Upload
miroslaw-dabrowski
View
268
Download
6
Tags:
Embed Size (px)
Citation preview
COBI
T® is
a tr
adem
ark o
f ISA
CA®
regi
ster
ed in
the
Uni
ted
Stat
es a
nd o
ther
coun
trie
s.
Start and finish Course style
LunchCoffee and breaks
M00 - Course introduction 2/12 | 2/249
Perform a process capability assessment using the Assessor Guide: using COBIT 5
Apply the Process Assessment Model (The PAM) in performing a process capability assessment Use the Process Reference Model, in particular to be
able to apply the 37 processes outlined in the PRM
Apply and analyse the measurement model in assessing process capability levels
Apply and analyse the capability dimension using generic criteria outlined in the PAM
Identify and assess the roles and responsibilities in the process capability assessment process
Perform and assess the 7 steps outlined in the Assessor Guide
Main goal:
Attempt Assessor exam with confidence
Secondary goal:
Benefits and value of IT Governance and COBIT 5 audit process
M00 - Course introduction 3/12 | 3/249
Please share with the class: Your name and surname Your organization Your profession (title, function, job
responsibilities) Your familiarity with:
Project management
IT management
IT service management (ITSM)
Enterprise architecture Your experience with IT Governance Your personal session expectations
M00 - Course introduction 4/12 | 4/249
M00 - Course introduction 5/12 | 5/249
Foundation Exam
Paper based and closed book exam Only pencil and eraser are allowed Simple multiple (ABCD) choice exam Only one answer is correct 50 questions, pass mark is 25 (50%) No negative points, no “Tricky Questions”
No pre-requisite for Foundation exam
Sample, one (official) mock exam is provided to you
Candidates completing an examination in a language that is not their mother tongue, will receive additional time
M00 - Course introduction 6/12 | 6/249
Target Audience
Consultants, IT practitioners, Business managers
Apply the COBIT 5 good practice continual improvement lifecycle approach to GEIT, tailored to suit the needs of a specific enterprise. In particular
Candidates completing an examination in a language that is not their mother tongue, will receive additional time
M00 - Course introduction 7/12 | 7/249
Target Audience
Internal and external (Lead) Auditors
Perform a process capability assessment using the Assessor Guide: using COBIT 5
Apply the Process Assessment Model
Identify and assess the roles and responsibilities
Candidates completing an examination in a language that is not their mother tongue, will receive additional time
M00 - Course introduction 8/12 | 8/249
COBIT5 main publication is COBIT 5 - A Business Framework for the Governance and Management of Enterprise IT:• ISBN-13: 978-1604202373
COBIT5 syllabus section code and title
OV Overview and Key Features of COBIT 5
PR The COBIT 5 Principles
EN The COBIT 5 Enablers
IM Introduction to COBIT 5 Implementation
PC Process Capability Assessment Model
Syllabus Handbook Page
Module slide number / total module slides
Slide number / total slides
Module number and name
COBIT5handbook page
COBIT5 syllabus section code
M00 - Course introduction 9/12 | 9/249
M00 - Course introduction 10/12 | 10/249
quizlet.com/67599656/
M00 - Course introduction 11/12 | 11/249
twitter.com/mirodabrowski
linkedin.com/in/miroslawdabrowskigoogle.com/+miroslawdabrowski
miroslaw_dabrowski
www.miroslawdabrowski.com
Mirosław DąbrowskiAgile Coach, Trainer, Consultant(former JEE/PHP developer, UX/UI designer, BA/SA)
Creator Writer / Translator Trainer / Coach
• Creator of 50+ mind maps from PPM and related topics (2mln views): miroslawdabrowski.com
• Lead author of more than 50+ accredited materials from PRINCE2, PRINCE2 Agile, MSP, MoP, P3O, ITIL, M_o_R, MoV, PMP, Scrum, AgilePM, DSDM, CISSP, CISA, CISM, CRISC, CGEIT, TOGAF, COBIT5 etc.
