Upload
prasetiyadi-pras
View
221
Download
0
Embed Size (px)
Citation preview
8/20/2019 Memahami Cobit Versi NUS
1/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT® 5 as IT Management Best
Practice Framework
1
Please see Acknowledgements & Notices in last few slides
8/20/2019 Memahami Cobit Versi NUS
2/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
What is COBIT?
Control OB jectives for Information and related Technology
International framework from ISACA and IT Governance Institute
Helps maximise value of IT to businesses
Originally, more for monitoring/ audit /risk assessment of ITmanagement processes
Increasingly recognised as comprehensive framework of ITManagement best practices■ Advises on WHAT to do■ Some high-level of how to do
Currently Version 5
2
8/20/2019 Memahami Cobit Versi NUS
3/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT - Governance and Management
3
Strategic Tactical Operational
Nb: Words in green above NOT part of COBIT but added by the author of this presentation.
generally, the responsibility of
Board of Directors
8/20/2019 Memahami Cobit Versi NUS
4/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT5 Processes
4
Align, Plan &
Organise
Build, Acquire &
Implement
Monitor, Evaluate &
Assess
Deliver, Service &
Support
• Manage the IT ManagementFramework
• Manage Strategy• Manage Innovation• Manage EnterpriseArchitecture
• Manage Portfolio• Manage Budget and Costs• Manage Human Resources• Manage Relationships• Manage Service Agreements• Manage Suppliers• Manage Quality• Manage Risk• Manage Security
• Manage Programmes &Projects
• Manage RequirementsDefinition
• Manage SolutionsIdentification and Build
• Manage Availability &Capacity
• Manage Change Acceptanceand Transitioning
• Manage OrganisationalChange Management
• Manage Changes• Manage Knowledge• Manage Assets• Manage Configuration
• Monitor, Evaluate andAssess Performance &Conformance
• Monitor, Evaluate andAssess the System ofInternal Control
• Monitor, Evaluate andAssess Compliance with
External Requirements
Governance
• Manage Operations• Manage Service Requests& Incidents
• Manage Problems• Manage Continuity• Manage Security Services• Manage Business ProcessControls
• Ensure Governance FrameworkSetting and Maintenance
• Ensure Benefits Delivery• Ensure Risk Optimisation
• Ensure Resource Optimisation• Ensure StakeholderTransparency
Domains
Processes
8/20/2019 Memahami Cobit Versi NUS
5/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Domain BAI - Build, Acquire & Implement
5
Nb: Bold headings are
author’s own categorisation& are not part of COBIT
Programmes
■ Manage Programmes (and Projects)
Projects
■ Manage (Programmes and) Projects
Requirements
■ Manage Requirements Definition
■ Manage Availability & Capacity Design & Build
■ Manage Solutions Identification and Build
Test & Implement
■ Manage Change Acceptance and Transitioning
Changes
■ Manage (IT) Changes■ Manage Organisational Change Management
Supporting Processes
■ Manage Knowledge
■ Manage Assets
■ Manage Configuration
8/20/2019 Memahami Cobit Versi NUS
6/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Domain BAI - Build, Acquire & Implement
6
Build, Acquire
& Implement
(BAI)
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.
Programme Management
(Generic) Project Management
IT Systems Devt Life Cycle Mgt
Support Processes
Knowledge, Asset, Configuration
Requirements &
Feasibility
Design &
Build
Test &
Implement
Manage Changes
IT and Organisational
8/20/2019 Memahami Cobit Versi NUS
7/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
IT Strategy / Innovation / Ent. Architecture / Portfolio Management
BAI Relationship with APO
7
Build, Acquire
& Implement
(BAI)
Align, Plan
& Organise
(APO)
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.
