Академический Документы
Профессиональный Документы
Культура Документы
IT Governance
Steven Hunt
Michael
Nelson
Agenda
IT
Governance
Dened
Founda?onal
Enterprise
IT
Governance
What
is
COBIT
/
COBIT
5?
COBIT
5
Objec?ves
COBIT
5
Framework
COBIT
5
Benets
COBIT
5
Principles
Principle
1
Mee?ng
Stakeholder
Needs
Principle
2
Covering
the
Enterprise
End-To-End
Principle
3
Applying
a
Single
Integrated
Framework
Principle
4
Enabling
a
Holis?c
Approach
Principle
5
Separa?ng
Governance
&
Management
COBIT
Process
Capability
Model
Implementa?on
Guidance
Summary
&
Recommenda?ons
Ques?ons?
References
4/29/12
IT
Governance
Dened
Governance
Management
4/29/12
IT
Governance
Dened
Integra'on
of
Governance
&
Management
4/29/12
Value
Delivery
Ensure
IT
delivers
value
to
the
business
concentra?ng
on
op?mizing
expenses
and
proving
the
value
of
IT
Risk
Management
Ensure
IT
manages
risk
addressing
the
safeguard
of
IT
assets,
disaster
recovery,
and
con?nuity
of
opera?ons
Resource
Management
Ensure
IT
manages
resources
realizing
the
op?mal
investment
in,
and
proper
management
of,
cri?cal
IT
resources
Performance
Management
Ensure
IT
manages
performance
tracking
&
monitoring
strategy
implementa?on,
project
success,
resource
usage,
process
performance,
and
service
delivery
4/29/12
Agenda
IT
Governance
Dened
Founda'onal
Enterprise
IT
Governance
What
is
COBIT
/
COBIT
5?
COBIT
5
Objec?ves
COBIT
5
Framework
COBIT
5
Benets
COBIT
5
Principles
Principle
1
Mee?ng
Stakeholder
Needs
Principle
2
Covering
the
Enterprise
End-To-End
Principle
3
Applying
a
Single
Integrated
Framework
Principle
4
Enabling
a
Holis?c
Approach
Principle
5
Separa?ng
Governance
&
Management
COBIT
Process
Capability
Model
Implementa?on
Guidance
Summary
&
Recommenda?ons
Ques?ons?
References
4/29/12
4/29/12
What is COBIT?
COBIT
Evolu'on
4/29/12
What
is
COBIT
5?
COBIT
5
is
a
Founda?onal
enterprise
IT
Governance
framework,
providing
a
basis
to
eec?vely
integrate
other
complimentary
frameworks,
standards,
and
prac?ces.
As
a
single
overarching
framework
it
serves
as
a
consistent
and
integrated
source
of
guidance
in
a
non-technical,
technology-agnos?c,
common
language.
COBIT
5
addresses
the
governance
and
management
of
informa?on
and
related
technology
from
an
enterprise-wide,
end-to-end
perspec?ve,
including
the
ac?vi?es
and
responsibili?es
of
both
the
IT
func?on
and
non-IT
business
func?ons.
The
end-to-end
aspect
is
further
supported
by
COBIT
5
coverage
of
all
cri?cal
business
elements,
e.g.
processes,
organiza?onal
structures,
principles
&
policies,
culture,
skills,
service
capabili?es.
4/29/12
10
COBIT
5
Objec'ves
Provide a renewed and authoritative full-spectrum framework for the
governance and management of enterprise IT.
Building on the current widely recognized and accepted COBIT
framework, link together and reinforce all other major ISACA
frameworks and guidance.
Connect to and align with other major frameworks and standards
(ISO 38500, ITIL, EA, NIST etc).
Incorporate familiar components such as a Domain/Process model,
Governance/Management Best Practices, RACI charts, and process
input/output linkages.
