COBIT5 Foundation - Manual do aluno (Portuguese)

ITpreneurs™ IT Governance and Strategy

MANUAL DO ALUNO

Foundation release 1.0.1

COBIT® 5

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t

www.ITpreneurs.com

Copyright © 2013 ITpreneurs. All rights reserved

Copyright Copyright and Trademark Information for Partners/Stakeholders.

This product includes COBIT® 5, used by permission of ISACA®. ©2012 ISACA®. All rights reserved.

COBIT® is a registered trademark of the Information Systems Audit and Control Association® (ISACA®).

Copyright © 2013 ITpreneurs. All rights reserved. Please note that the information contained in this material is subject to change without notice. Furthermore, this material contains proprietary information that is protected by copyright. No part of this material may be photocopied, reproduced, or translated to another language without the prior consent of ITpreneurs Nederland B.V. The language used in this course is US English. Our sources of reference for grammar, syntax, and mechanics are from The Chicago Manual of Style, The American Heritage Dictionary, and the Microsoft Manual of Style for Technical Publications.

COBIT® 5 Foundation, Classroom course, release 1.0.1

4

4

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t

Copyright © 2014, ITpreneurs Nederland B.V. All rights reserved. i

Lista de Ícones iii

Agradecimentos iv

EULA v

Tópicos Adicionais vii

Módulo 1: Introdução do Curso 1

Módulo 2: Por que COBIT? Os desafi os do Gerenciamento e da Governança de TI 7

Módulo 3: COBIT 5: Uma Introdução 29

Exercício I:Desafi os de TI (Opcional) 51

Módulo 4: COBIT 5: Facilitadores 55

Módulo 5: COBIT 5: Atendendo as Necessidades das Partes Interessadas 83

Exercício II: Os Objetivos em Cascata 109

Módulo 6: COBIT 5: Introdução ao COBIT 5 –Processos Facilitadores 113

Exercício III: Preocupações das Partes Interessadas e Princípios de Governança de TI 135

Módulo 7: COBIT 5: Os Processos 141

Módulo 8: COBIT 5: Os processos e componentes do COBIT 5 157

Exercício IV: Identifi cando Processos, Práticas e Objetivos de TI 175

Módulo 9: COBIT 5: Avaliação do Nível de Capacidade do Processo 179

Módulo 10: Guia Preparatório para a Prova 211

Plano de Estudo 217

Exame Simulado 235

Apêndice A: Estudo de Caso Callwick 255

Apêndice B: Glossário 259

Apêndice C: Tabelas de Referência 265

Apêndice D: Respostas 273

Apêndice E: Guia de Referência de Processo 311

Apêndice F: Guia do Candidato ao Exame do Cobit® 5 Fundamentos 333

Notas de Lançamento 337

Formulário de Comentários 339

Conteúdo

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t

Essa

págin

a foi

deixa

da em

bran

co in

tencio

nalm

ente

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t

Copyright © 2014, ITpreneurs Nederland B.V. All rights reserved. iii

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t

Copyright © 2014, ITpreneurs Nederland B.V. All rights reserved.iv

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t

Aluno | EULA

Copyright © 2014, ITpreneurs Nederland B.V. All rights reserved. v

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t

Essa

págin

a foi

deixa

da em

bran

co in

tencio

nalm

ente

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t

Aluno | Tópicos Adicionais

Copyright © 2014, ITpreneurs Nederland B.V. All rights reserved. vii

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t

Essa

págin

a foi

deixa

da em

bran

co in

tencio

nalm

ente

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t

Módulo 1Introdução do Curso

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t

COBIT ® 5 Foundation

Copyright © 2014, ITpreneurs Nederland B.V. All rights reserved.2

INTRODUCTION

Course Learning Objectives

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t

Aluno | Introdução do Curso

Copyright © 2014, ITpreneurs Nederland B.V. All rights reserved. 3

My Notes

Course Overview

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



Course Agenda

⁰

⁰ Dia e

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t

Aluno | Introdução do Curso


My Notes

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



About the Governing Body

oooo

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t

Módulo 2Por que COBIT? Os desafi os do Gerenciamen-to e da Governança de TI

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



MODULE OVERVIEW

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t


Aluno | Por que COBIT? Os desafi os do Gerenciamento e da Governança de TI

My Notes

2.1 KEY CHALLENGES OF USING IT

Reading PointsLet’s take a look at the key challenges one can face when using IT.

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



OVERVIEW

Reading PointsEnterprises rely on IT to support business operations and meet strategic objectives, and they invest signifi cant amounts of money and resources in IT.

They also need to adapt their IT infrastructure and information requirements to dynamic business demands and deal with IT-related risks and complexities.

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



My Notes

Keeping IT Running

Reading PointsMost enterprises expect IT services to be available 24x7. When IT systems fail, the impact is often signifi cant: lost business, reduced profi ts, and even damage to the enterprise’s reputation.

