Академический Документы
Профессиональный Документы
Культура Документы
COBIT
Group members:Naeem Jonathan Rohani Kazeem
PRESENTATION OUTLINE
Governance and the Top management Effective ITG & COBIT ITG Focus Areas COBIT COBIT & ITG COBIT products, Framework, Components , History of COBIT COBIT structure COBIT & INDUSTRIES COBIT Mapping COBIT 4.1 COBIT & UIA CONCLUSION
GOVERNANCE
Boards and executive management have long known the need for enterprise and corporate governance. However, most are beginning to realize that there is a need to extend governance to information technology as well, and provide the leadership, organisational structures and processes that ensure that the enterprises IT sustains and extends the enterprises strategies and objectives.
Higher-than-expected costs
Lower than expected quality
SOLUTION
An Effective ITG
Protect shareholder value Makes clear that IT risks are qualified and understood Directs and controls IT investment, opportunity, benefits and risks Aligns IT with the business while accepting IT as a critical input to and component of strategic plan, influencing strategic opportunities Sustains current operations and prepares for the future Is an integral part of global governance structure.
plans; defining, maintaining and validating the IT value proposition; and aligning IT operations with enterprise operations. Value delivery is about executing the value proposition throughout the delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimising costs and proving the intrinsic value of IT. Resource management is about the optimal investment in, and the proper management of critical IT resources: applications, information, infrastructure and people. Key issues relate to the optimisation of knowledge and infrastructure. Risk management requires risk awareness by senior corporate officers, a clear understanding of the enterprises appetite for risk, understanding of compliance requirements, transparency about the significant risks to the enterprise and embedding of risk management responsibilities into the organisation. Performance measurement tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery, using, for example, balanced scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting.
What is COBIT
The Control Objectives for Information and related Technology (COBIT) is a set of best practices (framework) for information technology (IT) management created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI) in 1992. COBIT provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of information technology and developing appropriate IT governance and control in a company.
COBIT PRODUCTS
The COBIT products have been organised into three levels designed to support: Executive management and boards Business and IT management Governance, assurance, control and security professionals
Better alignment, based on a business focus A view, understandable to management, of what IT does Clear ownership and responsibilities, based on process orientation General acceptability with third parties and regulators Shared understanding amongst all stakeholders, based on a common language Fulfilment of the COSO requirements for the IT control environment
History of COBIT
COBIT has had four major releases: In 1996, the first edition of COBIT was released. In 1998, the second edition added "Management Guidelines". In 2000, the third edition was released.
In 2003, an on-line version became available.
COBIT Contd
COBIT 4.1 has 34 high level processes that cover 210 control objectives categorized in four domains: Planning and Organization, Acquisition and Implementation, Delivery and Support, and Monitoring and Evaluation. COBIT provides benefits to managers, IT users, and auditors. Managers benefit from COBIT because it provides them with a foundation upon which IT related decisions and investments can be based. Decision making is more effective because COBIT aids management in defining a strategic IT plan, defining the information architecture, acquiring the necessary IT hardware and software to execute an IT strategy, ensuring continuous service, and monitoring the performance of the IT system IT users benefit from COBIT because of the assurance provided to them by COBIT's defined controls, security, and process governance. COBIT benefits auditors because it helps them identify IT control issues within a companys IT infrastructure. It also helps them corroborate their audit findings.
COBIT Structure
COBIT covers four domains: Plan and Organize Acquire and Implement Deliver and Support Monitor and Evaluate
PO3
PO4 PO5 PO6 PO7 PO8 PO9 PO10
AI3
AI4 AI5 AI6 AI7
Monitoring
All IT processes need to be regularly accessed over time for their quality and compliance with control requirements. This domain thus addresses managements oversight of the organizations control process in independent assurance provided by internal and external audit or obtained from alternative sources.
ME2
ME3
ME4
Provide IT Governance
COBIT Mapping
Val IT COSO ISO/IEC 17799 ITIL PMBOK
VAL IT
Val IT is a suite of documents that provide a framework for the governance of IT investments, produced by the IT Governance Institute (ITGI). It is a formal statement of principles and processes for IT portfolio management. Val IT allows business managers to get business value from IT investments, by providing a governance framework that consists of a set of guiding principles, and a number of processes conforming to those principles that are further defined as a set of key management practices. The major processes are: Value Governance (VG prefix) Portfolio Management (PM prefix) Investment Management (IM prefix)
Relationship to COBIT
Val IT is tightly integrated with COBIT Version 4, also from the Information Systems Audit and Control Association (a.k.a. ISACA). The Framework document explains the difference between COBIT and Val IT as follows: Val IT extends and complements COBIT, which provides a comprehensive control framework for IT governance. Specifically, Val IT focuses on the investment decision (are we doing the right things?) and the realisation of benefits (are we getting the benefits?), while COBIT focuses on the execution (are we doing them the right way, and are we getting them done well?)
COBIT 4.1
COBIT 4.1 is an incremental update to COBIT 4.0. It includes streamlined control objectives and application controls, improved process controls and an enhanced explanation of performance measurement. COBIT 4.1 consists of four sections: The executive overview The framework The core content (control objectives, management guidelines and maturity models) Appendices (mappings and cross references, additional maturity model information, reference material, a project description and a glossary)
COBIT &UIA
http://www.iiu.edu.my/itd/ictgov/index.php/ict-best-practices/cobit.html
CONCLUSION
Successful organizations understand the benefits of information technology (IT) and use this knowledge to drive their shareholders value. They recognize the critical dependence of many business processes on IT, the importance of delivering the value promised by IT, the need to comply with increasing regulatory compliance demands and the benefits of managing risk effectively. To aid organizations in successfully linking business and IT goals to meet today's business challenges, COBIT frame work has clearly considered the need of every stakeholder, right from the Board to the users COBIT is oriented toward the objectives and scope of IT governance, ensuring that its control framework is comprehensive, in alignment with enterprise governance principles and, therefore, acceptable to boards, executive management, auditors and regulators.