Upload
bob-frelinger
View
5.800
Download
1
Tags:
Embed Size (px)
DESCRIPTION
I had the honor of presenting an Introduction to COBIT 5 at the Rocky Mountain Information Security Conference on May 18, 2012 in Denver, Colorado. This is the deck I used.
Citation preview
Slide HeadingIntroducing COBIT® 5
Bob Frelinger, CGEITMay 18, 2012
Learning Objectives
Appreciate the Background Behind COBIT® 5
Understand the Five COBIT® 5 Principles
Understand the Seven COBIT® 5 Enablers
Know How to Navigate the “COBIT® 5” framework document
Know How to Navigate “COBIT® 5: Enabling Processes”
What’s Behind COBIT® 5
Some History…
What’s Behind COBIT® 5
References and Influencers…
Existing ISACA/ITGI Material:COBIT 4.1
Val ITRisk ITBMIS
IT Assurance FrameworkBoard Briefing on IT Governance
ISO Standards:IT Service Management
Quality ManagementRisk Management
Information Security Risk ManagementCorporate Governance of Information Technology
Process AssessmentBritish Standards:
Business Continuity Management
COBIT 5 Product Family
APM Introduction to Programme Management (UK)
Federal Enterprise Architecture (FEA) (USA)
The [European] Commission Enterprise IT Architecture
Framework (CEAF) (Belgium)
TOGAF® 9PMBOK2®
OGC (UK) Best Management Practice PortfolioManaging Successful Programmes (MSP)PRINCE2®
Information Technology Infrastructure Library (ITIL®),
Leading Change by John Kotter
King Code of Governance Principles (King III) (South Africa)
OECD Principles of Corporate Governance
(France)
Combined Code on Corporate Governance’ (UK)
BABOK® Guide
Balanced Scorecard
COSO
What’s Behind COBIT® 5
Global Expertise and Collaboration…
• Overseen by the ISACA/ITGI Framework Committee (FC)
• Research results were quality-controlled throughout the development process.
• Preliminary research involved several COBIT development groups based around the world.
• Before being issued, the draft documents were distributed to more than 100 subject matter experts around the world to obtain their professional review comments.
• Once ready, draft versions of COBIT 5 and COBIT 5: Enabling Processes were made available to the general public. Thousands of comments were received.
Source: Global Status Report on the Governance of Enterprise IT (GEIT) – 2011. Rolling Meadows, IL: ISACA & ITGI, 2011.
Importance of IT to the Delivery
of Business Strategy and Vision
Importance of IT
Why & What is COBIT® 5
Enterprises, large and small, commercial, not-for-profit or public sector, must create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use.
Information and related technology needs to:• Be governed and managed in a holistic manner for the entire
enterprise, • Take in the full end-to-end business and IT functional areas of
responsibility, • Consider the IT-related interests of internal and external
stakeholders
The Business Case…
A BUSINESS FRAMEWORK FOR THE GOVERNANCE AND MANAGEMENT OF ENTERPRISE IT
IT-Related Issues
Source: Global Status Report on the Governance of Enterprise IT (GEIT) – 2011. Rolling Meadows, IL: ISACA & ITGI, 2011.
Drivers for GEIT Activities
Source: Global Status Report on the Governance of Enterprise IT (GEIT) – 2011. Rolling Meadows, IL: ISACA & ITGI, 2011.
Enterprise Readiness for GEIT
Source: Global Status Report on the Governance of Enterprise IT (GEIT) – 2011. Rolling Meadows, IL: ISACA & ITGI, 2011.
What is COBIT® 5
The Product Family…
Source: COBIT® 5, figure 1. © 2012 ISACA® All rights reserved.
Making It Real – Just Try It
• Integrate best, good and common industry practices • Cascade goals and objectives• Measure both performance toward, and achievement of,
goals• Take the holistic approach; end-to-end view• Link inputs and outputs of key management practices• Enable success through integration and alignment of
seemingly disconnected governance and management activities
Embrace the Concepts Embedded in COBIT 5…
COBIT® 5 Principles
Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.
Based on five key principles for governance
and management of enterprise IT
COBIT® 5 – Principle 1
Principle 1. Meeting Stakeholder Needs
Source: COBIT® 5, figure 3. © 2012 ISACA® All rights reserved.
Enterprises exist to create value for
their stakeholders.
COBIT® 5 – Principle 1
The COBIT 5 goals cascade translates stakeholder needs into specific, actionable and customized goals within the context of the:
• Enterprise goals,
• IT-related goals and
• Enabler goals.
Source: COBIT® 5, figure 4. © 2012 ISACA® All rights reserved.
Principle 1. Meeting Stakeholder Needs
COBIT® 5 – Goals Cascade
Generic Model – Based on Sound Global Research
Mapping Stakeholder Needs to COBIT 5 Enterprise Goals
Mapping COBIT 5 Enterprise Goals to IT-related Goals
Mapping COBIT 5 IT-related Goals to Processes
Appendix B
Appendix D
Appendix C
Process Goals and Suggested MetricsCOBIT 5: Enabling Processes
COBIT® 5 – Principle 2
Principle 2. Covering the Enterprise End-to-end
Source: COBIT® 5, figure 8 & 9 combined. © 2012 ISACA® All rights reserved.
• Enterprisewide, end-to-end perspective
• Information and related technology wherever that information is being processed
• NOT just the IT function
Governance System
Key Components
COBIT® 5 – Principle 3
Principle 3. Applying a Single Integrated Framework
• Aligns with other standards and frameworks
• Complete in enterprise coverage
• Simple architecture for: • structuring guidance
materials• producing a consistent
product set
• Integrates all knowledge previously dispersed over different ISACA/ITGI frameworks
Source: COBIT® 5, figure 10. © 2012 ISACA® All rights reserved.