Business as usual can come to a standstill if internal IT systems such as e-mail, document processing, tracking, reporting and so on fail.

A seemingly simple failure, such as a server exceeding its storage capacity, can bring an entire department to a halt.

In even more critical business processes, such as Internet banking and order processing, the impact is, of course, far greater, and negatively impacts revenues and reputation.

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



Aligning IT with Business

Reading PointsAligning IT with business is more important than ever. In most enterprises, business and IT are usually not aligned with the same goals.

Consequently, their decisions and actions are not always synchronized, leading to failed IT projects, loss of money and time, and a sense of overall discouragement in undertaking IT projects.

The role of CIO, in several enterprises, is undergoing a change; CIOs are increasingly acting as a bridge between the rest of the business and IT.

Take the example of a builder. The builder constructs according to requirements and budgets. If requirements aren’t clear at the beginning and there is no coordination between budgets and eventual costs, the cost of construction will escalate.

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



My Notes

Delivering Value

Reading PointsWhy do IT projects fail to deliver value?

It is well known that many IT projects fail to achieve their business goals, and consequently, fail to deliver value. Some studies suggest that three out of four projects never realize their expected benefi ts.

Many projects are not seen through to completion. One of the leading analysts, Gartner estimates that billions of dollars are wasted annually on misdirected and unsuccessful new IT initiatives.

Several causes can be attributed to these failures. For one, there is usually insuffi cient or poor requirements defi nition and planning at the start of a project. This can be aggravated by weak project control during delivery. So issues that are completely nontechnical in nature often end up marring the prospects of an IT project.

Second, the costs of an IT project are often very high. Often these costs are not well understood by the business, leading to further challenges in alignment and subsequent failure to deliver value.

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



Security

Reading PointsIn today’s complex and networked IT environments, information security continues to be a major challenge.

On one hand, the Internet, among other technological advances, has brought unforeseen productivity gains, speedy business solutions, and even greater opportunities for customer service, making the world a “small village”; on the other hand, it has also brought along major security risks for enterprises.

IT security is often misunderstood, surrounded as it is by hype.

Unfortunately, the typical approach has been for management to delegate IT security concerns to technical experts. However, in most situations, the enterprises’ vulnerability is not just technical in nature. It is often a result of poor awareness of the real issues.

So, to effectively address and overcome IT security risks, enterprises require oversight from executive management via governance risk practices and specifi c management practices that can address the unique complexities of security.

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



My Notes

Regulatory Compliance

Reading PointsGlobalization, corporate scandals, and fi nancial crises have led to increased fi nancial and corporate governance regulations in many countries.

The widespread use of IT and networks for handling personal information has led to new privacy laws.

Over the years, we have seen a constant rise in legislation related to the use of IT. The Sarbanes-Oxley Act, for example, led US-listed companies to establish control over fi nancial reporting, which automatically extends to include control over related IT systems.

Laws and regulations that also affect IT include those dealing with the protection of personal data and sector-specifi c requirements, such as for the health care, pharmaceutical, and fi nancial sectors.

As a result of all this, IT compliance becomes a prerequisite for the effi cient and successful operation of IT.

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



Mastering Complexity

Reading PointsManaging IT is a complex technical and organizational task.

IT is no longer limited to the “IT function”; it is pervasive and includes business users as well as multiple suppliers and solutions.

Varying types and levels of external service providers: Large enterprises may be dealing with hundreds, even thousands, of IT suppliers and service providers.

Multiple technical platforms: A single technical platform no longer serves the complex needs of users today. Large enterprises have to keep pace with several technical platforms simultaneously.

Requirement for advanced competencies: Complex systems and solutions also require superior technical competencies. This has now become a “must-have,” not a “nice to have.”

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



My Notes

Optimizing IT Costs

Reading PointsIT-related costs account for a very signifi cant portion of enterprise costs. They are also one of the least understood elements of any enterprise’s budget.

Often senior managers believe IT costs to be “out of control.”

The challenges relating to optimizing IT spending include:

Lack of fi nancial management skills among IT management teams

Large fi nancial losses incurred because of failed projects

Excessive costs due to poor management of IT assets that are not understood by the business

Uncontrolled IT spending by business units Ineffective procurement, acquisition, and contracting

procedures High people costs made worse by high turnover and

poor career development

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



2.2 INTRODUCTION TO IT GOVERNANCE

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



My Notes

Enterprise Governance: Goals

Reading PointsEnterprise governance:

Provides strategic direction Ensures that objectives are achieved Establishes that risks are managed appropriately Verifi es that the enterprise’s resources are used

responsibly

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



IT Governance: An introduction

Reading PointsIT governance is the responsibility of executives and the board of directors, just like any other area.