• Creator of 50+ interactive mind maps from PPM topics: mindmeister.com/users/channel/2757050
• Product Owner of biggest Polish project management portal: 4PM: 4pm.pl (15.000+ views each month)
• Editorial Board Member of Official PMI Poland Chapter magazine: “Strefa PMI”: strefapmi.pl
• Official PRINCE2 Agile, AgilePM, ASL2, BiSL methods translator for Polish language
• English speaking, international, independenttrainer and coach from multiple domains.
• Master Lead Trainer• 11+ years in training and coaching / 15.000+ hours• 100+ certifications• 5000+ people trained and coached• 25+ trainers trained and coached
linkedin.com/in/miroslawdabrowski
Agile Coach / Scrum Master PM / IT architect Notable clients
• 8+ years of experience with Agile projects as a Scrum Master, Product Owner and Agile Coach
• Coached 25+ teams from Agile and Scrum• Agile Coach coaching C-level executives • Scrum Master facilitating multiple teams
experienced with UX/UI + Dev teams• Experience multiple Agile methods• Author of AgilePM/DSDM Project Health Check
Questionnaire (PHCQ) audit tool
• Dozens of mobile and ecommerce projects• IT architect experienced in IT projects with budget
above 10mln PLN and timeline of 3+ years• Experienced with (“traditional”) projects under high
security, audit and compliance requirements based on ISO/EIC 27001
• 25+ web portal design and development and mobile application projects with iterative,incremental and adaptive approach
ABB, AGH, Aiton Caldwell, Asseco, Capgemini, Deutsche Bank, Descom, Ericsson, Ericpol, Euler Hermes, General Electric, Glencore, HP Global Business Center, Ideo, Infovide-Matrix, Interia, Kemira, Lufthansa Systems, Media-Satrun Group, Ministry of Defense (Poland), Ministry of Justice (Poland), Nokia Siemens Networks, Oracle, Orange, Polish Air Force, Proama, Roche, Sabre Holdings, Samsung Electronics, Sescom, Scania, Sopra Steria, Sun Microsystems, Tauron Polish Energy, Tieto, University of Wroclaw, UBS Service Centre, Volvo IT…miroslawdabrowski.com/about-me/clients-and-references/
Accreditations/certifications (selected): CISA, CISM, CRISC, CASP, Security+, Project+, Network+, Server+, Approved Trainer: (MoP, MSP, PRINCE2, PRINCE2 Agile, M_o_R, MoV, P3O, ITIL Expert, RESILIA), ASL2, BiSL, Change Management, Facilitation, Managing Benefits, COBIT5, TOGAF 8/9L2, OBASHI, CAPM, PSM I, SDC, SMC, ESMC, SPOC, AEC, DSDM Atern,DSDM Agile Professional, DSDM Agile Trainer-Coach, AgilePM, OCUP Advanced, SCWCD, SCBCD, SCDJWS, SCMAD, ZCE 5.0, ZCE 5.3, MCT, MCP, MCITP, MCSE-S, MCSA-S, MCS, MCSA, ISTQB, IQBBA, REQB, CIW Web Design / Web Development / Web Security Professional, Playing Lean Facilitator, DISC D3 Consultant, SDI Facilitator, Certified Trainer Apollo 13 ITSM Simulation …
M00 - Course introduction 12/12 | 12/249
1. Introduction to COBIT 5 Assessor
2. Introduction to the COBIT 5 Process Assessment Model (PAM)
3. Overview of the COBIT 5 Process Assessment Model (PAM)
4. Process Dimension and Process Performance Indicators
5. Process Capability Indicators
6. Generic Work Products (GWPs)
7. Roles, Responsibilities and Competencies
8. Initiate an Assessment
9. Scope an Assessment
10. Plan an Assessment and Brief the teams and management
11. Data Collection
12. Data Validation
13. Analyse and rate the process attributes and capability levels
14. Prepare and present assessment reports
M01 - Introduction to COBIT 5 Assessor 2/33 | 14/249
M01 - Introduction to COBIT 5 Assessor 3/33 | 15/249
The Syllabus is based on these two guides. The Assessor training and certification is a ‘Practitioner-Level training and certification course’ that
focuses on ‘how’ to apply the PAM and ‘how’ to analyse the results.
