welcome isaca baton rouge chapter
DESCRIPTION
Welcome ISACA Baton Rouge Chapter. Moving from COBIT 4.1 to COBIT 5. May 24, 2012. Agenda. Differences between COBIT 4.1 and COBIT 5 Review of COBIT 5 Framework and Enabling Processes Incorporation of Application Level Controls LA Legislative Auditor’s Office Implementation of COBIT 5. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/1.jpg)
Welcome ISACA Baton Rouge Chapter
Moving from COBIT 4.1 to COBIT 5
May 24, 2012
![Page 2: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/2.jpg)
Agenda
• Differences between COBIT 4.1 and COBIT 5• Review of COBIT 5 Framework and Enabling
Processes• Incorporation of Application Level Controls• LA Legislative Auditor’s Office Implementation
of COBIT 5
![Page 3: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/3.jpg)
COBIT 4.1 and COBIT 5Compare and Contrast
![Page 4: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/4.jpg)
COBIT 5
• Created by the IT Governance Institute• How is COBIT different and why do we use it?
o Contains IT best practices that can be used by auditors and IT management
o Generally acceptable with third parties and regulators
o Fulfills the COSO requirements for the IT control environment
![Page 5: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/5.jpg)
COBIT 5 Principles
![Page 6: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/6.jpg)
1: Meeting Stakeholder Needs
• “The COBIT 5 Goals Cascade translates stakeholder needs into specific, actionable, and customized goals within the context of the enterprise, IT-related goals, and enabler goals.”
![Page 7: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/7.jpg)
2: Covering the Enterprise End-to-End
COBIT 5:• Integrates governance of
enterprise IT into enterprise governance.
• Covers all functions and processes required to govern and manage enterprise information and related technologies wherever that information may be processed.
![Page 8: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/8.jpg)
3: Applying a Single Integrated Framework
![Page 9: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/9.jpg)
4: Enabling a Holistic Approach• Enablers are factors that, individually and collectively,
influence whether something will work.• COBIT 4.1 contained enablers, but more emphasis
has been placed on enablers in COBIT 5.
![Page 10: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/10.jpg)
5: Separating Governance from Management
• Governance: ensures that stakeholder needs, conditions, and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives.
• Management: plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives.
![Page 11: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/11.jpg)
5: Separating Governance from Management
• These two disciplines encompass different types of activities, require different organizational structures, and serve different purposes.
![Page 12: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/12.jpg)
COBIT 5 Framework and Enabling Processes
![Page 13: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/13.jpg)
![Page 14: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/14.jpg)
Notable Process MappingCOBIT 4.1 COBIT 5 Topic CoveredME4 EDM1, 2, 3, 4, 5 IT GovernanceAC 1, 2, 3, 4, 5, 6 BAI3 & DSS6 Manage Business Process ControlsPO1 APO2 Strategic PlanningPO4 APO1 Organization, Processes, and RelationshipsPO8 APO11 Manage QualityPO9 APO12 Manage RiskPO10 BAI1 Manage Programs and ProjectsAI4 BAI8 Manage KnowledgeAI5 & DS2 APO10 Manage SuppliersDS1 APO9 Manage Service AgreementsDS3 BAI4 Manage Availability and CapacityDS5 & DS12 DSS5 Manage Security ServicesDS5 APO13 Manage Security
![Page 15: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/15.jpg)
Practices and Activities• COBIT 5 Practices and Activities are equivalent
to COBIT 4.1 Control Objectives and Val IT and Risk IT processes.
![Page 16: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/16.jpg)
RACI Charts
![Page 17: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/17.jpg)
Application Level Controls
![Page 18: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/18.jpg)
Holistic Approach• The terms “general controls” and “application
controls” are still commonly used, COBIT 5 does not distinguish between the two as did COBIT 4.1.
• The holistic approach maps common enterprise goals and objectives to IT goals as “primary” or “secondary.”
• IT goals are mapped to processes and attributes as “primary” or “secondary” that enable an enterprise to achieve the IT goals.
![Page 19: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/19.jpg)
Louisiana Legislative Auditor’s OfficeImplementation of COBIT 5 into Standard Auditing Procedures
![Page 20: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/20.jpg)
LA Legislative Auditor
• Oversee 3500 audits of state and local governments, and conducts independent financial and performance audits of State agencies, colleges, and universities.
![Page 21: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/21.jpg)
21
Our ApproachControl Matrix for Information Technology (CoMIT) Tool
We needed a tool based on CoBIT Criteria• Use of IT has grown and we are resource
challenged • Standardize our procedures and have a
common measuring tool
![Page 22: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/22.jpg)
Confidentiality?!
![Page 23: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/23.jpg)
Control Matrix for Information Technology (CoMIT)
• Governance Enterprise Management Matrixo “Primary Controls”o Organized according to the five domains
• Transaction and Application Level Matrixo Evaluates key controls at a more granular levelo Organized in accordance with the Confidentiality,
Integrity, and Availability (CIA) Triad
![Page 24: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/24.jpg)
![Page 25: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/25.jpg)
Transaction and Application Level
![Page 26: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/26.jpg)
COBIT 5 Family
![Page 27: Welcome ISACA Baton Rouge Chapter](https://reader035.vdocuments.site/reader035/viewer/2022081507/568167e2550346895ddd44d0/html5/thumbnails/27.jpg)
You Might Be An IT Auditor If…• You have more letters behind your name than a can of
alphabet soup• You have a gadget on your desk that you have fondly given a
name• Bean counter references make you mad• Balancing your checkbook is fun• When you have your computer repaired, you ask for all the
parts back, labeled, and itemized• Your idea of vacation is field work• You and your coworkers represent more nationalities than
anywhere else in the office