Upload
daniel-leonardo
View
27
Download
4
Tags:
Embed Size (px)
DESCRIPTION
COBIT
Citation preview
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT as IT Management Best Practice Framework
Adapted from Jan 2011Management Update Seminar:
Beyond IT Project Management: Advanced IT Management Best Practices
Goh BoonNamInstitute of Systems Science
1
ISACA, IT Governance Institute and CobiT are registered trademarks of ISACA, Use of these trademarks in this document does NOT imply any association, sponsorship, affiliation, or endorsement by ISACA.
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
What is COBIT? Control OBjectives for Information and related Technology
International framework from ISACA (Information Systems Control & Audit Association) and IT Governance Institute
Helps maximise value of IT to business and minimise issues such as those listed earlier
Originally, more for monitoring/audit /risk assessment of IT management processes
Increasingly recognised as comprehensive framework of IT Management best practices Advises on WHAT to do Some high-level of how to do
Currently Version 4.1
2
COBIT References: http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspxhttp://www.isaca.org/Knowledge-Center/cobit/Pages/Downloads.aspx
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Why COBIT?
Why COBIT as IT Management Best Practice Framework? Comprehensive coverage of IT Management Helps avoids issues such as:
Strategic oversights Architecture oversights Implementation oversights Service Delivery oversights Governance oversights
3
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Avoid Issue #1 Strategic Oversight
Past report from Director of Audit of a large organisation: no formal IT strategy exists which leads to
piecemeal development and absence of monitoring and evaluation (of projects).
hence, additional expenditure had to be incurred .
systems cannot satisfy objectives
4
Reference: http://www.gov.mu/portal/site/auditsite/menuitem.afcc311f8d4ff832b4c3bb4e52a521ca/?content_id=a4ac207a78d48010VgnVCM100000ca6a12acRCRD
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Avoid Issue #2 - Architecture oversights
A leading European bank struggled with a tangle of applications that
hampered its retail-banking operations the lack of unifying standards created
difficulties in satisfying bank-wide business requirements, such as speeding time to market for a new banking services
5
Reference : https://www.mckinseyquarterly.com/Overhauling_banks_IT_systems_2554
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
IT Issue #3 - Implementation oversights
Passport system in a European country: half a million new passports couldn't be issued on
time Passport Agency had brought in a new system
that was (not properly designed/developed and) without sufficient testing and staff training
hundreds of people missed their holidays with money in the millions spent in compensation for staff overtime and umbrellas for the poor people queuing in the rain for passports
6
Reference : http://www.zdnet.com/news/the-top-10-it-disasters-of-all-time/177729
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
IT Issue #4 - Service Delivery oversights
Bank in a European country: Online banking services, that had been in
operation for some time, suddenly went down for nearly a week
7
Reference : http://www.computerweekly.com/blogs/management-matters/2010/07/has-the-private-sector-caught-the-public-sector-it-disease.html
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
IT Issue #5 - Governance oversights The Office of Inspector General (OIG) of the U.S. House
of Representatives (House) sought to improve IT activities within the House. A large number of the first audit reports issued by the OIG
addressed weaknesses in various IT operations of the House - including the lack of policies and procedures (e.g., systems development life cycle), poor systems design and development, the lack of planning and performance measures, poor management of the mainframe and the lack of adequate information security.
Management needed to take control of the situation and establish clear roles and responsibilitiesand adopt an IT governance framework.
8
Reference : http://www.isaca.org/Knowledge-Center/cobit/Pages/US-House-of-Representatives.aspx
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT - Overview
9
Plan & Organise
Acquire & Implement
Monitor & Evaluate
Deliver & Support
Define a Strategic IT Plan Define the Information Architecture
Determine Technological Direction
Define the IT Processes, Organization and Relationships
Manage the IT Investment Communicate Management Aims and Direction
Manage IT Human Resources Manage Quality Assess and Manage IT Risks Manage Projects
Identify Automated Solutions Acquire and Maintain Application Software
Acquire and Maintain Technology Infrastructure
Enable Operation and Use Procure IT Resources Manage Changes Install and Accredit Solutions and Changes
Define and Manage Service Levels
Manage Third-party Services Manage Performance and Capacity
Ensure Continuous Service Ensure Systems Security Identify and Allocate Costs Educate and Train Users Manage Service Desk and Incidents
Manage the Configuration Manage Problems Manage Data Manage the Physical Environment
Manage Operations
Monitor and Evaluate IT Processes
Monitor and Evaluate Internal Control
Ensure Regulatory Compliance Provide IT Governance
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Components
10
Plan & Organise
Acquire & Implement
Monitor & Evaluate
Deliver & Support
Define a Strategic IT Plan Define the Information Architecture Determine Technological Direction Define the IT Processes, Organization and Relationships
Manage the IT Investment Communicate Management Aims and Direction Manage IT Human Resources Manage Quality Assess and Manage IT Risks Manage Projects
Programme Management Framework Project Management Framework Project Management Approach Stakeholder Commitment Project Scope Statement Project Phase Initiation Integrated Project Plan Project Resources Project Risk Management Project Quality Plan Project Change Control Project Planning of Assurance Methods Project Performance Measurement, Reporting and Monitoring
Project Closure
DOMAINS
CONTROL OBJECTIVES
PROCESSES
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Domains Plan & Organise (PO) Strategy / Architecture / Portfolio
Define a Strategic IT Plan Define the Information Architecture Determine Technological Direction
Programme & Project Management Manage Projects
IT Organisation Management Define the IT Processes, Organization and
Relationships Manage the IT Investment Communicate Management Aims and
Direction Manage IT Human Resources Manage Quality Assess and Manage IT Risks
11
Plan & Organise
Acquire & Implement
Monitor & Evaluate
Deliver & Support
Nb: Bold headings are authors own categorisation & are not part of COBIT
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
IT Strategy /Architecture /Portfolio Management
ProgrammeManagement
Plan & Organise (PO)
12
Leve
l of W
ork
Tactical
Strategic
Project Management
ITOrganisationManagement
Pre-Project Development Production
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within PO.