It is a mandatory requirement for all candidates to have passed the Foundation Exam before applying for and attending to Assessor level training and certification exam
“The Assessor Guide: Using COBIT 5” provides the main guidance on performing a
process capability assessment, the roles,
responsibilities and competences required and
the key steps required, from assessment initiation
to reporting of the assessment results.
“The Process Assessment Model (PAM): using COBIT 5” which is the model used by
assessor to perform an assessment is used by
candidate to reference the process content to be used
in the assessment.
M01 - Introduction to COBIT 5 Assessor 4/33 | 16/249
The target audience for this training certificate is:
Internal and external Auditors who want to add process capability assessments to the scope of their audits.
IT auditors who want to add process capability assessments to the scope of their audits.
Consultants who want to be allowed to perform independent process assessments on behalf of their clients.
M01 - Introduction to COBIT 5 Assessor 5/33 | 17/249
“There are few things as useless, if not as dangerous, as the right answer to the wrong question.”
“There are no such things as the one right organization. There are only organisations,
each of which has distinct strengths, distinct limitations and specific applications.
A given organisation structure fits certain tasks, in certain conditions and at certain times.”
Peter Drucker
M01 - Introduction to COBIT 5 Assessor 6/33 | 18/249
Route maps or plans reflect the choices we make to guide our
organisations to our selected and defined destination
Models – Frameworks – Good Practices help us make sense of the context and the challenges we face … they provide Roadmaps
One generation’s Good Practice soon becomes the status quo
for the next generation …
M01 - Introduction to COBIT 5 Assessor 7/33 | 19/249
Governance of Enterprise IT
COBIT 5
IT Governance
COBIT4.0/4.1
Management
COBIT3
Control
COBIT2
Audit
COBIT1
2005/720001998
Evo
lutio
n
1996 2012
Val IT 2.0(2008)
Risk IT(2009)
BMIS(2010)
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
COBIT 5 ties together all ISACA knowledge assets, i.e.• COBIT 4.1• Val IT™• Risk IT• Business Model for
Information Security™ (BMIS™)
• ITAssuranceFramework™ (ITAF™);
• Taking Governance orward (TGF),
• Board Briefing on IT Governance, 2nd Edition.
M01 - Introduction to COBIT 5 Assessor 8/33 | 20/249
Owners and Stakeholders
Accountable Delegate
Governing Body
Monitor Set Direction
Management
Operations and Execution
Instruct and AlignReport
Stakeholder Drivers(Environment, Technology
Evolution, ...)
