Ameur BENTOUTA, profile picture
Uploaded byAmeur BENTOUTA
PDF, PPTX590 views

Cobit_5_Checklist.pdf

The document provides an overview of the COBIT 5 framework, including its goals, principles, domains, processes, and implementation. Some key points: - COBIT 5 has 5 principles including meeting stakeholder needs and separating governance from management. - There are 7 enablers that support governance and management such as principles/policies, processes, organizational structures, and people skills. - Processes are split into 5 domains - Evaluate, Direct and Monitor (governance); Align, Plan and Organize; Build, Acquire and Implement; Deliver, Service and Support; Monitor, Evaluate and Assess (management). - COBIT 5 uses a Process Assessment Model to evaluate process

Download as PDF, PPTX
Cobit 5 Checklist Cobit is a registered trademark by ISACA (http://www.isaca.org/) - Copyright 2013 - Minimarisk® Gmbh/Sàrl – www.minimarisk.com – Tel +41 44 586 45 00 1. Cobit Goals Cascade 1. Stakeholder Drivers Influence Stakeholder Needs; 2. Stakeholder Needs Cascade to Enterprise Goals; 3. Enterprise Goals Cascade to IT-related Goals; 4. IT-related Goals Cascade to Enabler Goals. 17 Generic and IT-related goals, distributed according Balance Score Card four dimensions (Financial, Customer, Internal, Learning/Growth). 2. Principles of Cobit Cobit is based on 5 key principles for governance and management of enterprise Information Technology. Principle 1 - Meeting Stakeholder Needs Principle 2 - Covering the Enterprise End-to-End Principle 3 - Applying a Single Integrated Framework Principle 4 - Enabling a Holistic Approach Principle 5 - Separating Governance from Management 3. Cobit Areas and Processes Cobit splits the processes into governance and management areas . These two areas contain a total of 5 domains with 3 letter names, and a total of 37 processes organized as follows: Governance of Enterprise IT x Evaluate, Direct and Monitor (EDM) – 5 processes Management of Enterprise IT x Align, Plan and Organise (APO) – 13 processes x Build, Acquire and Implement (BAI) – 10 processes x Deliver, Service and Support (DSS) – 6 processes x Monitor, Evaluate and Assess (MEA) - 3 processes Evaluate, Direct & Monitor (EDM) • EDM1 Set and Maintain the Governance Framework • EDM2 Ensure Value Optimisation • EDM3 Ensure Risk Optimisation • EDM4 Ensure Resource Optimisation • EDM5 Ensure Stakeholder Transparency Align, Plan & Organise (APO) • APO1 Define the Management Framework for IT • APO2 Manage Strategy • APO3 Manage Enterprise Architecture • APO4 Manage Innovation • APO5 Manage Portfolio • APO6 Manage Budget and Cost • APO7 Manage Human Resources • APO8 Manage Relationships • APO9 Manage Service Agreements • APO10 Manage Suppliers • APO11 Manage Quality • APO12 Manage Risk • APO13 Manage Security Build, Acquire & Implement (BAI) • BAI1 Manage Programmes and Projects • BAI2 Define Requirements • BAI3 Identify and Build Solutions • BAI4 Manage Availability and Capacity • BAI5 Manage Organisational Change Enablement Deliver, Service and Support • BAI6 Manage Changes • BAI7 Manage Change Acceptance and Transitioning • BAI8 Manage Knowledge • BAI9 Manage Assets • BAI10 Manage Configuration Deliver, Service & Support (DSS) • DSS1 Manage Operations • DSS2 Manage Service Requests and Incidents • DSS3 Manage Problems • DSS6 Manage Continuity • DSS5 Manage Security Services • DSS6 Manage Business Process Controls Monitor, evaluate & Assess (MEA) • MEA1 MEA Performance and Conformance • MEA2 MEA the System of Internal Control • MEA3 MEA Compliance with External Requirements
Cobit 5 Checklist Cobit is a registered trademark by ISACA (http://www.isaca.org/) - Copyright 2013 - Minimarisk® Gmbh/Sàrl – www.minimarisk.com – Tel +41 44 586 45 00 4. Cobit Seven Enterprise Enablers 1. Principles, policies and frameworks are the vehicle to translate the desired behavior into practical guidance for day-to-day management. Internal and External Stakeholders. 2. Processes describe an organised set of practices and activities. Life cycle of a process; Governance and Management Processes. 3. Organisational structures describe RACI and roles. 4. Culture, ethics and behavior of individuals and of the enterprise are very often underestimated as a success factor in governance and management activities. 5. Information define its attributes: Physical (Carrier, Media); Empirical (User Interface); Syntactic (Language, Format); Semantic (Meaning); Type, Currency; Pragmatic (Use) Includes Retention, Status, Contingency, Novelty; and Social (Context) 6. Services, infrastructure and applications. Includes: reuse, buy-vs-build, agility, simplicity and openness. Definition of Architecture Principles, Architecture Viewpoints, and Service Levels. 7. People, skills and competencies are linked to people. Define Role Skill, Requirements, Skill Levels, Skill Categories and Skill Definitions. 5. Cobit Enabler dimensions 1. Stakeholders 2. Goals (Intrinsic quality [results, process according best practices, information is actual and true], contextual quality [fit for purpose, relevant, easy to apply, effectiveness], Access and security 3. Life cycle (Plan, Design, Build/Acquire/Create/ Implement, Use/Operate, Evaluate/Monitor, Update/Dispose) 4. Good practices 6. Process Capability Model and Levels Capability Model is now based on ISO/IEC 15504 (SPICE). • Level 0: Incomplete. The process is not implemented or fails to achieve its purpose; • Level 1: Performed (Informed). The process is implemented and achieves its purpose; • Level 2: Managed (Planned and monitored).The process is managed and results are specified, controlled and maintained; • Level 3: Established (Well defined). A standard process is defined and used throughout the organization; • Level 4: Predictable (Quantitatively managed). The process is executed consistently within defined limits • Level 5: Optimizing (Continuous improvement). The process is continuously improved to meet relevant current and projected business goals. 7. Process attributes The capability of processes is measured using process attributes. The international standard defines nine process attributes: 1.1 Process Performance 2.1 Performance Management 2.2 Work Product Management 3.1 Process Definition 3.2 Process Deployment 4.1 Process Measurement 4.2 Process Control 5.1 Process Innovation 5.2 Process Optimization. Each process attribute is assessed on a four-point (N-P-L-F) rating scale: • Not achieved (0 - 15%) • Partially achieved (>15% - 50%) • Largely achieved (>50%- 85%) • Fully achieved (>85% - 100%)
© 2012-13 Maat Consulting Ltd www.maatconsulting.com COBIT is a registered trade mark of ISACA and the IT Governance Institute (ITGI) V1.3 Feb 2013 This is not an official COBIT publication and is not endorsed, sponsored, or otherwise affiliated with ISACA or ITGI. COBIT 5 Foundation Exam Revision on a page! Governance of Enterprise IT (GEIT) Enterprise = organisation = commercial (corporate) OR public sector OR not for profit Governance Objective: Value Creation from Benefits Realisation + Risk Optimisation+ Resource Optimisation Governance Scope = where governance applies: usually the enterprise, but can be just some assets GOALS CASCADE: Stakeholder Needs ! ! ! ! Enterprise Goals ! ! ! ! IT-related Goals ! ! ! ! Enabler Goals 5 Principles of COBIT 5 1. Meeting stakeholder needs 2. Covering the Enterprise end-to-end 3. Single integrated Framework 4. Holistic approach of 7 enterprise Enablers 5. Separating governance from management Memory aid: “Stakeholder FEES” 7 Enablers of COBIT 5 (i.e. Governance Enablers) 1. Principles, policies and frameworks 2. Processes 3. Organisational structures 4. Culture, ethics and behaviours 5. Information 6. Service infrastructure and applications 7. People skills and competencies Generic Governance Enablers Enabler Dimensions Stakeholders Internal & External Goals = expected outcome of enabler Intrinsic Quality (work well & provide results) Contextual Quality (Relevance, effectiveness) Accessibility & Security (of enablers + outcomes) Life Cycle Plan, Design, Build/Acquire/Create/Implement Use/Operate Evaluate/Monitor Update/Dispose Good Practices Practices Work Products (Inputs & Outputs) Enabler Performance Management Questions to be answered: Outcomes (Lag indicators) Are stakeholders’ needs addressed? Are enabler goals achieved? Functioning of enabler itself (Lead indicator) Is the enabler lifecycle managed? Are good practices applied? Information Enabler (Enabler 5) Intrinsic quality: Accuracy, Objectivity, Believability, Reputation Information layers Physical world (carrier/media), Empiric (User interface) Syntactic (code/language), Semantic (meaning) Pragmatic (use) Social world (e.g. contracts, law, culture) COBIT 5 Processes COBIT 5 Process Capability Assessment Model (PAM) 5 Domains = 37 processes Governance Evaluate, Direct & Monitor (EDM) Management Align, Plan & Organise (APO) – strategic Build, Acquire & Implement (BAI) – tactical Deliver, Service & Support (DSS) - operational Monitor, Evaluate & Assess (MEA) EDM(5) APO(13) BAI(10) DSS(6) MEA(3) Memory aid: Management domains are in alphabetic order. E is 5th letter in alphabet and EDM has 5 processes. In alphabetic order, Management processes get less by 3 or 4 0 Incomplete 1 Performed PA1.1 Process Performance 2 Managed PA2.1 Performance Management PA2.2 Work Product Management 3 Established PA3.1 Process Definition PA3.2 Process Deployment 4 Predictable PA4.1 Process Measurement PA4.2 Process Control 5 Optimising PA5.1 Process Innovation PA5.2 Process Optimisation COBIT 5 Implementation Lifecycle Phase 1 2 3 4 5 6 7 What are the drivers? Where are we now? Where do we want to be? What needs to be done? How do we get there? Did we get there? How do we keep the momentum going? Programme Management Initiate program Define problems & opportunities Define road map Plan programme Execute plan Realise benefits Review Effectiveness Change Enablement Establish desire to change Form implementation team Communicate outcome Identify role players Operate and use Embed new approaches Sustain Continual Improvement Lifecycle Recognise need to act Assess current state Define target state Build improvements Implement improvements Operate improvements Monitor and evaluate Memory aid: POP PICS Performance Attribute (PA)
