Cobit 5 Framework

2010 NUS. All Rights Reserved Unless

Otherwise Stated.

ATA/Lucid/2010-01-25 MUS/

COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0

COBIT 5 as IT Management Best

Practice Framework

1

Please see Acknowledgements & Notices in last few slides


Otherwise Stated.



What is COBIT?

Control OBjectives for Information and related Technology

International framework from ISACA and IT Governance Institute

Helps maximise value of IT to businesses

Originally, more for monitoring/ audit /risk assessment of IT management processes

Increasingly recognised as comprehensive framework of IT Management best practices Advises on WHAT to do Some high-level of how to do

Currently Version 5

2


Otherwise Stated.



COBIT - Governance and Management

3

Strategic Tactical Operational

Nb: Words in green above NOT part of COBIT but added by the author of this presentation.

generally, the responsibility of

Board of Directors


Otherwise Stated.



COBIT5 Processes

4

Align, Plan &

Organise

Build, Acquire &

Implement

Monitor, Evaluate &

Assess

Deliver, Service &

Support

Manage the IT Management Framework

Manage Strategy Manage Innovation Manage Enterprise Architecture

Manage Portfolio Manage Budget and Costs Manage Human Resources Manage Relationships Manage Service Agreements Manage Suppliers Manage Quality Manage Risk Manage Security

Manage Programmes & Projects

Manage Requirements Definition

Manage Solutions Identification and Build

Manage Availability & Capacity

Manage Change Acceptance and Transitioning

Manage Organisational Change Management

Manage Changes Manage Knowledge Manage Assets Manage Configuration

Monitor, Evaluate and Assess Performance & Conformance

Monitor, Evaluate and Assess the System of Internal Control

Monitor, Evaluate and Assess Compliance with External Requirements

Governance

Manage Operations Manage Service Requests & Incidents

Manage Problems Manage Continuity Manage Security Services Manage Business Process Controls

Ensure Governance Framework Setting and Maintenance

Ensure Benefits Delivery Ensure Risk Optimisation Ensure Resource Optimisation Ensure Stakeholder Transparency

Domains Processes


Otherwise Stated.



Domain BAI - Build, Acquire & Implement

5

Nb: Bold headings are

authors own categorisation & are not part of COBIT

Programmes

Manage Programmes (and Projects)

Projects

Manage (Programmes and) Projects

Requirements

Manage Requirements Definition

Manage Availability & Capacity

Design & Build

Manage Solutions Identification and Build

Test & Implement

Manage Change Acceptance and Transitioning

Changes

Manage (IT) Changes

Manage Organisational Change Management

Supporting Processes

Manage Knowledge

Manage Assets

Manage Configuration


Otherwise Stated.



Domain BAI - Build, Acquire & Implement

6

Build, Acquire

& Implement

(BAI)

Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.

Programme Management

(Generic) Project Management

IT Systems Devt Life Cycle Mgt

Support Processes

Knowledge, Asset, Configuration

Requirements &

Feasibility

Design &

Build

Test &

Implement

Manage Changes

IT and Organisational


Otherwise Stated.



IT Strategy / Innovation / Ent. Architecture / Portfolio Management

BAI Relationship with APO

7

Build, Acquire

& Implement

(BAI)

Align, Plan

& Organise

(APO)


Pre-Project Development Production




Support Processes


Requirements &

Feasibility

Design &

Build

Test &

Implement

Manage Changes

IT and Organisational (Tactical)

(Strategic)

IT

Ongoing

Management


Otherwise Stated.



Domain APO Align, Plan & Organise

Strategy/ Architecture / Portfolio Manage the IT Management Framework

Manage Strategy

Manage Innovation

Manage Enterprise Architecture

Manage Portfolio

IT Ongoing Management Manage Budget and Costs

Manage Human Resources

Manage Relationships

Manage Service Agreements

Manage Suppliers

Manage Quality

Manage Risk

Manage Security

8



IT Strategy / Architecture / Portfolio Management




Support Processes


Requirements &

Feasibility

Design &

Build

Test &

Implement

Manage Changes

IT and Organisational

IT

Ongoing

Management


Otherwise Stated.



COBIT Domains Deliver, Service & Support (DSS)

Service Operations

Manage Operations

Manage Service Requests & Incidents

Manage Problems

Manage Continuity

Manage Security Services

Manage Business Process Controls

9




Otherwise Stated.



DSS Relationship with BAI & APO

10


Support Processes

Knowledge, Assets, Configuration

Requirements

& Feasibility

Design &

Build

Test &

Implement

Manage Changes

IT & Organisational

Build,

Acquire &

Implement

(BAI)

Align, Plan

& Organise

(APO)

Deliver,

Service &

Support (DSS)

Service

Operations






IT

Ongoing

Management

(Strategic)

(Tactical)

(Operational)


Otherwise Stated.



COBIT Domains Monitor, Evaluate & Assess

Monitor, Evaluate and Assess

Performance & Conformance

System of Internal Control

Compliance with External Requirements

11




Otherwise Stated.



MEA Relationship with APO / BAI / DSS

12


Support Processes


Requirements

& Feasibility

Design &

Build

Test &

Implement

Manage Changes

IT & Organisational

Build,

Acquire &

Implement

(BAI)

Align, Plan

& Organise

(APO)

Deliver,

Service &

Support (DSS)

Service

Operations






IT

Ongoing

Management

Measure,

Evaluate

&

Assess

Measure,

Evaluate &

Assess (MEA)

(Strategic)

(Tactical)

(Operational)


Otherwise Stated.



