chief information officers (cio)
DESCRIPTION
Chief Information Officers (CIO). Module 5. IT Governance COBIT Framework. Objectives of Module 5. To enhance the basic understanding of the CIOs to the IT Governance concepts and techniques using the COBIT Framework and explore their applicability in Iraq. Scope of Module 5. - PowerPoint PPT PresentationTRANSCRIPT
Chief Information Officers Chief Information Officers (CIO) (CIO)
1
Module 5
IT Governance COBIT Framework
2
Objectives of Module 5 To enhance the basic understanding of the CIOs to the IT Governance concepts and techniques using the COBIT Framework and explore their applicability in Iraq
3
Scope of Module 5
IT Governance ConceptsIT Governance vis-a-vis Enterprise GovernanceIT Governance life cycleIT Domains, Processes and ActivitiesIT Monitoring Evaluation and Control
4
5
Enterprise Governance and IT Governance
ENTERPRISE GOVERNANCE
INFORMATION TECHNOLOGY GOVERNANCE
ENTERPRISE ACTIVITIES
INFORMATION TECHNOLOGY
ACTIVITIES
Drives and Sets Require Information From
6
Enterprise IT Governance Cycle
IT is aligned with the business, enables theBusiness and maximises benefits. IT resources are used responsibly. IT-related risks are managedappropriately
Plan Plan & OrganizeDo Acquire & ImplementCheck Deliver & SupportCorrect Monitor & Evaluate
Manage Risk Realise BenefitsSecurity Increase
Automation- effective
Decrease Cost- be efficient
ReliabilityCompliance
CONTROL
DIRECT
REPORT
OBJECTIVES
7
BUSINESS REQUIREMENTS
IT PROCESSES
IT RESOURCES
COBIT- IT Governance Concept
8
IT RESOURCES● Data- Objects in their widest sense (i.e., external and internal), structured and non structured, graphics, sound, etc.• Application Systems• Technology- Hardware, operating system, database management systems, networking, multimedia, etc.• Facilities• People- Staff skills, awareness and productivity to plan, organise, acquire, deliver, support, monitor and evaluate information systems and services
9
IT Resources and Delivery of Services
EVENTSBusiness objectivesBusiness opportunitiesExternal requirementsRegulationsRisks
INFORMATIONEffectivenessEfficiencyConfidentialityIntegrityAvailabilityComplianceReliability
FACILITIESPEOPLE
TECHNOLOGY
DATA APPLICATION SYSTEM
10
Framework IT Control objectsBUSINESS
PROCCESSES
INFORMATION
• People• Application Systems• Technology• Facilities• Data
What you NeedWhat you GET
Information Criteria•effectiveness• Efficiency• Confidentiality• Integrity• Availability• Compliance• Reliability
INFORMATION RESOURCES
DO They Match?
11
IT Domain, Processes and Activities
DOMAIN
PROCESSES
ACTIVITIES / TASKS
12
Processes, Information & Resources Criteria
Domain
Processes
ACTIVITIES
Quality Fiduciary Security
IT PROCESSES
INFORMATION CRITERIA
IT RESOURCES
DATA
FACILITIES
TECHNOLOGY
Application Sys
PEOPLE
13
IT Governance Framework
MONITORAND EVALUATE
DELIVER ANDSUPPORT
BUSINESS OBJECTIVES
PLAN AND ORGANISE
M&E PROCESSES
ACQUIRE ANDIMPLEMENT
IT RESOURCES
IT
INFORMATION
14
Plan and Organize ProcessesPO1 define a strategic IT planPO2 define the information architecturePO3 determine the technological directionPO4 define the IT organisation and relationshipsPO5 manage the IT investmentPO6 communicate management aims and directionPO7 manage human resourcesPO8 ensure compliance with external requirementsPO9 assess risksPO10 manage projectsPO11 manage quality
15
Acquire and Implement Processes
•AI1 identify automated solutions•AI2 acquire and maintain application software•AI3 acquire and maintain technology infrastructure•AI4 develop and maintain procedures•AI5 install and accredit systems•AI6 manage changes
16
Deliver and Support ProcessesDS1 define and manage service levelsDS2 manage third-party servicesDS3 manage performance and capacityDS4 ensure continuous serviceDS5 ensure systems securityDS6 identify and allocate costsDS7 educate and train usersDS8 assist and advise customersDS9 manage the configurationDS10 manage problems and incidentsDS11 manage dataDS12 manage facilitiesDS13 manage operations
17
Monitoring and Evaluation Processes
M1 monitor the processesM2 assess internal control adequacyM3 obtain independent assuranceM4 provide for independent audit
18
Maturity ModelNon Existent Initial Repeatable Defined Managed Optimized
0 Nonexistent – Management processes are not applied at all.1 Initial – Processes are ad hoc and disorganised.2 Repeatable – Processes follow a regular pattern.3 Defined – Processes are documented and communicated.4 Managed – Processes are monitored and measured.5 Optimised – Best practices are followed and automated.
LEGEND FOR RANKINGS USEDLEGEND FOR SYMBOLS USED
Enterprise Current Status
International Standard Guidelines
Industry Best Practice
Enterprise Strategy