COBIT 5 Principles 1. Meeting Stakeholder Needs 5. Seperating Governance from Management 2. Covering the Enterprise End-to-end 3. Applying a Single Integrated Framework 4. Enabling a Holistic Approach Governance Objectives:Value Creation Benefits Realisation Resource Optimisation Risk Optimisation Stakeholder Needs Drive Culture thics and Behaviour rocesses Or ani ational Structures nformation Services nfrastructure and pplications eople Skills and Competencies Resources rinciples olicies and rame orks Enablers COBIT 5 Principles Value Creation Principles, policies and frameworks are the vehicle to translate the desired behaviour into practical guidance for day-to-day management. A process describes an organized set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals. Organizational structures are the key decision-making entities in an enterprise. Culture, ethics and behaviour of individuals and of the enterprise are very often underestimated as a success factor in governance and management activities. Information is pervasive throughout any organization and includes all information produced and used by the enterprise. Information is required for keeping the organization running and well governed, but at the operational level, information is very often the key product of the enterprise itself. Services, infrastructure and applications include the infrastructure, technology and applications that provide the enterprise with information technology processes and services. People, skills and competencies are linked to people and are required for successful completion of all activities and for making correct decisions and taking corrective actions. or o o e e ue Generate and rocess us ess rocess ransform ransform Drive Create rocesses Information Cycle Contextual Goals Relevancy Completeness Appropriateness Conciseness Consistency Understandability Ease of Manipulation D e f in e t a r g e t s t a t e As se ss cu rr en t st at e Recognise need to act Monitor and evaluate O p er at e an d m ea su re E m b ed n ew ap p ro ac h es Sustain Establish desire to change F o r m im p le m e n ta ti o n te a m O p e r a t e a n d u s e Identify role players C o m m u n i c a t e o u t c o m e Review effectiveness Initiate programme D e fi n e p ro b le m s a n d o p p o r tu n it ie s R e a li se b e n e fi ts E x e c u t e p l a n Plan programme D e f i n e r o a d m a p Programme management (outer ring) Change enablement (middle ring) Continual improvement life cycle (inner ring) Level 5 Level 4 Level 3 Level 2 Level 1 Level 0 Capability Dimension Process Dimension PA5.2 Continuous optimization PA5.1 Process innovation PA4.2 Process control PA4.1 Process measurement PA3.2 Process deployment PA3.1 Process definition PA2.2 Performance management PA2.1 Work product management PA1.1 Process performance BP : Base practices (Level 1) WP :Work products (Level 1) GP : Generic Practice (Levels 2 to 5 only) GR : Generic Resource (Not defined) GWP : Generic Work Product (Levels 2 to 5 only) EDM Evaluate, Direct, Monitor APO Align Plan and Organize BAI - Build,Acquire and Implement DSS Deliver, Service and Support MEA Monitor, Evaluate & Assess COBIT 5 Processes Process Attributes Level 1 to 5 Process Capability Attribute Indicators (PCAIs) Level 1 to 5 Process Performance Indicators COBIT 5 PCAIs Process Assessment Model Implementation Life Cycle Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; monitoring performance, compliance and progress against agreed direction and objectives. Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives © Copyright 2014 by Service Management Art Inc. All rights reserved. These materials include COBIT 5 & 4.1, which is used with the permission of ISACA. ©1996-2012 ITGI. COBIT is a registered trademark of the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). NOT FOR RESALE,Version 2.3 s u ce COB Val Risk B S Current Guidance and Contents Structure for uture Contents o e e se Content ilter for no led e Base COB roduct amil COB COB Online Collaborative nvironment COB rofessional Guides COB nabler Guides e u ce er s er r s r e or s nablers provide structure to the COB kno led e base Service Capabilities Skills and Competencies rinciples and olicies nformation Or ani ational Structures Culture thics Behaviour rocesses COB nablers Single Integrated Framework COB mplementation COB for nformation Securit COB for ssurance COB for Risk Other rofessional Guides Other nabler Guides COB : nablin nformation COB : nablin rocesses COB Online Collaborative nvironment COB COB nabler Guides COB rofessional Guides Product Family Benefits Reali ation Resource Optimi ation Risk Optimi ation o er ce ec e ue re o Governance nablers Governance Scope Ro es c es Re o s s Governance & Management • Intrinsic Quality • Contextual Quality (Relevance, Effectiveness) • Accessibility and Security • Plan • Design • Build/Acquire/ Create/Implement • Use/Operate • Evaluate/Monitor • Update/Dispose • Practices • Work Products (Inputs/Outputs) • Internal Stakeholders • External Stakeholders Stakeholders Goals Life Cycle Good Practices Enabler Dimension Enabler Performance Management Are Stakeholders Needs Addressed? Are Enabler Goals Achieved? Is Life Cycle Managed? Are Good Practices Applied? Metrics for Achievement of Goals (Lag Indicators) Metrics for Application of Practice (Lead Indicators) Enablers: Generic ana ement eedback Business Needs o er ce e e u e rec o or u Ru o or r se u c u re e e e er er ce u or rocesses or e e o er r se valuate Direct and onitor rocesses or o er ce o er r se ana e Operations ana e roblems ana e Continuit ana e Securit Services ana e Business rocess Controls ana e Service Re uests and ncidents ana e ro rammes and rojects ana e Re uirements Definition ana e Solutions dentification and Build ana e vailabilit and Capacit ana e Or ani ational Chan e nablement ana e Chan es ana e Chan e cceptance and ransitionin ana e no led e ana e ssets ana e Confi uration o or u e ssess onitor valuate and ssess erformance and Conformance onitor valuate and ssess the S stem of nternal Control onitor valuate and ssess Compliance ith ternal Re uirements ana e the ana ement rame ork ana e Strate ana e nterprise rchitecture ana e nnovation ana e ortfolio ana e Bud et and Costs ana e uman Resources ana e Relationships ana e Service reements ana e Suppliers ana e ualit ana e Risk ana e Securit nsure Governance rame ork Settin and aintenance nsure Benefits Deliver nsure Risk Optimi ation nsure Resource Optimi ation nsure Stakeholder ransparenc Key Areas Process Reference Model (PRM) O ners and Stakeholders Ro es c es Re o s s Governin Bod ana ement Operations and ecution nstruct and li n Report onitor Set Direction ccountable Dele ate Stakeholder Needs Benefits Realisation Resource Optimisation Risk Optimisation Cascade to Cascade to Influence Stakeholder Drivers (Environment, Technology Evolution, ...) Enterprise Goals IT-related Goals Enabler Goals Cascade to Goals Cascade COBIT 5 Foundation Overview proven experience • proven tactics • proven success For more information: Call:Toll Free 1 866 616 4195 Email: Info@ServiceManagementArt.com C O B I T 5 E d i t i o n
