Upload
vonhan
View
263
Download
1
Embed Size (px)
Citation preview
Volume 3 2014 7
:
COBIT®
?
:
COBIT Recognition and Case
Studies COBIT
COBIT 5 COBIT 4.1
Ecopetrol IT COBIT 5
COBIT 5
COBIT 5 IT 6
COSO 2013 COBIT 5
Ecopetrol S.A. IT
COBIT 5 Alberto León Lozano CISA CGEIT CIA CRMA
Ecopetrol S.A.
IT
COSO
COBIT
IT
2007 Ecopetrol
COSO Internal Control—Integrated
Framework -
Ecopetrol 2008 9 NYSE
2008
Ecopetrol DTI
IT IT
IT COBIT®
IT IT
COBIT® 4.1 5
IT IT
DTI Ecopetrol
! 2014 7 21 Alberto
León Lozano COBIT 5—Use It Effectively COBIT 5—
Volume 3 2014 7 2
COBIT® 5 DTI
COBIT
IT GEIT
COBIT 5
Ecopetrol 7,000 Ecopetrol
40 4 Ecopetrol 60%
Ecopetrol
Ecopetrol COSO
Ecopetrol IT IT
IT IT
DTI IT UTI IT
IT IT
IT GRC
IT
Ecopetrol COBIT
DTI COBIT IT IT
COBIT
IT
IT
IT COSO
2008 4 Ecopetrol IT
IT
Volume 3 2014 7 3
COBIT IT
— COSO
DTI
SAP
Ecopetrol COBIT 4.1 28
IT 2
3
2009 1 IT
CIO
CFO CEO IT
2009 12 COBIT
Ecopetrol
2009 2013 IT IT
Ecopetrol IT IT
IT
DTI IT
COSO 2013 COBIT 5
2010 IT IT
IT IT
Ecopetrol COBIT IT
Ecopetrol IT COBIT
COBIT
Ecopetrol
IT
Volume 3 2014 7 4
IT
20 ISACA COBIT
Foundation Exam
ISACA
2013 Ecopetrol IT
Ecopetrol IT COBIT
5 IT
IT
1
3 4
IT COBIT
PAM Process
Assessment Model Using COBIT® 5
ISO 15504
16 IT
3.8 1
3.6
2
COBIT 5
IT
IT COBIT 5
SSC
[BPM] ERM COSO ERM
1— 2013
Ecopetrol S.A.
2— 2013
Ecopetrol S.A.
Volume 3 2014 7 5
COBIT 5
Ecopetrol IT
COBIT 4.1
IT GRC
COBIT 5
IT COBIT 4.1
COBIT 5
IT GRC
3 7 Ecopetrol IT
IT
3
IT
4
IT
5
3—IT
Ecopetrol S.A.
4—IT
70%
90%96% 97% 98% 98%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
2008 2009 2010 2011 2012 2013
Ecopetrol S.A.
5—IT
Ecopetrol S.A.
6—
Ecopetrol S.A.
Volume 3 2014 7 6
IT
6
IT GRC Ecopetrol
7
COBIT GRC
COBIT 5
IT
COBIT 5
PAM ISO 15504
COBIT 5 IT
Alberto León Lozano CISA CGEIT CIA CRMA
Ecopetrol S.A. IT [email protected]
COBIT 5 Sai K. Honig CISA CIA
IT 5
Controls and Assurance in the
Cloud: Using COBIT® 5 : COBIT
® 5
2011 IT Controls Objectives for Cloud Computing IT
ISACA®
COBIT® 5
7—GRC
Ecopetrol S.A.