BenefitsRealisation
Resource Optimisation
Risk Optimisation
Stakeholder Needs
Enabler Goals
IT-related Goals
Enterprise Goals
C4.1 Mapping Appendix A
Roles & Descriptions for
RACIs (pages 76-77)
RACI
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 9/33 | 21/249
COBIT 5 Enterprise Goals
BSC Dimension
Relation to Governance Objectives
Financial
Enterprise GoalBenefits
RealisationRisk
OptimisationResource
Optimisation
Customer
Internal
Learning and Growth
1. Stakeholder value of business investments
2. Portfolio of competitive products and services
15. Compliance with internal policies
4. Compliance with external laws and regulations
5. Financial transparency
6. Customer-oriented service culture
7. Business service continuity and availability
8. Agile responses to a changing business environment
9. Information-based strategic decision making
10. Optimisation of service delivery costs
11. Optimisation of business process functionality
12. Optimisation of business process costs
13. Managed business change programmes
14. Operational and staff productivity
3. Managed business risk (safeguarding of assets)
16. Skilled and motivated people
17. Product and business innovation culture
P
P
P
P
P S
P P
P P
P P
P P
P P S
P P
S P P
P
P
P S
P S
P
S S
S
P
P
S
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 10/33 | 22/249
COBIT 5 Enterprise Goals
ITBSC Dimension
Financial
Information and Related Technology Goal
Customer
Internal
Learning and Growth
Alignment of IT and business strategy
Transparency of IT costs, benefits and risk
Optimisation of IT assets, resources and capabilities
IT compliance and support for business compliance with external laws and regulations
IT compliance with internal policies
Managed IT-related business risk
Realised benefits from IT-enabled investments and services portfolio
Delivery of IT services in line with business requirements
Adequate use of applications, information and technology solutions
IT agility
Security of information, processing infrastructure and applications
Enablement and support of business processes by integrating applications and technology into business processes Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards Availability of reliable and useful information for decision making
Commitment of executive management for making IT-related decisions
Competent and motivated business and IT personnel
Knowledge, expertise and initiatives for business innovation
10
11
12
13
14
16
15
17
02
03
04
05
06
07
09
08
01
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 11/33 | 23/249
Evaluate, Direct and Monitor EDM01 Ensure Governance Framework Setting EDM03 Ensure Risk Optimisation
and Maintenance EDM04 Ensure Resource Optimisation EDM02 Ensure Benefits Delivery EDM05 Ensure Stakeholder Transparency
Processes for Governance of Enterprise IT
Align, Plan and OrganiseAPO01 Manage the IT Management Framework APO08 Manage Relationships APO02 Manage Strategy APO09 Manage Service AgreementsAPO03 Manage Enterprise Architecture APO10 Manage Suppliers APO04 Manage Innovation APO11 Manage Quality APO05 Manage Portfolio APO12 Manage Risk APO06 Manage Budget and Costs APO13 Manage SecurityAPO07 Manage Human Resources
Processes for Management of Enterprise IT
Build, Acquire and Implement BAI01 Manage Programmes and Projects BAI07 Manage Change Acceptance BAI02 Manage Requirements Definition and Transitioning BAI03 Manage Solutions Identification and Build BAI08 Manage KnowledgeBAI04 Manage Availability and Capacity BAI09 Manage AssetsBAI05 Manage Organisational Change Enablement BAI010 Manage Configuration BAI06 Manage Changes
Deliver, Service and SupportDSS01 Manage Operations DSS04 Manage ContinuityDSS02 Manage Service Requests and Incidents DSS05 Manage Security Services DSS03 Manage Problems DSS06 Manage Business Process
Controls
Monitor, Evaluateand Assess
MEA01 Monitor,Evaluate and Assess
Performance andConformance
MEA02 Monitor,Evaluate and Assess
the System of InternalControl
MEA03 Monitor,Evaluate and Assess
Compliance WithExternal
Requirements
M01 - Introduction to COBIT 5 Assessor 12/33 | 24/249
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 13/33 | 25/249
Process Name Area:Domain:
Process Purpose Statement
Process Description
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 14/33 | 26/249
Management Practices
Activities
Inputs Outputs
From Description DescriptionFrom
RACI Chart:
The process supports the achievement of a set of primary IT-related goals:
IT-related Goal Related Metrics
Process Goals and Metrics
Process Goal Related Metrics
Process Name Area:Domain:
Process Purpose Statement
Process Description
Related Guidance
Related Standard Detailed Reference
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 15/33 | 27/249
Activities
Management Practices
Activities
RACI Chart:
The process supports the ...
IT-related Goal
Process Goals and Metrics
Process Goal
Process Name
Process Purpose Statement
Process Description
Related Guidance
Related Standard & Reference
Process Name:DSS04 Manage Continuity
Process DescriptionEstablish and maintain a plan to enable the business and IT to respond to incidents and disruptions in order to continue operation of critical businessprocesses and required IT services and maintain availability of information at a level acceptable to the enterprise..