Enterprise Goal COBIT 5 Processes Stakeholder value of business investments Portfolio of competitive products and services Managed business risk (safeguarding of assets) Compliance with external laws and regulations Financial transparency Customer-oriented service culture Business service continuity and availability Agile responses to a changing business environment Information-based strategic decision making Optimization of service delivery costs Optimization of business process functionality Optimization of business process costs Managed business change programmes Operational and staff productivity Compliance with internal policies Skilled and motivated people Product and business innovation culture Ensure Governance Framework Setting and Maintenance Ensure Beneits Delivery Ensure Risk Optimization Ensure Resource Optimization Ensure Stakeholder Transparency Manage the IT Management Framework Manage Strategy Manage Enterprise Architecture Manage Innovation Manage Portfolio Manager Budgets and Costs Manage Human Resources Manage Relationships Manage Service Agreements Manage Suppliers Manage Quality Manage Risk Manage Security Manage Programmes and Projects Manage Requirements Deinition Manage Solutions Identiication and Build Manage Availability and Capacity Manage Organizational Change Enablement Manage Changes Manage Change Acceptance and Transitioning Manage Knowledge Manage Assets Manage Coniguration Manage Operations Manage Service Requests and Incidents Mange Problems Manage Continuity Manage Security Services Manage Business Process Controls Monitor, Evaluate and Assess Performance and Conformance Monitor, Evaluate and Assess the System on Internal Controls Monitor, Evaluate and Assess Compliance with External Requirements 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 EDM01 EDM02 EDM03 EDM04 EDM05 APO01 APO02 APO03 APO04 APO05 APO06 APO07 APO08 APO09 APO10 APO11 APO12 APO13 BAI01 BAI02 BAI03 BAI04 BAI05 BAI06 BAI07 BAI08 BAI09 BAI10 DSS01 DSS02 DSS03 DSS04 DSS05 DSS06 MEA01 MEA02 MEA03 IT-related Goal Financial Customer Internal Learning and Growth Evaluate, Direct and Monitor Align, Plan and Organize Build, Acquire and Implement Deliver, Service and Support Monitor, Evaluate and Assess Financial 01 Alignment of IT and business strategy P P S P S P P S P S P S S ð P P S S S P P P S P S P P S S P P S S S S S S 02 IT compliance and support for business compliance with external laws and regulations S P P ð S S S P S S S P P S S P S S S P S S P P 03 Commitment of executive management for making IT-related decisions P S S S S S P S S ð P S S S P S S S S S S S S S S S S 04 Managed IT-related business risk P S P S P S S S ð S P S S S S S S S S S S P S P P P S S S P S S S P P P P P P P P P 05 Realized beneits from IT-enabled investments of services portfolio P P S S S S P S S ð S P S S S P P P S S S P P S S S S S S S S S S S S 06 Transparency of IT costs, beneits and risk S S P S P P ð S P P S P S S P S S S P P S P S S S Customer 07 Delivery of IT services in line with business requirements P P S S P S P S P S S S S ð P P S S P S P S S S S P P P P S S S P P P S P S S S P P P P S P P S S 08 Adequate use of applications, information and technology solutions S S S S S S S P S P S S ð S S S S S P S S S S S S S S S S S S P S P S S S S S S S S S S Internal 09 IT agility S P S S P P S S S P ð S P P S P P S S S P S S S S S S S P S S S S S S 10 Security and information, processing infrastructure and applications P P P P ð S P S S S S S P P S P S S S S S S P S S S S 11 Optimization of IT assets, resources and capabilities P S S P S P S S S ð S S P P S P P S S P S S S S S S S P S S S P P P P S S S P 12 Enablement and support of business processes by integrating applications and technology into business processes S P S S S S P S S S S ð S S S S S S P P S S S P S S S S 13 Delivery of programmes delivering beneits, on time, on budget, and meeting requirements and quality standards P S S S S S P ð S S S S S S S P S P S S S P P P S S S P S S S 14 Availability of reliable and useful information for decision making S S S S P P S ð S S S S S S S S P S S S P S S P S S S S P S S P P S S S S 15 IT compliance with internal policies S S P ð S P S P S S S S S S S S S S S S S S S S S P P S Learning and Growth 16 Competent and motivated business and IT personnel S S P S S P P S ð S S S P P S P S S S S S S S S S 17 Knowledge, expertise and initiatives for business innovation S P S P S S S S P ð S P S S S P P S P S P P S S S S S S S P S S P S S S S S S S S COBIT 5 Goals Cascade P S Primary Relationship Secondary Relationship Cascade to Cascade to Enterprise Goals IT-related Goals Process Goals
COBIT® Poster Series #1 Free Resource Library www.goodelearning.com © Good e-Learning 2015. COBIT® is a Registered Trademark of ISACA Transforming Stakeholder Needs into Actions Good e-Learning Resources :: www.goodelearning.com/downloads @goodelearning /goodelearning /company/good-e-learning by Gregor Polančič The COBIT 5 goals cascade is the mechanism to translate stakeholder needs into speciic, actionable and customized enterprise goals, IT-related goals and enabler goals. This translation allows setting speciic goals at every level and in every area of the enterprise in support of the overall goals and stakeholder requirements, and thus efectively supports alignment between enterprise needs and IT solutions and services. Stakeholder Drivers Stakeholder Needs Enterprise Goals IT Related Goals Enabler Goals A stakeholder is anyone who has a responsibility for, an expectation from or some other interest in an enterprise. Stakeholder needs are inluenced by a number of drivers, e.g., organizational changes, business changes and technology changes. COBIT 5 deines 22 common internal stakeholder needs. How do I best build and structure my IT department? COBIT 5 deines 17 generic enterprise goals. Stakeholder value of business investments. Stakeholder value of business investments. COBIT 5 deines all goals according to Balances ScoreCard (BSC) dimensions. COBIT 5 deines 17 information and related technology (i.e. IT-related) goals. Transparency of IT costs, beneits and risk. Achieving IT-related goals requires the successful application and use of a number of enablers. Enablers are broadly deined as anything that can help to achieve the objectives of the enterprise. COBIT 5 contains a mapping between IT-related goals and the relevant COBIT 5 processes, which then contain related process goals. Value creation means realizing beneits at an optimal resource cost while optimizing risk. Drive Value Creation Common internal stakeholder needs and enterprise goals are interrelated. Enablers include processes, information, organizational structures, policies, culture, people, services, infrastructure, and applications. For each enabler a set of speciic goals can be deined in support of the IT-related goals. Inf uence Cascade to Realize Cascade to Realize Cascade to Realize Enterprise goals and IT-related goals are interrelated.
Free Resource Library www.goodelearning.com © Good e-Learning 2015. COBIT® is a Registered Trademark of ISACA registered in United States of America and other countries, www.isaca.org Good e-Learning Resources :: www.goodelearning.com/downloads @goodelearning /goodelearning /company/good-e-learning COBIT5® Poster Series #2 What drives IT Governance by Gregor Polančič and Boris Ovčjak GOVERNANCE AND MANAGEMENT OVER ENTERPRISE IT GOALS CASCADE ENABLERS Governance, as deined in the scope of COBIT 5, is driven by enablers. Enablers are factors that individually and collectively inluence whether something will work. In the case of COBIT 5 this refers to governance and management over enterprise IT. COBIT 5 Framework describes seven categories of enablers that are listed bellow. Some of the enablers are also enterprise resources that need to be managed and governed as well. Enablers are driven by the goals cascade, that are high level IT-related goals that deine what the diferent enablers should achieve. These enterprise goals for IT are used to formalise and structure the stakeholder needs. Enterprise goals can be linked to IT-related goals, and these can be achieved through the optimal use and execution of all enablers. PROCESSES Describe an organised set of practices and activities to achieve certain objectives. Produce a set of outputs and support of achieving overall IT-related goals. ORGANI- SATIONAL STRUCTURES Key decision-making entities in an enterprise. CULTURE, ETHICS AND BEHAVIOUR Often underestimated as a success factor in governance and management activities. PRINCIPLES, POLICIES AND FRAMEWORKS To achieve the main objectives of the enterprise, it must always consider an interconnected set of enablers. That is, that each enabler: • Needs the input of other enablers to be fully efective • Delivers output to the beneit of other enablers RESOURCES INFORMATION • Pervasive throughout any organisation. • Includes all information produced and used by the enterprise. • Required for keeping the organisation running and well governed. • Key product of the enterprise. SERVICES, INFRASTRUC- TURE AND APPLICATION PEOPLE, SKILL AND COMPETENCIES Linked to people and required to: • Successful completion of all activities • Making correct decisions • Taking corrective actions 2 5 3 6 4 7 1 PRACTICAL GUIDANCE DAY-TO-DAY MANAGEMENT TRANSLATE INFRA- STRUCTURE TECHNOLOGY ENTERPRISE APPLICATION Provide with information technology processing and services DESIRED BEHAVIOUR ENABLERS DIRECTLY INFLUENCE GOVERNANCE AND MANAGEMENT OVER ENTERPRISE IT.
