Upload
emilio-gratton
View
1.952
Download
0
Embed Size (px)
DESCRIPTION
this presentation is extracted to one given recently to explain how I could help a University to align the teaching objectives to a required IT complete renovation. feel free to download but, please send me also a message and stay connected. maybe we have the same interest and we could share experiences
Citation preview
IT Governance- the ISACA solution -
October 2010Emilio Gratton
ISACA MEMBER 630629
OUTLINE
1. NEED AND MEANING
2. MANAGEMENT SELECTION
3. COBIT FOCUS AREAS
4. COBIT FRAMEWORK
5. VALIT AT A GLANCE
6. RISKIT AT A GLANCE
7. COBIT PROCESS EXAMPLE
8. CONCLUSIONS
1. HOW TO EXPLOIT THE BENEFIT OF IT (IT VALUE) IN FAVOUR OF AN ENTERPRISE2. HOW TO MANAGE IT ASSOCIATED RISKS (NON COMPLIANCE / CRITICAL
DEPENDENCIES)3. HOW TO MAINTAIN THE CONTROL OVER VALUE AND RISK
IT Governance
IT Value
IT Risks
IT Controls
NEED AND MEANING
NEED AND MEANING
IT Governance
RESPONSIBILITY OF THE
EXECUTIVES AND
BOARD OF DIRECTORS
CONSIST OF:― LEADERSHIP― ORGANISATIONAL STRUCTURES― PROCESSES
ENTERPRISE’S IT MANAGEMENTSUSTAIN AND EXTENDS
THE ORGANIZATION’S STRATEGIES & OBJECTIVES
MANAGEMENT SELECTIONwhat IT
management ?
MANAGEMENT SELECTION
what IT management ?
Professional association with 95,000 constituents. Worldwide (160) leader in IT governance,
control, security and assurance.Offers the CISA, CISM, CRISC and
CGEIT certifications.
Controlled OBjectives for Information and related Technologies
ISACACOBIT
MANAGEMENT SELECTION
IT Governance
ISACAINTEGRATES
INSTITUTIONALISES
GOOD PRACTISES
ENTERPRISE’S IT SUPPORTS THE
BUSINESS OBJECTIVES
COBIT• linking to the business requirements• Organising IT activities into a process model• Identifying the major IT resources to be leveraged• Defining the management control objectives
COBIT FOCUS AREAS
ResourceManagement
Strategic
Alignment ValueDelivery
Performance
Measurem
entRi
skM
anag
emen
t
IT Governanc
e
COBIT
COBIT FOCUS AREAS• STRATEGIC ALIGNMENT linkage of business and IT plans
defining, maintaining and validating the IT value proposition
aligning IT operations with enterprise operations.
• VALUE DELIVERY executing the value throughout the delivery cycle,
ensuring that IT delivers the promised benefits against the strategy, optimising costs and proving the intrinsic value of IT.
• RESOURCE MANAGEMENT investment in – management of – critical IT resources: applications, information, infrastructure and people.
Key issues optimisation of knowledge and infrastructure.
• RISK MANAGEMENT Requires : risk awareness by senior corporate officers, understanding of the enterprise’s appetite for risk, understanding of compliance requirements, transparency about the significant risks to the enterprise and embedding of risk management responsibilities into the organisation.
• PERFORMANCE MEASUREMENT Tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery, using, for example, balanced scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting.
COBITCOBITFRAMEWORK
BUSINESS-FOCUSED• BASIC PRINCIPLE• INFORMATION CRITERIA• ALIGN BUSINESS GOALS TO IT GOALS• ALIGN RESOURCE AND IT
ARCHITECTURE
PROCESS-ORIENTED• 4 DOMAINS• 34 IT PROCESSES
CONTROL-BASED• 6 PROCESS CONTROLS• 6 APPLICATION CONTROLS
MEASUREMENT-DRIVEN• MATURITY SCALE• MATURITY LEVELS• MATURITY MODELS
COBIT FRAMEWORK – THE BUSINESSBASIC COBIT PRINCIPLE
COBIT FRAMEWORK – THE BUSINESSINFORMATION CRITERIA
BUSINESS REQUIREMENT FOR INFORMATION
1. Effectiveness : information being relevant and pertinent to the business process as well as delivery in a timely, correct, consistent and usable manner.
2. Efficiency : provision of information through the optimal (most productive and economical) use of resources.
3. Confidentiality : protection of sensitive information from unauthorised disclosure.
4. Integrity : accuracy and completeness of information as well as validity in accordance with business values and expectations.
5. Availability : information being available when required by the business process now and in the future, safeguarding of necessary resources and associated capabilities.
6. Compliance : complying with the laws, regulations and contractual arrangements to which the business process is subject.
