Cob It a Nil

8/6/2019 Cob It a Nil

1/33

AGENDAWhat is COBIT 4.0?Why COBIT is important for acompany?Why Business Analyst needs to know?COBIT family of products

Why organization needs to complyCOBIT.Case study


2/33


3/33

IntroductionControl Frameworks COSO and COBIT are - among other things - control

frameworks.COSO focuses on controls for financial processes, and COBIT focuses on

IT.IT governance framework and supporting toolset both makes up Cobit

which allows managers to bridge the gap between control requirements,technical issues and business risks.

COBIT enables clear policy development and good practice for IT control

throughout organizationsCOBIT 4.0 presents activities in a more streamlined and practical manner

so continuous improvement in IT governance is easier than ever toachieve.

COBIT compiles an up-to-date international set of generally acceptedcontrol objectives for day-to-day use by business managers and IT

managers.strengths and weaknesses

AdvantagesCOBIT is focused on controls and metrics.

DisadvantagesIt also lacks a security component but provides a more global view of IT


4/33


5/33

A

BAM ANAGE M ENT IT


6/33


7/33

COBIT has 34 High Level objectives. 215 control objectives

Categorized into six Componentsand 4 Domains

1. Acquire and implement 2. Plan and Organize3. Deliver and Support 4. Monitor and Evaluate


8/33

COBIT Product Family

Package of six components

1. Executive Summary

2. Framework 3. Control Objectives4. Audit Guidelines5. Implementation tool set 6. Management Guidelines


9/33


10/33

EXECUTIVE SUMMARY

1. Provides an overview through awareness and understanding of Cobit's key concepts and

principles designed for time-pressed executives

and managers

2. Describes synopsis of framework, which providesa more detailed understanding of these Concepts

and principles of identifying 34 high end control objectives.


11/33

FRAMEWORK

1. A successful organization is built on a solid dataand information.This framework explains how IT processes deliver the information that business needs to achieve its objectives.

2 Framework also identifies resources that are important

for IT process to fully support the business objective.effectiveness,efficiency, confidentiality,integrity

Availability ,compliance , reliability, people, Application, technology,facilities and data .


12/33


13/33

CONTROL OBJECTIVES

1. Cataclysmic changes .2. Maintain profitability in a technologically

changing environment is the key objective.3. How well you maintain control.4. Provides critical insight needed to delineate a

clear Policy and good practice for IT controls5. Achieved my implementing the 34 high control

objectives and 215 control objectives.


14/33

AUDIT GUIDELINES:1. Must constantly and consistently audit organizational procedures to achieve desired goals and objectives.

2. Outlines and Suggests activities performed to each of 34 high-Level IT control Objectives while sustaining the risk of Control objectives not being met.

3. Provides an invaluable tool for Information Systemsauditors in providing Management assurance for improvement


15/33

IMPLEMENT ATION TOOL SET

1. A new tool set designed to facilitate theimplementation of Cobit

Consists of :

Management awareness and It control ,

Diagnostics,

Implementation guide ,FAQs,

Case studies from organizations currently using

Cobit


16/33

Management Guidelines is composed of Maturity Models, to help determine the stages and expectationlevels of control and compare them against industrynorms

Management Guidelines

1. Critical Success Factors, to identify the most important actions for achieving control over the IT processes

2. Key Goal Indicators, to define target levels of performance

3. Key Performance Indicators, to measurewhether an IT control process is meeting itsobjective.


17/33

COBIT Structure

COBIT provides benefits to managers, IT users, and auditors. Managers benefit from COBIT because it provides them with a foundation upon which IT related decisions and investments canbe based.

COBIT benefits It users because of the assurance provided tothem if the applications that aid in the gathering, processing, and reporting of information complies with COBIT since it impliescontrols and security are in place to govern the processes.

COBIT benefits auditors because it helps them identify IT control issues within a companys IT infrastructure. It also helps themcorroborate their audit findings.


18/33

COBIT covers four domains:

1. Plan and Organize

2. Deliver and Support

3. Monitor and Evaluate4. Acquire and Implement


19/33

Plan and Organize:

This domain covers the use of technology and how best it can be used in a company to helpachieve the companys goals and objectives

It also highlights the organizational and infrastructure form IT is to take in order toachieve the optimal results and to generate the

most benefits from the use of IT.

Consists of high level control objectives for the Planning and Organization domain.


20/33

H IG H LEVEL CONTROL OBJECTIVES

Plan and Organize

PO1 Define a Strategic IT Plan and direction

PO2 Define the Information Architecture

PO3 Determine Technological Direction

PO4 Define the IT Processes, Organisation and RelationshipsPO5 M anage the IT Investment

PO6 Communicate M anagement Aims and Direction

PO7M

anage ITH

uman ResourcesPO8 M anage Quality

PO9 Assess and M anage IT Risks

PO10 M anage Projects


21/33

Acquire and Implement

1 . Acquiring the te chnology .

2. Imp lement it within curr ent busin ess proc ess

3. Ma intain plan to prolong lif e of IT sys tem &its components

CONTD.


22/33

H IG H LEVEL CONTROL OBJECTIVESAcquire and Implement

AI1 Identify Automated Solutions

AI2 Acquire and M aintain Application Software

AI3 Acquire and M aintain Technology Infrastructure

AI4 Enable Operation and Use

AI5 Procure IT Resources

AI6 M anage Changes

AI7 Install and Accredit Solutions and Changes


23/33

Delivery and Support

1. Delivery aspects of IT such as execution of application

1. Support processes that enable the effective andefficient execution of these IT systems.

2. Support processes include security issues and training


24/33

Deliver and Support

DS1 Define and M anage Service Levels

DS2 M anage Third-party Services

DS3 M anage Performance and Capacity

DS4 Ensure Continuous Service

DS5 Ensure Systems Security

DS6 Identify and Allocate Costs

DS7 Educate and Train Users

DS8 M anage Service Desk and Incidents

DS9 M anage the Configuration

DS10 M anage Problems

DS11 M anage Data

DS12 M anage the Physical Environment

DS13 M anage Operations

H IG H LEVEL CONTROL OBJECTIVES


25/33

Cov ers the issu e of an ind ependent assessment of theeff ectiveness of IT sys tem in its ability to meet b usin ess o bje ctives and the companys con trol proc esses by

. Moni toring also cov ers the issu e of an ind ependent assessmentof the e ff ectiveness of IT sys tem in its ability to meet b usin ess o bjectives and the companys con trol proc esses by internal and

exte rnal audi tors

Consis ts of high level con trol o bjectives for the M oni toring doma in .

CONTD

Monitor and Evaluate:


26/33

H IG H LEVEL CONTROL OBJECTIVESM onitor and Evaluate

M E1 M onitor and Evaluate IT ProcessesM E2 M onitor and Evaluate Internal Control

M E3 Ensure Regulatory Compliance

ME4 Provide IT Governance


27/33


28/33


29/33

ISO/IEC 17799:2005 (The Code of Practice for InformationSecurity M anagement) is also an international standardand is best practice for implementing security management.

The two standards do not compete with each other andactually complement one another.

COBIT typically covers a broader area while ISO/IEC17799 is deeply focused in the area of security.


30/33

Case study H arley Davidson 397000 ----- year R evenue ---$5. 0 Billion

Dollors 3 .2%


31/33


32/33


33/33

Documents

Cob It a Nil