Free Resource Library www.goodelearning.com © Good e-Learning 2015. COBIT® is a Registered Trademark of ISACA registered in United States of America and other countries, www.isaca.org Good e-Learning Resources :: www.goodelearning.com/downloads @goodelearning /goodelearning /company/good-e-learning COBIT5® Poster Series #3 Can We Separate Governance From Management? by Gregor Polančič and Boris Ovčjak In the scope of COBIT 5 there is a clear distinction between governance and management. Although they comprise diferent types of activities with diferent responsibilities, a set of interactions is required between governance and management to result in an eicient and efective governance system. To achieve that, COBIT 5 also advocates that enterprises implement governance and management processes such that key areas are covered. GOVERNANCE MANAGEMENT INTERACTION IS REQUIRED Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced agreed-on enterprise objectives to be achieved; setting direction through prioritisation and decision making; and monitoring performance and compliance against agreed-on direction and objectives Management plans, builds, runs and monitors activities in alignment with the direction set by governance body to achieve the enterprise objectives. INFORMATION Information used for evaluating, directing and monitoring enterprise IT is exchanged between governance and management as described in the process model inputs and outputs. CULTURE, ETHICS AND BEHAVIOUR Behaviour is a key enabler of good governance and management of the enterprise PROCESS There exist a distinction between governance and management processes, including specific sets of practices and activities for each. The process model also includes RACI charts, describing the responsibilities of different organisational structures and roles within the enterprise PRINCIPLES, POLICIES ANDFRAMEWORKS Principles, policies and frameworks are the vehicle by which governance decisions are institutionalized within the enterprise, and for that reason are an interaction between governance decisions and management. ORGANISATIONAL STRUCTURES In the scope of organisational structures the interaction takes place between the decisions taken by the governance structures and the decisions and operations implementing the former. PEOPLE, SKILLS AND COMPETENCIES Governance and management activities require different skill sets, but an essential skill for both governance body memebers and management is to understand both tasks and how they are different. SERVICES, INFRASTRUCTURE AND APPLICATIONS Services are required, supported by applications and infrastructure to provide the governance body with adequate information and to support governance activities of evaluating, setting direction and monitoring. ENABLER GOVERNANCE-MANAGEMENT INTERACTION PROCESS REFERENCE MODEL WITHIN GOVERNANCE AND MANAGEMENT KEY AREAS DIRECT Ensure Risk Optimisation Ensure Benefits Delivery Ensure Governance Framework Setting And Maintenance Ensure Stakeholder Transparency Ensure Resources Optimisation MANAGEMENT FEEDBACK GOVERNANCE MANAGEMENT ALIGN, PLAN AND ORGANISE BUILD ACQUIRE AND IMPLEMENT DELIVER, SERVICE AND SUPPORT MONITOR, EVALUATE AND ASSESS Manage the IT Management Framework Manage Programmers and Projects Manage Strategy Manage Requirements Definition Manage Operations Manage Enterprise Architecture Manage Knowledge Manage Service Requests and Incidents Monitor, Evaluate and Assess Performance and Conformance Manage Innovation Manage Availability and Capacity Manage Portfolio Manage Assets Manage Problems Manage Budget and Costs Manage Changes Manage Security Services Monitor, Evaluate and Assess the System of Internal Manage Suppliers Man. Solutions Identification and Builds Manage Quality Manage Risk Manage Human Resources Manage Configuration Manage Relationships Manage Change Acceptance and Transitioning Manage Continuity Manage Service Agreements Manage Organisational Change Enablement Manage Business Process Controls Monitor, Evaluate and Assess Compliance With External Requirements Manage Security BUSINESS NEEDS MONITOR EVALUATE
ISACA COBIT® 5 - Glossary (EN) 63 terms by miroslawdabrowski Like this study set? Create a free account to save it. Create a free account Create a free account accountable party (RACI) The individual, group or entity that is ultimately responsible for a subject matter, process or scope In a RACI chart, answers the question: Who accounts for the success of the task? accountability of governance Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against plans. In most enterprises, governance is the responsibility of the board of directors, under the leadership of the chairperson.
Activity In COBIT, the main action taken to operate the process. Guidance to achieve management practices for successful governance and management of enterprise IT. Activities: - Describe a set of necessary and sufficient action-oriented implementation steps to achieve a Governance Practice or Management Practice - Consider the inputs and outputs of the process - Are based on generally accepted standards and good practices - Support establishment of clear roles and responsibilities - Are non-prescriptive and need to be adapted and developed into specific procedures appropriate for the enterprise alignment A state where the enablers of governance and management of enterprise IT support the goals and strategies of the enterprise application architecture Description of the logical grouping of capabilities that manage the objects necessary to process information and support the enterprise's objectives architecture board A group of stakeholders and experts who are accountable for guidance on enterprise architecture related matters and decisions, and for setting architectural policies and standards
authentication The act of verifying the identity of a user and the user's eligibility to access computerised information Scope Note: Assurance: Authentication is designed to protect against fraudulent logon activity. It can also refer to the verification of the correctness of a piece of data. baseline architecture The existing description of the fundamental underlying design of the components of the business system before entering a cycle of architecture review and redesign benefits realisation One of the objectives of governance. The bringing about of new benefits for the enterprise, the maintenance and extension of existing forms of benefits, and the elimination of those initiatives and assets that are not creating sufficient value. business continuity Preventing, mitigating and recovering from disruption. The terms 'business resumption planning', 'disaster recovery planning' and 'contingency planning' also may be used in this context; they focus on recovery aspects of continuity, and for that reason the 'resilience' aspect should also be taken into account. business goal The translation of the enterprise's mission from a statement of intention into performance targets and results Business process control The translation of the enterprise's mission from a statemenThe policies, procedures, practices and organisational structures designed to provide reasonable assurance that a business process will achieve its objectives of intention into performance targets and results
Chargeback The redistribution of expenditures to the units within a company that gave rise to them Scope Note: Chargeback is important because without such a policy, misleading views may be given as to the real profitability of a product or service, as certain key expenditures will be ignored or calculated according to an arbitrary formula. COBIT 1. COBIT 5: Formerly known as Control Objectives for Information and related Technology (COBIT); now used only as the acronym in its fifth iteration. A complete, internationally accepted framework for governing and managing enterprise information and technology (IT) that supports enterprise executives and management in their definition and achievement of business goals and related IT goals. COBIT describes five principles and seven enablers that support enterprises in the development, implementation, and continuous improvement and monitoring of good IT-related governance and management practices. Scope Note: Earlier versions of COBIT focused on control objectives related to IT processes, management and control of IT processes and IT governance aspects. Adoption and use of the COBIT framework are supported by guidance from a growing family of supporting products. (See www.isaca.org/cobit for more information.) 2. COBIT 4.1 and earlier: Formerly
known as Control Objectives for Information and related Technology (COBIT). A complete, internationally accepted process framework for IT that supports business and IT executives and management in their definition and achievement of business goals and related IT goals by providing a comprehensive IT governance, management, control and assurance model. COBIT describes IT processes and associated control objectives, management guidelines (activities, accountabilities, responsibilities and performance metrics) and maturity code of ethics A document designed to influence individual and organisational behaviour of employees by defining organisational values and the rules to be applied in certain situations. It is adopted to assist those in the enterprise called upon to make decisions understand the difference between 'right' and 'wrong' and to apply this understanding to their decisions. competence The ability to perform a specific task, action or function successfully
consulted party (RACI) Refers to those people whose opinions are sought on an activity (two-way communication) In a RACI chart, answers the question: Who is providing input? Key roles that provide input. Note that it is up to the accountable and responsible roles to obtain information from other units or external partners, too; however, inputs from the roles listed are to be considered and, if required, appropriate action has to be taken for escalation, including the information of the process owner and/or the steering committee context The overall set of internal and external factors that might influence or determine how an enterprise, entity, process or individual acts Scope Note: Context includes: - Technology context - Technological factors that affect organization's ability to extract value from data - Data context - Data accuracy, availability, currency and quality - Skills and knowledge - General experience, and analytical, technical and business skills - Organization and cultural context - Political factors, and whether the organisation prefers data to intuition - Strategic context - Strategical objectives of the enterprise control The means of managing risk, including policies, procedures, guidelines, practices or organisational structures, which can be of an administrative, technical, management or legal nature. Also used as a synonym for safeguard or countermeasure.