Pre-Project Development Production
Programme Management
(Generic) Project Management
IT Systems Devt Life Cycle Mgt
Support Processes
Knowledge, Asset, Configuration
Requirements &
Feasibility
Design &
Build
Test &
Implement
Manage Changes
IT and Organisational(Tactical)
(Strategic)
IT
Ongoing
Management
8/20/2019 Memahami Cobit Versi NUS
8/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Domain APO – Align, Plan & Organise
Strategy/ Architecture / Portfolio■ Manage the IT Management Framework
■ Manage Strategy
■ Manage Innovation
■ Manage Enterprise Architecture
■ Manage Portfolio IT Ongoing Management
■ Manage Budget and Costs
■ Manage Human Resources
■ Manage Relationships
■ Manage Service Agreements
■ Manage Suppliers■ Manage Quality
■ Manage Risk
■ Manage Security
8
Nb: Bold headings are
author’s own categorisation
& are not part of COBIT
IT Strategy / Architecture / Portfolio Management
Programme Management
(Generic) Project Management
IT Systems Devt Life Cycle Mgt
Support Processes
Knowledge, Asset, Configuration
Requirements &
Feasibility
Design &
Build
Test &
Implement
Manage Changes
IT and Organisational
ITOngoing
Management
8/20/2019 Memahami Cobit Versi NUS
9/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Domains – Deliver, Service &
Support (DSS)
Service Operations
■ Manage Operations
■ Manage Service Requests &
Incidents
■ Manage Problems
■ Manage Continuity
■ Manage Security Services
■ Manage Business ProcessControls
9
Nb: Bold headings are
author’s own categorisation& are not part of COBIT
8/20/2019 Memahami Cobit Versi NUS
10/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
DSS Relationship with BAI & APO
10
IT Systems Devt Life Cycle Mgt
Support Processes
Knowledge, Assets, Configuration
Requirements
& Feasibility
Design &
Build
Test &
Implement
Manage ChangesIT & Organisational
Build,
Acquire &
Implement
(BAI)
Align, Plan
& Organise
(APO)
Deliver,
Service &
Support (DSS)
Service
Operations
IT Strategy / Innovation / Ent. Architecture / Portfolio Management
Programme Management
(Generic) Project Management
Pre-Project Development Production
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.
IT
Ongoing
Management
(Strategic)
(Tactical)
(Operational)
8/20/2019 Memahami Cobit Versi NUS
11/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Domains – Monitor, Evaluate &
Assess
Monitor, Evaluate and Assess
■ Performance & Conformance
■ System of Internal Control
■ Compliance with External Requirements
11
Nb: Bold headings are
author’s own categorisation
& are not part of COBIT
8/20/2019 Memahami Cobit Versi NUS
12/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
MEA Relationship with APO / BAI / DSS
12
IT Systems Devt Life Cycle Mgt
Support Processes
Knowledge, Assets, Configuration
Requirements
& Feasibility
Design &
Build
Test &
Implement
Manage ChangesIT & Organisational
Build,
Acquire &
Implement
(BAI)
Align, Plan
& Organise
(APO)
Deliver,
Service &
Support (DSS)
Service
Operations
IT Strategy / Innovation / Ent. Architecture / Portfolio Management
Programme Management
(Generic) Project Management
Pre-Project Development Production
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.
IT
Ongoing
Management
Measure,
Evaluate
&
Assess
Measure,
Evaluate &Assess (MEA)
(Strategic)
(Tactical)
(Operational)
8/20/2019 Memahami Cobit Versi NUS
13/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Domains – Governance
Monitor, Evaluate & Direct to:
■ Ensure Governance Framework Setting
and Maintenance
■ Ensure Benefits Delivery
■ Ensure Risk Optimisation
■ Ensure Resource Optimisation
■ Ensure Stakeholder Transparency
13
Nb: Bold headings are
author’s own categorisation
& are not part of COBIT
8/20/2019 Memahami Cobit Versi NUS
14/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Governance Relationship To Management
14
IT Systems Devt Life Cycle Mgt
Support Processes
Knowledge, Assets, Configuration
Requirements
& Feasibility
Design &
Build
Test &
Implement
Manage Changes
IT & Organisational
Build,
Acquire &
Implement
(BAI)
Align, Plan
& Organise(APO)
Deliver, Service &
Support (DSS)
Service
Operations
IT Strategy / Innovation / Ent. Architecture / Portfolio Management
Programme Management
(Generic) Project Management
Pre-Project Development Production
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.
IT
Ongoing
Management
Measure,
Evaluate
&
Assess
Measure,
Evaluate &
Assess (MEA)
(Strategic Mgt)
(Tactical Mgt)
(Operational Mgt)
(Governance)
Monitor
Evaluate
Direct
8/20/2019 Memahami Cobit Versi NUS
15/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Further Process Details
COBIT provides further details to the Process
■ Breakdown of Process
• Process
–
Management Practices» Activities
■ RACI for Management Practices
■ Inputs-Outputs for each Activity
■ Metrics for the overall process• IT-related
• Process-related
15
8/20/2019 Memahami Cobit Versi NUS
16/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Process Details – Management
Practices
16
Manage Programmes and Projects■ Maintain a standard approach for programme and project
management
■ Initiate a programme.
■ Manage stakeholder engagement.
■ Develop and maintain the programme plan.
■ Launch and execute the programme■ Monitor, control and report on the programme outcomes.
■ Start up and initiate projects within a programme.
■ Plan projects
■ Manage programme and project quality
■ Manage programme and project risk
■ Monitor and control projects■ Manage project resources and work packages.
■ Close a project or iteration
■ Close a programme.
