ENTERPRISE IT GOVERNANCE
USING COBIT5

1

Trainer:John Doan
E-mail:
Cellphone:(+84)938-491-888
SourcefromISACA



A BUSINESS FRAMEWORK FOR THE
GOVERNANCE AND MANAGEMENT
OF ENTERPRISE IT
APEXLearningContentDevelopmentTeam


Information!
2

v Information is a key resource for all enterprises.
v Information is created, used, retained, disclosed and destroyed.
v Technology plays a key role in these actions.
v Technology is becoming pervasive in all aspects of business and

personal life.

What benefits do information and technology bring to
enterprises?

APEXLearningContentDevelopmentTeam


Enterprise Benefits
3

Enterprises and their executives strive to:
v Maintain quality information to support business decisions.
v Generate business value from IT-enabled investments, i.e.,

achieve strategic goals and realise business benefits through
effective and innovative use of IT.
v Achieve operational excellence through reliable and efficient
application of technology.
v Maintain IT-related risk at an acceptable level.
v Optimise the cost of IT services and technology.
How can these benefits be realised to create enterprise stakeholder
value?


APEXLearningContentDevelopmentTeam


What is COBIT?
4

Control Objectives for Information and Related Technology
Evolution of scope


GovernanceofEnterpriseIT
IT Governance
Val IT 2.0

Management

(2008)

Control

Risk IT
(2009)

Audit
COBIT1

1996

COBIT2

1998

COBIT3

2000

COBIT4.0/4.1

2005/7


COBIT5

2012

A BUSINESS FRAMEWORK FOR THE GOVERNANCE
AND MANAGEMENT OF ENTERPRISE IT


APEXLearningContentDevelopmentTeam


COBIT 5 Product Family
5



APEXLearningContentDevelopmentTeam


Meeting
Stakeholder
needs

6

Separating
Governance
from
Management


COBIT5

Coveringthe
Enterprise
End-to-end

Principles

Enablinga
Holistic
Approach


Applyinga
Single
Integrated
Framework
APEXLearningContentDevelopmentTeam


Meeting Stakeholder Needs
7



APEXLearningContentDevelopmentTeam


Benefits

Realisation

8
Stakeholder
value of
business
investments

FINANCIAL

CUSTOMER

INTERNAL

Customeroriented
service
culture
Optimisation
of business
process
functionality

LEARNING
AND
GROWTH


Risk
Realisation


Portfolio of
competitive
products
and services

Managed
business risk
(safeguarding
of assets)

Business
service
continuity and
availability

Agile responses
to a changing
business
environment

Optimisation
of business
process costs

Resource
Realisation

Compliance
with external
laws and

regulations

Financial
transparency

Informationbased strategic
decision making

Optimisation
of service
delivery costs

Operational
and staff
productivity

Compliance
with internal
policies

Managed
business change
programmes

Skilled and motivated people
Product and business innovation culture

APEXLearningContentDevelopmentTeam



BUSINESSVALUE

9

FINANCIAL

Alignmentof
ITand
business
strategy

Commitmentof
executivemanagement
formakingIT-related
decisions

ITcomplianceandsupportforbusiness
compliancewithexternallawsandregulations

CUSTOMER

INTERNAL

LEARNING
AND
GROWTH


DeliveryofITservicesinlinewith
businessrequirements

v ITagility
v Securityofinformation,processing
infrastructureandapplications
v Optimisation ofITassets,
resourcesandcapabilities
v ITcompliancewithinternalpolicies

Competentandmotivated
businessandITpersonnel

ManagedITrelated
businessrisk

TransparencyofIT
costs,benefits
andrisk

Realised benefitsfromIT-enabled
investmentsandservicesportfolio
Adequateuseofapplications,
informationandtechnologysolutions
v Deliveryofprogrammes delivering
benefits,ontime,onbudget,and
meetingrequirementsandquality
standards
v Enablementandsupportofbusiness
processesbyintegratingapplicationsand
technologyintobusinessprocessess
Knowledge,expertiseand
initiativesforbusinessinnovation


