ENTERPRISE IT GOVERNANCE
USING COBIT5
1
Trainer:John Doan
E-mail:
Cellphone:(+84)938-491-888
SourcefromISACA
A BUSINESS FRAMEWORK FOR THE
GOVERNANCE AND MANAGEMENT
OF ENTERPRISE IT
APEXLearningContentDevelopmentTeam
Information!
2
v Information is a key resource for all enterprises.
v Information is created, used, retained, disclosed and destroyed.
v Technology plays a key role in these actions.
v Technology is becoming pervasive in all aspects of business and
personal life.
What benefits do information and technology bring to
enterprises?
APEXLearningContentDevelopmentTeam
Enterprise Benefits
3
Enterprises and their executives strive to:
v Maintain quality information to support business decisions.
v Generate business value from IT-enabled investments, i.e.,
achieve strategic goals and realise business benefits through
effective and innovative use of IT.
v Achieve operational excellence through reliable and efficient
application of technology.
v Maintain IT-related risk at an acceptable level.
v Optimise the cost of IT services and technology.
How can these benefits be realised to create enterprise stakeholder
value?
APEXLearningContentDevelopmentTeam
What is COBIT?
4
Control Objectives for Information and Related Technology
Evolution of scope
GovernanceofEnterpriseIT
IT Governance
Val IT 2.0
Management
(2008)
Control
Risk IT
(2009)
Audit
COBIT1
1996
COBIT2
1998
COBIT3
2000
COBIT4.0/4.1
2005/7
COBIT5
2012
A BUSINESS FRAMEWORK FOR THE GOVERNANCE
AND MANAGEMENT OF ENTERPRISE IT
APEXLearningContentDevelopmentTeam
COBIT 5 Product Family
5
APEXLearningContentDevelopmentTeam
Meeting
Stakeholder
needs
6
Separating
Governance
from
Management
COBIT5
Coveringthe
Enterprise
End-to-end
Principles
Enablinga
Holistic
Approach
Applyinga
Single
Integrated
Framework
APEXLearningContentDevelopmentTeam
Meeting Stakeholder Needs
7
APEXLearningContentDevelopmentTeam
Benefits
Realisation
8
Stakeholder
value of
business
investments
FINANCIAL
CUSTOMER
INTERNAL
Customeroriented
service
culture
Optimisation
of business
process
functionality
LEARNING
AND
GROWTH
Risk
Realisation
Portfolio of
competitive
products
and services
Managed
business risk
(safeguarding
of assets)
Business
service
continuity and
availability
Agile responses
to a changing
business
environment
Optimisation
of business
process costs
Resource
Realisation
Compliance
with external
laws and
regulations
Financial
transparency
Informationbased strategic
decision making
Optimisation
of service
delivery costs
Operational
and staff
productivity
Compliance
with internal
policies
Managed
business change
programmes
Skilled and motivated people
Product and business innovation culture
APEXLearningContentDevelopmentTeam
BUSINESSVALUE
9
FINANCIAL
Alignmentof
ITand
business
strategy
Commitmentof
executivemanagement
formakingIT-related
decisions
ITcomplianceandsupportforbusiness
compliancewithexternallawsandregulations
CUSTOMER
INTERNAL
LEARNING
AND
GROWTH
DeliveryofITservicesinlinewith
businessrequirements
v ITagility
v Securityofinformation,processing
infrastructureandapplications
v Optimisation ofITassets,
resourcesandcapabilities
v ITcompliancewithinternalpolicies
Competentandmotivated
businessandITpersonnel
ManagedITrelated
businessrisk
TransparencyofIT
costs,benefits
andrisk
Realised benefitsfromIT-enabled
investmentsandservicesportfolio
Adequateuseofapplications,
informationandtechnologysolutions
v Deliveryofprogrammes delivering
benefits,ontime,onbudget,and
meetingrequirementsandquality
standards
v Enablementandsupportofbusiness
processesbyintegratingapplicationsand
technologyintobusinessprocessess