Process Purpose StatementContinue critical business operations and maintain availability of information at a level acceptable to the enterprise in the event of a significant disruption.
Management Practices
Inputs OutputsDSS04.01 Define the business continuity policy, objectives and
scope. 4DSS04.02 Maintain a continuity strategy. 9DSS04.03 Develop and implement a business continuity
response. 8DSS04.04 Exercise, test and review the BCP. 6DSS04.05 Review, maintain and improve the continuity plan. 4DSS04.06 Conduct continuity plan training. 3DSS04.07 Manage backup arrangements. 5DSS04.08 Conduct post-resumption review. 4
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 16/33 | 28/249
From Key Practices
Information security risk treatment plan
Outputs to all Processes
Output Description
APO13.02
COBIT 5 Outputs
Destination
All EDM; All APO; All BAI; All DSS; All MEA
Outputs to all Governance Processes
From Key Practices DestinationOutput Description
Outputs to all Management Processes
From Key Practices Output Description Destination
All EDM
Decision-making model
Enterprise governance guiding principles
Feedback on governance effectiveness and performance
EDM01.01
EDM01.01
EDM01.01
EDM01.02
EDM01.03
Authority levels
Enterprise governance communications
All EDM
All EDM
All EDM
All EDM
All APO; All BAI; All DSS; All MEACommunication ground rulesAPO01.01
APO01.03
APO01.04
APO01.07
APO02.06
IT-related policies
Communications on IT objectives
Process improvement opportunities
Communications package
All APO; All BAI; All DSS; All MEA
All APO; All BAI; All DSS; All MEA
All APO; All BAI; All DSS; All MEA
All APO; All BAI; All DSS; All MEA
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 17/33 | 29/249
M01 - Introduction to COBIT 5 Assessor 18/33 | 30/249
Chie
f Exe
cutiv
e O
ffice
rBo
ard
Stee
ring
(Pro
gram
mes
/Pro
ject
s) C
omm
ittee
Valu
e M
anag
emen
t Offi
ce
Chie
f Ope
ratin
g O
ffice
rBu
sine
ss E
xecu
tives
Busi
ness
Pro
cess
Ow
ners
Stra
tegy
Exe
cutiv
e Co
mm
ittee
Proj
ect M
anag
emen
t Offi
ce
Chie
f Fin
anci
al O
ffice
r
Chie
f Ris
k O
ffice
rCh
ief I
nfor
mat
ion
Secu
rity
Offi
cer
Arch
itect
ure
Boar
dEn
terp
rise
Risk
Com
mitt
eeH
ead
Hum
an R
esou
rces
Com
plia
nce
Audi
tCh
ief I
nfor
mat
ion
Offi
cer
Hea
d Ar
chite
ctH
ead
Deve
lopm
ent
Hea
d IT
Ope
ratio
nsH
ead
IT A
dmin
istr
atio
nSe
rvic
e M
anag
erIn
form
atio
n Se
curit
y M
anag
erBu
sine
ss C
ontin
uity
Man
ager
Priv
acy
Offi
cer
Generic Process RACI Chart:
Management Practice 1
Management Practice 2
Management Practice 3
Management Practice … n
The Roles and Organisational Structures used in the process RACI charts for each Key Management Practice are defined/described on pages 75-77 of the COBIT 5 Framework
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 19/33 | 31/249
We have just looked at the layout of a COBIT 5 RACI chart. We have all experienced situations where job titles have proved misleading.
We will give each of you a list of the job role descriptions / definitions for you to reflect upon where responsibility lies within your organisation for these activities.
After 15mins we will provide each of you with a copy of the COBIT 5 RACI roles and their descriptions / definitions to compare with your input
After a further 10 mins we will spend 10 mins discussing the exercise and your experience in comparing / contrasting and challenging your organisation and COBIT 5.
