16-COBIT

NUS. All Rights Reserved.http://www.iss.nus.edu.sg/

ATA/Lucid/2010-01-25 MUS/

COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0

COBIT as IT Management Best Practice Framework

Adapted from Jan 2011Management Update Seminar:

Beyond IT Project Management: Advanced IT Management Best Practices

Goh BoonNamInstitute of Systems Science

1

ISACA, IT Governance Institute and CobiT are registered trademarks of ISACA, Use of these trademarks in this document does NOT imply any association, sponsorship, affiliation, or endorsement by ISACA.




What is COBIT? Control OBjectives for Information and related Technology

International framework from ISACA (Information Systems Control & Audit Association) and IT Governance Institute

Helps maximise value of IT to business and minimise issues such as those listed earlier

Originally, more for monitoring/audit /risk assessment of IT management processes

Increasingly recognised as comprehensive framework of IT Management best practices Advises on WHAT to do Some high-level of how to do

Currently Version 4.1

2

COBIT References: http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspxhttp://www.isaca.org/Knowledge-Center/cobit/Pages/Downloads.aspx




Why COBIT?

Why COBIT as IT Management Best Practice Framework? Comprehensive coverage of IT Management Helps avoids issues such as:

Strategic oversights Architecture oversights Implementation oversights Service Delivery oversights Governance oversights

3




Avoid Issue #1 Strategic Oversight

Past report from Director of Audit of a large organisation: no formal IT strategy exists which leads to

piecemeal development and absence of monitoring and evaluation (of projects).

hence, additional expenditure had to be incurred .

systems cannot satisfy objectives

4

Reference: http://www.gov.mu/portal/site/auditsite/menuitem.afcc311f8d4ff832b4c3bb4e52a521ca/?content_id=a4ac207a78d48010VgnVCM100000ca6a12acRCRD




Avoid Issue #2 - Architecture oversights

A leading European bank struggled with a tangle of applications that

hampered its retail-banking operations the lack of unifying standards created

difficulties in satisfying bank-wide business requirements, such as speeding time to market for a new banking services

5

Reference : https://www.mckinseyquarterly.com/Overhauling_banks_IT_systems_2554




IT Issue #3 - Implementation oversights

Passport system in a European country: half a million new passports couldn't be issued on

time Passport Agency had brought in a new system

that was (not properly designed/developed and) without sufficient testing and staff training

hundreds of people missed their holidays with money in the millions spent in compensation for staff overtime and umbrellas for the poor people queuing in the rain for passports

6

Reference : http://www.zdnet.com/news/the-top-10-it-disasters-of-all-time/177729




IT Issue #4 - Service Delivery oversights

Bank in a European country: Online banking services, that had been in

operation for some time, suddenly went down for nearly a week

7

Reference : http://www.computerweekly.com/blogs/management-matters/2010/07/has-the-private-sector-caught-the-public-sector-it-disease.html




IT Issue #5 - Governance oversights The Office of Inspector General (OIG) of the U.S. House

of Representatives (House) sought to improve IT activities within the House. A large number of the first audit reports issued by the OIG

addressed weaknesses in various IT operations of the House - including the lack of policies and procedures (e.g., systems development life cycle), poor systems design and development, the lack of planning and performance measures, poor management of the mainframe and the lack of adequate information security.

Management needed to take control of the situation and establish clear roles and responsibilitiesand adopt an IT governance framework.

8

Reference : http://www.isaca.org/Knowledge-Center/cobit/Pages/US-House-of-Representatives.aspx




COBIT - Overview

9

Plan & Organise

Acquire & Implement

Monitor & Evaluate

Deliver & Support

Define a Strategic IT Plan Define the Information Architecture

Determine Technological Direction

Define the IT Processes, Organization and Relationships

Manage the IT Investment Communicate Management Aims and Direction

Manage IT Human Resources Manage Quality Assess and Manage IT Risks Manage Projects

Identify Automated Solutions Acquire and Maintain Application Software

Acquire and Maintain Technology Infrastructure

Enable Operation and Use Procure IT Resources Manage Changes Install and Accredit Solutions and Changes

Define and Manage Service Levels

Manage Third-party Services Manage Performance and Capacity

Ensure Continuous Service Ensure Systems Security Identify and Allocate Costs Educate and Train Users Manage Service Desk and Incidents

Manage the Configuration Manage Problems Manage Data Manage the Physical Environment

Manage Operations

Monitor and Evaluate IT Processes

Monitor and Evaluate Internal Control

Ensure Regulatory Compliance Provide IT Governance




COBIT Components

10

Plan & Organise

Acquire & Implement

Monitor & Evaluate

Deliver & Support

Define a Strategic IT Plan Define the Information Architecture Determine Technological Direction Define the IT Processes, Organization and Relationships

Manage the IT Investment Communicate Management Aims and Direction Manage IT Human Resources Manage Quality Assess and Manage IT Risks Manage Projects

Programme Management Framework Project Management Framework Project Management Approach Stakeholder Commitment Project Scope Statement Project Phase Initiation Integrated Project Plan Project Resources Project Risk Management Project Quality Plan Project Change Control Project Planning of Assurance Methods Project Performance Measurement, Reporting and Monitoring