Knowledge,expertiseand
initiativesforbusinessinnovation
APEXLearningContentDevelopmentTeam
10
IT-Related
Goals
Commitmentofexecutive
managementformakingITrelateddecisions
AlignmentofITandbusiness
P
strategy
P
Realised benefitsfromITenabledinvestmentsand
servicesportfolio
P
TransparencyofITcosts,
benefitsandrisk
S
Portfolioofcompetitive
productsandservices
Managedbusinessrisk
(safeguardingofassets)
Compliancewithexternallaws
andregulations
Financialtransparency
Customer-orientedservice
culture
Businessservicecontinuityand
availability
Agileresponsestoachanging
businessenvironment
Information-basedstrategic
decisionmaking
Optimisation ofservicedelivery
costs
Optimisation ofbusiness
processfunctionality
Optimisation ofbusiness
processcosts
Managedbusinesschange
programmes
Operationalandstaff
productivity
Compliancewithinternal
policies
Skilledandmotivatedpeople
Productandbusinessinnovation
culture
Stakeholdervalueofbusiness
investments
Enterprise
Goals
P
ITcomplianceandsupport
forbusinesscompliance
withexternallawsand
regulations
S
ManagedIT-relatedbusiness
risk
S
S
P
S
P
S
P
S
APEXLearningContentDevelopmentTeam
P
S
S
P
P
S
P
S
S
S
S
P
S
S
P
P
S
S
S
P
P
P
P
P
P
S
S
S
S
S
S
S
S
S
11
IT-Related
Goals
Stakeholdervalueofbusiness
investments
Portfolioofcompetitive
productsandservices
Managedbusinessrisk
(safeguardingofassets)
Compliancewithexternallaws
andregulations
Financialtransparency
Customer-orientedservice
culture
Businessservicecontinuityand
availability
Agileresponsestoachanging
businessenvironment
Information-basedstrategic
decisionmaking
Optimisation ofservicedelivery
costs
Optimisation ofbusiness
processfunctionality
Optimisation ofbusiness
processcosts
Managedbusinesschange
programmes
Operationalandstaff
productivity
Compliancewithinternal
policies
Skilledandmotivatedpeople
Productandbusinessinnovation
culture
Enterprise
Goals
DeliveryofITservicesinline
P
withbusinessrequirements
P
S
Adequateuseof
applications,information
andtechnologysolutions
S
S
ITagility
S
P
Securityofinformation,
processinginfrastructure
andapplications
Optimisation ofITassets,
resourcesandcapabilities
P
S
Enablementandsupportof
businessprocessesby
integratingapplicationsand
technologyintobusiness
processes
S
P
S
P
S
S
S
S
S
P
S
P
P
S
S
S
S
P
P
S
P
S
P
APEXLearningContentDevelopmentTeam
S
S
S
S
P
S
S
S
S
P
P
P
S
P
S
P
S
S
S
S
S
P
S
S
S
S
12
IT-Related
Goals
Stakeholdervalueofbusiness
investments
Portfolioofcompetitive
productsandservices
Managedbusinessrisk
(safeguardingofassets)
Compliancewithexternallaws
andregulations
Financialtransparency
Customer-orientedservice
culture
Businessservicecontinuityand
availability
Agileresponsestoachanging
businessenvironment
Information-basedstrategic
decisionmaking
Optimisation ofservicedelivery
costs
Optimisation ofbusiness
processfunctionality
Optimisation ofbusiness
processcosts
Managedbusinesschange
programmes
Operationalandstaff
productivity
Compliancewithinternal
policies
Skilledandmotivatedpeople
Productandbusinessinnovation
culture
Enterprise
Goals
Deliveryofprogrammes
deliveringbenefits,ontime,
P
onbudget,andmeeting
requirementsandquality
standards
S
S
Availabilityofreliableand
usefulinformationfor
decisionmaking
S
S
S
S
S
S
ITcompliancewithinternal
policies
Competentandmotivated
businessandITpersonnel
S
S
Knowledge,expertiseand
initiativesforbusiness
innovation
S
P
P
S
S
P
P
S
S
S
P
S
S
S
APEXLearningContentDevelopmentTeam
P
S
P
P
S
P
S
S
P
13
Anenterprisehasdefinedforitselfa
numberofstrategicgoals,ofwhich
improvingcustomersatisfactionisthe
mostimportant.Fromthere,itwantsto
knowwhereitneedstoimproveinall
thingsrelatedtoIT.
