COBIT 5 overview.pdfCOBIT 5

COBIT 5

WHEN TITLE

IS NOT A QUESTION

NO ‘WE CAN’

WHEN TITLE

IS NOT A QUESTION

NO ‘WE CAN’

COBIT 5 What's New and Innovative and of Extreme Value !

ISACA Strategic Advisory Council Vice President Strategy & Innovation CA Technologies

Robert E Stroud CGEIT CRISC

Robert E Stroud CRISC CGEIT Vice President, Strategy & Innova<on Cloud Compu<ng, Service Management & Governance Evangelist CA Technologies

— Co-Chair INSIGHTS 2012

— ISACA Strategic Advisory Council

— Contributor COBIT, VALIT and RISK IT

— Immediate Past Executive Board itSMF Intl. Treasurer and Director Audit Standards & compliance

— Former Board Member USA itSMF

— 15 years Banking Experience

— Author, Public Speaker & Industry GeeK

© 2012 ISACA. All Rights Reserved.

How many controls are enough?

our world is transitioning

Governance of Enterprise IT

COBIT 5

IT Governance

COBIT4.0/4.1

Management

COBIT3

Control

COBIT2

An business framework from ISACA, at www.isaca.org/cobit

Audit

COBIT1

2005/7 2000 1998

Evo

lutio

n of

sco

pe

1996 2012

Val IT 2.0 (2008)

Risk IT (2009)

evolu&on, not revolu&on!

7 © 2012 ISACA® All rights reserved.

COBIT 5 Product Family

Source: COBIT® 5, figure 11. © 2012 ISACA® All rights reserved.

Major changes in COBIT 5 content

— New GEIT Principles — Increased Focus on Enablers — New Process Reference Model — New and Modified Processes — Practices and Activities — Goals and Metrics — Inputs and Outputs — RACI Charts — Process Capability Assessments

10

COBIT 5 Future Supporting Products

COBIT 5 Framework

COBIT 5 Framework

— The main, overarching COBIT 5 product

�  Contains the executive summary and the full description of all of the COBIT 5 framework components: � The five COBIT 5 principles � The seven COBIT 5 enablers plus � An introduction to the implementation guidance

provided by ISACA (COBIT 5 Implementation)

12

COBIT 5 Principles


Mee&ng Stakeholder Needs

Principle 1. Meeting Stakeholder Needs

�  Enterprises exist to create value for their stakeholders.


Stakeholder Value and Business Objec&ves

15 Source: COBIT® 5, figure 5. © 2012 ISACA® All rights reserved.

Mee&ng Stakeholder Needs Source: COBIT® 5, figure 4. © 2012 ISACA® All rights reserved.

Covering the Enterprise End-‐to-‐end

— Key components of a governance system


Covering the Enterprise End-‐to-‐end


Single Integrated Framework

� COBIT 5 aligns with the latest relevant other standards and frameworks used by enterprises: � Enterprise: COSO, COSO ERM, ISO/IEC 9000, ISO/IEC

31000 � IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series,

TOGAF, PMBOK/PRINCE2, CMMI � Etc.

� COBIT 5 the overarching governance and management framework integrator

�  ISACA plans a capability to facilitate COBIT user mapping of practices and activities to third-party references

Enabling a Holis&c Approach

COBIT 5 enablers — Factors that, individually and

collectively, influence whether something will work—in the case of COBIT, governance and management over enterprise IT

— Driven by the goals cascade, i.e., higher-level IT-related goals define what the different enablers should achieve

— Described by the COBIT 5 framework in seven categories

20

Governance and Management

— Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed-on direction and objectives (EDM).

— Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM).

21

Enabling a Holis&c Approach


COBIT 5 Enablers


Separa&ng Governance and Management

•  Governance ensures that stakeholders needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritisation and decision making; and monitoring performance and compliance against agreed-on direction and objectives (EDM).

•  Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM).

24

Separa&ng Governance and Management


26

COBIT 5: Enabling Processes


�  COBIT 5: Enabling Processes complements COBIT 5 and contains a detailed reference guide to the processes that are defined in the COBIT 5 process reference model: �  In Chapter 2, the COBIT 5 goals cascade is recapitulated and

complemented with a set of example metrics for the enterprise goals and the IT-related goals.

�  In Chapter 3, the COBIT 5 process model is explained and its components defined.

� Chapter 4 shows the diagram of this process reference model. � Chapter 5 contains the detailed process information for all 37

COBIT 5 processes in the process reference model. � Appendix provides initial mapping



COBIT 5: Enabling Processes (cont.)