Process
Management
Practices
8/20/2019 Memahami Cobit Versi NUS
17/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Process Details – Management
Practices and Activities
17
Manage Programmes and Projects
■ Maintain a standard approach for programme and project management
■ Initiate a programme
• Agree on programme sponsorship and appoint a programme board/committee with members who have
strategic interest in the programme, have responsibility for the investment decision making, will be
significantly impacted by the programme and will be required to enable delivery of the change.
• Confirm the programme mandate with sponsors and stakeholders. Articulate the strategic objectives for
the programme, potential strategies for delivery, improvement and benefits that are expected to result,
and how the programme fits with other initiatives.
• Develop a detailed business case for a programme, if warranted. Involve all key stakeholders to develop
and document a complete understanding of the expected enterprise outcomes, how they will be
measured, the full scope of initiatives required, the risk involved and the impact on all aspects of the
enterprise. Identify and assess alternative courses of action to achieve the desired enterprise outcomes.
• Develop a benefits realisation plan that will be managed throughout the programme to ensure that
planned benefits always have owners and are achieved, sustained and optimised.
• Prepare and submit for in-principle approval the initial (conceptual) programme business case, providing
essential decision-making information regarding purpose, contribution to business objectives, expectedvalue created, time frames, etc
• Appoint a dedicated manager for the programme, with the commensurate competencies and skills to
manage the programme effectively
• and efficiently.
■ Manage stakeholder engagement.
■ …
Process
Management
Practices
Activities
8/20/2019 Memahami Cobit Versi NUS
18/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Process Details – RACI for
Management Practices
18
8/20/2019 Memahami Cobit Versi NUS
19/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Process Details – Inputs-
Outputs for Each Activity
19
8/20/2019 Memahami Cobit Versi NUS
20/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Process Details – IT-Related
Metrics
20
Example - from Manage Programmes and Projects process
8/20/2019 Memahami Cobit Versi NUS
21/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Process Details – Process-
Related Metrics
21
Example - from Manage Programmes and Projects process
8/20/2019 Memahami Cobit Versi NUS
22/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Other Key Elements of COBIT
Principles
Enablers
Lifecycle Approach
Process Capability Model
COBIT 5 Product Family
22
8/20/2019 Memahami Cobit Versi NUS
23/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Principles
23
8/20/2019 Memahami Cobit Versi NUS
24/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Enablers
24
8/20/2019 Memahami Cobit Versi NUS
25/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Lifecycle Approach
25
8/20/2019 Memahami Cobit Versi NUS
26/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Process Capability Model
26
8/20/2019 Memahami Cobit Versi NUS
27/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT 5 Product Family
27
8/20/2019 Memahami Cobit Versi NUS
28/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT 5 Mapping to Other Frameworks
28
Nb: Some of the other frameworks can map to more than one COBIT domain (eg. ITIL/COBIT) but for simplicity, only one domain is mapped here
http://www.scrumalliance.org/
8/20/2019 Memahami Cobit Versi NUS
29/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
For Further Information
For further details on COBIT course
■ http://www.iss.nus.edu.sg/ProfessionalCourse
s/SearchCourse/CourseDetail/tabid/267/cid/20
/cname/nicf-cobit-foundation/Default.aspx
For other related courses:
■ http://www.iss.nus.edu.sg/ProfessionalCourse
s/CourseCatalogue.aspx
29
http://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/CourseCatalogue.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/CourseCatalogue.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/CourseCatalogue.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/CourseCatalogue.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspx
8/20/2019 Memahami Cobit Versi NUS
30/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Acknowledgements & Sources
Sources used in this presentation:
■ Information Systems Audit and Control
Association. (2012). COBIT 5: Enabling
processes. Rolling Meadows, IL: ISACA.
30
8/20/2019 Memahami Cobit Versi NUS
31/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Acknowledgements & Notices COBIT® is a registered trade mark of ISACA and the IT Governance Institute
CGEIT® is a registered trade mark of ISACA
TOGAF is a registered trademark of The Open Group in the United States andother countries
CBAP® is a registered certification mark owned by International Institute ofBusiness Analysis
CISSP is a registered Trademark of (ISC)2
SCRUM Alliance REP SM is a service mark of Scrum Alliance, Inc.
PMP is a registered mark of Project Management Institute, Inc.
ITIL®, PRINCE2®, P3O®, MSP® are registered trade marks of the CabinetOffice
CMMI is registered in the U.S. Patent and Trademark Office by Carnegie Mellon
University The Swirl logo™ is a trade mark of the Cabinet Office
© 2011 NUS unless otherwise stated. The contents of this document may not bereproduced in any form or by any means, without the written permission of ISS,NUS, other than for the purpose for which it has been supplied
8/20/2019 Memahami Cobit Versi NUS
32/32
© 2010 NUS. All Rights Reserved UnlessOtherwise Stated
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst Prctce Frmwrk ppt/v1 0
The End
32