8/9/2019 01.2 COBIT

1/49

8/9/2019 01.2 COBIT

2/49

8/9/2019 01.2 COBIT

3/49

Characteristics of Useful Information:

• Effectiveness

• Efficiency

• Confidentiality

• Integrity

• Availability

• Compliance

• Reliability

8/9/2019 01.2 COBIT

4/49

8/9/2019 01.2 COBIT

5/49

• Provide a renewed and authoritativegovernance and management framework forenterprise information and related technology

• Integrates all other major ISACA frameworksand guidance

• Align with other major frameworks andstandards

8/9/2019 01.2 COBIT

6/49

8/9/2019 01.2 COBIT

7/49

• A comprehensive information model

• Guidance on how to use an established

governance and management framework(COBIT 5) to address common information

governance and management issues

• An understanding of the reasons information

needs to be managed and governed in an

appropriate way

8/9/2019 01.2 COBIT

8/49

• High-quality information

• Strategic goals and realize business benefits

•

Achieve operational excellence• Maintain IT-related risk at an acceptable level

• Optimize the cost of IT services and technology

•

Support compliance with relevant laws,regulations, contractual agreements and policies

8/9/2019 01.2 COBIT

9/49

• Good governance and management ofinformation and technology (IT) assets.

• IT as any other significant part of the business.

• External legal, regulatory and contractualcompliance requirements

• COBIT 5, a comprehensive framework that assists

enterprises to achieve their goals and delivervalue through effective governance andmanagement of enterprise IT of enterprise IT.

8/9/2019 01.2 COBIT

10/49

• Board of directors and executive management(CEO, CFO, COO)

• Business process owners, business process

architects• Information architects, information solution

builders, information managers, IT architects, ITdevelopers

•

CIO and IT management, technology serviceproviders (internal and external), applicationmanagers

8/9/2019 01.2 COBIT

11/49

• IT operations

• IT security, continuity professionals

• Assurance professionals

• External audit

• Records management professionals,knowledge managers

• Data governance and managementprofessionals

8/9/2019 01.2 COBIT

12/49

• Government and regulators

• Education

• Privacy professionals• Compliance and risk professionals

• Data owners

8/9/2019 01.2 COBIT

13/49

8-13

8/9/2019 01.2 COBIT

14/49

• Create optimal value from IT

• Enables information and related technology to

be governed and managed• The COBIT 5 principles and enablers are

generic and useful for enterprises of all sizes,

whether commercial, not-for-profit or in the

public sector.

8/9/2019 01.2 COBIT

15/49

COBIT 5 Principles

15

Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.

8/9/2019 01.2 COBIT

16/49

8/9/2019 01.2 COBIT

17/49

The following slides summarise the major changesin COBIT 5 content and how they may impactGovernance of Enterprise InformationTechnology (GEIT) implementation/improvement:

1. New GEIT Principles2. Increased Focus on Enablers

3. New Process Reference Model

4. New and Modified Processes

5. Practices and Activities

6. Goals and Metrics

7. Inputs and Outputs

8. RACI Charts

9. Process Capability Maturity Models and Assessments

17

8/9/2019 01.2 COBIT

18/49

COBIT 5 Principles

18

Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.

8/9/2019 01.2 COBIT

19/49

Principle 1. MeetingStakeholder Needs:

19Source: COBIT® 5, figure 4. © 2012 ISACA® All rights reserved.

8/9/2019 01.2 COBIT

20/49

• Stakeholder needs can be related to a set ofgeneric enterprise goals.

• These enterprise goals have been developed usingthe Balanced Scorecard (BSC) dimensions.

• The enterprise goals are a list of commonly usedgoals that an enterprise has defined for itself.

• Although this list is not exhaustive, most enterprise-specific goals can be easily mapped onto one ormore of the generic enterprise goals.

20

8/9/2019 01.2 COBIT

21/49

21Source: COBIT® 5, figure 5. © 2012 ISACA® All rights reserved.

8/9/2019 01.2 COBIT

22/49

8/9/2019 01.2 COBIT

23/49

COBIT 5 Principles

23

Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.

8/9/2019 01.2 COBIT

24/49

8/9/2019 01.2 COBIT

25/49

COBIT 5 Principles

25

Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.

8/9/2019 01.2 COBIT

26/49

• COBIT 5 aligns with the latest relevant other standardsand frameworks used by enterprises:

 – Enterprise: COSO, COSO ERM, ISO/IEC 9000, ISO/IEC 31000

 – IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series,TOGAF, PMBOK/PRINCE2, CMMI

 – Etc.

• COBIT 5 the overarching governance and managementframework integrator

•  ISACA plans a capability to facilitate COBIT usermapping of practices and activities to third-partyreferences

8/9/2019 01.2 COBIT

27/49

COBIT 5 Principles

27

Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.

8/9/2019 01.2 COBIT

28/49

• Factors that, individually andcollectively, influence whethersomething will work—in thecase of COBIT, governance and

management over enterprise IT

• Driven by the goals cascade,i.e., higher-level IT-relatedgoals define what the different

enablers should achieve• Described by the COBIT 5

framework in seven categories

8/9/2019 01.2 COBIT

29/49

8/9/2019 01.2 COBIT

30/49

COBIT 5 Principles

30

Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.

8/9/2019 01.2 COBIT

31/49

Principle 5: Separating Governancefrom Management

• Governance

• Management

31

8/9/2019 01.2 COBIT

32/49

32Source: COBIT® 5, figure 15. © 2012 ISACA® All rights reserved.