culture A pattern of behaviours, beliefs, assumptions, attitudes and ways of doing things driver External and internal factors that initiate and affect how an enterprise or individuals act or change enterprise goal See Business goal enterprise governance A set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risk is managed appropriately and verifying that the enterprise's resources are used responsibly. It could also mean a governance view focussing on the overall enterprise; the highest-level view of governance to which all others must align. full economic life cycle A period of time during which material business benefits are expected to arise from, and/or during which material expenditures (including investments, running and retirement costs) are expected to be incurred by, an investment programme good practice A proven activity or process that has been successfully used by multiple enterprises and has been shown to produce reliable results governance The framework, principles and policies, structures, processes and practices, information, skills, culture, ethics, and behaviour to set direction and monitor compliance and performance of the enterprise aligned with the overall purpose and defined objectives. Governance defines accountability, responsibility and decision making (among other elements).
governance/management practice For each COBIT process, the governance and management practices provide a complete set of high-level requirements for effective and practical governance and management of enterprise IT. They are statements of actions from governance bodies and management. governance enabler Something (tangible or intangible) that assists in the realization of effective governance governance framework A framework is a basic conceptual structure used to solve or address complex issues; an enabler of governance; a set of concepts, assumptions and practices that define how something can be approached or understood, the relationships amongst the entities involved, the roles of those involved, and the boundaries (what is and is not included in the governance system). Examples: COBIT and COSO's Internal Control—Integrated Framework governance of enterprise IT An asset that, like other important business assets, is essential to an enterprise's business. It can exist in many forms: printed or written on paper, stored electronically, transmitted by post or electronically, shown on films, or spoken in conversation. information An asset that, like other important business assets, is essential to an enterprise's business. It can exist in many forms: printed or written on paper, stored electronically, transmitted by post or electronically, shown on films, or spoken in conversation.
informed party (RACI) Refers to those people who are kept up to date on the progress of an activity (one-way communication) In a RACI chart, answers the question: Who is receiving information? Roles who are informed of the achievements and/or deliverables of the task. To role in 'accountable', of course, should always receive appropriate information to oversee the task, as do the responsible roles for their area of interest. inputs and outputs The process work products/artefacts considered necessary to support operation of the process. They enable key decisions, provide a record and audit trail of process activities, and enable follow-up in the event of an incident. They are defined at the key management practice level, may include some work products used only within the process and are often essential inputs to other processes. The illustrative COBIT 5 inputs and outputs should not be regarded as an exhaustive list since additional information flows could be defined depending on a particular enterprise's environment and process framework. investment portfolio The collection of investments being considered and/or being made IT application Electronic functionality that constitutes parts of business processes undertaken by, or with the assistance of, IT IT goal A statement describing a desired outcome of enterprise IT in support of enterprise goals. An outcome can be an artefact, a significant change of a state or a significant capability improvement.
IT service The day-to-day provision to customers of IT infrastructure and applications and support for their use. Examples include service desk, equipment supply and moves, and security authorisations. management Entails the judicious use of means (resources, people, processes, practices, etc.) to achieve an identified end. It is a means or instrument by which the governance body achieves a result or objective. Management is responsible for execution within the direction set by the governance body. Management is about planning, building, organising and controlling operational activities to align with the direction set by the governance body, and reporting back on these activities. model A way to describe a given set of components and how those components relate to each other to describe the main workings of an object, system, or concept objective Statement of a desired outcome organisational structure An enabler of governance and of management. Includes the enterprise and its structures, hierarchies and dependencies. Example: Steering committee output See Inputs and outputs owner Individual or group that holds or possesses the rights of and the responsibilities for an enterprise, entity or asset, e.g., process owner, system owner policy Overall intention and direction as formally expressed by management
principle An enabler of governance and of management. Comprises the values and fundamental assumptions held by the enterprise, the beliefs that guide and put boundaries around the enterprise's decision making, communication within and outside the enterprise, and stewardship - caring for assets owned by another. Example: Ethics charter, social responsibility charter process Generally, a collection of practices influenced by the enterprise's policies and procedures that takes inputs from a number of sources (including other processes), manipulates the inputs and produces outputs (e.g., products, services) Scope note: Processes have clear business reasons for existing, accountable owners, clear roles and responsibilities around the execution of the process, and the means to measure performance. process (capability) attribute ISO/IEC 15504: A measurable characteristic of process capability applicable to any process process capability ISO/IEC 15504: A characterization of the ability of a process to meet current or projected business goals process goal A statement describing the desired outcome of a process. An outcome can be an artefact, a significant change of a state or a significant capability improvement of other processes.
programme and project management office (PMO) The function responsible for supporting programme and project managers, and gathering, assessing and reporting information about the conduct of their programmes and constituent projects quality Being fit for purpose (achieving intended value) RACI chart Illustrates who is responsible, accountable, consulted and informed within an organisational framework resource Any enterprise asset that can help the organisation achieve its objectives resource optimisation One of the governance objectives. Involves effective, efficient and responsible use of all resources - human, financial, equipment, facilities, etc. responsible party (RACI) Refers to the person who must ensure that activities are completed successfully In a RACI chart, answers the question: Who is getting the task done? Roles taking the main operational stake in fulfilling the activity listed and creating the intended outcome risk The combination of the probability of an event and its consequence (ISO/IEC 73) risk management One of the governance objectives. Entails recognising risk; assessing the impact and likelihood of that risk; and developing strategies, such as avoiding the risk, reducing the negative effect of the risk and/or transferring the risk, to manage it within the context of the enterprise's risk appetite. service catalogue Structured information on all IT services available to customers services See IT service
skill The learned capacity to achieve predetermined results stakeholder Anyone who has a responsibility for, an expectation from or some other interest in the enterprise - e.g., shareholders, users, government, suppliers, customers and the public system of internal control The policies, standards, plans and procedures, and organisational structures designed to provide reasonable assurance that enterprise objectives will be achieved and undesired events will be prevented or detected and corrected value creation The main governance objective of an enterprise, achieved when the three underlying objectives (benefits realisation, risk optimisation and resource optimisation) are all balanced