Project Closure

DOMAINS

CONTROL OBJECTIVES

PROCESSES




COBIT Domains Plan & Organise (PO) Strategy / Architecture / Portfolio

Define a Strategic IT Plan Define the Information Architecture Determine Technological Direction

Programme & Project Management Manage Projects

IT Organisation Management Define the IT Processes, Organization and

Relationships Manage the IT Investment Communicate Management Aims and

Direction Manage IT Human Resources Manage Quality Assess and Manage IT Risks

11

Plan & Organise

Acquire & Implement

Monitor & Evaluate

Deliver & Support

Nb: Bold headings are authors own categorisation & are not part of COBIT




IT Strategy /Architecture /Portfolio Management

ProgrammeManagement

Plan & Organise (PO)

12

Leve

l of W

ork

Tactical

Strategic

Project Management

ITOrganisationManagement

Pre-Project Development Production

Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within PO.




COBIT Domains Acquire & Implement (AI) Requirements & Feasibility

Identify Automated Solutions Design & Build

Acquire and Maintain Application Software Acquire and Maintain Technology

Infrastructure Test & Implement

Install and Accredit Solutions and Changes Enable Operation and Use

Changes Manage Changes Procurement Management Procure IT Resources

13

Acquire & Implement

Monitor & Evaluate

Deliver & Support

Plan & Organise

Nb: Bold headings are authors own categorisation & are NOT part of COBIT




IT Strategy / Architecture / Portfolio Management

Programme Management

AI Relationship with PO

14

(Generic) Project Management

IT Systems Devt Life Cycle Mgt

Procurement Management

Requirements & Feasibility

Design & Build

Test & Implement

Manage (System-Related) ChangesAcquire &Implement(AI)

Plan &Organise(PO)

Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.





COBIT Domains Deliver & Support Service Delivery

Define and Manage Service Levels Manage Third-party Services Manage Performance and Capacity Ensure Continuous Service Ensure Systems Security Identify and Allocate Costs

Service Support Educate and Train Users Manage Service Desk and Incidents Manage the Configuration Manage Problems Manage Data Manage the Physical Environment Manage Operations

15

Acquire & Implement

Monitor & Evaluate

Deliver & Support

Plan & Organise





DS Relationship with AI & PO

16







Design & Build

Test & Implement

Manage (System-Related) Changes

Acquire &Implement(AI)

Plan &Organise(PO)

Deliver &Support(DS)

Service Delivery

Service Support






COBIT Domains Monitor & Evaluate Monitor & Evaluate

Monitor and Evaluate IT Processes Monitor and Evaluate Internal Control Ensure Regulatory Compliance

Direct Provide IT Governance

17

Acquire & Implement

Monitor & Evaluate

Deliver & Support

Plan & Organise





COBIT OverviewME Relationship with PO / AI / DS

18




Design & Build

Test & Implement

Manage (System-Related) Changes

Acquire &Implement(AI)

Plan &Organise(PO)

Deliver &Support(DS)

Service Delivery

Service Support






ITOrganisationManagement

Measure & Evaluate

/

Direct

Measure &Evaluate(ME)




Other Elements of COBIT Besides

Domains Processes Control Objectives

Some Key Elements Management Guidelines

roles and responsibilities goals and metrics

Maturity Model Associated Toolkits (for ISACA members)

Implementation Guide Assurance Guide

19




P3OTOGAFPRINCE2PMPCITPMCMMISCRUMCBAPCOMITISO20000CISSPITILCGEITCOBIT

COBIT Mapping to Other Frameworks

20

Plan & Organise

Acquire & Implement

Monitor & Evaluate

Deliver & Support

Nb: Some of the other frameworks can map to more than one COBIT domain (eg. ITIL/COBIT) but for simplicity, only one domain is mapped here




Future of COBIT as IT Management Framework Draft COBIT v5

21




Future of COBIT as IT Management Framework Draft COBIT v5

22

Some Key New Features Explicit recognition of COBIT as covering

IT Management processes in addition to IT Governance processes

Identification of degree of involvement of IT and Business in the various processes

Enterprise Architecture (instead of Information Architecture of prior versions)

Consolidation into one new Manage the IT Organisation process those v4.1 processes that were for internal IT organisation support - eg.

Define IT Processes, Organization and Relationships

Communicate Management Aims and Direction

Manage IT Human Resources etc




For Further Information

Please refer to:http://www.iss.nus.edu.sg/

Or email BoonNam Goh at:[email protected]

23




The End

24

COBIT as IT Management Best Practice FrameworkWhat is COBIT?Why COBIT?Avoid Issue #1 Strategic OversightAvoid Issue #2 - Architecture oversights IT Issue #3 - Implementation oversightsIT Issue #4 - Service Delivery oversightsIT Issue #5 - Governance oversightsCOBIT - OverviewCOBIT ComponentsCOBIT Domains Plan & Organise (PO)Plan & Organise (PO)COBIT Domains Acquire & Implement (AI)AI Relationship with POCOBIT Domains Deliver & SupportDS Relationship with AI & POCOBIT Domains Monitor & EvaluateCOBIT OverviewME Relationship with PO / AI / DSOther Elements of COBITCOBIT Mapping to Other FrameworksFuture of COBIT as IT Management Framework Draft COBIT v5Future of COBIT as IT Management Framework Draft COBIT v5For Further InformationThe End

Documents

16-COBIT