Upload
vannguyet
View
231
Download
4
Embed Size (px)
Citation preview
1CobiT® is a trademark of the ISACA.
COBIT 5 FrameworkPatrick Soenen
Presentation based on COBIT 5 Exposure Draft – ©2011 ISACAISACA has designed COBIT 5 : The Framework as an educational resource for control professionals
Reproduction only for academic non –commercial use
2CobiT® is a trademark of the ISACA.
A governance and management framework for information and related technology thatstarts from stakeholder needs with regard to information and technology.
The COBIT 5 framework is intended for all enterprises, including non-profit and public sector.
Today enterprises need to achieve increased:• Value creation through enterprise IT;• Business user satisfaction with IT engagement and services;• Compliance with relevant laws, regulations and policies.
3CobiT® is a trademark of the ISACA.
COBIT evolution
GovernanceGovernance
COBIT 4COBIT 4
20052005
Governance
COBIT 4
2005
COBIT 3
Management
2000
COBIT 2
Control
1998
COBIT 1
Audit
1996
Evo
luti
on
Enterprise Governance of IT
COBIT 5 ties together all ISACAknowledge assets, i.e.•COBIT 4.1•Val IT™•Risk IT•Business Model for Information
Security™ (BMIS™)•IT Assurance Framework™ (ITAF™),•Taking Governance Forward (TGF),•Board Briefing on IT Governance,
2nd Edition.
COBIT 5
2011
4CobiT® is a trademark of the ISACA.
ISACA Frameworks Included
5CobiT® is a trademark of the ISACA.
The COBIT 5 Framework is based on 5 principles
COBIT 5 Principles
6CobiT® is a trademark of the ISACA.
COBIT 5 Principles
1. Integrator Framework
COBIT 5 is complete in enterprisecoverage, providing a basis tointegrate effectively otherframeworks, standards andpractices used.
Value creation
Governanceobjectives
Enablers
Knowledgebase
Content filter
Productfamily
Stakeholderneeds
7CobiT® is a trademark of the ISACA.
COBIT 5 Principles
2. The Governance Objective:Stakeholder Value
Enterprises exist to create value for theirstakeholders, so the governance objective forany enterprise is value creation.
Value creation means realising benefits at anoptimal resource cost whilst optimising risk
8CobiT® is a trademark of the ISACA.
COBIT 5 Principles
3. Business and Context Focus
focussing on enterprise goals and objectives,by covering all of the critical business elements.
Every organisation has its own contextdetermined by external and internal factors
Goals cascade to translate into specific IT goals
9CobiT® is a trademark of the ISACA.
COBIT 5 Principles
4. Governance Approach— Enabler BasedMain elements of the governance approach :
Governance enablers are the organisationalresources for governance, such as frameworks,principles, structure, processes and practices,toward which or through which action isdirected and objectives can be attained
Governance scope: Governance can be appliedto the whole enterprise, an entity, a tangible orintangible asset, etc.
Roles, Activities and Relationships: It defines• who is involved in governance,• how they are involved,• what they do and• how they interact
10CobiT® is a trademark of the ISACA.
COBIT 5 Principles
5. Governance- and Management structured
A clear distinction between governance andmanagement.
These two disciplines• include different types of activities,• require different organisational structures,• serve different purposes
11CobiT® is a trademark of the ISACA.
COBIT 5 Architecture
Stakeholder value is basedon the stakeholder needs
The governance objectives take into account• ISACA Guidance• Other standards
By structuring guidance around enablers
Building a consistent knowledge basefor all the guidance
Filter to build
• Framework• Process reference guide• Implementation guide• Practice guide
Value creation
Governanceobjectives
Enablers
Knowledgebase
Content filter
Productfamily
Stakeholderneeds
CobiT 5Architecture
12CobiT® is a trademark of the ISACA.
Value creation
Value creation
Governanceobjectives
Enablers
Knowledgebase
Content filter
Productfamily
Stakeholderneeds
The governance objective is value creation =Realising benefits at optimal resource cost whilst optimising risk
The stakeholders for enterprise IT can be• internal (Board, CEO, CFO, business executives, process
owners, risk managers, IT users, IT managers, etc… ) and• External (business partners, suppliers, shareholders,
customers, regulators… )They can have different and even conflicting needs
13CobiT® is a trademark of the ISACA.
Governance Objectives
Governance Objectives
Value creation
Governanceobjectives
Enablers
Knowledgebase
Content filter
Productfamily
Stakeholderneeds
• Governance objectives are based on the stakeholders needsand the value creation i.e. benefits, resources and risks
• The existing ISACA guidance is used : CobiT, Val IT, Risk IT,BMIS, ITAF, TGF and Board Briefing
• Other relevant frameworks : ITIL, TOGAF
14CobiT® is a trademark of the ISACA.
Goals Cascade
Value creation
Governanceobjectives
Enablers
Knowledgebase
Content filter
Productfamily
Stakeholderneeds
Governance Objectives
Enterprise Goals
IT Goals
Mapping
Mapping
Mapping
Governance objectivestranslate into enterprise goals
Realising enterprise goalsrequires IT related goals
For IT related goals to beachieved, enablers arerequired
15CobiT® is a trademark of the ISACA.
