COBIT Objective -?? Evolution – COBIT1 (audit), COBIT2 (control), COBIT3 (), COBIT4 (), COBIT5 () Major drivers for the development of a Framework is –
1. Provide guidance in the following: - Enterprise architecture - Asset and service management - Emerging sourcing and organization models - Innovation and emerging technologies 2. End-to-end business and IT responsibilities 3. Better control user initiated and user controlled IT solutions 4. A need for enterprise to perform the following: - Increased value creation - Business user satisfaction - Compliance with laws, regulations and policies - Relation between business and IT - Return of enterprise IT governance - Align with other frameworks and standards COBIT benefits:
1. 2. 3. 4.
Defines starting point of g and m activities as stakeholder needs Common language between IT and business Integrated and complete perspective of enterprise g and m Accepted corporate governance standards
COBIT Mapping Summary: (5 domains) EDM = Governance APO + BAI + DSS + MEA = Management Process group for mapping: (total 37 processes- known as PRM Process Reference Model used for audit) EDM – Evaluate, Direct and Manage (5) APO – Align, Plan and Organize (13) BAI – Build, Acquire and Implement (10) DSS – Deliver, Service and Support (6) MEA – Monitor, Evaluate and Assess (3) 5 Principles: Principle 1: Meeting stakeholder needs Stakeholder needs is Value creation = Benefits Realization + Risk Optimization + Resource Optimization Goal Cascade model - Stakeholder drivers Stakeholder needs Enterprise Goals (17 goals in BSC dimensions-Financial, Customer, Internal, Learning and Growth with Primary/Secondary classification) IT-related Goals (17 goals also in BSC dimensions) Enabler Goals (37 process goals) Goal Cascade allows the definition of priorities – Implementation, improvement, and assurance of enterprise governance of IT. Goals Category – Intrinsic goals (inline with good practice, internal and external); Contextual goals (customized and adapted, relevant, understandable, easy to apply); Accessibility and security goals (remains confidential, accessible onlyto those who need it)
Principle 2: Covering the enterpise end-to-end Governance Approach components are: Governance Objective = Governance Enablers + Governance Scope Above achieved by Roles, Activities, and Relationships (Owners and Stakeholders [Delegate] Governing Body [Direction, Accountable] Management [Instruct and Align, Monitor] Operations and Execution [Report]) Principle 3: Applying a Single Integrated Framework COBIT Product Family includes – COBIT 5 integrated framework, knowledge base, Product family COBIT 5 Product family: Cobit enablers guides, Cobit Professional guides, Cobit online collaborative environment Principle 4: Enabling a Holistic Approach 7 Enablers:
-
-
-
1) Principles, policies and frameworks (principle are core values of enterprise; policies have 6 characteristics that are detailed to implement principles; Relationship with other enablers – 2,3,4,5) 2) Processes (5 PRM domain, 37 processes, process is a collection of practices influenced by enterprise policies and procedures; process goals are statement describing desired outcome of a process; Relationship with other enablers – 1,2-other processes,3,4,5,6) 3) Org structure (Operating principles, Span of control, level of authority, delegation of responsibility, escalation procedures; Relationship with other enablers – ) 4) Culture, ethics and behavior (Org ethics, individual ethics, individual behaviors; Relationship with other enablers – 1,2,3) 5) Information (Key 7 info criteria are effectiveness, efficiency, confidentiality, integrity, availability, compliance, reliability; Metadata information cycle is: Business Process Data Information Knowledge Value; LEVELS……Pragmatic,…; Relationship with other enablers – ) 6) Services, infrastructure and applications (5 Architecture principles are: Reuse, Buy vs Build, Simplicity, Agility, Openness; Relationship with other enablers – ) 7) People, skills and competencies ( ; Relationship with other enablers – )
4 Dimensions of Enabler: Stakeholders, Goals, Lifecycle, Good practices Lag Indicators (Stakeholders, Goals): Metrics for Achievement of Goals Lead Indicators (Lifecycle, Good practices): Metrics for Application of Practice Principle 5: Separating Governance from Management Process Reference Model: Processes are aligned to COBIT 5 domains (EDM,APO, BAI, DSS, MEA) Governance: Evaluate, Direct, Monitor (EDM) - starts with ensure… Management: Plan (APO), Build (BAI), Run (DSS), Monitor (MEA) – first three starts with manage… And last starts with monitor…
Impl is seven phased implementation lifecycle (Programme mgt; Change enablement; Continual impr) Business case – important tool for management to understand value realization Phase 1: Initiate Programme; Establish desire to change; Recognise need to act Phase 2: Define problems and opportunities; Form implementation team; Assess current state Phase 3: Define Road Map; Communicate outcome; Define target state Phase 4: Plan Programme; Identify role players; Build improvement Phase 5: Execute Plan; Operate and use; Implement improvement Phase 6: Realise Benefits; Embed new approaches; Operate and measure Phase 7: Review Effectiveness; Sustain; Monitor and evaluate Internal and External factors: Trigger events and IT Pain points: Fsdfdsfgdfg Process Assessment: as per ISO 15504-4 Capability assessment is done Process improvement initiative or capability determination approach COBIT assessment – is done annual basis External (capability assessment) = PAM + Assessor’s Guide Internal (process improvement assessment) = PAM + Self-assessment Guide 5 levels of Capability Assessment are: Incomplete, Performed, Managed, Established, Predictable, Optimising. Benefits of ISO 15504:
-
Improved focus on achieving its purpose Elimination of duplication More acceptance of ISO standards worldwide
Purpose of process assessment:
-
Enables benchmarking of process capability Enables As-is and to-be health checks to support decision-making Gap analysis and improvement planning to support definition of improvement projects Provide assessment ratings to measure and monitor capabilities
Process Reference Model (PRM) – Defines scope, process purpose and outcomes Measurement Framework – 6 Capability levels, 9 process attributes, 4 Rating scale Process Assessment Model (PAM) – Defines scope, Capability dimension vs Process dimension CD – focusses on process capability dimension (1 to 5) based on PAI (process attribute indicators) PD – contains additional indicators based on specific performance indicators Any process to be capable, Level 5
Learn more on –
ISACA knowledge assets COSO SFIA - skill framework info age