COBIT 5 as an IT Management Best Practices Framework.pdf

COBIT® 5 as IT Management Best Practice Framework

Please see Acknowledgements & Notices in last few slides ATA/Lucid/2010-01-25 MUS/

© 2010 NUS. All Rights Reserved Unless

1

What is COBIT? 

Control OB jectives for Information and related Technology



International framework from ISACA and IT Governance Institute



Helps maximise value of IT to businesses



Originally, more for monitoring/ audit /risk assessment of IT management processes



Increasingly recognised as comprehensive framework of IT Management best practices ■ Advises on WHAT to do ■ Some high-level of how to do



Currently Version 5 ATA/Lucid/2010-01-25 MUS/


2

What is COBIT? 

Control OB jectives for Information and related Technology



International framework from ISACA and IT Governance Institute



Helps maximise value of IT to businesses



Originally, more for monitoring/ audit /risk assessment of IT management processes



Increasingly recognised as comprehensive framework of IT Management best practices ■ Advises on WHAT to do ■ Some high-level of how to do



Currently Version 5 ATA/Lucid/2010-01-25 MUS/


2

COBIT - Governance and Management

generally, the generally, t he responsibility of Board of Directors

Strategic

Tactical

Operational Operatio nal

Nb: Words in green above NOT part of COBIT but added by the author of this presentation. ATA/Lucid/2010-01-25 MUS/


3

COBIT5 Processes Domains Governance

Align, Plan & Organise

• Manage the IT Management

Framework • Manage Strategy • Manage Innovation • Manage Enterprise Architecture • Manage Portfolio • Manage Budget and Costs • Manage Human Resources • Manage Relationships • Manage Service Agreements • Manage Suppliers • Manage Quality • Manage Risk • Manage Security

Build, Acquire & Implement

• Manage Programmes &

Projects • Manage Requirements Definition • Manage Solutions Identification and Build • Manage Availability & Capacity • Manage Change Acceptance and Transitioning • Manage Organisational Change Management • Manage Changes • Manage Knowledge • Manage Assets • Manage Configuration ATA/Lucid/2010-01-25 MUS/

• Ensure Governance Framework

Setting and Maintenance • Ensure Benefits Delivery • Ensure Risk Optimisation • Ensure Resource Optimisation • Ensure Stakeholder Transparency

Deliver, Service & Support

• Manage Operations • Manage Service Requests

& Incidents • Manage Problems • Manage Continuity • Manage Security Services • Manage Business Process Controls

Processes

Monitor, Evaluate & Assess

• Monitor, Evaluate and

Assess Performance & Conformance • Monitor, Evaluate and Assess the System of Internal Control • Monitor, Evaluate and Assess Compliance with External Requirements


4

Domain BAI - Build, Acquire & Implement 

Programmes ■



Projects ■





■

Manage Requirements Definition

■

Manage Availability & Capacity

Design & Build



Manage Solutions Identification and Build

Test & Implement ■



Manage (Programmes and) Projects

Requirements

■ 

Manage Programmes (and Projects)

Manage Change Acceptance and Transitioning

Changes ■

Manage (IT) Changes

■

Manage Organisational Change Management

Supporting Processes ■

Manage Knowledge

■

Manage Assets

■

Manage Configuration

Nb: Bold headings are author’s own categorisation & are not part of COBIT

ATA/Lucid/2010-01-25 MUS/


5

Domain BAI - Build, Acquire & Implement

Programme Management

Build, Acquire & Implement (BAI)

(Generic) Project Management

IT Systems Devt Life Cycle Mgt Requirements & Feasibility

Design & Build

Test & Implement

Manage Changes IT and Organisational Support Processes Knowledge, Asset, Configuration Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT. ATA/Lucid/2010-01-25 MUS/


6

BAI Relationship with APO (Strategic)

Align, Plan & Organise (APO)


Pre-Project

Development

Production

IT Strategy / Innovation / Ent. Architecture / Portfolio Management

Programme Management (Generic) Project Management


(Tactical)

Design & Build

IT Ongoing Management

Test & Implement

Manage Changes IT and Organisational Support Processes Knowledge, Asset, Configuration

Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT. ATA/Lucid/2010-01-25 MUS/


7

Domain APO – Align, Plan & Organise 

Strategy/ Architecture / Portfolio ■ ■ ■ ■ ■



IT Strategy / Architecture / Portfolio Management



Design & Build

Test & Implement

Manage Changes IT and Organisational Support Processes Knowledge, Asset, Configuration


Manage Manage Manage Manage Manage

the IT Management Framework Strategy Innovation Enterprise Architecture Portfolio

IT Ongoing Management ■ ■ ■ ■ ■ ■ ■ ■


Manage Manage Manage Manage Manage Manage Manage Manage

Budget and Costs Human Resources Relationships Service Agreements Suppliers Quality Nb: Bold headings are Risk author’s own categorisation & are not part of COBIT Security


8

COBIT Domains – Deliver, Service & Support (DSS) 

Service Operations ■ Manage Operations ■ Manage Service Requests & Incidents ■ Manage Problems ■ Manage Continuity ■ Manage Security Services

■ Manage Business Process Controls Nb: Bold headings are author’s own categorisation & are not part of COBIT



9

DSS Relationship with BAI & APO (Strategic)

Pre-Project


Development

Production



(Tactical)





Design & Build

Test & Implement

Manage Changes IT & Organisational Support Processes Knowledge, Assets, Configuration

Deliver, Service & Support (DSS) (Operational)

Service Operations



10

COBIT Domains – Monitor, Evaluate & Assess 

Monitor, Evaluate and Assess ■ Performance & Conformance ■ System of Internal Control ■ Compliance with External Requirements




11

MEA Relationship with APO / BAI / DSS (Strategic)

