Embed Size (px)
Citation preview
Cobit 2019
Enterprise governance of information and technology (EGIT)
www.isaca.org
Sustaining the Governance System
Typical Pain Points
• Frustration between different IT entities across the organization becauseof a perception of low contribution to business value
• Frustration between business departments (i.e., the IT customer) and theIT department because of failed initiatives or a perception of lowcontribution to business value
• Significant I&T-related incidents, such as data loss, security breaches,project failure, application errors,linked to IT
• Service delivery problems by the IT outsourcer(s)
• Failure to meet IT-related regulatory or contractual requirement
• Regular audit findings or other assessment reports about poor ITperformance or reported IT quality or service problems
• Substantial hidden and rogue IT spending
• Duplications between various initiatives, or other forms of wasted resources
• Insufficient IT resources, staff with inadequate skills and staff burnout/dissatisfaction
• IT-enabled changes or projects frequently failing to meet business needs and deliveredlate or over budget
• Multiple and complex IT assurance efforts
• Reluctance of board members, executives or senior management to engage with IT, orlack of committed business sponsors for IT
• Complex IT operating model and/or unclear decision mechanisms for IT-relateddecisions
• Excessively high cost of IT
• Obstructed or failed implementation of new initiatives or innovations caused by thecurrent IT architecture and systems
• High level of end-user computing, creating (among other issues) a lack ofoversight and quality control over the applications that are beingdeveloped and put in operation
• Business departments implementing their own information solutions withlittle or no involvement of the enterprise IT department
• Ignorance of and/or noncompliance with security and privacy regulations
• Inability to exploit new technologies or innovate using I&T
• Regular issues with data quality and integration of data across varioussources
• Gap between business and technical knowledge
Trigger events
• Merger, acquisition or divestiture
• Shifts in the market, economy or competitive position
• Changes in business operating model or sourcing arrangements
• New regulatory or compliance requirements
• Significant technology change or paradigm shifts
• Enterprise wide governance focus or project
• External audit or consultant assessments
• New business strategy or priority
• Desire to significantly improve the value gained from I&T
Cobit 5 vs Cobit 2019 Comparation
Cobit 5
Cobit 5
Cobit 5
Cobit 5
Cobit 5
Cobit 5
Cobit 5
Cobit5
Cobit 5
Cobit 5
Cobit 5
B. Component: Organizational Structures
Cobit 5
C. Component: Information Flows and Items
Cobit 5
Cobit 5
Cobit 5
Cobit 5
11 Factors
Focus Areas
• Examples of focus areas include small and medium enterprises,cybersecurity, digital transformation, cloud computing, privacy, andDevOps
• A number of focus area content guides are in preparation, and the setwill continue to evolve. For the latest information on currentlyavailable and pending publications and other content, please visitwww.isaca.org/cobit.
11 Factors
Factor 1 - Enterprise Strategy
Factor 2 -Understand Enterprise Goals
Factor 3- Understand the Risk Profile
Factor 4- Understand Current I&T-Related Issues
Factor 5- Threat Landscape
Consider the Threat Landscape (Design Factor 5)
Factor 6 – Compliance Requirements
Factor 7- Role of IT
Factor 8 - the Sourcing Model for IT
Factor 9 IT Implementation Methods
Factor 10 Technology Adoption Strategy
Factor 11 Enterprise Size
13
26 At the time of publication of the COBIT® 2019 Design Guide: Designing an Information
and Technology Governance Solution, the small and medium
enterprise focus area content was in development and not yet released.
http://www.isaca.org/COBIT/Pages/COBIT-2019-Design-Guide.aspx
Enterprise Strategy (Design Factor 1)