APEXLearningContentDevelopmentTeam


10

IT-Related
Goals

Commitmentofexecutive
managementformakingITrelateddecisions

AlignmentofITandbusiness
P
strategy

P

Realised benefitsfromITenabledinvestmentsand
servicesportfolio
P

TransparencyofITcosts,
benefitsandrisk

S

Portfolioofcompetitive
productsandservices
Managedbusinessrisk

(safeguardingofassets)
Compliancewithexternallaws
andregulations
Financialtransparency
Customer-orientedservice
culture
Businessservicecontinuityand
availability
Agileresponsestoachanging
businessenvironment
Information-basedstrategic
decisionmaking
Optimisation ofservicedelivery
costs
Optimisation ofbusiness
processfunctionality
Optimisation ofbusiness
processcosts
Managedbusinesschange
programmes
Operationalandstaff
productivity
Compliancewithinternal
policies
Skilledandmotivatedpeople
Productandbusinessinnovation
culture

Stakeholdervalueofbusiness
investments


Enterprise
Goals

P

ITcomplianceandsupport
forbusinesscompliance
withexternallawsand
regulations

S

ManagedIT-relatedbusiness
risk
S

S

P

S

P

S

P
S


APEXLearningContentDevelopmentTeam
P

S

S

P

P

S

P

S

S

S

S
P

S
S

P

P


S

S

S

P

P

P

P
P

P
S
S

S
S
S

S
S

S
S



11

IT-Related
Goals

Stakeholdervalueofbusiness
investments
Portfolioofcompetitive
productsandservices
Managedbusinessrisk
(safeguardingofassets)
Compliancewithexternallaws
andregulations
Financialtransparency
Customer-orientedservice
culture
Businessservicecontinuityand
availability
Agileresponsestoachanging
businessenvironment
Information-basedstrategic
decisionmaking
Optimisation ofservicedelivery
costs
Optimisation ofbusiness
processfunctionality
Optimisation ofbusiness
processcosts
Managedbusinesschange

programmes
Operationalandstaff
productivity
Compliancewithinternal
policies
Skilledandmotivatedpeople
Productandbusinessinnovation
culture

Enterprise
Goals

DeliveryofITservicesinline
P
withbusinessrequirements
P
S

Adequateuseof
applications,information
andtechnologysolutions
S
S

ITagility
S
P

Securityofinformation,
processinginfrastructure

andapplications

Optimisation ofITassets,
resourcesandcapabilities
P
S

Enablementandsupportof
businessprocessesby
integratingapplicationsand
technologyintobusiness
processes

S
P
S
P

S
S
S

S
S

P

S

P


P

S

S
S
S

P

P
S

P
S

P

APEXLearningContentDevelopmentTeam

S

S

S
S

P
S

S

S
S
P

P
P

S
P
S
P
S
S
S

S
S
P
S
S
S
S


12

IT-Related
Goals



Stakeholdervalueofbusiness
investments
Portfolioofcompetitive
productsandservices
Managedbusinessrisk
(safeguardingofassets)
Compliancewithexternallaws
andregulations
Financialtransparency
Customer-orientedservice
culture
Businessservicecontinuityand
availability
Agileresponsestoachanging
businessenvironment
Information-basedstrategic
decisionmaking
Optimisation ofservicedelivery
costs
Optimisation ofbusiness
processfunctionality
Optimisation ofbusiness
processcosts
Managedbusinesschange
programmes
Operationalandstaff
productivity
Compliancewithinternal

policies
Skilledandmotivatedpeople
Productandbusinessinnovation
culture

Enterprise
Goals

Deliveryofprogrammes
deliveringbenefits,ontime,
P
onbudget,andmeeting
requirementsandquality
standards
S
S

Availabilityofreliableand
usefulinformationfor
decisionmaking
S
S
S

S
S

S

ITcompliancewithinternal

policies

Competentandmotivated
businessandITpersonnel
S
S

Knowledge,expertiseand
initiativesforbusiness
innovation
S
P
P
S
S

P
P

S
S

S
P
S

S

S


APEXLearningContentDevelopmentTeam

P

S
P

P

S
P
S

S
P


13

Anenterprisehasdefinedforitselfa
numberofstrategicgoals,ofwhich
improvingcustomersatisfactionisthe
mostimportant.Fromthere,itwantsto
knowwhereitneedstoimproveinall
thingsrelatedtoIT.