7. Reliability : provision of appropriate information for management to operate the entity and exercise its fiduciary and governance responsibilities.
COBIT FRAMEWORK – THE GOALSDEFINING IT GOALS AND ENTERPRISE ARCHITECTURE FOR IT
COBIT FRAMEWORK – THE RESOURCESIT RESOURCES CLASSIFICATION
P01 PROCESS “PLAN AND ORGANISE - DEFINE A STRATEGIC IT PLAN”SCREENSHOTS
COBIT FRAMEWORK – THE PROCESSES4 DOMAINS – 34 PROCESSES
PLAN AND ORGANISE
ACQUIRE AND IMPLEMENT
DELIVERY AND SUPPORT
MONITOR AND EVALUATE
COBIT FRAMEWORK – THE CONTROLSCONTROL MODEL
COBIT FRAMEWORK – THE CONTROLSBOUNDARIES BETWEEN CONTROLS
COBIT FRAMEWORK - MEASUREMENTSGRAPHIC REPRESENTATION OF A MATURITY MODEL
COBIT FRAMEWORK - MEASUREMENTSMATURITY LEVELS OF AN IT PROCESS
COBIT FRAMEWORK - MEASUREMENTSTHE THREE DIMENSIONS OF MATURITY
COBIT FRAMEWORK – THE COBIT CUBETHE THREE DIMENSIONS OF IT CONTROLLED MANAGEMENT
COBIT FRAMEWORK – THE GOVERNANCE MAPPING
HOW COBIT FRAMEWORK MAP IT GOVERNANCE FOCUS AREAS
IT GOVERNANCE FOCUS AREAS
ResourceManagement
Strategic
Alignment ValueDelivery
Performance
Measurem
entRi
skM
anag
emen
t
IT Governanc
e
COBIT
ValITB A S E D O N C O B I T
• Many enterprises practice elements of Val IT™ already• Val IT™ provides a consistent, repeatable and comprehensive
approach• IT and business become equal shareholders because Val IT™ helps
management to answer these key questions:*
The strategic question
The architecture question
The value question
The delivery question
* Based on the Four ‘Area's as described by John Thorp in his book The Information Paradox, written jointly with Fujitsu, first published in 1998 and revised in 2003
A COMPREHENSIVE APPROACH
VALIT AT A GLANCE 1ValIT
DOMAINS AND PROCESSES
VALIT AT A GLANCE 2ValIT
CONTRIBUTION TO IT GOVERNANCE
VALIT AT A GLANCE 3ValIT
IT GOVERNANCE FOCUS AREAS
ResourceManagement
Strategic
Alignment ValueDelivery
Performance
Measurem
entRi
skM
anag
emen
t
IT Governanc
e
COBIT
ValITB A S E D O N C O B I T
RiskITB A S E D O N C O B I T
RISK AND OPPORTUNITY MANAGEMENT
RISKIT AT A GLANCE 1RiskIT
BUSINESS OBJECTIVE
RISKIT AT A GLANCE 2RiskIT
RISKIT AT A GLANCE 3
RISKIT AT A GLANCE 3
RISK IT’S THREE DOMAINS
RiskIT
RISKIT AT A GLANCE 4
RISKIT AT A GLANCE 3
RISK RESPONSE APPROACH
RiskIT
RISKIT AT A GLANCE 5CONTRIBUTION TO IT GOVERNANCE
RISKIT AT A GLANCE 4RiskIT
COBIT PROCESS EXAMPLE 1
COBIT PROCESS EXAMPLE 2
COBIT PROCESS EXAMPLE 3
COBIT PROCESS EXAMPLE 4
COBIT PROCESS EXAMPLE 5
COBIT PROCESS EXAMPLE 6
COBIT PROCESS EXAMPLE 7
COBIT PROCESS EXAMPLE 8
CONCLUSIONS
1. UNIQUE SET OF TOOLS AND STANDARDIZED DOCUMENTATION
2. VAST PARTECIPATION OF PROFESSIONALS
3. EXPANDIBILITY OF SCOPES
4. CONTINUOS UPDATE
5. LARGE SET OF CERTIFICATIONS
SOLUTION STRENGHT
CONCLUSIONS
1. CLEAR GUIDANCES AND THOROUGH EXPLANATIONS
2. PROCESSES ADAPTABILITY TO MANY MANAGEMENT SOFTWARE
3. FACILITATE MIGRATION FROM OTHER MANAGEMENT WORLDS
4. CONSISTENCY AMONG ISACA DOCUMENTATION
SOLUTION EASINESS
PERMISSIONS
COBIT 4.1 including select text and figures featured within this presentation are the property of ISACA/ITGI. Copyright © 1996-2007 ITGI. All rights reserved. ISACA, ITGI and COBIT are registered trademarks of ISACA.