COBIT 5 ISACA's new Framework for IT Governance, …

1 COBIT 5 ISACACOBIT 5 ISACA s new Framework for IT governance , Risk,Security and AuditingAn overviewM. GarsouxCOBIT 5 LicensedTraining ProviderCOBIT 5 ISACAI ntroductionPrinciplesProcessesImplementa tionSupporting ProductsQuestions2 COBIT 5 ISACA3 COBIT 5 ISACAG overnance of Enterprise ITCOBIT 5IT Framework from ISACA, of scope19962012 Val IT (2008)Risk IT(2009)4 COBIT 5 ISACAWhat is COBIT ? ControlObjectives for Information and Related Technology ( COBIT ) isa set of best practices for Information Technologymanagement developedby ISACA(InformationSystems Audit & ControlAssociation) andIT governance Institute , sgloballyacceptedframeworkCOBIT5isaimedt oprovideanend-to-endbusinessviewofthegov ernanceofenterpriseITthatreflectsthecent ralroleofITincreatingvalueforenterprises 5 COBIT 5 ISACA Information is a key resource for all enterprises.

2 Information is created, used, retained, disclosedand destroyed. Technology plays a key role in these actions. Technology is becoming pervasive in all aspects ofbusiness and personal benefits does information and technologybring to enterprises?6 COBIT 5 ISACAH elpsenterprises: Bring Order to ComplexStandards andFrameworks Extract Value from InformationChaos Address all Stakeholders Needsand Maximize Value ofCorporateInformation Protect and Drive EnterpriseValue7 COBIT 5 ISACAE nterprises and their executives strive to : Maintain quality information to support business decisions. Generate business value from IT-enabled investments, ,achieve strategic goals and realise business benefits througheffective and innovative use of IT.

3 Achieve operational excellence through reliable and efficientapplication of technology. Maintain IT-related risk at an acceptable level. Optimise the cost of IT services and can these benefits be realized to createenterprise stakeholder value?8 COBIT 5 ISACA COBIT 5 is a comprehensive Framework that helpsenterprises to create optimal value from IT by maintaining abalance between realising benefits and optimising risk levelsand resource use. COBIT 5 enables information and related technology to begoverned and managed in a holistic manner for the wholeenterprise, taking in the full end-to-end business andfunctional areas of responsibility, considering the IT-relatedinterests of internal and external stakeholders.

4 The COBIT 5principlesandenablersare generic and usefulfor enterprises of all sizes, whether commercial, not-for-profit or in the public 5 ISACA10 COBIT 5 ISACA11 COBIT 5 ISACA Enterprises exist tocreate valuefor their stakeholders12 COBIT 5 ISACA Delivering enterprise stakeholder value requires goodgovernanceand managementof information and technology (IT) assets. Enterprise boards, executives and management have toembraceITlike any other significant part of the business. Externallegal, regulatory and contractual compliancerequirements related to enterprise use of information andtechnology are increasing, threatening value if breached. COBIT 5 provides a comprehensive Framework that assistsenterprises to achieve their goals and deliver value througheffective governance and management of enterprise Value13 COBIT 5 ISACA Stakeholder needs have to betransformed into an enterprises actionable strategy.

5 The COBIT 5 goals cascadetranslates stakeholder needs intospecific, actionable and customisedgoals within the context of theenterprise, IT-related goals andenabler cascade14 COBIT 5 ISACACOBIT 5 entreprise goalsGovernance value of business competitive products and business risks (safeguarding of assets) with external laws and oriented continuity and responsesto a changing business based strategic decision service delivery of business process of businessprocess change staff internal policiesPLearning& motivated business innovation cultureP15 COBIT 5 ISACACOBIT 5 IT-relatedgoalsBSCD escriptionFINANCIAL1. Alignment of IT and business strategy2. IT compliance and support for business compliance withexternal laws & of executive management for making IT related decisions4.

6 Managed IT related business risks5. Realised benefits form IT-enabled investments andservices portfolio6. Transparency of IT costs,benefits and riskCUST7. Deliveryof IT services in line with business requirements8. Adequate use of applications, information and technology structureINTERNAL9. IT agility10. Security of information, processing infrastructure and applications11. Optimisation of IT assets,resources and capabilities12. Enablement and support of businessprocesses by integrating applications and technology13. Delivery of programme on time,on budget, and meeting requirements and quality standards14. Availability of reliable and usefulinformation for decision making15. IT compliance with internal policiesL&G16.

7 Competentand motivated business and IT personnel17. Knowledge, expertise and initiatives for business innovation16 COBIT 5 ISACAS takeholder Value ofBusiness investmentsCustomer - orientedservice cultureOptimisation of businessprocess functionalitySkilled andmotivated peole161116 FinancialCustomerInternalLearning and GrowthFinancial1 Alignment of IT andbusiness strategyPPPSC ustomer7 Delivery of IT servicesin line with businessrequirementsPPPSI nternal9IT agilitySSPSL earningand Growth16 Competent andmotivated businessand IT personnelSSPE nterprise GoalIT -Related GoalMapping of Enterprise goals into IT-goals17 COBIT 5 ISACAM appingIT goals to processes18 Alignment of IT andbusiness strategyDelivery of IT servicesin line with

8 BusinessrequirementsIT agilityKnowledge, expertiseand initiatives forbusiness innovation17917 FinancialCustomerInternalEDM01 EnsureGovernanceFrameworkSetting andMaintenancePPSSEDM02 EnsureBenefitsDeliveryPPPEDM03 Ensure RiskOptimisationSSSEDM04 EnsureRessourceOptimisationSSPSEDM05 EnsureStakeholderTransparencySPSE valuate,Direct andMonitorIT - Related GoalCOBIT 5 ProcessCOBIT 5 ISACAKey components of agovernance system19 COBIT 5 ISACA COBIT 5 aligns with the latest relevant other standards andframeworks used by enterprises: Enterprise: COSO, COSO ERM, ISO 9000, ISO 31000 IT-related: ISO 38500, ITIL, ISO27000 series, TOGAF, PMBOK/PRINCE2,CMMI Etc. This allows the enterprise to use COBIT 5 as the overarchinggovernance and management Framework integrator.

9 ISACA plans a capability to facilitate COBIT user mapping ofpractices and activities to third-party 5 ISACACOBIT 5 defines a set ofenablersto support theimplementation of a comprehensive governance andmanagement system for enterprise 5enablersare: Factors that, individually and collectively, influencewhether something will work Driven by thegoals cascade Described by the COBIT 5 Framework insevencategories21 COBIT 5 ISACA123456722 COBIT 5 , policies and frameworks Are the vehicle to translate the desired behaviourinto practical guidance for Describean organised set of practices and activities to achieve certainobjectives and produce a set of outputs in support of achieving overall IT related structures Are the key decision-making entities in , ethics and behaviour Of individuals and of the organisation.

10 Very oftenunderestimated as a success factor in governance and management Is pervasive throughout any organisation, , deals with all informationproduced and used by the enterprise. Information is required for keeping theorganisation running and well governed, but at the operational level, information is veryoften the key product of the enterprise , infrastructure and applications Include the infrastructure, technology andapplications that provide the enterprise with information technology processing , skills and competencies Are linked to people and are required for successfulcompletion of all activities and for making correct decisions and taking correctiveactions23 COBIT 5 ISACA Governanceensures that enterprise objectives areachieved byevaluatingstakeholder needs, conditionsand options; settingdirectionthrough prioritisation anddecision making.