qecb glc cobit 5 isaca s new framework 201303

8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303

1/39

COBIT 5 ISACA

COBIT 5 ISACAs new framework for IT Governance, Risk,

Security and Auditing

An overview

M. Garsoux

COBIT 5 Licensed Training Provider


2/39

COBIT 5 ISACA

Introduction

Principles

Processes

Implementation

Supporting Products

Questions

2


3/39

COBIT 5 ISACA

3


4/39

COBIT 5 ISACA

Governance of Enterprise IT

COBIT 5

IT Governance

COBIT4.0/4.1

Management

COBIT3

Control

COBIT2

A business framework from ISACA, at www.isaca.org/cobit

Audit

COBIT1

2005/720001998

Evolutiono

fscope

1996 2012

Val IT 2.0(2008)

Risk IT(2009)

4


5/39


6/39

COBIT 5 ISACA

Information is a key resource for all enterprises.

Information is created, used, retained, disclosedand destroyed.

Technology plays a key role in these actions.

Technology is becoming pervasive in all aspects ofbusiness and personal life.

What benefits does information and technology

bring to enterprises?

6


7/39

COBIT 5 ISACA

Helps enterprises:

Bring Order to Complex

Standards and Frameworks

Extract Value from Information

Chaos

Address all Stakeholders Needs

and Maximize Value ofCorporate Information

Protect and Drive Enterprise

Value

7


8/39

COBIT 5 ISACA

Enterprises and their executives strive to : Maintain quality information to support business decisions.

Generate business value from IT-enabled investments, i.e.,achieve strategic goals and realise business benefits througheffective and innovative use of IT.

Achieve operational excellence through reliable and efficientapplication of technology.

Maintain IT-related risk at an acceptable level.

Optimise the cost of IT services and technology.

How can these benefits be realized to create

enterprise stakeholder value?

8


9/39

COBIT 5 ISACA

COBIT 5 is a comprehensive framework that helpsenterprises to create optimal value from IT by maintaining abalance between realising benefits and optimising risk levelsand resource use.

COBIT 5 enables information and related technology to be

governed and managed in a holistic manner for the wholeenterprise, taking in the full end-to-end business andfunctional areas of responsibility, considering the IT-relatedinterests of internal and external stakeholders.

The COBIT 5 principles and enablers are generic and usefulfor enterprises of all sizes, whether commercial, not-for -

profit or in the public sector.

9


10/39

COBIT 5 ISACA

10


11/39

COBIT 5 ISACA

11


12/39

COBIT 5 ISACA

Enterprises exist to create value for their stakeholders

12


13/39

COBIT 5 ISACA

Delivering enterprise stakeholder value requires good governanceand management of information and technology (IT) assets.

Enterprise boards, executives and management have to embraceIT like any other significant part of the business.

External legal, regulatory and contractual compliance

requirements related to enterprise use of information and

technology are increasing, threatening value if breached.

COBIT 5 provides a comprehensive framework that assists

enterprises to achieve their goals and deliver value through

effective governance and management of enterprise IT.

Stakeholder Value

13


14/39

COBIT 5 ISACA

Stakeholder needs have to be

transformed into an enterprises

actionable strategy.

The COBIT 5 goals cascadetranslates stakeholder needs into

specific, actionable and customised

goals within the context of the

enterprise, IT-related goals and

enabler goals.

Goals cascade

14


15/39

COBIT 5 ISACA

COBIT 5 entreprise goals

Governance objectivesBSC Description Benefits Risk Resource

FINANCIAL

1.Stakeholder value of business investments P S

2.Portfolio of competitive products and services P P S

3.Managed business risks (safeguarding of assets) P S

4.Compliance with external laws and regulations P

5.Financial transparency P S S

CUSTOMER

6.Customer oriented service culture P S

7.Business service continuity and availability P

8.Agile responses to a changing business environment P S

9.Information based strategic decision making P P P

10.Optimisation of service delivery costs P P

IN

TERNAL

11.Optimisation of business process functionality P P

12.Optimisation of business process costs P P

13.Managed business change programmes P P S

14.Operational and staff productivity P P

15.Compliance with internal policies P

Learning

&Growth

16.Skilled and motivated people S P P

17.Product and business innovation culture P 15


16/39

COBIT 5 ISACA

COBIT 5 IT-related goals

BSC Description

FINANCI

AL

1. Alignment of IT and business strategy

2. IT compliance and support for business compliance with external laws & regulations

3. Commitment of executive management for making IT related decisions

4. Managed IT related business risks

5. Realised benefits form IT-enabled investments and services portfolio

6. Transparency of IT costs, benefits and riskCUST

7. Delivery of IT services in line with business requirements

8. Adequate use of applications, information and technology structure

INTER

NAL

9. IT agility

10. Security of information, processing infrastructure and applications

11. Optimisation of IT assets, resources and capabilities

12. Enablement and support of business processes by integrating applications and technology

13. Delivery of programme on time, on budget, and meeting requirements and quality standards14. Availability of reliable and useful information for decision making

