study notes - cobit 5 foundation certification
TRANSCRIPT
Copyright@Wajahat Iqbal (2015) This is not an official COBIT publication and is not endorsed, sponsored, or otherwise affiliated with ISACA or ITGI.
(Study Notes) - COBIT 5 Exam (ISACA Enterprise Governance Framework)
1) Governance Objective:
Value Creation from Benefits Realisation + Risk Optimisation+ Resource Optimisation
2) Cobit 5 initially available in 3 Volumes:
- The Framework
- Process Reference Guides
- Implementation Guide
3) Five Principles of Cobit 5:
- Meeting the Stakeholders needs
- Covering the Enterprise end-to-end
- Single integrated Framework
- Holistic approach of 7 enterprise enablers
- Separating governance from management
4) Stakeholder Needs Enterprise Goals IT-related Goals Enabler Goals
5) Seven Enablers of Cobit 5 (i.e. Governance enablers)
- Principles, policies and frameworks
- Processes
-Organisational structures
- Culture, ethics and behaviours
- Information
- Service infrastructure and applications
- People skills and competencies
6) Important Drivers for Cobit 5
- Performance (Business Goals)
- Conformance (SOX, HIPAA)
- Creating value for Enterprise Stakeholders through efficient use of Technology & Information
- Complete Enterprise Governance
- Covers all Functions and Processes
- Address all Internal & External Services
- Address all Internal & External Business Processes
- Address End to end Business and IT responsibilities
- Enterprise Architecture
- Asset and Service management
7) Cobit 5 Triggers
- Pains
- Risks
- Goals Cascade
Copyright@Wajahat Iqbal (2015) This is not an official COBIT publication and is not endorsed, sponsored, or otherwise affiliated with ISACA or ITGI.
8) Mapping of Governance & Management Domain
a) Governance Domain (EDM – Evaluate, Direct & Monitor)
b) Management Domain:
(APO – Align, Plan & Organise)
(BAI – Build, Acquire & Implement)
(DSS – Deliver, Service & Support)
(MEA – Monitor, Evaluate & Asses)
9) Cobit 5 Product Guides:
- Level 1 (Cobit Enabling Processes, Cobit 5 Enabling Information, Other Enabling Guides)
- Level 2 (Cobit 5 Implementation, Cobit 5 for Information Security, Cobit 5 for Assurance, Cobit 5 for
Risk, Other Professional Guides)
- Level 3 (Cobit 5 Online Collaborative Environment)
10) Key Governance Objective VALUE CREATION
11) Enabler Characteristics
- Stakeholders (Internal & External)
- Goals (expected outcome of enabler)
Intrinsic Quality (work well & provide results)
Contextual Quality (Relevance, effectiveness)
Accessibility & Security (of enablers + outcomes)
- Lifecycle
Plan, Design,
Build/Acquire/Create/Implement
Use/Operate
Evaluate/Monitor
Update/Dispose
- Good Practice
Practices
Work Products (Inputs & Outputs)
12) Cobit 5 Enterprise 17 Goals (Balanced Score Card 5 Dimensions):
- Financial
- Customer
- Internal
- Learning Growth
13) Cobit 5 Implementation Lifecycle
Copyright@Wajahat Iqbal (2015) This is not an official COBIT publication and is not endorsed, sponsored, or otherwise affiliated with ISACA or ITGI.
COBIT 5 IMPLEMENTATION CYCLE
Phase
1 2 3 4 5 6 7
What are the
Drivers?
Where are we
Now?
Where do we
Want to be?
What needs to
Be done?
How do we get
there?
Did we get
There?
How do we keep
the momentum
Going?
Programme
Management
Initiate program
Define problems
& opportunities
Define road map
Plan programme
Execute plan Realise benefits
Review Effectiveness
Change
Enablement
Establish desire to change
Form implementation
team
Communicate outcome
Identify role players
Operate and use
Embed new approaches
Sustain
Continual
Improvement
Lifecycle
Recognise need to act
Assess current state
Define target state
Build improvements
Implement improvements
Operate improvements
Monitor and evaluate
14) Charteristics of a Good Business Case:
- Address Business Benefits
- Address Investment needed
- Address Constraints & Dependencies
- Address Investment Monitoring
- Address business changes required
- Address ongoing IT Operating Costs
- Address Roles, Responsibilities & Accountability
15) Cobit 5 Process Capability Model (PAM)
Cobit 5 Process Capability Model (PAM)
0 Incomplete Performance Attribute (PA)
1 Performed PA1.1 Process Performance
2
Managed PA2.1 Performance Management
PA2.2 Work Product Management
3
Established PA3.1 Process Definition
PA3.2 Process Deployment
4
Predictable PA4.1 Process Measurement
PA4.2 Process Control
5 Optimising PA5.1 Process Innovation
PA5.2 Process Optimisation
Rating Levels:
a) F- Fully achieved (>85%) b) P - Partially achieved (15-50%)
c) L-Largely achieved (50-85%) d) N- Non achieved (<15%)
Copyright@Wajahat Iqbal (2015) This is not an official COBIT publication and is not endorsed, sponsored, or otherwise affiliated with ISACA or ITGI.
16) Enterprise = Organisation = Commercial (Corporate) OR Public Sector OR Not for Profit
17) Information Enabler (Enabler 5)
1) Intrinsic Quality Accuracy,Objectivity,Believability,Reputation
2) Contextual Relevancy, Completeness, Currency, Appropriate amount of
information, Concise representation, Consistent representation
Interpretability, Understandability, Ease of manipulation
3) Security/Accessibility Availability/timeliness, Restricted Access
4) Information Layers Physical World(Carrier/Media)
Empiric(User Interface)
Syntactic (Code/Language)
Semantic (Meaning)
Pragmatic (Use)
Social Use (e.g. Contracts,Law,Culture)
18) Cobit 5 Stakeholders:
- Internal (Board,CFO,CIO,CTO,CEO,Business Executives,Managers,Internal Auditors,Users ..)
- External (Business Partners,Suppliers,Shareholders,Regulators,Govt,External
Users,Customers,Standardisation organizations,External Auditors,Consultants..)
19) Good Policy Effective, Efficient, Non-Intrusive
20) DIKW - [Data – Information-Knowledge-Wisdom (Value)]
21) Information for Business (COBIT 4.1)
1 Quality Effectiveness
Efficiency
2 Security Confidentiality
Integrity
Availability
3 Fiduciary Compliance
Reliability
Copyright@Wajahat Iqbal (2015) This is not an official COBIT publication and is not endorsed, sponsored, or otherwise affiliated with ISACA or ITGI.
22) PBRM -> Plan, Build, Run, Monitor Levels (Total 37 Processes)
Governance EDM (5 Processes)
Evaluate, Direct & Monitor
Management APO (13 Processes)
Align, Plan & Organise
BAI (10 Processes)
Build, Acquire & Implement
DSS (6 Processes)
Deliver, Service & Support
MEA (3 Processes)
Monitor, Evaluate & Asses