Volume 3 2014 7 7
Controls and Assurance in the Cloud:Using COBIT 5 : COBIT® 5
2014 4
[CSP]
COBIT® 5 Cloud Security Alliance Cloud Controls Matrix version 3 CSA
CCMv3 CSP
COBIT® 5 for Assurance COBIT 5
COBIT® Process Assessment Model PAM :Using COBIT
® 5 COBIT
®[PAM]: COBIT
® 5
COBIT® 5 for Risk COBIT
® 5
ROI
Controls and Assurance in the Cloud CSP
CSP
CSP
Sai K. Honig CISA CIA
IT 10 Honig
COBIT ITIL HIPAA
SaaS Honig Grameen Foundation
COBIT 5 IT 6 Juan Carlos Morales CISA CISM CGEIT CRISC
IT IT
IT GEIT COBIT® 5 GEIT
COBIT 5 IT
1. :1COBIT 5 1
2014 7 21 Juan Carlos Morales COBIT 5—Use It
Effectively COBIT 5—
Volume 3 2014 7 8
IT
IT 1 King III 5 IT IT
IT King III
ITGI ISACA COBIT®
Val IT ISO ISO 38500 OCEG
12
2. 3
IT
COSO Internal Control - An Integrated Framework
64COBIT 5
BSC
3. :5
IT
IT IT
4. :6
5. :7
COSO 11 IT
COBIT 5 37 DSS06
6. COBIT 5 :8, 9
COBIT 5 IT
IT IT IT
IT COSO 10
COBIT 5 37 COBIT 5
IT
Juan Carlos Morales CISA CISM CGEIT CRISC
IT APMG COBIT 5
1 ISACA COBIT 5 Implementation COBIT 5 2012 3
2 King Committee on Corporate Governance, The King Report on Corporate Governance (King III) King King 2009
3 ISACA COBIT 5 Implementation COBIT 5 2012 3 6
4 COSO Internal Control - An Integrated Framework 2013
5 ISACA COBIT 5 Implementation COBIT 5 2012 3
6 ISACA COBIT 5 Implementation COBIT5 2012 6 D
7 ISACA COBIT 5 Implementation COBIT 5 2012 3
8 ISACA COBIT 5 Implementation COBIT 5 2012 3
9 ISACA COBIT 5:Enabling Processes COBIT 5: 2012
Volume 3 2014 7 9
COBIT 5
Controls and Assurance in the
Cloud:Using COBIT® 5
:
COBIT® 5
Relating the COSO Internal Control—Integrated Framework and
COBIT COSO
COBIT
COBIT 5 COBIT
COBIT® Global Regulatory and
Legislative Recognition
COBIT®
2014 COBIT
5 Risk Scenarios for COBIT
® 5 for
Risk COBIT®
5
COBIT 5 Principles:Where Did
They Come From? COBIT 5
:
COBIT 5
ISACA COBIT
5
David Cau, GRCP, ITIL, MSP, France
Sushil Chatterji, CGEIT, CEA, CMC, Singapore,
Joanne De Vito De Palma, CISM, BCMM, USA Jimmy Heschl, CISA, CISM, CGEIT, ITIL, Austria Katherine McIntosh, CISA, CIA, CRMA, USA Andre Pitkowski, CGEIT, CRISC, CRMA, OCTAVE, Brazil Paras Shah, CISA, CGEIT, CRISC, CA, Australia Sylvia Tosar, CGEIT, PMP, Uruguay Tichaona Zororo, CISA, CISM, CGEIT, CRISC, CIA, CRMA, South Africa
Jennifer Hajigeorgiou
COBIT Focus COBIT ISACA
COBIT Focus COBIT
ISACA
COBIT Focus COBIT
COBIT Focus COBIT
© 2013 ISACA.
Julia Fullerton [email protected]
COSO 2013 COBIT 5 Steven Babb CGEIT CRISC ITIL
2013 COSO Internal Control—Integrated Framework -
COSO COBIT® 5 2012
ISACA®
Relating the COSO Internal Control—Integrated
Framework and COBIT COSO - COBIT
COBIT 5
COSO
ISACA COSO
IT IT
ISACA
COSO COBIT 5
COSO COBIT 5
COBIT 5
COSO
COBIT 5
COSO 17
COSO COBIT 5
Relating the COSO Internal
Control—Integrated Framework and COBIT COSO COBIT
Steven Babb CGEIT CRISC ITIL Vodafone ISACA