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 20/33 | 32/249
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 21/33 | 33/249
COBIT 5 Roles and Organisation Structures
Role/Structure
Board
Definition/Description
The group of the most senior executives and/or non-executive directors of the enterprise who are accountable for the governance of the enterprise and have overall control of its resources
CEO The highest-ranking officer who is in charge of the total management of the enterprise
CFO The most senior official of the enterprise who is accountable for all aspects of financial management, including financial risk and controls and reliable and accurate accounts
Chief Operating Officer (COO)
The most senior official of the enterprise who is accountable for the operation of the enterprise
CRO The most senior official of the enterprise who is accountable for all aspects of risk management across the enterprise. An IT risk officer function may be established to oversee IT-related risk.
CIO The most senior official of the enterprise who is responsible for aligning IT and business strategies and accountable for planning, resourcing and managing the delivery of IT services and solutions to support enterprise objectives
Chief Information SecurityOfficer (CISO))
The most senior official of the enterprise who is accountable for the security of enterprise information in all its forms
Business Executive
A senior management individual accountable for the operation of a specific business unit or subsidiary
Business Process Owner
An individual accountable for the performance of a process in realising its objectives, driving process improvement and approving process changes
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 22/33 | 34/249
COBIT 5 Roles and Organisation Structures
Role/Structure Definition/Description
Strategy (IT Executive)Committee
A group of senior executives appointed by the board to ensure that the board is involved in, and kept informed of, major IT-related matters and decisions. The committee is accountable for managing the portfolios of IT-enabled investments, IT services and IT assets, ensuring that value is delivered and risk is managed. The committee is normally chaired by a board member, not by the CIO.
(Project and Programme)Steering Committees
A group of stakeholders and experts who are accountable for guidance of programmes and projects, including management and monitoring of plans, allocation of resources, delivery of benefits and value, and management of programme and project risk
Architecture Board
A group of stakeholders and experts who are accountable for guidance on enterprise architecture-related matters and decisions, and for setting architectural policies and standards
Enterprise Risk Committee
The group of executives of the enterprise who are accountable for the enterprise-level collaboration and consensus required to support enterprise risk management (ERM) activities and decisions. An IT risk council may be established to consider IT risk in more detail and advise the enterprise risk committee.
Head of HR The most senior official of an enterprise who is accountable for planning and policies with respect to all human resources in that enterprises
Compliancee The function in the enterprise responsible for guidance on legal, regulatory and contractual compliance
Audit The function in the enterprise responsible for provision of internal audits
Head of Architecture
A senior individual accountable for the enterprise architecture process
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 23/33 | 35/249
COBIT 5 Roles and Organisation Structures
Role/Structure Definition/Description
Information SecurityManager
The function responsible for supporting programme and project managers, and gathering, assessing and reporting information about the conduct of their programmes and constituent projects
Head of Development
A senior individual accountable for IT-related solution development processes
Head of IT Operations
A senior individual accountable for the IT operational environments and infrastructure
Head of IT Administration
A senior individual accountable for IT-related records and responsible for supporting IT-related administrative matters
Programme and ProjectManagement Office (PMO)
The function that acts as the secretariat for managing investment and service portfolios, including assessing and advising on investment opportunities and business cases, recommending value governance/management methods and controls, and reporting on progress on sustaining and creating value from investments and services
Value Management Office(VMO)
An individual who manages, designs, oversees and/or assesses an enterprise’s information security
Service Manager An individual who manages the development, implementation, evaluation and ongoing management of new and existing products and services for a specific customer (user) or group of customers (users)
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 24/33 | 36/249
COBIT 5 Roles and Organisation Structures
Role/Structure Definition/Description
Business Continuity Manager
An individual who manages, designs, oversees and/or assesses an enterprise’s business continuity capability, to ensure that the enterprise’s critical functions continue to operate following disruptive events
Privacy Officer An individual who is responsible for monitoring the risk and business impacts of privacy laws and for guiding and co-ordinating the implementation of policies and activities that will ensure that the privacy directives are met. Also called data protection officer.