8/9/2019 01.2 COBIT

33/49

The following slides summarise the major changesin COBIT 5 content and how they may impactGovernance of Enterprise InformationTechnology (GEIT) implementation/improvement:

1. New GEIT Principles2. Increased Focus on Enablers

3. New Process Reference Model

4. New and Modified Processes

5. Practices and Activities

6. Goals and Metrics

7. Inputs and Outputs

8. RACI Charts

9. Process Capability Maturity Models and Assessments

33

8/9/2019 01.2 COBIT

34/49

34Source: COBIT®

5, figure 12. © 2012 ISACA®

All rights reserved.

8/9/2019 01.2 COBIT

35/49

The following slides summarise the major changesin COBIT 5 content and how they may impactGovernance of Enterprise InformationTechnology (GEIT) implementation/improvement:

1. New GEIT Principles2. Increased Focus on Enablers

3. New Process Reference Model

4. New and Modified Processes

5. Practices and Activities

6. Goals and Metrics

7. Inputs and Outputs

8. RACI Charts

9. Process Capability Maturity Models and Assessments

35

8/9/2019 01.2 COBIT

36/49

36

Source: COBIT® 5, figure 16. © 2012 ISACA® All rights reserved.

8/9/2019 01.2 COBIT

37/49

The following slides summarise the major changesin COBIT 5 content and how they may impactGovernance of Enterprise InformationTechnology (GEIT) implementation/improvement:

1. New GEIT Principles2. Increased Focus on Enablers

3. New Process Reference Model

4. New and Modified Processes

5. Practices and Activities

6. Goals and Metrics

7. Inputs and Outputs

8. RACI Charts

9. Process Capability Maturity Models and Assessments

37

8/9/2019 01.2 COBIT

38/49

38

8/9/2019 01.2 COBIT

39/49

8/9/2019 01.2 COBIT

40/49

The following slides summarise the major changesin COBIT 5 content and how they may impactGovernance of Enterprise InformationTechnology (GEIT) implementation/improvement:

1. New GEIT Principles2. Increased Focus on Enablers

3. New Process Reference Model

4. New and Modified Processes

5. Practices and Activities

6. Goals and Metrics

7. Inputs and Outputs

8. RACI Charts

9. Process Capability Maturity Models and Assessments

40

8/9/2019 01.2 COBIT

41/49

The following slides summarise the major changesin COBIT 5 content and how they may impactGovernance of Enterprise InformationTechnology (GEIT) implementation/improvement:

1. New GEIT Principles2. Increased Focus on Enablers

3. New Process Reference Model

4. New and Modified Processes

5. Practices and Activities

6. Goals and Metrics

7. Inputs and Outputs

8. RACI Charts

9. Process Capability Maturity Models and Assessments

41

8/9/2019 01.2 COBIT

42/49

The following slides summarise the major changesin COBIT 5 content and how they may impactGovernance of Enterprise InformationTechnology (GEIT) implementation/improvement:

1. New GEIT Principles2. Increased Focus on Enablers

3. New Process Reference Model

4. New and Modified Processes

5. Practices and Activities

6. Goals and Metrics

7. Inputs and Outputs

8. RACI Charts

9. Process Capability Maturity Models and Assessments

42

8/9/2019 01.2 COBIT

43/49

The following slides summarise the major changesin COBIT 5 content and how they may impactGovernance of Enterprise InformationTechnology (GEIT) implementation/improvement:

1. New GEIT Principles2. Increased Focus on Enablers

3. New Process Reference Model

4. New and Modified Processes

5. Practices and Activities

6. Goals and Metrics

7. Inputs and Outputs

8. RACI Charts (Responsibility Charting)

9. Process Capability Maturity Models and Assessments

43

8/9/2019 01.2 COBIT

44/49

44

Source: COBIT ® 5: Enabling Processes, page 31. © 2012 ISACA® All rights reserved.

Source: COBIT® 4.1, page 39. © 2007 IT Governance Institute® All rights reserved.

8/9/2019 01.2 COBIT

45/49

The following slides summarise the major changesin COBIT 5 content and how they may impactGovernance of Enterprise InformationTechnology (GEIT) implementation/improvement:

1. New GEIT Principles2. Increased Focus on Enablers

3. New Process Reference Model

4. New and Modified Processes

5. Practices and Activities

6. Goals and Metrics

7. Inputs and Outputs

8. RACI Charts

9. Process Capability Maturity Models and Assessments

45

8/9/2019 01.2 COBIT

46/49

COBIT 4.1/5

46© 2012 ISACA®

All rights reserved.

8/9/2019 01.2 COBIT

47/49

• What materials support the COBIT Assessment Programmeapproach?

 – COBIT Process Assessment Model (PAM): Using COBIT4.1 — Serves as a base reference document for theperformance of a capability assessment of anorganisation’s current IT processes against COBIT 4.1

 – COBIT Assessor Guide: Using COBIT 4.1 — Provides detailson how to undertake a full ISO-compliant assessment

 – COBIT Self-assessment Guide: Using COBIT 4.1 — 

Providesguidance on how to perform a basic self-assessment ofan organisation’s current IT process capability levelsagainst COBIT 4.1 processes

• The above materials exist to support COBIT 4.1-based assessmentsnow; versions will be produced to support COBIT 5-based

assessments.

47

8/9/2019 01.2 COBIT

48/49

• COBIT 4.1, Val IT and Risk IT users wishingto move to the new COBIT AssessmentProgramme approach will need torealign their previous ratings, adopt andlearn the new method, and initiate anew set of assessments in order to gainthe benefits of the new approach.

• Although some of the informationgathered from previous assessments

may be reusable, care will be needed inmigrating this information forwardbecause there are significantdifferences in requirements.

48

8/9/2019 01.2 COBIT

49/49

• COBIT 4.1, Val IT and Risk IT userswishing to continue with the CMM-

based approach, either as aninterim or ongoing approach, canuse the COBIT 5 guidance, but mustuse the COBIT 4.1 generic attribute

table without the high-level maturitymodels.