More Related Content

PPTX
Introduction to COBIT 5 and IT management
byChristian F. Nissen
 
PDF
Audit of IT Governance (Reference documents to be audited)
byAmmar Sassi
 
PPTX
Cobit v4.1
bySAAD Mohamed, MBA,CISA, ITIL, PMP, ISO 27001 LA, CRISC
 
PDF
Évolution des bonnes pratiques en sécurité de l'information avec COBIT 5
byISACA Chapitre de Québec
 
PPTX
Cobit
bymoussadiom
 
PDF
Gouvernance et gestion des Technologies de l’information
byMiguel Iriart
 
PDF
Cobit5 - Outil de la performance
byAntoine Vigneron
 
PPTX
Schema directeur et urbanisation du si
byAbdeslam Menacere
 
Introduction to COBIT 5 and IT management
byChristian F. Nissen
 
Audit of IT Governance (Reference documents to be audited)
byAmmar Sassi
 
Cobit v4.1
bySAAD Mohamed, MBA,CISA, ITIL, PMP, ISO 27001 LA, CRISC
 
Évolution des bonnes pratiques en sécurité de l'information avec COBIT 5
byISACA Chapitre de Québec
 
Cobit
bymoussadiom
 
Gouvernance et gestion des Technologies de l’information
byMiguel Iriart
 
Cobit5 - Outil de la performance
byAntoine Vigneron
 
Schema directeur et urbanisation du si
byAbdeslam Menacere
 

What's hot

PPTX
Cobit
byHouda Elmoutaoukil
 
PDF
Peut-on concevoir un SMQ conforme ISO 13485:2016 et ISO 9001:2015 ?
byGuillaume Qualitiso
 
PPTX
Processus Audit SI
byArsène Ngato
 
PDF
ITIL,COBIT and IT4IT Mapping
byRob Akershoek
 
PDF
Iso 27001 in images - sample slides from different levels of training, e.g. F...
byStratos Lazaridis
 
PDF
Référentiels et Normes pour l'Audit de la Sécurité des SI
byAlghajati
 
PPTX
Gouvernance du système d'information et parties prenantes
byAbdeslam Menacere
 
PPS
Audit Informatique
byetienne
 
PPT
Audit des projets informatiques
bySAAD Mohamed, MBA,CISA, ITIL, PMP, ISO 27001 LA, CRISC
 
PDF
Itil 4 34 Management Practices
byPeter Palme 高 彼特
 
PPT
Acquisition, Conception et Implantation des SI
byArsène Ngato
 
PDF
cobit 2019 presentation.pdf
bymohammed539963
 
PDF
ISO 27001
byPhilippe CELLIER
 
PDF
IT4IT / DevOps Tooling Landscape 2022
byRob Akershoek
 
PDF
Etude de cas audit cobit 4.1
bysaqrjareh
 
PPTX
présentation-PFE.pptx
byAdemKorani
 
PDF
ISO 27001:2022 Introduction
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PPTX
Cobit 2019 framework by ISACA
byMDFazlaRabbiAbir
 