15. IT compliance with internal policies

L

&G

16. Competent and motivated business and IT personnel

17. Knowledge, expertise and initiatives for business innovation16


17/39

COBIT 5 ISACA

Stakeholder Value of

Business investments

Customer - oriented

service culture

Optimisation of business

process functionality

Skilled and

motivated peole

1 6 11 16

Financial Customer Internal Learning and Growth

Financial 1

Alignment of IT and

business strategy P P P S

Customer 7

Delivery of IT services

in line with business

requirementsP P P S

Internal 9 IT agility S S P S

Learning

and Growth 16

Competent and

motivated businessand IT personnel

S S P

Enterprise Goal

IT -Related Goal

Mapping of Enterprise goals into IT-goals

17


18/39

COBIT 5 ISACA

Mapping IT goals to processes

18

Alignment of IT and

business strategy

Delivery of IT services

in line with business

requirements IT agility

Knowledge, expertise

and initiatives for

business innovation1 7 9 17

Financial Customer Internal

EDM01

Ensure

Governance

Framework

Setting and

Maintenance

P P S S

EDM02

Ensure

Benefits

DeliveryP P P

EDM03Ensure Risk

Optimisation S S S

EDM0

4

Ensure

Ressource

OptimisationS S P S

EDM05

Ensure

Stakeholder

TransparencyS P S

Evaluate,

Direct and

Monitor

IT - Related Go al

COBIT 5 Proces s


19/39

COBIT 5 ISACA

Key components of a

governance system

19


20/39


21/39

COBIT 5 ISACA

COBIT 5 defines a set ofenablers to support the

implementation of a comprehensive governance and

management system for enterprise IT.

COBIT 5 enablers are: Factors that, individually and collectively, influence

whether something will work

Driven by the goals cascade

Described by the COBIT 5 framework in sevencategories

21


22/39


23/39

COBIT 5 ISACA

1. Principles, policies and frameworksAre the vehicle to translate the desired behaviour

into practical guidance for day-to-day management

2. ProcessesDescribe an organised set of practices and activities to achieve certain

objectives and produce a set of outputs in support of achieving overall IT related goals

3. Organisational structuresAre the key decision-making entities in an organisation

4. Culture, ethics and behaviourOf individuals and of the organisation; very often

underestimated as a success factor in governance and management activities

5. InformationIs pervasive throughout any organisation, i.e., deals with all information

produced and used by the enterprise. Information is required for keeping theorganisation running and well governed, but at the operational level, information is very

often the key product of the enterprise itself.

6. Services, infrastructure and applicationsInclude the infrastructure, technology and

applications that provide the enterprise with information technology processing and

services

7. People, skills and competenciesAre linked to people and are required for successful

completion of all activities and for making correct decisions and taking correctiveactions

23


24/39

COBIT 5 ISACA

Governance ensures that enterprise objectives areachieved by evaluating stakeholder needs, conditions

and options; setting direction through prioritisation and

decision making; and monitoring performance,

compliance and progress against agreed direction and

objectives (EDM) Management plans, builds, runs and monitors activities

in alignment with the direction set by the governance

body to achieve the enterprise objectives (PBRM)

24


25/39

COBIT 5 ISACA

COBIT 5 is not prescriptive, but it advocates thatorganisations implement governance and management

processes such that the key areas are covered, as shown.

25


26/39

COBIT 5 ISACA

COBIT 5 brings together the five principles that

allow the enterprise to build an effective

governance and management framework based on

a holistic set ofseven enablers that optimises

information and technology investment and use forthe benefit of stakeholders.

26


27/39

COBIT 5 ISACA

27


28/39

COBIT 5 ISACA

28


29/39

COBIT 5 ISACA

29


30/39

COBIT 5 ISACA

30


31/39

COBIT 5 ISACA

31


32/39

COBIT 5 ISACA

32


33/39

COBIT 5 ISACA

33


34/39

COBIT 5 ISACA

Failed IT initiatives Rising costs

Perception of low business value

for IT investments

Significant incidents related to IT

risk (e.g. data loss)

Service delivery problems

Failure to meet regulatory or

contractual requirements

Audit findings for poor IT

performance or low service levels

Hidden and/or rogue IT spending

Resource waste through duplicationor overlap in IT initiatives

Insufficient IT resources

IT staff burnout / dissatisfaction

IT enabled changes frequently

failing to meet business needs (late

deliveries or budget overruns) Multiple and complex IT assurance

efforts

Board members or senior managers

that are reluctant to engage with IT

34


35/39

COBIT 5 ISACA

Merger, acquisition or divestiture

Shift in the market, economy or

competitive position

Change in business operating

model or sourcing arrangements

New regulatory or compliance

requirements

Significant technology change or

paradigm shift

An enterprise-wide governance focus

or project

A new CIO, CFO, COO or CEO

External audit or consultant

assessments

A new business strategy or priority

By using pain points or trigger events as the

launching point for IT governance initiatives,

the business case for GEIT improvement can

be related to issues being experienced,

which will improve buy-in to the business

case.

35


36/39


37/39


38/39

COBIT 5 ISACA

38


39/39

COBIT 5 ISACA

39

qecb glc cobit 5 isaca s new framework 201303

Documents