COBIT is a registered trademark of the Information Systems Audit and Control Association © Copyright 2010 by ITpreneurs Nederland B.V. All rights reserved

INSTRUCTOR GUIDEversion 1.0

Sample

Mate

rial -

Not for

Rep

rint

The information contained in this classroom material is subject to change without notice. This material contains proprietary information that is protected by copyright. No part of this material may be photocopied, reproduced, or translated to another language without the prior consent of ITpreneurs Nederland B.V.

© Copyright 2010 by ITpreneurs Nederland B.V. All rights reserved.

COBIT is a registered trademark of ISACA and the IT Governance Institute. The course content is based on COBIT V4.1

The language used in this course is US English. Our sources of reference for grammar, syntax, and mechanics are The Chicago Manual of Style, The American Heritage Dictionary, and the Microsoft Manual of Style for Technical Publications.

Sample

Mate

rial -

Not for

Rep

rint

3

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.

F O U N D A T I O N

4.1 Instructor Guide

Contents

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.

Module 1: Course Introduction 1

Module 2: Why COBIT: Context in organizations, and the need for IT Governance 11

Module 3: COBIT: An Introduction 51

Assignment I: IT Challenges for Callwick 77

Module 4: The COBIT Cube 81

Assignment II: Video on Demand is Launched 111

Module 5: The COBIT Components - Part 1 117

Assignment III: Preparing for the Management Meeting 149

Module 6: The COBIT Components - Part 2 155

Assignment IV: The Resolution for Callwick 189

Module 7: Assurance Guidance 195

Module 8: COBIT Resources 217

Module 9: Inter-relationships with other IT Frameworks, Standards and Regulations 245

Module 10: Exam Preparation Guide 283

Appendix I: Case Study: Callwick 309

Appendix II: Glossary 313

Appendix III: COBIT Foundation Exam Requirements 319

Appendix VI: Process Description of AI4 and ME1 329

Appendix V: Process Description of P010 and DS2 339

Appendix VI: COBIT Processes and Their Objectives 349

Appendix VII: Linking Business Goals and IT Goals 355

Appendix VIII: Mapping IT Process to IT Governance Focus Areas 359

Appendix IX: Answers (Not Applicable For Instructor Guide) N/A

Feedback Form 361

Contents

Sample

Mate

rial -

Not for

Rep

rint

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N

4.1

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.

Module 1: Course Introduction

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N

2Instructor Guide4.1

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N

3Instructor Guide4.1

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.

Delivery InstructionsExplain the objectives of this course.

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N

4Instructor Guide4.1

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.

Delivery InstructionsExplain the Modules of this course.

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N

5Instructor Guide4.1

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.

Delivery InstructionsTake the group through the agenda and the schedule. Discuss the content of each module in detail. Stress the fact that there is an exam at the end of the course so that the learners pay extra attention to the lectures.

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N

6Instructor Guide4.1

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N

7Instructor Guide4.1

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N

8Instructor Guide4.1

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.

Delivery InstructionsGive the group a brief overview of the course, the background of COBIT and the overall COBIT training program.

Stress the fact that most COBIT users or people who are aware of COBIT are only conscious of it in parts. Very few people are familiar with all the components of COBIT.

Although awareness of COBIT and its use is becoming quite widespread, few organizations understand it completely.Sam

ple M

ateria

l - Not

for R

eprin

t

F O U N D A T I O N

9Instructor Guide4.1

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.

Delivery InstructionsGive the group a brief overview of the course, the background of COBIT and the overall COBIT training program.

Stress the fact that most COBIT users or people who are aware of COBIT are only conscious of it in parts. Very few people are familiar with all the components of COBIT.

Although awareness of COBIT and its use is becoming quite widespread, few organizations understand it completely.Sam

ple M

ateria

l - Not

for R

eprin

t

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N

4.1

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.

Module 2: Why COBIT: Context in organizations, and the need for IT Governance

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N

12Instructor Guide4.1

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.

Delivery InstructionsWalk the participants through the key topics of the module.

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N

13Instructor Guide4.1

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.

Speaking PointsThis module focuses on the need for and the context of an IT governance and control framework, such as COBIT. You will learn about:

y The key challenges encountered in IT and the business impact of those challenges.

y What governance is in the first place, followed by a discussion on what enterprise governance is

y IT governance, its key principles and business focus areas

y Stakeholders for IT governance implementation, their roles and responsibilities, and their specific concerns

Delivery InstructionsExplain the objectives of this module to give an overview of IT governance, as defined by Information Technology Governance Institute (ITGI), and to explain the need for a controls-based framework to support IT governance.

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N

14Instructor Guide4.1

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.

Sub Topics: Overview Keeping IT Running Aligning IT with Business Value Security Regulatory Compliance Mastering Complexity CostsSam

ple M

ateria

l - Not

for R

eprin

t

F O U N D A T I O N

15Instructor Guide4.1

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.

Most organizations also operate in a dynamic marketplace, with varying levels of business demands. It is no surprise, therefore, that managing complex technologies in the modern-day business environment is a complex and challenging task. We will look at some examples as we go.

Speaking PointsOrganizations today commit heavily to IT. As a result, they invest significant amounts of money and resources in IT. Their dependency on IT to run normal business operations and enable new, strategic objectives has never been as high as it is today.

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N

16Instructor Guide4.1

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.

Here is some context: In 1969, mainframes were used to perform calculations and processing. It often took an entire day to complete one task. Today, we talk of processing millions of complex transactions within seconds. Without this, customer support departments would have looked very different than they do today; providing 24/7 on-demand support would be unimaginable.

Consequently, a single breakdown can incur losses to the tune of millions. As a result, fast computers and the Internet have now become a necessity rather than a luxury, as during the mainframe age.

Speaking PointsModern organizations rely heavily on IT. The impact of any IT systems failure is huge. Take power failure for example. The business impact of power failure is almost unimaginable today.

Business-as-usual would come to a standstill if internal IT systems fail, for example, e-mail, document processing, tracking, reporting and so on

A seemingly simple failure, such as a server exceeding its storage capacity, can bring an entire department to a halt.

In even more critical business processes, such as Internet banking and order processing, the impact is, of course, far greater, and negatively impacts revenues and reputation.

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N

17Instructor Guide4.1

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.

The role of CIO, in several enterprises, is undergoing a change; CIOs are increasingly acting as a bridge between the business and IT.

ExampleTake the example of a builder. The builder constructs according to requirements and budgets. If requirements aren’t clear at the beginning and there is no coordination between budgets and eventual costs, the cost of construction will shoot up. The bottom line is that if an organization’s reliance on IT increases, the challenge lies in ensuring that IT meets business needs.

Speaking PointsAligning IT with business is more important than ever these days.

In most organizations, business and IT are usually not aligned with the same goals. Consequently, their decisions and actions are not always synchronized, leading to failed IT projects, loss of money and time, and a sense of overall discouragement in undertaking larger IT projects.

Sample

Mate

rial -

Not for

Rep

rint