APEXLearningContentDevelopmentTeam



Enterprise Goals
14

The enterprise decides that setting customer satisfaction
as a key priority is equivalent to raising the priority of the
following enterprise goals:
v Customer –oriented service culture
v Business service continuity and availability
v Agile responses to a changing business environment



APEXLearningContentDevelopmentTeam


IT-related Goals
15

The enterprise now takes the next step in the goals cascade:
analysing which IT-related goals correspond to these
enterprise goals. A suggested mapping between them is listed
in appendix B.
v Alignment of IT and business strategy
v Managed IT-related business risk
v Delivery of IT services in line with business requirements
v IT agility
v Security of information, processing infrastructure and

applications

v Availability of reliable and useful information for decision

making
v Knowledge, expertise and initiatives for business innovating


APEXLearningContentDevelopmentTeam


Covering the Enterprise End-to-end
16

Source: COBIT® 5, figure 8. © 2012 ISACA® All rights reserved.

Source: COBIT® 5, figure 9. © 2012 ISACA® All rights reserved.



APEXLearningContentDevelopmentTeam


Applying a Single Integrated Framework
17

— COBIT 5 aligns with the latest relevant other standards and

frameworks used by enterprises:
— Enterprise: COSO, COSO ERM, ISO/IEC 9000, ISO/IEC
31000
— IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series,

TOGAF, PMBOK/PRINCE2, CMMI



APEXLearningContentDevelopmentTeam


Enabling a Holistic Approach
18

2.Processes

3.
Organization

4.Culture,
Ethicsand
Behaviour

1.Principles,PoliciesandFrameworks

5.Information

6.Services,
Infrastructure
andApplications

7.People,
Skillsand
Competencies


Resources



APEXLearningContentDevelopmentTeam


Separating Governance From Management
19



APEXLearningContentDevelopmentTeam


COBIT 5 Process Reference Models
20
37Processes



APEXLearningContentDevelopmentTeam


21



COBITIMPLEMENTATION


APEXLearningContentDevelopmentTeam


COBIT 5 Coverage of Other Standards and Frameworks
22

Evaluate,DirectandMonitor
ISO/IEC38500

Align,Plan,Organize
TOGAF

ISO/IEC31000

ISO/IEC27000

PRINCE2/PMBOK
CMMI

Build,AcquireandImplement
ITIL2011and
ISO/IEC20000



Monitor,
Evaluate
Deliver,ServiceandSupport andAssess
APEXLearningContentDevelopmentTeam



Assessment Overview
23

ProcessAssessmentModel

AssessmentProcess



APEXLearningContentDevelopmentTeam


Process Capability Levels
24
Level 5 Optimizing process

Optimizing
Theprocessiscontinuouslyimprovedtomeetrelevant
currentandprojectedbusinessgoals.
Predictable
Theprocessisenactedconsistently
withindefinedlimits.
Established
Adefinedprocessisusedbasedona
standardprocess.

Level2
PA2.1

PA2.2

PA 5.1
PA 5.2

Level4
PA4.1
PA4.2

Level3
PA3.1
PA3.2

Processmeasurementattribute
Processcontrolattribute

Processdefinitionattribute
Processdeploymentattribute

Managedprocess
Performancemanagementattribute
Workproductmanagementattribute

Process performance attribute

Level 0 Incomplete process


Predictableprocess


Establishedprocess

Level 1 Performed process
PA 1.1

Process innovation attribute
Process optimization attribute

Managed
Theprocessismanagedandwork
productsareestablished,
controlledandmaintained.

Performed
Theprocessisimplementedand
achievesitsprocesspurpose.

Incomplete
Theprocessisnotimplementedorfailsto
achieveitspurpose.

APEXLearningContentDevelopmentTeam


Capability Maturity Assessment
25



APEXLearningContentDevelopmentTeam