PPT
ISMS implementation challenges-KASYS
byReza Teynia ISMS, ITSM, MSc
 
PDF
Les guides d'audit TI de l'ISACA
byISACA Chapitre de Québec
 
Cobit
byHouda Elmoutaoukil
 
Peut-on concevoir un SMQ conforme ISO 13485:2016 et ISO 9001:2015 ?
byGuillaume Qualitiso
 
Processus Audit SI
byArsène Ngato
 
ITIL,COBIT and IT4IT Mapping
byRob Akershoek
 
Iso 27001 in images - sample slides from different levels of training, e.g. F...
byStratos Lazaridis
 
Référentiels et Normes pour l'Audit de la Sécurité des SI
byAlghajati
 
Gouvernance du système d'information et parties prenantes
byAbdeslam Menacere
 
Audit Informatique
byetienne
 
Audit des projets informatiques
bySAAD Mohamed, MBA,CISA, ITIL, PMP, ISO 27001 LA, CRISC
 
Itil 4 34 Management Practices
byPeter Palme 高 彼特
 
Acquisition, Conception et Implantation des SI
byArsène Ngato
 
cobit 2019 presentation.pdf
bymohammed539963
 
ISO 27001
byPhilippe CELLIER
 
IT4IT / DevOps Tooling Landscape 2022
byRob Akershoek
 
Etude de cas audit cobit 4.1
bysaqrjareh
 
présentation-PFE.pptx
byAdemKorani
 
ISO 27001:2022 Introduction
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Cobit 2019 framework by ISACA
byMDFazlaRabbiAbir
 
ISMS implementation challenges-KASYS
byReza Teynia ISMS, ITSM, MSc
 
Les guides d'audit TI de l'ISACA
byISACA Chapitre de Québec
 

Similar to Cobit_5_Checklist.pdf

PDF
Cobit 5-one-page
byIsmail aboulezz
 
PDF
Study Notes - COBIT 5 Foundation Certification
byWAJAHAT IQBAL
 
PDF
cobit-2019 introduction overview for student
byssusercf2d3e
 
PDF
Cobit5 laminate
byclaudiocj7
 
PPTX
CoBIT 5 (A brief Description)
bySam Mandebvu
 
PPTX
COBIT 5 IT Governance Model: an Introduction
byaqel aqel
 
PPTX
Cobit 5 - An Overview
byAnurag Purohit
 
PPTX
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
byssuserd1791e
 
PDF
COBITlaminate_online_RD3 introduction overview
byssusercf2d3e
 
PPTX
COBIT
byERUMSULAYMAN1
 
PPT
IT frameworks
bycyouss
 
PPTX
Frameworks For Predictability
bytlknecht
 
PPT
COBIT5-IntroductionS
bysamaila istifanus Amlai
 
PDF
COBIT 5 Basic Concepts
bySpyros Ktenas
 
PPT
Cobit5 introduction
byMarkus Yaldu
 
PDF
It governance & cobit 5
byLaddawan Rattanaruang
 
PPTX
Cobit 5 Business Framework -Governance and Management of Enterprise IT
byBalasubramanian.C PMP®,ITIL®,PRINCE2®,COBIT®5
 
PPTX
Cobit5
byISACA-Istanbul
 
PPT
Cobit5 introduction
byTatto Sugiopranoto
 
PPTX
Cobit5 owerwiev and implementation proposal
byEmilio Gratton
 
Cobit 5-one-page
byIsmail aboulezz
 
Study Notes - COBIT 5 Foundation Certification
byWAJAHAT IQBAL
 
cobit-2019 introduction overview for student
byssusercf2d3e
 
Cobit5 laminate
byclaudiocj7
 
CoBIT 5 (A brief Description)
bySam Mandebvu
 
COBIT 5 IT Governance Model: an Introduction
byaqel aqel
 
Cobit 5 - An Overview
byAnurag Purohit
 
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
byssuserd1791e
 
COBITlaminate_online_RD3 introduction overview
byssusercf2d3e
 
COBIT
byERUMSULAYMAN1
 
IT frameworks
bycyouss
 
Frameworks For Predictability
bytlknecht
 
COBIT5-IntroductionS
bysamaila istifanus Amlai
 
COBIT 5 Basic Concepts
bySpyros Ktenas
 
Cobit5 introduction
byMarkus Yaldu
 
It governance & cobit 5
byLaddawan Rattanaruang
 
Cobit 5 Business Framework -Governance and Management of Enterprise IT
byBalasubramanian.C PMP®,ITIL®,PRINCE2®,COBIT®5
 
Cobit5
byISACA-Istanbul
 
Cobit5 introduction
byTatto Sugiopranoto
 
Cobit5 owerwiev and implementation proposal
byEmilio Gratton
 

More from Ameur BENTOUTA

PPTX
Soutenance.pptx
byAmeur BENTOUTA
 
PDF
lentreprise-digitale.pdf
byAmeur BENTOUTA
 
PPTX
Introducing_SAFe_for_Lean_Enterprises-1.pptx
byAmeur BENTOUTA
 
PPTX
From ITIL to eTOM Gluing Together the eProcess Value Chain In Mixed CivilMili...
byAmeur BENTOUTA
 
PPTX
Transformation-Roadmap-.pptx
byAmeur BENTOUTA
 
PDF
EA archi it.pdf
byAmeur BENTOUTA
 
PDF
architecturedentrepriseeacite.pdf
byAmeur BENTOUTA
 
PDF
Entreprise Digital .pdf
byAmeur BENTOUTA
 
PPT
it gouv 2022.ppt
byAmeur BENTOUTA
 
PPT
Gouvernance IT.ppt
byAmeur BENTOUTA
 
PPT
DSI As A services.ppt
byAmeur BENTOUTA
 
PPTX
ANAP-Kit_Accompagner_le_changement.pptx
byAmeur BENTOUTA
 
PDF
DevOps-Infographie-Quadran.pdf
byAmeur BENTOUTA
 
Soutenance.pptx
byAmeur BENTOUTA
 
lentreprise-digitale.pdf
byAmeur BENTOUTA
 
Introducing_SAFe_for_Lean_Enterprises-1.pptx
byAmeur BENTOUTA
 
From ITIL to eTOM Gluing Together the eProcess Value Chain In Mixed CivilMili...
byAmeur BENTOUTA
 
Transformation-Roadmap-.pptx
byAmeur BENTOUTA
 
EA archi it.pdf
byAmeur BENTOUTA
 
architecturedentrepriseeacite.pdf
byAmeur BENTOUTA
 
Entreprise Digital .pdf
byAmeur BENTOUTA
 
it gouv 2022.ppt
byAmeur BENTOUTA
 
Gouvernance IT.ppt
byAmeur BENTOUTA
 
DSI As A services.ppt
byAmeur BENTOUTA
 
ANAP-Kit_Accompagner_le_changement.pptx
byAmeur BENTOUTA
 
DevOps-Infographie-Quadran.pdf
byAmeur BENTOUTA
 

Recently uploaded

PPTX
Control system Basics, MODEL-BASED SYSTEM DESIGN, Easy understanding,
byBhagavathyP
 
PPT
Bench_fitting_tool_mechanical_workshop.ppt
byhussain138524
 
PDF
Detection and Prevention of attacks due to keylogger spyware.pdf
byBhaskar rao
 