APEXLearningContentDevelopmentTeam
Enterprise Goals
14
The enterprise decides that setting customer satisfaction
as a key priority is equivalent to raising the priority of the
following enterprise goals:
v Customer –oriented service culture
v Business service continuity and availability
v Agile responses to a changing business environment
APEXLearningContentDevelopmentTeam
IT-related Goals
15
The enterprise now takes the next step in the goals cascade:
analysing which IT-related goals correspond to these
enterprise goals. A suggested mapping between them is listed
in appendix B.
v Alignment of IT and business strategy
v Managed IT-related business risk
v Delivery of IT services in line with business requirements
v IT agility
v Security of information, processing infrastructure and
applications
v Availability of reliable and useful information for decision
making
v Knowledge, expertise and initiatives for business innovating
APEXLearningContentDevelopmentTeam
Covering the Enterprise End-to-end
16
Source: COBIT® 5, figure 8. © 2012 ISACA® All rights reserved.
Source: COBIT® 5, figure 9. © 2012 ISACA® All rights reserved.
APEXLearningContentDevelopmentTeam
Applying a Single Integrated Framework
17
COBIT 5 aligns with the latest relevant other standards and
frameworks used by enterprises:
Enterprise: COSO, COSO ERM, ISO/IEC 9000, ISO/IEC
31000
IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series,
TOGAF, PMBOK/PRINCE2, CMMI
APEXLearningContentDevelopmentTeam
Enabling a Holistic Approach
18
2.Processes
3.
Organization
4.Culture,
Ethicsand
Behaviour
1.Principles,PoliciesandFrameworks
5.Information
6.Services,
Infrastructure
andApplications
7.People,
Skillsand
Competencies
Resources
APEXLearningContentDevelopmentTeam
Separating Governance From Management
19
APEXLearningContentDevelopmentTeam
COBIT 5 Process Reference Models
20
37Processes
APEXLearningContentDevelopmentTeam
21
COBITIMPLEMENTATION
APEXLearningContentDevelopmentTeam
COBIT 5 Coverage of Other Standards and Frameworks
22
Evaluate,DirectandMonitor
ISO/IEC38500
Align,Plan,Organize
TOGAF
ISO/IEC31000
ISO/IEC27000
PRINCE2/PMBOK
CMMI
Build,AcquireandImplement
ITIL2011and
ISO/IEC20000
Monitor,
Evaluate
Deliver,ServiceandSupport andAssess
APEXLearningContentDevelopmentTeam
Assessment Overview
23
ProcessAssessmentModel
AssessmentProcess
APEXLearningContentDevelopmentTeam
Process Capability Levels
24
Level 5 Optimizing process
Optimizing
Theprocessiscontinuouslyimprovedtomeetrelevant
currentandprojectedbusinessgoals.
Predictable
Theprocessisenactedconsistently
withindefinedlimits.
Established
Adefinedprocessisusedbasedona
standardprocess.
Level2
PA2.1
PA2.2
PA 5.1
PA 5.2
Level4
PA4.1
PA4.2
Level3
PA3.1
PA3.2
Processmeasurementattribute
Processcontrolattribute
Processdefinitionattribute
Processdeploymentattribute
Managedprocess
Performancemanagementattribute
Workproductmanagementattribute
Process performance attribute
Level 0 Incomplete process
Predictableprocess
Establishedprocess
Level 1 Performed process
PA 1.1
Process innovation attribute
Process optimization attribute
Managed
Theprocessismanagedandwork
productsareestablished,
controlledandmaintained.
Performed
Theprocessisimplementedand
achievesitsprocesspurpose.
Incomplete
Theprocessisnotimplementedorfailsto
achieveitspurpose.
APEXLearningContentDevelopmentTeam
Capability Maturity Assessment
25
APEXLearningContentDevelopmentTeam