 EnsureRisk Optimization
EDM04 EnsureResource
Optimization
EDM05 EnsureStakeholderTransparency
Key Areas
Process Reference Model (PRM)
Owners andStakeholders
Roles, Activities and Relationships
GoverningBody
ManagementOperations
andExecution
Instruct andAlign
ReportMonitor
Set Direction
Accountable
Delegate
Stakeholder Needs
BenefitsRealisation
ResourceOptimisation
RiskOptimisation
Cascade to
Cascade to
Influence
Stakeholder Drivers(Environment, Technology Evolution, ...)
Enterprise Goals
IT-related Goals
Enabler Goals
Cascade to
GoalsCascade
COBIT 5 Foundation Overviewproven experience • proven tactics • proven success
For more information:Call: Toll Free 1 866 616 4195
Email: [email protected] 5
Edition
Enterprise Goal COBIT 5 Processes
Stak
ehol
der
valu
e of
bus
ines
s in
vest
men
ts
Port
folio
of c
ompe
titiv
e pr
oduc
ts a
nd s
ervi
ces
Man
aged
bus
ines
s ri
sk (
safe
guar
ding
of a
sset
s)
Com
plia
nce
with
ext
erna
l law
s an
d re
gula
tions
Fina
ncia
l tra
nspa
renc
y
Cus
tom
er-o
rien
ted
serv
ice
cultu
re
Busi
ness
ser
vice
con
tinui
ty a
nd a
vaila
bilit
y
Agi
le r
espo
nses
to
a ch
angi
ng b
usin
ess
envi
ronm
ent
Info
rmat
ion-
base
d st
rate
gic
deci
sion
mak
ing
Opt
imiz
atio
n of
ser
vice
del
iver
y co
sts
Opt
imiz
atio
n of
bus
ines
s pr
oces
s fu
nctio
nalit
y
Opt
imiz
atio
n of
bus
ines
s pr
oces
s co
sts
Man
aged
bus
ines
s ch
ange
pro
gram
mes
Ope
ratio
nal a
nd s
taff
prod
uctiv
ity
Com
plia
nce
with
inte
rnal
pol
icie
s
Skill
ed a
nd m
otiv
ated
peo
ple
Prod
uct
and
busi
ness
inno
vatio
n cu
lture
Ensu
re G
over
nanc
e Fr
amew
ork
Sett
ing
and
Mai
nten
ance
Ensu
re B
enefi
ts D
eliv
ery
Ensu
re R
isk
Opt
imiz
atio
n
Ensu
re R
esou
rce
Opt
imiz
atio
n
Ensu
re S
take
hold
er T
rans
pare
ncy
Man
age
the
IT M
anag
emen
t Fr
amew
ork
Man
age
Stra
tegy
Man
age
Ente
rpri
se A
rchi
tect
ure
Man
age
Inno
vatio
n
Man
age
Port
folio
Man
ager
Bud
gets
and
Cos
ts
Man
age
Hum
an R
esou
rces
Man
age
Rel
atio
nshi
ps
Man
age
Serv
ice
Agr
eem
ents
Man
age
Supp
liers
Man
age
Qua
lity
Man
age
Ris
k
Man
age
Secu
rity
Man
age
Prog
ram
mes
and
Pro
ject
s
Man
age
Req
uire
men
ts D
efini
tion
Man
age
Solu
tions
Iden
tifica
tion
and
Build
Man
age
Ava
ilabi
lity
and
Cap
acity
Man
age
Org
aniz
atio
nal C
hang
e En
able
men
t
Man
age
Cha
nges
Man
age
Cha
nge
Acc
epta
nce
and
Tran
sitio
ning
Man
age
Kno
wle
dge
Man
age
Ass
ets
Man
age
Con
figur
atio
n
Man
age
Ope
ratio
ns
Man
age
Serv
ice
Req
uest
s an
d In
cide
nts
Man
ge P
robl
ems
Man
age
Con
tinui
ty
Man
age
Secu
rity
Ser
vice
s
Man
age
Busi
ness
Pro
cess
Con
trol
s
Mon
itor,
Eval
uate
and
Ass
ess
Perf
orm
ance
and
C
onfo
rman
ce
Mon
itor,
Eval
uate
and
Ass
ess
the
Syst
em o
n In
tern
al
Con
trol
s
Mon
itor,
Eval
uate
and
Ass
ess
Com
plia
nce
with
Ex
tern
al R
equi
rem
ents
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
EDM
01
EDM
02
EDM
03
EDM
04
EDM
05
APO
01
APO
02
APO
03
APO
04
APO
05
APO
06
APO
07
APO
08
APO
09
APO
10
APO
11
APO
12
APO
13
BA
I01
BA
I02
BA
I03
BA
I04
BA
I05
BA
I06
BA
I07
BA
I08
BA
I09
BA
I10
DSS
01
DSS
02
DSS
03
DSS
04
DSS
05
DSS
06
MEA
01
MEA
02
MEA
03
IT-related GoalFinancial Customer Internal
Learning and
GrowthEvaluate, Direct and
Monitor Align, Plan and Organize Build, Acquire and Implement Deliver, Service and Support
Monitor, Evaluate and
Assess
Fina
ncia
l
01 Alignment of IT and business strategy P P S P S P P S P S P S S ð P P S S S P P P S P S P P S S P P S S S S S S
02IT compliance and support for business compliance with external laws and regulations
S P P ð S S S P S S S P P S S P S S S P S S P P
03Commitment of executive management for making IT-related decisions
P S S S S S P S S ð P S S S P S S S S S S S S S S S S
04 Managed IT-related business risk P S P S P S S S ð S P S S S S S S S S S S P S P P P S S S P S S S P P P P P P P P P
05 Realized benefits from IT-enabled investments of services portfolio P P S S S S P S S ð S P S S S P P P S S S P P S S S S S S S S S S S S
06 Transparency of IT costs, benefits and risk S S P S P P ð S P P S P S S P S S S P P S P S S S
Cus
tom
er 07 Delivery of IT services in line with business requirements P P S S P S P S P S S S S ð P P S S P S P S S S S P P P P S S S P P P S P S S S P P P P S P P S S
08Adequate use of applications, information and technology solutions
S S S S S S S P S P S S ð S S S S S P S S S S S S S S S S S S P S P S S S S S S S S S S
Inte
rnal
09 IT agility S P S S P P S S S P ð S P P S P P S S S P S S S S S S S P S S S S S S
10Security and information, processing infrastructure and applications
P P P P ð S P S S S S S P P S P S S S S S S P S S S S
11 Optimization of IT assets, resources and capabilities P S S P S P S S S ð S S P P S P P S S P S S S S S S S P S S S P P P P S S S P
12Enablement and support of business processes by integrating applications and technology into business processes
S P S S S S P S S S S ð S S S S S S P P S S S P S S S S
13Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards
P S S S S S P ð S S S S S S S P S P S S S P P P S S S P S S S
14 Availability of reliable and useful information for decision making S S S S P P S ð S S S S S S S S P S S S P S S P S S S S P S S P P S S S S
15 IT compliance with internal policies S S P ð S P S P S S S S S S S S S S S S S S S S S P P S
Lear
ning
and
G
row
th
16Competent and motivated business andIT personnel
S S P S S P P S ð S S S P P S P S S S S S S S S S
17 Knowledge, expertise and initiatives for business innovation S P S P S S S S P ð S P S S S P P S P S P P S S S S S S S P S S P S S S S S S S S
COBIT 5 Goals Cascade
P
S
Primary Relationship
Secondary Relationship
Cascade to
Cascade to
Enterprise Goals
IT-related Goals
Process Goals