IT is often not managed effectively. The IT function usually tries hard to satisfy the demands of the business. Unfortunately, it often ends up working as a fi refi ghter: putting out the most urgent fi res. As discussed earlier, IT objectives aren’t always aligned with business goals. It is quite natural, then, that IT is not always seen as contributing to business performance. IT governance should be driven top-down, from business needs. Very often, the people who shout the loudest get the best service. Service delivery, for example, should be set up based on overall business priorities, not on individual demands.

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



My Notes

Balancing Performance and Conformance

Reading PointsEnterprises need to balance strategic performance objectives with conformance objectives: that is, meeting strategic performance objectives while addressing legal, regulatory, contractual, and other obligatory requirements.

Governance is about meeting strategic performance objectives while addressing legal, regulatory, contractual and other obligatory requirements, often supported by policy (conformance). The objective is to achieve both objectives in a balanced way.

For example, in a bank, good online service signifi es good performance. On the other hand, the bank must manage issues such as the privacy of banking data and the integrity of bank accounts, and meet regulatory requirements such as disaster recovery plans. These form part of the bank’s conformance requirements.

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



Difference between Governance and Management

Reading Points

Example: The CEO gives direction, through a policy statement, that any changes to production systems can only be made using a newly introduced, formal change management procedure. Management enforces this via a change management process with approval and release steps, and by monitoring adherence to these practices.

Another example: The security offi cer issues a directive for restricting access to pornographic sites. Control is enforced by using fi lters on the Internet gateway and by scanning the Internet access of users.

If effective management control is in place, management will take risks. Similarly, a company will take more or fewer risks, depending on its history of risk or failure.

Think of a racing car. Why does the car have good brakes? So the driver can drive even faster, knowing that he or she can slow down when necessary.

In addition, because IT has enabled seamless business processes between enterprises, there is also a growing need to help ensure that contracts include important IT-related requirements in areas such as privacy, confi dentiality, intellectual property and security.

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



My Notes

IT Governance Objective: Value Creation

Reading PointsThe aim of IT governance is to create value for the enterprise by:

Realizing benefi ts Optimizing risks Optimizing resources

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



Key Internal Stakeholders

Reading PointsIT governance occurs at different layers. As with any process or policy, IT governance has various stakeholders. Team leaders, managers, executives, and the board each have distinct roles, responsibilities, and concerns in the implementation of IT governance.

For example, team leaders report to and receive direction from their managers. In turn, managers report to executives, and executives report to the board of directors. The business units are responsible for working in partnership with IT to ensure that business requirements are met. To help enable this, it is necessary that:

Board members should play an active role in IT strategy or similar committees. CEOs should provide organizational structures to support the implementation of IT

strategy. CIOs must be business-oriented and serve as a bridge between IT and the business. All executives should be involved in IT steering or similar committees.

Many boards perform their governance duties through committees that oversee critical activities, such as audits, compensation, and acquisitions. The most widely known internal stakeholder group is the IT steering committee, which should focus on tracking IT investments, setting priorities, and allocating resources.

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



My Notes

Key External Stakeholders

Reading PointsExternal stakeholders are also interested in IT governance.

The IT governance environment should satisfy their needs as well.

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



Key Benefi ts from Effective IT Governance

Reading PointsHere are some examples:

More reliable services: IT governance ensures that critical IT processes and services are monitored and any high-priority incidents or failures are addressed and resolved. It enables services that require high levels of reliability to be implemented with a robust and resilient infrastructure to minimize the probability of failure or service disruption. IT governance ensures lower risks, better quality of service, and greater customer satisfaction.

Greater transparency: With the implementation of IT governance, there is usually greater transparency, which means that stakeholders will receive information in a form they understand and trust. An effectively implemented IT governance framework ensures that the right information is available to decision makers at the right level; otherwise, information tends to get lost in the maze of data.

Responsiveness of IT to business: Agility, fl exibility, and responsiveness are vital attributes of the IT function in its support of evolving business needs. Effective IT governance ensures a clear chain of command, effective decision-making, and greater confi dence in taking risks and making investments. In addition, IT and business can relate to each other. As a result, senior management feels more confi dent that everything is on track.

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t



Confi dence of the top management: An effective IT governance approach can get everybody on the same page by providing a common language, enabling clearer decision-making mechanisms, and facilitating the transparency and accuracy of management information. When the top management has a clearer picture of how IT is performing, it increases its trust and confi dence in investment decisions.

Higher Return on Investment (ROI): Effective IT governance helps reduce project failures, optimize IT infrastructure, and increase the effi ciency of IT processes. Higher ROI implies greater value to the business and better quality of services, enabling the overall business strategy.

2.3 MODULE SUMMARY

ooooooo

ooooo

Reading PointsSummarize the learning points from this module and make sure that everyone understands the concepts.

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t

Essa

págin

a foi

deixa

da em

bran

co in

tencio

nalm

ente

Limited Edition

Sample

Mate

rial –

Not

for R

eprin

t

Documents

COBIT5 Foundation - Manual do aluno (Portuguese)