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 25/33 | 37/249
Owners and Stakeholders
Accountable Delegate
Governing Body
Monitor Set Direction
Management
Operations and Execution
Instruct and AlignReport
Stakeholder Drivers(Environment, Technology
Evolution, ...)
BenefitsRealisation
Resource Optimisation
Risk Optimisation
Stakeholder Needs
Process and Enabler Goals
IT-related Goals
Enterprise Goals
C4.1 Mapping Appendix A
Roles & Descriptions for
RACIs (pages 76-77)
RACI
Governance & Management
Questions on IT (page 22)
Mapping to Goals (Appendix D)
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 26/33 | 38/249
Governance and Management Questions on IT
Internal Stakeholders
• Board• Chief executive officer (CEO)• Chief financial officer (CFO)• Chief information officer
(CIO)• Chief risk officer (CRO)• Business executives• Business process owners• Business managers• Risk managers• Security managers• Service managers• Human resource (HR)• managers• Internal audit• Privacy officers• IT users• IT managers• Etc.
Internal Stakeholder Questions
• How do I get value from the use of IT? Are end users satisfied with the quality of the IT service?
• How do I manage performance of IT?• How can I best exploit new technology for new strategic opportunities?• How do I best build and structure my IT department?• How dependent am I on external providers? How well are IT outsourcing
agreements being managed? How do I obtain assurance over external providers?
• What are the (control) requirements for information?• Did I address all IT-related risk?• Am I running an efficient and resilient IT operation?• How do I control the cost of IT? How do I use IT resources in the most
effective and efficient manner?• What are the most effective and efficient sourcing options?• Do I have enough people for IT? How do I develop and maintain their skills,
and how do I manage their performance?• How do I improve business agility through a more flexible IT environment?
External Stakeholders External Stakeholder Questions
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 27/33 | 39/249
Governance &
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 28/33 | 40/249
1. Principles, Policies and Frameworks
3. Organisational Structures
4. Culture, Ethics and Behaviour2. Processes
5. Information
Resources
6. Services, Infrastructure and
Applications
7. People, Skills and Competencies
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 29/33 | 41/249
Enab
ler P
erfo
rman
ceM
anag
emen
t Are Stakeholder Needs Addressed?
Goals
• Intrinsic Quality• Contextual Quality
(Relevance,Effectiveness)
• Accessibility andSecurity
Stakeholders
• InternalStakeholders
• ExternalStakeholders
Enab
ler D
imen
sion
Are Enabler Goals Achieved?
Life Cycle• Plan• Design• Build/Acquire/
Create/Implement• Use/Operate• Evaluate/Monitor• Update/Dispose
Is life Cycle Managed?
Good Practices
• Practices• Work products
(Inputs/Outputs)
Are Good Practices Applied?
Metrics for Achievement of Goals(Lag Indicators)
Metrics for Application of Practice(Lead Indicators)
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 30/33 | 42/249
“Enterprises should follow existing internal business case and investment justification
approaches, if they exist, and use this example and the guidance in the COBIT 5 Implementation Guide
to help focus on all of the issues that should be addressed. Further guidance on developing
business cases can be found in COBIT 5 process APO05 and in the The Business Case Guide: Using
Val ITTM 2.0.”
Governance and En
able
rs
© 2
013
ISAC
A. A
ll Ri
ghts
Res
erve
d.
M01 - Introduction to COBIT 5 Assessor 31/33 | 43/249
M01 - Introduction to COBIT 5 Assessor 32/33 | 44/249
I hope you enjoyed this presentation. If so, please like, share and
leave a commentbelow.
Endorsements on LinkedIn are also
highly appreciated! (your feedback = more free stuff)
MIROSLAWDABROWSKI.COM/downloads