Pre-Project


Development

Production

Measure, Evaluate & Assess (MEA)



(Tactical) Build, Acquire & Implement (BAI)



Measure, Evaluate & Assess


Design & Build

Test & Implement


Deliver, Service & Support (DSS) (Operational)

Service Operations



12

COBIT Domains – Governance



Monitor, Evaluate & Direct to: ■ Ensure Governance Framework Setting and Maintenance ■ Ensure Benefits Delivery ■ Ensure Risk Optimisation ■ Ensure Resource Optimisation ■ Ensure Stakeholder Transparency




13

Governance Relationship To Management Evaluate (Governance)

Direct

Pre-Project

(Strategic Mgt) Align, Plan & Organise (APO)

Development

Production


Measure, Evaluate & Assess (MEA)


(Tactical Mgt) Build, Acquire & Implement (BAI)

Monitor


Measure, Evaluate & Assess


Design & Build

Test & Implement


Deliver, Service & Support (DSS) (Operational Mgt)

Service Operations Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT. ATA/Lucid/2010-01-25 MUS/


14

Further Process Details  COBIT

provides further details to the Process

■ Breakdown of Process • Process – Management Practices »

Activities

■ RACI for Management Practices ■ Inputs-Outputs for each Activity ■ Metrics for the overall process • IT-related • Process-related ATA/Lucid/2010-01-25 MUS/


15

COBIT Process Details – Management Practices 

Manage Programmes and Projects

Process

■ Maintain a standard approach for programme and project management ■ Initiate a programme. ■ Manage stakeholder engagement. ■ Develop and maintain the programme plan. ■ Launch and execute the programme ■ Monitor, control and report on the programme outcomes. ■ Start up and initiate projects within a programme. ■ Plan projects ■ Manage programme and project quality ■ Manage programme and project risk ■ Monitor and control projects ■ Manage project resources and work packages. ■ Close a project or iteration ■ Close a programme. ATA/Lucid/2010-01-25 MUS/

Management Practices


16

COBIT Process Details – Management Practices and Activities Process



Manage Programmes and Projects ■

Maintain a standard approach for programme and project management

■

Initiate a programme

Management Practices

• Agree on programme sponsorship and appoint a programme board/committee with members who have strategic interest in the programme, have responsibility for the investment decision making, will be significantly impacted by the programme and will be required to enable delivery of the change. •

Confirm the programme mandate with sponsors and stakeholders. Articulate the strategic objectives for the programme, potential strategies for delivery, improvement and benefits that are expected to result, and how the programme fits with other initiatives.

•

Develop a detailed business case for a programme, if warranted. Involve all key stakeholders to develop and document a complete understanding of the expected ente rprise outcomes, how they will be measured, the full scope of initiatives required, the risk involved and the impact on all aspects of the enterprise. Identify and assess alternative courses of action to achieve the desired enterprise outcomes.

•

Develop a benefits realisation plan that will be managed throughout the programme to ensure that planned benefits always have owners and are achieved, sustained and optimised.

•

Prepare and submit for in-principle approval the initial (conceptual) programme business case, providing essential decision-making information regarding purpose, contribution to business objectives, expected value created, time frames, etc

Activities

• Appoint a dedicated manager for the programme, with the commensurate competencies and skills to manage the programme effectively •

and efficiently.

■

Manage stakeholder engagement.

■

… ATA/Lucid/2010-01-25 MUS/


17

COBIT Process Details – RACI for Management Practices



18

COBIT Process Details – InputsOutputs for Each Activity



19

COBIT Process Details – IT-Related Metrics Example - from Manage Programmes and Projects process



20

COBIT Process Details – ProcessRelated Metrics Example - from Manage Programmes and Projects process



21

Other Key Elements of COBIT  Principles  Enablers  Lifecycle  Process  COBIT

Approach

Capability Model

5 Product Family



22

Principles



23

Enablers



24

Lifecycle Approach



25

Process Capability Model



26

COBIT 5 Product Family



27

COBIT 5 Mapping to Other Frameworks

Nb: Some of the other frameworks can map to more than one COBIT domain (eg. ITIL/COBIT) but for simplicity, only one domain is mapped here ATA/Lucid/2010-01-25 MUS/


28

For Further Information  For

further details on COBIT course

■ http://www.iss.nus.edu.sg/ProfessionalCourse s/SearchCourse/CourseDetail/tabid/267/cid/20 /cname/nicf-cobit-foundation/Default.aspx  For

other related courses:

■ http://www.iss.nus.edu.sg/ProfessionalCourse s/CourseCatalogue.aspx



29

Acknowledgements & Sources  Sources

used in this presentation:

■ Information Systems Audit and Control Association. (2012). COBIT 5: Enabling processes. Rolling Meadows, IL: ISACA.



30

Acknowledgements & Notices 

COBIT® is a registered trade mark of ISACA and the IT Governance Institute



CGEIT® is a registered trade mark of ISACA



TOGAF is a registered trademark of The Open Group in the United States and other countries



CBAP® is a registered certification mark owned by International Institute of Business Analysis



CISSP is a registered Trademark of (ISC)2



SCRUM Alliance REP SM is a service mark of Scrum Alliance, Inc.



PMP is a registered mark of Project Management Institute, Inc.



ITIL®, PRINCE2®, P3O®, MSP® are registered trade marks of the Cabinet Office



CMMI is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University



The Swirl logo™ is a trade mark of the Cabinet Office



© 2011 NUS unless otherwise stated. The contents of this document may not be reproduced in any form or by any means, without the written permission of ISS, NUS, other than for the purpose for which it has been supplied ATA/Lucid/2010-01-25 MUS/


COBIT 5 as an IT Management Best Practices Framework.pdf

Recommend Documents