Upload
nikhil-shah
View
216
Download
0
Embed Size (px)
Citation preview
8/6/2019 Cob It a Nil
1/33
AGENDAWhat is COBIT 4.0?Why COBIT is important for acompany?Why Business Analyst needs to know?COBIT family of products
Why organization needs to complyCOBIT.Case study
8/6/2019 Cob It a Nil
2/33
8/6/2019 Cob It a Nil
3/33
IntroductionControl Frameworks COSO and COBIT are - among other things - control
frameworks.COSO focuses on controls for financial processes, and COBIT focuses on
IT.IT governance framework and supporting toolset both makes up Cobit
which allows managers to bridge the gap between control requirements,technical issues and business risks.
COBIT enables clear policy development and good practice for IT control
throughout organizationsCOBIT 4.0 presents activities in a more streamlined and practical manner
so continuous improvement in IT governance is easier than ever toachieve.
COBIT compiles an up-to-date international set of generally acceptedcontrol objectives for day-to-day use by business managers and IT
managers.strengths and weaknesses
AdvantagesCOBIT is focused on controls and metrics.
DisadvantagesIt also lacks a security component but provides a more global view of IT
8/6/2019 Cob It a Nil
4/33
8/6/2019 Cob It a Nil
5/33
A
BAM ANAGE M ENT IT
8/6/2019 Cob It a Nil
6/33
8/6/2019 Cob It a Nil
7/33
COBIT has 34 High Level objectives. 215 control objectives
Categorized into six Componentsand 4 Domains
1. Acquire and implement 2. Plan and Organize3. Deliver and Support 4. Monitor and Evaluate
8/6/2019 Cob It a Nil
8/33
COBIT Product Family
Package of six components
1. Executive Summary
2. Framework 3. Control Objectives4. Audit Guidelines5. Implementation tool set 6. Management Guidelines
8/6/2019 Cob It a Nil
9/33
8/6/2019 Cob It a Nil
10/33
EXECUTIVE SUMMARY
1. Provides an overview through awareness and understanding of Cobit's key concepts and
principles designed for time-pressed executives
and managers
2. Describes synopsis of framework, which providesa more detailed understanding of these Concepts
and principles of identifying 34 high end control objectives.
8/6/2019 Cob It a Nil
11/33
FRAMEWORK
1. A successful organization is built on a solid dataand information.This framework explains how IT processes deliver the information that business needs to achieve its objectives.
2 Framework also identifies resources that are important
for IT process to fully support the business objective.effectiveness,efficiency, confidentiality,integrity
Availability ,compliance , reliability, people, Application, technology,facilities and data .
8/6/2019 Cob It a Nil
12/33
8/6/2019 Cob It a Nil
13/33
CONTROL OBJECTIVES
1. Cataclysmic changes .2. Maintain profitability in a technologically
changing environment is the key objective.3. How well you maintain control.4. Provides critical insight needed to delineate a
clear Policy and good practice for IT controls5. Achieved my implementing the 34 high control
objectives and 215 control objectives.
8/6/2019 Cob It a Nil
14/33
AUDIT GUIDELINES:1. Must constantly and consistently audit organizational procedures to achieve desired goals and objectives.
2. Outlines and Suggests activities performed to each of 34 high-Level IT control Objectives while sustaining the risk of Control objectives not being met.
3. Provides an invaluable tool for Information Systemsauditors in providing Management assurance for improvement
8/6/2019 Cob It a Nil
15/33
IMPLEMENT ATION TOOL SET
1. A new tool set designed to facilitate theimplementation of Cobit
Consists of :
Management awareness and It control ,
Diagnostics,
Implementation guide ,FAQs,
Case studies from organizations currently using
Cobit
8/6/2019 Cob It a Nil
16/33
Management Guidelines is composed of Maturity Models, to help determine the stages and expectationlevels of control and compare them against industrynorms
Management Guidelines
1. Critical Success Factors, to identify the most important actions for achieving control over the IT processes
2. Key Goal Indicators, to define target levels of performance
3. Key Performance Indicators, to measurewhether an IT control process is meeting itsobjective.
8/6/2019 Cob It a Nil
17/33
COBIT Structure
COBIT provides benefits to managers, IT users, and auditors. Managers benefit from COBIT because it provides them with a foundation upon which IT related decisions and investments canbe based.