4/29/12
11
4/29/12
12
4/29/12
13
4/29/12
14
Principles
Architecture
Goals Cascade
Enablers
COBIT Process Assessment Model (PAM)
Implementation Guidance
4/29/12
15
COBIT
5
Benets
Incorpora?ng
an
opera?onal
model,
and
a
common
language
for
all
parts
of
the
business
involved
in
IT
ac?vi?es,
is
one
of
the
most
important
and
cri?cal
steps
toward
good
governance.
It
provides
a
framework
for:
4/29/12
16
COBIT
5
Benets
Enterprise-wide
Benets
Benets
realiza'on
through
Enterprise
IT
Governance
Business-user
sa'sfac'on
with
IT
engagement
and
services
IT
seen
as
a
key
enabler
Compliance
with
relevant
laws,
regula?ons,
and
policies
4/29/12
17
COBIT
5
Benets
Key
Business
Benets
Key IT Benets
4/29/12
18
Agenda
IT
Governance
Dened
Founda?onal
Enterprise
IT
Governance
What
is
COBIT
/
COBIT
5?
COBIT
5
Objec?ves
COBIT
5
Framework
COBIT
5
Benets
COBIT
5
Principles
Principle
1
Mee?ng
Stakeholder
Needs
Principle
2
Covering
the
Enterprise
End-To-End
Principle
3
Applying
a
Single
Integrated
Framework
Principle
4
Enabling
a
Holis?c
Approach
Principle
5
Separa?ng
Governance
&
Management
COBIT
Process
Capability
Model
Implementa?on
Guidance
Summary
&
Recommenda?ons
Ques?ons?
References
4/29/12
19
IT
Governance
Principles
Principles
and
policies
are
the
vehicle
by
which
governance
decisions
are
ins?tu?onalized
within
the
enterprise
and
therefore
are
an
interac?on
between
governance
decisions
(direc?on
selng)
and
management
(execu?on
of
decisions)
4/29/12
20
COBIT
5
Principles
PRINCIPLE
1
MEETING
STAKEHOLDER
NEEDS
PRINCIPLE
2
COVERING
THE
ENTERPRISE
END-TO-END
PRINCIPLE
3
APPLYING
A
SINGLE
INTEGRATED
FRAMEWORK
PRINCIPLE
4
ENABLING
A
HOLISTIC
APPROACH
PRINCIPLE
5
SEPERATING
GOVERNANCE
&
MANAGEMENT
4/29/12
21
COBIT 5 Principles
4/29/12
22
PRINCIPLE 1
Strategy
Changes
Changing
Business
(Mission)
&
Regulatory
Environment
Technology
Evolu?ons
4/29/12
23
PRINCIPLE 1
Goals
Cascade:
Provides
the
link
between
stakeholder
needs
and
prac?cal
goals
by
transla?ng
these
into
increasing
levels
of
detail
and
specicity:
Drivers
Stakeholder
Needs
Enterprise
Goals
IT
related
Goals
Enabler
Goals
(e.g.