COBIT Domains Governance

Monitor, Evaluate & Direct to:

Ensure Governance Framework Setting and Maintenance

Ensure Benefits Delivery

Ensure Risk Optimisation

Ensure Resource Optimisation

Ensure Stakeholder Transparency

13




Otherwise Stated.



Governance Relationship To Management

14


Support Processes


Requirements

& Feasibility

Design &

Build

Test &

Implement

Manage Changes

IT & Organisational

Build,

Acquire &

Implement

(BAI)

Align, Plan

& Organise

(APO)

Deliver, Service &

Support (DSS)

Service

Operations






IT

Ongoing

Management

Measure,

Evaluate

&

Assess

Measure,

Evaluate &

Assess (MEA)

(Strategic Mgt)

(Tactical Mgt)

(Operational Mgt)

(Governance)

Monitor

Evaluate

Direct


Otherwise Stated.



Further Process Details

COBIT provides further details to the Process

Breakdown of Process

Process

Management Practices

Activities

RACI for Management Practices

Inputs-Outputs for each Activity

Metrics for the overall process

IT-related

Process-related

15


Otherwise Stated.



COBIT Process Details Management Practices

16

Manage Programmes and Projects Maintain a standard approach for programme and project

management

Initiate a programme. Manage stakeholder engagement. Develop and maintain the programme plan. Launch and execute the programme Monitor, control and report on the programme outcomes. Start up and initiate projects within a programme. Plan projects Manage programme and project quality Manage programme and project risk Monitor and control projects Manage project resources and work packages. Close a project or iteration Close a programme.

Process

Management

Practices


Otherwise Stated.



COBIT Process Details Management Practices and Activities

17

Manage Programmes and Projects

Maintain a standard approach for programme and project management

Initiate a programme

Agree on programme sponsorship and appoint a programme board/committee with members who have strategic interest in the programme, have responsibility for the investment decision making, will be

significantly impacted by the programme and will be required to enable delivery of the change.

Confirm the programme mandate with sponsors and stakeholders. Articulate the strategic objectives for the programme, potential strategies for delivery, improvement and benefits that are expected to result,

and how the programme fits with other initiatives.

Develop a detailed business case for a programme, if warranted. Involve all key stakeholders to develop and document a complete understanding of the expected enterprise outcomes, how they will be

measured, the full scope of initiatives required, the risk involved and the impact on all aspects of the

enterprise. Identify and assess alternative courses of action to achieve the desired enterprise outcomes.

Develop a benefits realisation plan that will be managed throughout the programme to ensure that planned benefits always have owners and are achieved, sustained and optimised.

Prepare and submit for in-principle approval the initial (conceptual) programme business case, providing essential decision-making information regarding purpose, contribution to business objectives, expected

value created, time frames, etc

Appoint a dedicated manager for the programme, with the commensurate competencies and skills to manage the programme effectively

and efficiently.

Manage stakeholder engagement.

Process

Management

Practices

Activities


Otherwise Stated.



COBIT Process Details RACI for Management Practices

18


Otherwise Stated.



COBIT Process Details Inputs-Outputs for Each Activity

19


Otherwise Stated.



COBIT Process Details IT-Related Metrics

20

Example - from Manage Programmes and Projects process


Otherwise Stated.



COBIT Process Details Process-Related Metrics

21

Example - from Manage Programmes and Projects process


Otherwise Stated.



Other Key Elements of COBIT

Principles

Enablers

Lifecycle Approach

Process Capability Model

COBIT 5 Product Family

22


Otherwise Stated.



Principles

23


Otherwise Stated.



Enablers

24


Otherwise Stated.



Lifecycle Approach

25


Otherwise Stated.



Process Capability Model

26


Otherwise Stated.



COBIT 5 Product Family

27


Otherwise Stated.



COBIT 5 Mapping to Other Frameworks

28

Nb: Some of the other frameworks can map to more than one COBIT domain (eg. ITIL/COBIT) but for simplicity, only one domain is mapped here


Otherwise Stated.



For Further Information

For further details on COBIT course

http://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20

/cname/nicf-cobit-foundation/Default.aspx

For other related courses:

http://www.iss.nus.edu.sg/ProfessionalCourses/CourseCatalogue.aspx

29


Otherwise Stated.



Acknowledgements & Sources

Sources used in this presentation:

Information Systems Audit and Control Association. (2012). COBIT 5: Enabling

processes. Rolling Meadows, IL: ISACA.

30


Otherwise Stated.



Acknowledgements & Notices COBIT is a registered trade mark of ISACA and the IT Governance Institute

CGEIT is a registered trade mark of ISACA

TOGAF is a registered trademark of The Open Group in the United States and other countries

CBAP is a registered certification mark owned by International Institute of Business Analysis

CISSP is a registered Trademark of (ISC)2

SCRUM Alliance REP SM is a service mark of Scrum Alliance, Inc.

PMP is a registered mark of Project Management Institute, Inc.

ITIL, PRINCE2, P3O, MSP are registered trade marks of the Cabinet Office

CMMI is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University

The Swirl logo is a trade mark of the Cabinet Office

2011 NUS unless otherwise stated. The contents of this document may not be reproduced in any form or by any means, without the written permission of ISS, NUS, other than for the purpose for which it has been supplied


Otherwise Stated.



The End

32

Documents

Cobit 5 Framework