COBIT benefits It users because of the assurance provided tothem if the applications that aid in the gathering, processing, and reporting of information complies with COBIT since it impliescontrols and security are in place to govern the processes.
COBIT benefits auditors because it helps them identify IT control issues within a companys IT infrastructure. It also helps themcorroborate their audit findings.
8/6/2019 Cob It a Nil
18/33
COBIT covers four domains:
1. Plan and Organize
2. Deliver and Support
3. Monitor and Evaluate4. Acquire and Implement
8/6/2019 Cob It a Nil
19/33
Plan and Organize:
This domain covers the use of technology and how best it can be used in a company to helpachieve the companys goals and objectives
It also highlights the organizational and infrastructure form IT is to take in order toachieve the optimal results and to generate the
most benefits from the use of IT.
Consists of high level control objectives for the Planning and Organization domain.
8/6/2019 Cob It a Nil
20/33
H IG H LEVEL CONTROL OBJECTIVES
Plan and Organize
PO1 Define a Strategic IT Plan and direction
PO2 Define the Information Architecture
PO3 Determine Technological Direction
PO4 Define the IT Processes, Organisation and RelationshipsPO5 M anage the IT Investment
PO6 Communicate M anagement Aims and Direction
PO7M
anage ITH
uman ResourcesPO8 M anage Quality
PO9 Assess and M anage IT Risks
PO10 M anage Projects
8/6/2019 Cob It a Nil
21/33
Acquire and Implement
1 . Acquiring the te chnology .
2. Imp lement it within curr ent busin ess proc ess
3. Ma intain plan to prolong lif e of IT sys tem &its components
CONTD.
8/6/2019 Cob It a Nil
22/33
H IG H LEVEL CONTROL OBJECTIVESAcquire and Implement
AI1 Identify Automated Solutions
AI2 Acquire and M aintain Application Software
AI3 Acquire and M aintain Technology Infrastructure
AI4 Enable Operation and Use
AI5 Procure IT Resources
AI6 M anage Changes
AI7 Install and Accredit Solutions and Changes
8/6/2019 Cob It a Nil
23/33
Delivery and Support
1. Delivery aspects of IT such as execution of application
1. Support processes that enable the effective andefficient execution of these IT systems.
2. Support processes include security issues and training
8/6/2019 Cob It a Nil
24/33
Deliver and Support
DS1 Define and M anage Service Levels
DS2 M anage Third-party Services
DS3 M anage Performance and Capacity
DS4 Ensure Continuous Service
DS5 Ensure Systems Security
DS6 Identify and Allocate Costs
DS7 Educate and Train Users
DS8 M anage Service Desk and Incidents
DS9 M anage the Configuration
DS10 M anage Problems
DS11 M anage Data
DS12 M anage the Physical Environment
DS13 M anage Operations
H IG H LEVEL CONTROL OBJECTIVES
8/6/2019 Cob It a Nil
25/33
Cov ers the issu e of an ind ependent assessment of theeff ectiveness of IT sys tem in its ability to meet b usin ess o bje ctives and the companys con trol proc esses by
. Moni toring also cov ers the issu e of an ind ependent assessmentof the e ff ectiveness of IT sys tem in its ability to meet b usin ess o bjectives and the companys con trol proc esses by internal and
exte rnal audi tors
Consis ts of high level con trol o bjectives for the M oni toring doma in .
CONTD
Monitor and Evaluate:
8/6/2019 Cob It a Nil
26/33
H IG H LEVEL CONTROL OBJECTIVESM onitor and Evaluate
M E1 M onitor and Evaluate IT ProcessesM E2 M onitor and Evaluate Internal Control
M E3 Ensure Regulatory Compliance
ME4 Provide IT Governance
8/6/2019 Cob It a Nil
27/33
8/6/2019 Cob It a Nil
28/33
8/6/2019 Cob It a Nil
29/33
ISO/IEC 17799:2005 (The Code of Practice for InformationSecurity M anagement) is also an international standardand is best practice for implementing security management.
The two standards do not compete with each other andactually complement one another.
COBIT typically covers a broader area while ISO/IEC17799 is deeply focused in the area of security.
8/6/2019 Cob It a Nil
30/33
Case study H arley Davidson 397000 ----- year R evenue ---$5. 0 Billion
Dollors 3 .2%
8/6/2019 Cob It a Nil
31/33
8/6/2019 Cob It a Nil
32/33
8/6/2019 Cob It a Nil
33/33