process
goals)
Allows
selng
specic
goals
at
every
level
of
the
enterprise
in
support
of
the
overall
goals
and
stakeholder
requirements
4/29/12
24
Goals Cascade
Slide
32
Slide
30
Slide
47
Slide
34
Slides
48
49
4/29/12
25
PRINCIPLE 2
4/29/12
26
Stakeholder
Needs
Maintain
Our
Focus
As
service
providers
to
our
stakeholders
we
must
remember
that
Enterprise
goals
are
a
proxy
for
Stakeholder
Needs
4/29/12
27
Stakeholder Needs
4/29/12
28
4/29/12
29
Enterprise
Goals
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
4/29/12
30
4/29/12
31
4/29/12
32
4/29/12
33
IT Related Goals
34
4/29/12
35
Prac'ces
(210)
RACI
Chart
(Detailed
Role
Based
Assignments)
Ac'vi'es (1,115)
4/29/12
36
Domains
Processes
Process
Goals
Related
Metrics
Prac'ces
Ac'vi'es
37
129
265
210
1,115
Example:
Example:
Example:
Example:
Example:
Ensure
Governance
Framework
Selng
and
Maintenance
Manage
Enterprise
Architecture
Percent
of
projects
in
the
IT
project
pornolio
that
can
be
directly
traced
back
to
the
IT
strategy
Evaluate
the
governance
system
a)
Percent
total
changes
that
are
emergency
xes
Program
business
cases
are
evaluated
and
priori?zed
before
funds
are
allocated
b)
Number
of
emergency
changes
not
authorized
aaer
the
change
Number
of
business
processes
with
undened
service
agreements
Evaluate,
priori?ze,
and
authorize
change
requests
Review,
maintain,
and
improve
the
con?nuity
plan
4/29/12
37
COBIT 5 Processes
4/29/12
38
COBIT 5 Processes
39
COBIT 5 Processes
4/29/12
40
COBIT 5 Processes
4/29/12
41
COBIT 5 Processes
4/29/12
42
Process Model
Descrip'on
Purpose
43
RACI Assignments
Prac'ces
Suppor'ng
the
Process
4/29/12
44
Outputs
Iden'er
&
Title
Prac'ce
Descrip'on
Prac'ce
Ac'vi'es
4/29/12
45
4/29/12
46
4/29/12
47
4/29/12
48
4/29/12
49
PRINCIPLE 3
4/29/12
50
Frameworks Alignment
4/29/12
51
COBIT
5
Architecture
Enablers:
Principles,
Policies,
&
Frameworks
Processes
Organiza'onal
Structures
Cultures,
Ethics,
Behaviors
Informa'on
Services
Infrastructure
Applica'ons
People,
Skills,
&
Competencies
4/29/12
52
PRINCIPLE
4
ENABLING
A
HOLISTIC
APPROACH
Purpose
of
enablers
is
to
implement
an
eec?ve
&
ecient
governance
and
management
system
for
enterprise
IT
Dened
as
anything
that
facilitates
achievement
of
enterprise
governance
objec?ves,
including
resources
such
as
informa?on
and
people
IT-related
goals
dene
what
enablers
should
achieve
Seven categories:
4/29/12
53
COBIT 5 Enablers
4/29/12
54
4/29/12
55
Enabler
Dimensions
Stakeholders
Goals
56
Enabler
Dimensions
Life
Cycle
Plan
Design
Build/acquire
&
implement
Use/operate
Evaluate/monitor
Update/dispose
Good Prac'ce
57
4/29/12
58
59
Process
60
Organiza'onal Structures
61
62
Informa'on
63
64
65
Skill Categories
4/29/12
66
PRINCIPLE 5
4/29/12
67
4/29/12
68
PRINCIPLE 5
Governance
Management
4/29/12
69
IT
Governance
Integra'on
of
Governance
&
Management
4/29/12
70
4/29/12
71
PRINCIPLE 5
4/29/12
72
PRINCIPLE 5
4/29/12
73
4/29/12
74
Agenda
IT
Governance
Dened
Founda?onal
Enterprise
IT
Governance
What
is
COBIT
/
COBIT
5?
COBIT
5
Objec?ves
COBIT
5
Framework
COBIT
5
Benets
COBIT
5
Principles
Principle
1
Mee?ng
Stakeholder
Needs
Principle
2
Covering
the
Enterprise
End-To-End
Principle
3
Applying
a
Single
Integrated
Framework
Principle
4
Enabling
a
Holis?c
Approach
Principle
5
Separa?ng
Governance
&
Management
COBIT
Process
Capability
Model
Implementa?on
Guidance
Summary
&
Recommenda?ons
Ques?ons?
References
4/29/12
75
4/29/12
76
4/29/12
77
4/29/12
78
COBIT
5
ISO/IEC
15504-based
Capability
Levels
5. Op?mized
5. Op?mized
4. Managed
4. Predictable
3. Dened
3. Established
N/A
2. Managed
2.
Under
Development
1.
