Professional Documents
Culture Documents
Qecb GLC Cobit 5 Isaca S New Framework 201303
Qecb GLC Cobit 5 Isaca S New Framework 201303
M. Garsoux
COBIT 5 Licensed Training Provider
COBIT 5 ISACA
Introduction
Principles
Processes
Implementation
Supporting Products
Questions
COBIT 5 ISACA
COBIT 5 ISACA
Evolution of scope
Governance of Enterprise IT
IT Governance
Val IT 2.0
Management
(2008)
Control
Risk IT
(2009)
Audit
COBIT1
1996
COBIT2
1998
COBIT3
2000
COBIT4.0/4.1
2005/7
COBIT 5
2012
COBIT 5 ISACA
What is CobiT?
Control Objectives for Information and Related Technology (CobiT)
is a set of best practices for Information Technology management
developed by ISACA (Information Systems Audit & Control Association)
and IT Governance Institute
in 1996.
ISACA develops and maintains the internationally recognized COBIT
framework, helping IT professionals and enterprise leaders fulfil their IT
Governance responsibilities while delivering value to the business.
The latest ISACAs globally accepted framework
COBIT 5 is aimed to provide an end-to-end business
view of the governance of enterprise IT that reflects
the central role of IT in creating value for enterprises
5
COBIT 5 ISACA
COBIT 5 ISACA
Helps enterprises:
Bring Order to Complex
Standards and Frameworks
Extract Value from Information
Chaos
Address all Stakeholders Needs
and Maximize Value of
Corporate Information
Protect and Drive Enterprise
Value
COBIT 5 ISACA
COBIT 5 ISACA
COBIT 5 ISACA
10
COBIT 5 ISACA
11
COBIT 5 ISACA
12
COBIT 5 ISACA
Stakeholder Value
Delivering enterprise stakeholder value requires good governance
and management of information and technology (IT) assets.
Enterprise boards, executives and management have to embrace
IT like any other significant part of the business.
External legal, regulatory and contractual compliance
requirements related to enterprise use of information and
technology are increasing, threatening value if breached.
COBIT 5 provides a comprehensive framework that assists
enterprises to achieve their goals and deliver value through
effective governance and management of enterprise IT.
13
COBIT 5 ISACA
Goals cascade
Stakeholder needs have to be
transformed into an enterprises
actionable strategy.
The COBIT 5 goals cascade
translates stakeholder needs into
specific, actionable and customised
goals within the context of the
enterprise, IT-related goals and
enabler goals.
14
COBIT 5 ISACA
Description
F
1.Stakeholder value of business investments
I
N
2.Portfolio of competitive products and services
A
N
3.Managed business risks (safeguarding of assets)
C
I
4.Compliance with external laws and regulations
A
5.Financial transparency
L
6.Customer oriented service culture
C
U
7.Business service continuity and availability
S
T
8.Agile responses to a changing business environment
O
M
9.Information based strategic decision making
E
10.Optimisation of service delivery costs
R
11.Optimisation of business process functionality
I
N
12.Optimisation of business process costs
T
E
13.Managed business change programmes
R
N
14.Operational and staff productivity
A
15.Compliance with internal policies
L
Learning 16.Skilled and motivated people
&Growth 17.Product and business innovation culture
Benefits
P
P
P
P
Risk
P
P
P
S
Resource
S
S
S
S
S
P
P
P
P
P
P
P
P
S
P
P
P
P
S
P
P
P
P
S
P
P
15
COBIT 5 ISACA
9. IT agility
10. Security of information, processing infrastructure and applications
11. Optimisation of IT assets, resources and capabilities
12. Enablement and support of business processes by integrating applications and technology
13. Delivery of programme on time, on budget, and meeting requirements and quality standards
14. Availability of reliable and useful information for decision making
15. IT compliance with internal policies
16. Competent and motivated business and IT personnel
17. Knowledge, expertise and initiatives for business innovation
16
COBIT 5 ISACA
IT -Related Goal
Alignment of IT and
business strategy
Delivery of IT services
Customer 7 in line with business
requirements
Financial 1
Internal
9 IT agility
Competent and
Learning
16 motivated business
and Growth
and IT personnel
17
COBIT 5 ISACA
EDM01
EDM02
Evaluate,
Direct and
Monitor EDM03
EDM0
4
EDM05
Ensure
Governance
Framework
Setting and
Maintenance
Ensure
Benefits
Delivery
Ensure Risk
Optimisation
Ensure
Ressource
Optimisation
Ensure
Stakeholder
Transparency
IT agility
Knowledge, expertise
and initiatives for
business innovation
17
Financial
Customer
Internal
S
S
18
COBIT 5 ISACA
Key components of a
governance system
19
COBIT 5 ISACA
COBIT 5 ISACA
COBIT 5 ISACA
22
COBIT 5 ISACA
1. Principles, policies and frameworksAre the vehicle to translate the desired behaviour
into practical guidance for day-to-day management
2. ProcessesDescribe an organised set of practices and activities to achieve certain
objectives and produce a set of outputs in support of achieving overall IT related goals
3. Organisational structuresAre the key decision-making entities in an organisation
4. Culture, ethics and behaviourOf individuals and of the organisation; very often
underestimated as a success factor in governance and management activities
5. InformationIs pervasive throughout any organisation, i.e., deals with all information
produced and used by the enterprise. Information is required for keeping the
organisation running and well governed, but at the operational level, information is very
often the key product of the enterprise itself.
6. Services, infrastructure and applicationsInclude the infrastructure, technology and
applications that provide the enterprise with information technology processing and
services
7. People, skills and competenciesAre linked to people and are required for successful
completion of all activities and for making correct decisions and taking corrective
actions
23
COBIT 5 ISACA
24
COBIT 5 ISACA
25
COBIT 5 ISACA
26
COBIT 5 ISACA
27
COBIT 5 ISACA
28
COBIT 5 ISACA
29
COBIT 5 ISACA
30
COBIT 5 ISACA
31
COBIT 5 ISACA
32
COBIT 5 ISACA
33
COBIT 5 ISACA
Failed IT initiatives
Rising costs
Perception of low business value
for IT investments
Significant incidents related to IT
risk (e.g. data loss)
Service delivery problems
Failure to meet regulatory or
contractual requirements
Audit findings for poor IT
performance or low service levels
Hidden and/or rogue IT spending
or overlap in IT initiatives
Insufficient IT resources
IT staff burnout / dissatisfaction
IT enabled changes frequently
failing to meet business needs (late
deliveries or budget overruns)
Multiple and complex IT assurance
efforts
Board members or senior managers
that are reluctant to engage with IT
34
COBIT 5 ISACA
or project
A new CIO, CFO, COO or CEO
External audit or consultant
assessments
A new business strategy or priority
35
COBIT 5 ISACA
36
COBIT 5 ISACA
37
COBIT 5 ISACA
38
COBIT 5 ISACA
39