Goals cascade
Value creation
Governanceobjectives
Enablers
Knowledgebase
Content filter
Productfamily
Stakeholderneeds
Governance objectives
BSC Description Benefits Risk ResourceFINANCIAL
1.Stakeholder value of business investments P
2.Portfolio of competitive products/services P S
3.Managed business risks P S
4.Compliance with ext. laws and regulations P
5.Financial transparency P S SCUSTOMER
6.Customer oriented service culture P S
7.Business service continuity & availability P
8.Agile responses to changing environment P S
9.Information based strategic decision making P P P
10.Optimisation of service delivery costs P SINTERNAL
11.Optimisat.of business process functionality P P
12.Optimisation of business process costs P P
13.Managed business process changes P P S
14.Operational and staff productivity P P
15.Compliance with internal policies P
L&G
16.Skilled and motivated people S S P
17.Product and business innovation culture P
Entreprise goals mapped to Governance Objectives
16CobiT® is a trademark of the ISACA.
Goals cascade
Value creation
Governanceobjectives
Enablers
Knowledgebase
Content filter
Productfamily
Stakeholderneeds
BSC DescriptionFINANCIAL
1. Alignment of IT and business strategy
2. IT compliance and support for business compliance with ext. laws & reg.
3. Commitment of executive management for making IT related decisions
4. Managed IT related business risks
5. Realised benefits form IT-enabled investments and services portfolio
6. Transparency of IT costs, benefits and risksCUST
7. Delivery of IT services in line with business requirements
8. Adequate use of applications, information and technology structure
INTERNAL
9. IT agility
10. Security of information, processing infrastructure and applications
11. Optimisation of IT assets, resources and capabilities
12. Enablement and support of business processes by integration
13. Delivery of programme on time, on budget et on business requirements
14. Availability of reliable and useful information
15. IT compliance with internal policies
L&G
16. Competent and motivated IT personnel
17. Knowledge, expertise and initiatives of business motivation
IT related goals
17CobiT® is a trademark of the ISACA.
Enablers
Value creation
Governanceobjectives
Enablers
Knowledgebase
Content filter
Productfamily
Stakeholderneeds
ProcessesCulture,Ethics,Behaviour
ServiceCapabilities
OrganisationalStructures
Skills &Competencies
Principles &Policies
Information
Enablers are tangible and intangible elements that makegovernance and management over enterprise IT work.The enablers are driven by the goal cascade
18CobiT® is a trademark of the ISACA.
Enablers
Value creation
Governanceobjectives
Enablers
Knowledgebase
Content filter
Productfamily
Stakeholderneeds
To achieve objectivesand to produce output
Of individuals andof the organisation
Key decisionmaking entities
Required for keeping theorganisation runningand well governed
To translate desiredbehaviour into guidancefor day-to-day mgt
Required for successfulcompletion of activitiesand for taking correctdecisions
Include infrastructure,technology andapplications
19CobiT® is a trademark of the ISACA.
Value creation
Governanceobjectives
Enablers
Knowledgebase
Content filter
Productfamily
Stakeholderneeds
Generic enabler model
The generic enabler model applies to all CobiT enabler.The generic model has been applied to the Process enabler
20CobiT® is a trademark of the ISACA.
Enabler capability levels
COBIT 4.1Maturity Model
Levels
COBIT 5 ISO/IEC15504 Based
CapabilityLevels
Meaning of the COBIT 5 ISO/IEC 15504Based Capability Levels
Context
5. Optimised 5. OptimisedContinuously improved to meet relevant current andprojected enterprise goals.
Enterprise view/corporate
knowledge
4. Managed andMeasurable
4. PredictableOperates within defined limits to achieve its processoutcomes.
3. Defined 3. EstablishedImplemented using a defined process that is capableof achieving its process outcomes.
N/A 2. Managed
Implemented in a managed fashion (planned,monitored and adjusted) and its work products areappropriately established, controlled andmaintained. Instance view/
individualknowledgeN/A 1. Performed Process achieves its process purpose.
2. Repeatable
1. Ad Hoc
0. Non-existent
0. IncompleteNot implemented or little or no evidence of anysystematic achievement of the process purpose.
The process maturity model of COBIT 4.1 has been replaced with acapability model based on ISO/IEC 15504
Value creation
Governanceobjectives
Enablers
Knowledgebase
Content filter
Productfamily
Stakeholderneeds
21CobiT® is a trademark of the ISACA.
Knowledge base & products
Value creation
Governanceobjectives
Enablers
Knowledgebase
Content filter
Productfamily
Stakeholderneeds
The knowledge base contains all guidance and content
Series of products builtfrom the knowledge base
22CobiT® is a trademark of the ISACA.
Governance & management processes
COBIT 5 advocates that organisation implement governance andmanagement processes, such that the key areas below are covered
1 governancedomain
4 managementdomains
23CobiT® is a trademark of the ISACA.
Evaluate, Direct & Monitor (EDM)
Processes for Governance of Enterprise IT
Process reference model
Align, Plan & Organise (APO)
Build, Acquire & Implement (BAI)
Deliver, Service & Support (DSS)
Monitor,Evaluate& Assess(MEA)
Processes for Management of Enterprise IT
• The process reference model is divided into 5 domains :1 governance domain : EDM
• 4 management domains : APO,BAI, DSS & MEA
24CobiT® is a trademark of the ISACA.
Process reference model
The complete set of 36 processes :5 governance and 31 management processes
25CobiT® is a trademark of the ISACA.
The 7 phases ofthe implementation life cycle
Implementation