Ini?al
Capability
1. Performed
0. Non-existent
0. Incomplete
4/29/12
79
4/29/12
80
81
4/29/12
82
83
4/29/12
84
85
Base Prac'ces
Work
Products
Inputs
Outputs
4/29/12
86
4/29/12
87
Outputs
Prac'ce
Descrip'on
Prac'ce
Ac'vi'es
4/29/12
88
4/29/12
89
4/29/12
90
4/29/12
91
Agenda
IT
Governance
Dened
Founda?onal
Enterprise
IT
Governance
What
is
COBIT
/
COBIT
5?
COBIT
5
Objec?ves
COBIT
5
Framework
COBIT
5
Benets
COBIT
5
Principles
Principle
1
Mee?ng
Stakeholder
Needs
Principle
2
Covering
the
Enterprise
End-To-End
Principle
3
Applying
a
Single
Integrated
Framework
Principle
4
Enabling
a
Holis?c
Approach
Principle
5
Separa?ng
Governance
&
Management
COBIT
Process
Capability
Model
Implementa'on
Guidance
Summary
&
Recommenda?ons
Ques?ons?
References
4/29/12
92
4/29/12
93
Implementa'on
Guidance
COBIT
5
Implementa'on
Guide
94
Implementa'on
Guidance
Key
factors
for
successful
implementa'on:
95
Change Enablement
4/29/12
96
4/29/12
97
98
4/29/12
99
Agenda
IT
Governance
Dened
Founda?onal
Enterprise
IT
Governance
What
is
COBIT
/
COBIT
5?
COBIT
5
Objec?ves
COBIT
5
Framework
COBIT
5
Benets
COBIT
5
Principles
Principle
1
Mee?ng
Stakeholder
Needs
Principle
2
Covering
the
Enterprise
End-To-End
Principle
3
Applying
a
Single
Integrated
Framework
Principle
4
Enabling
a
Holis?c
Approach
Principle
5
Separa?ng
Governance
&
Management
COBIT
Process
Capability
Model
Implementa?on
Guidance
Summary
&
Recommenda'ons
Ques'ons?
References
4/29/12
100
Summary
IT
Governance
Dened
4/29/12
101
Summary
COBIT
5
Principles
4/29/12
102
Summary
Implementa'on
Guidance
4/29/12
103
Summary
This
has
presented
an
overview
of
a
Founda?onal
IT
Governance
framework
Based
upon
ISACAs
Founda?onal
Enterprise
IT
Governance
Framework
known
as
COBIT
5
This
establishes
the
founda?on
of
comprehensive
IT
Governance
4/29/12
104
Recommenda'ons
Develop
a
Comprehensive
IT
Governance
framework
based
upon
interna?onal
best
prac?ce
frameworks
&
concepts.
To
include
the
Fundamental
&
Founda?onal
frameworks
outlined
in
this
and
previous
presenta?ons.
4/29/12
105
Ques'ons?
4/29/12
106
References
COBIT
5
htp://www.isaca.org/
COBIT
5:
Enabling
Processes
htp://www.isaca.org/
COBIT
5
Implementa'on
htp://www.isaca.org/
COBIT
5
Update
PowerPoint
Presenta'on
htp://www.isaca.org/Knowledge-Center/cobit/Pages/COBIT-5-Ini?a?ve-Status-Update.aspx
COBIT
Process
Assessment
Model
(PAM)
(COBIT
4.1
version)
htp://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/COBIT-Assessment-
Program.aspx
Implemen'ng
and
Con'nually
Improving
IT
Governance
(ISACA
member
only)
htp://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Implemen?ng-and-
Con?nually-Improving-IT-Governance1.aspx
ISO/IEC
TS
15504:2011
Informa'on
technology
-
Process
assessment
htp://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=51684
COBIT
5:
Enabling
Informa'on
(in
planning)
COBIT
5
For
Informa'on
Security
(under
development,
available
July
2012)
COBIT
5
For
Risk
(in
planning)
COBIT
5
For
Assurance
(in
planning)
4/29/12
107