30


Evaluate, Direct and Monitor

31


Management

32


New and Modified Processes

— Five new governance processes that have leveraged and improved COBIT 4.1, Val IT and Risk IT governance approaches

— This guidance: − Helps enterprises to further refine and strengthen

executive management-level GEIT practices and activities − Supports GEIT integration with existing enterprise

governance practices and is aligned with ISO/IEC 38500

New and Modified Processes

�  New and modified processes: � APO03 Manage enterprise architecture � APO04 Manage innovation � APO05 Manage portfolio � APO06 Manage budget and costs � APO08 Manage relationships � APO13 Manage security � BAI05 Manage organisational change enablement � BAI08 Manage knowledge � BAI09 Manage assets � DSS05 Manage security service � DSS06 Manage business process controls

Prac&ces and Ac&vi&es

�  The COBIT 5 governance or management practices are related to the COBIT 4.1 control objectives and Val IT and Risk IT processes www.isaca.org/Journal/Past-Issues/2011/Volume-4/Pages/Where-Have-All-the-Control-Objectives-Gone.aspx

�  The COBIT 5 activities are related to the COBIT 4.1 control practices and Val IT and Risk IT management practices

�  COBIT 5 integrates and updates all of the previous content into the one new model, making it easier for users to understand and use this material when implementing improvements

Goals and Metrics

— COBIT 5 follows the same goal and metric concepts as COBIT 4.1, Val IT and Risk IT, but these are renamed enterprise goals, IT-related goals and process goals reflecting an enterprise level view

— COBIT 5 provides a revised goals cascade based on enterprise goals driving IT-related goals and then supported by critical processes

— COBIT 5 provides examples of goals and metrics at the enterprise, process and management practice levels. This is a change to COBIT 4.1, Val IT and Risk IT, which went down one level lower

RACI

37 Source: COBIT® 5: Enabling Processes, page 31. © 2012 ISACA® All rights reserved.

Source: COBIT® 4.1, page 39. © 2007 IT Governance Institute® All rights reserved.

RACI

38 Source: COBIT® 5: Enabling Processes, page 31. © 2012 ISACA® All rights reserved.

COBIT 5 Implementa&on


•  The improvement of the governance of enterprise IT (GEIT) is an essential part of enterprise governance.

•  Information and the pervasiveness of information technology are increasingly part of every aspect of business and public life.

•  The need to drive more value from IT investments and manage an increasing array of IT-related risk has never been greater.

•  Increasing regulation and legislation over business use of information is also driving heightened awareness of the importance of a well-governed and managed IT environment.


•  ISACA has developed the COBIT 5 framework to help enterprises implement sound governance enablers. Indeed, implementing good GEIT is almost impossible without engaging an effective governance framework. Best practices and standards are also available to underpin COBIT 5.

•  Frameworks, best practices and standards are useful only if they are adopted and adapted effectively. There are challenges that need to be overcome and issues that need to be addressed if GEIT is to be implemented successfully.

•  COBIT 5: Implementation provides guidance on how to do this.


•  Positioning GEIT within an enterprise •  Taking the first steps towards improving GEIT •  Implementation challenges and success factors •  Enabling GEIT-related organisational and

behavioural change •  Implementing continual improvement that

includes change enablement and programme management

•  Using COBIT 5 and its components



COBIT 5 This is only the beginning

COBIT 5 Product Family


COBIT 5 Future Suppor&ng Products

•  Professional Guides: •  COBIT 5 for Information Security •  COBIT 5 for Assurance •  COBIT 5 for Risk

•  Enabler Guides: •  COBIT 5: Enabling Information

•  COBIT Online Replacement •  COBIT Assessment Programme:

•  Process Assessment Model (PAM): Using COBIT 5

•  Assessor Guide: Using COBIT 5 •  Self-assessment Guide: Using COBIT 5

COBIT 5 delivers value!

— COBIT 5 helps enterprises create optimal value from IT by maintaining a balance between realising benefits and optimising risk levels and resource use.

— COBIT 5 enables information and related technology to be governed and managed in a holistic manner

— The COBIT 5 principles and enablers are generic – generally applicable!

— A series of publications, education and online collaboration will drive COBIT forward!

control is important especially when you don’t have it!

embrace COBIT to drive

Trust in, and value from, information systems

COBIT 5

embrace with knowledge

COBIT 5 Security Coming at INSIGHTS 2012

ques&ons

Robert E Stroud CGEIT CRISC [email protected]

Twitter @robertestroud

Blogs

http://community.ca.com/blogs/ITIL http://community.ca.com/blogs/ppm

Documents

COBIT 5 overview.pdfCOBIT 5