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
• Driven by the goals cascade – goals define what enablers should achieve
• To achieve enterprise objectives consider an interconnected set of enablers
• Some enablers are the enterprise resources
Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
1. The vehicles to translate the desired behavior into practical guidance for day-to-day management
Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
2. Describe an organized set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals
Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
3. Are the key decision-making entities in an enterprise. They can be the traditional vertical structures or horizontal (or lateral structures).
Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
Organizational Structure
Formal org structure supported by cross-org structures
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
4. Applies to both individuals and of the enterprise; very often underestimated as a success factor in governance and management activities
Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
5. Pervasive throughout any organization and includes all the information produced and used by the enterprise.
Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
6. The infrastructure, technology and applications that provide the enterprise with information technology processing and services
Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
7. People, and their skills and competencies, are required for:
• successful completion of all activities and
• for making correct decisions and
• taking corrective actions
Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
Enabler Dimensions
This common set of dimensions:
• Provides a common, simple and structured way to deal with enablers
• Allows an entity to manage its complex interactions
• Facilitates successful outcomes of the enablers
Source: COBIT® 5, figure 13. © 2012 ISACA® All rights reserved.
All enablers have a set of
common dimensions.
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
Source: COBIT® 5, figure 13. © 2012 ISACA® All rights reserved.
Enabler Performance Management
Actual Outcomes Actual Functioning
COBIT® 5 – Principle 5
Principle 5. Separating Governance from Management
• Different activities and different responsibilities
• Interactions between them are facilitated through the Enablers
Source: COBIT® 5, figure 15. © 2012 ISACA® All rights reserved.
(EDM)
(PBRM)
Implementation Guidance
Source: COBIT® 5, figure 17. © 2012 ISACA® All rights reserved.
Process Capability Model
Source: COBIT® 5, figure 19. © 2012 ISACA® All rights reserved.
A Business Framework for the Governance and Management of Enterprise IT
• Executive Summary• Overview of COBIT 5• A chapter on each of the five principles• Implementation Guidance• The COBIT 5 Process Capability Model• Appendices:
– References– Goals Maps– Stakeholder Needs and Enterprise Goals– Mapping with the Most Relevant Related Standards and Frameworks– COBIT 5 Information Model and COBIT 4.1 Information Criteria– Detailed Description of seven COBIT 5 Enablers– Glossary
What is COBIT® 5 – TOC
The Framework document…breaking it down
2 pages
2 pages
17 pages; 2 to 6 pages each
5 pages – intro to the Guide
5 pages – intro to the Model
1 page
5 pages2 pages
5 pages
1 page
23 pages; 2 to 6 pages each5 pages
A detailed reference guide to the processes that are defined in the COBIT 5 process reference model.
• Introduction• Goals Cascade and Metrics• Process Model• Process Reference Model• Process Reference Guide Contents
– Detailed process-related content structure – Inputs and Outputs– Generic Guidance for Processes– Detailed process content for each process
• Appendices:– Mapping COBIT 5 with legacy ISACA Frameworks – Goals Maps
COBIT® 5: Enabling Processes
Enabling Processes Enabler Guide…breaking it down
A detailed reference guide to the processes that are defined in the COBIT 5 process reference model.
• Introduction• Goals Cascade and Metrics• Process Model• Process Reference Model• Process Reference Guide Contents
– Detailed process-related content structure – Inputs and Outputs– Generic Guidance for Processes– Detailed process content for each process
• Appendices:– Mapping COBIT 5 with legacy ISACA Frameworks – Goals Maps
What is COBIT® 5
Enabling Processes Enabler Guide…breaking it down
1 page
6 pages
3 pages2 pages
3 pages
8 pages
one link to the Process Capability Model
See slide 36 for structure
repeats & extends framework
Broad or universal inputs and outputs
5 pages; repeat of maps in the framework
186 pages; 3- 9 pages each
Enabling Processes
Enabler Dimensions – Processes
Source: COBIT® 5: Enabling Processes, figure 8. © 2012 ISACA® All rights reserved.
Goals driven by goals cascade
Each process is defined, created, operated, and adjusted / updated or retired.
Process Reference ModelRACI charts
Process Capability
Model
Process Capability
Assessments
Limited number of example metrics
Process Reference Model
• Process Identification• Process Description• Process Purpose Statement• Goal Cascade Information• Process Goals and Metrics• RACI Chart• Detailed Description of Process Practices
– Practice title and description– Practice inputs and outputs w/indication of origin & destination– Process activities further detailing the practices
• Related Guidance
Process Content
Enabling Processes: Content Structure for All Processes
but remember the broad or universal inputs
Process Identification, Process Description, Process Purpose Statement
An Example Process
APO05 – Manage Portfolio
Goal Cascade Information
An Example Process
APO05 – Manage Portfolio
Process Goals and Metrics
An Example Process
APO05 – Manage Portfolio
An Example Process
An Example Process
Detailed Description of Process PracticesAPO05 – Manage Portfolio
An Example Process
Detailed Description of Process PracticesAPO05 – Manage Portfolio
An Example Process
Related Guidance
APO05 – Manage Portfolio
Learning Objectives
Appreciate the Background Behind COBIT® 5
Understand the Five COBIT® 5 Principles
Understand the Seven COBIT® 5 Enablers
Know How to Navigate the “COBIT® 5” framework document
Know How to Navigate “COBIT® 5: Enabling Processes”
Implementation Challenges
Source: Global Status Report on the Governance of Enterprise IT (GEIT) – 2011. Rolling Meadows, IL: ISACA & ITGI, 2011.
Questions?