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Domains Acquire & Implement (AI) Requirements & Feasibility
Identify Automated Solutions Design & Build
Acquire and Maintain Application Software Acquire and Maintain Technology
Infrastructure Test & Implement
Install and Accredit Solutions and Changes Enable Operation and Use
Changes Manage Changes Procurement Management Procure IT Resources
13
Acquire & Implement
Monitor & Evaluate
Deliver & Support
Plan & Organise
Nb: Bold headings are authors own categorisation & are NOT part of COBIT
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
IT Strategy / Architecture / Portfolio Management
Programme Management
AI Relationship with PO
14
(Generic) Project Management
IT Systems Devt Life Cycle Mgt
Procurement Management
Requirements & Feasibility
Design & Build
Test & Implement
Manage (System-Related) ChangesAcquire &Implement(AI)
Plan &Organise(PO)
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.
Pre-Project Development Production
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Domains Deliver & Support Service Delivery
Define and Manage Service Levels Manage Third-party Services Manage Performance and Capacity Ensure Continuous Service Ensure Systems Security Identify and Allocate Costs
Service Support Educate and Train Users Manage Service Desk and Incidents Manage the Configuration Manage Problems Manage Data Manage the Physical Environment Manage Operations
15
Acquire & Implement
Monitor & Evaluate
Deliver & Support
Plan & Organise
Nb: Bold headings are authors own categorisation & are not part of COBIT
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
DS Relationship with AI & PO
16
IT Strategy / Architecture / Portfolio Management
Programme Management
(Generic) Project Management
IT Systems Devt Life Cycle Mgt
Procurement Management
Requirements & Feasibility
Design & Build
Test & Implement
Manage (System-Related) Changes
Acquire &Implement(AI)
Plan &Organise(PO)
Deliver &Support(DS)
Service Delivery
Service Support
Pre-Project Development Production
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Domains Monitor & Evaluate Monitor & Evaluate
Monitor and Evaluate IT Processes Monitor and Evaluate Internal Control Ensure Regulatory Compliance
Direct Provide IT Governance
17
Acquire & Implement
Monitor & Evaluate
Deliver & Support
Plan & Organise
Nb: Bold headings are authors own categorisation & are not part of COBIT
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT OverviewME Relationship with PO / AI / DS
18
IT Systems Devt Life Cycle Mgt
Procurement Management
Requirements & Feasibility
Design & Build
Test & Implement
Manage (System-Related) Changes
Acquire &Implement(AI)
Plan &Organise(PO)
Deliver &Support(DS)
Service Delivery
Service Support
IT Strategy / Architecture / Portfolio Management
Programme Management
(Generic) Project Management
Pre-Project Development Production
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.
ITOrganisationManagement
Measure & Evaluate
/
Direct
Measure &Evaluate(ME)
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Other Elements of COBIT Besides
Domains Processes Control Objectives
Some Key Elements Management Guidelines
roles and responsibilities goals and metrics
Maturity Model Associated Toolkits (for ISACA members)
Implementation Guide Assurance Guide
19
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
P3OTOGAFPRINCE2PMPCITPMCMMISCRUMCBAPCOMITISO20000CISSPITILCGEITCOBIT
COBIT Mapping to Other Frameworks
20
Plan & Organise
Acquire & Implement
Monitor & Evaluate
Deliver & Support
Nb: Some of the other frameworks can map to more than one COBIT domain (eg. ITIL/COBIT) but for simplicity, only one domain is mapped here
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Future of COBIT as IT Management Framework Draft COBIT v5
21
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Future of COBIT as IT Management Framework Draft COBIT v5
22
Some Key New Features Explicit recognition of COBIT as covering
IT Management processes in addition to IT Governance processes
Identification of degree of involvement of IT and Business in the various processes
Enterprise Architecture (instead of Information Architecture of prior versions)
Consolidation into one new Manage the IT Organisation process those v4.1 processes that were for internal IT organisation support - eg.
Define IT Processes, Organization and Relationships
Communicate Management Aims and Direction
Manage IT Human Resources etc
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
For Further Information
Please refer to:http://www.iss.nus.edu.sg/
Or email BoonNam Goh at:[email protected]
23
NUS. All Rights Reserved.http://www.iss.nus.edu.sg/
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
The End
24
COBIT as IT Management Best Practice FrameworkWhat is COBIT?Why COBIT?Avoid Issue #1 Strategic OversightAvoid Issue #2 - Architecture oversights IT Issue #3 - Implementation oversightsIT Issue #4 - Service Delivery oversightsIT Issue #5 - Governance oversightsCOBIT - OverviewCOBIT ComponentsCOBIT Domains Plan & Organise (PO)Plan & Organise (PO)COBIT Domains Acquire & Implement (AI)AI Relationship with POCOBIT Domains Deliver & SupportDS Relationship with AI & POCOBIT Domains Monitor & EvaluateCOBIT OverviewME Relationship with PO / AI / DSOther Elements of COBITCOBIT Mapping to Other FrameworksFuture of COBIT as IT Management Framework Draft COBIT v5Future of COBIT as IT Management Framework Draft COBIT v5For Further InformationThe End