PPT
Unit - IMETAL CUTTING MACHINING PROCESS.ppt
byPraveen Kumar
 
PDF
Certified Cloud Security Professional (CCSP): Unit 6
byVICTOR MAESTRE RAMIREZ
 
PDF
Best Popular Sites to Buy Verified Binance Accounts Are ....pdf
byusaold smm1
 
PDF
2nd International Conference on AI, Machine Learning and Data Science (AIMDS ...
byIJDKP
 
PDF
kubernets: Kubernetes (often abbreviated as K8s) is an open-source platform f...
bysafaetulahasan1
 
PDF
Notes for Data Structures and Algorithms
byiambhaskaraiii
 
PPTX
network and communication on focus ppt .
bySakshiMarakana
 
PDF
Certified Cloud Security Professional (CCSP): Unit 5
byVICTOR MAESTRE RAMIREZ
 
PDF
Drone Supported by modular optical systems
bymkevinfahlevi445
 
PDF
USING GEN AI AGENTS WITH GAE AND VAE TO ENHANCE RESILIENCE OF US MARKETS
byrinzindorjej
 
PPTX
Why Did The submarine Kursk Sink? What went wrong?
byBob Mayer
 
PPTX
906186982-SIH-2024-Winning-PPT.pptx sih winning
byrahul320raaz
 
PDF
What is Surface Mount Technology (SMT).pdf
bysproworkstech
 
PPT
P N Junction Diode Theory 1111111111.ppt
byHarshal Vaidya
 
PPTX
an overview to software engineering.pptx
by1111287
 
PPTX
Exploring Parallel Programming Models for Matrix Computation .pptx
byShovan Prita Paul .
 
PPTX
Presentation¹11111111111111111111111.pptx
byluvdarven
 
Control system Basics, MODEL-BASED SYSTEM DESIGN, Easy understanding,
byBhagavathyP
 
Bench_fitting_tool_mechanical_workshop.ppt
byhussain138524
 
Detection and Prevention of attacks due to keylogger spyware.pdf
byBhaskar rao
 
Unit - IMETAL CUTTING MACHINING PROCESS.ppt
byPraveen Kumar
 
Certified Cloud Security Professional (CCSP): Unit 6
byVICTOR MAESTRE RAMIREZ
 
Best Popular Sites to Buy Verified Binance Accounts Are ....pdf
byusaold smm1
 
2nd International Conference on AI, Machine Learning and Data Science (AIMDS ...
byIJDKP
 
kubernets: Kubernetes (often abbreviated as K8s) is an open-source platform f...
bysafaetulahasan1
 
Notes for Data Structures and Algorithms
byiambhaskaraiii
 
network and communication on focus ppt .
bySakshiMarakana
 
Certified Cloud Security Professional (CCSP): Unit 5
byVICTOR MAESTRE RAMIREZ
 
Drone Supported by modular optical systems
bymkevinfahlevi445
 
USING GEN AI AGENTS WITH GAE AND VAE TO ENHANCE RESILIENCE OF US MARKETS
byrinzindorjej
 
Why Did The submarine Kursk Sink? What went wrong?
byBob Mayer
 
906186982-SIH-2024-Winning-PPT.pptx sih winning
byrahul320raaz
 
What is Surface Mount Technology (SMT).pdf
bysproworkstech
 
P N Junction Diode Theory 1111111111.ppt
byHarshal Vaidya
 
an overview to software engineering.pptx
by1111287
 
Exploring Parallel Programming Models for Matrix Computation .pptx
byShovan Prita Paul .
 
Presentation¹11111111111111111111111.pptx
byluvdarven
 

Cobit_5_Checklist.pdf

  • 1.
    Cobit 5 Checklist Cobitis a registered trademark by ISACA (http://www.isaca.org/) - Copyright 2013 - Minimarisk® Gmbh/Sàrl – www.minimarisk.com – Tel +41 44 586 45 00 1. Cobit Goals Cascade 1. Stakeholder Drivers Influence Stakeholder Needs; 2. Stakeholder Needs Cascade to Enterprise Goals; 3. Enterprise Goals Cascade to IT-related Goals; 4. IT-related Goals Cascade to Enabler Goals. 17 Generic and IT-related goals, distributed according Balance Score Card four dimensions (Financial, Customer, Internal, Learning/Growth). 2. Principles of Cobit Cobit is based on 5 key principles for governance and management of enterprise Information Technology. Principle 1 - Meeting Stakeholder Needs Principle 2 - Covering the Enterprise End-to-End Principle 3 - Applying a Single Integrated Framework Principle 4 - Enabling a Holistic Approach Principle 5 - Separating Governance from Management 3. Cobit Areas and Processes Cobit splits the processes into governance and management areas . These two areas contain a total of 5 domains with 3 letter names, and a total of 37 processes organized as follows: Governance of Enterprise IT x Evaluate, Direct and Monitor (EDM) – 5 processes Management of Enterprise IT x Align, Plan and Organise (APO) – 13 processes x Build, Acquire and Implement (BAI) – 10 processes x Deliver, Service and Support (DSS) – 6 processes x Monitor, Evaluate and Assess (MEA) - 3 processes Evaluate, Direct & Monitor (EDM) • EDM1 Set and Maintain the Governance Framework • EDM2 Ensure Value Optimisation • EDM3 Ensure Risk Optimisation • EDM4 Ensure Resource Optimisation • EDM5 Ensure Stakeholder Transparency Align, Plan & Organise (APO) • APO1 Define the Management Framework for IT • APO2 Manage Strategy • APO3 Manage Enterprise Architecture • APO4 Manage Innovation • APO5 Manage Portfolio • APO6 Manage Budget and Cost • APO7 Manage Human Resources • APO8 Manage Relationships • APO9 Manage Service Agreements • APO10 Manage Suppliers • APO11 Manage Quality • APO12 Manage Risk • APO13 Manage Security Build, Acquire & Implement (BAI) • BAI1 Manage Programmes and Projects • BAI2 Define Requirements • BAI3 Identify and Build Solutions • BAI4 Manage Availability and Capacity • BAI5 Manage Organisational Change Enablement Deliver, Service and Support • BAI6 Manage Changes • BAI7 Manage Change Acceptance and Transitioning • BAI8 Manage Knowledge • BAI9 Manage Assets • BAI10 Manage Configuration Deliver, Service & Support (DSS) • DSS1 Manage Operations • DSS2 Manage Service Requests and Incidents • DSS3 Manage Problems • DSS6 Manage Continuity • DSS5 Manage Security Services • DSS6 Manage Business Process Controls Monitor, evaluate & Assess (MEA) • MEA1 MEA Performance and Conformance • MEA2 MEA the System of Internal Control • MEA3 MEA Compliance with External Requirements
  • 2.
    Cobit 5 Checklist Cobitis a registered trademark by ISACA (http://www.isaca.org/) - Copyright 2013 - Minimarisk® Gmbh/Sàrl – www.minimarisk.com – Tel +41 44 586 45 00 4. Cobit Seven Enterprise Enablers 1. Principles, policies and frameworks are the vehicle to translate the desired behavior into practical guidance for day-to-day management. Internal and External Stakeholders. 2. Processes describe an organised set of practices and activities. Life cycle of a process; Governance and Management Processes. 3. Organisational structures describe RACI and roles. 4. Culture, ethics and behavior of individuals and of the enterprise are very often underestimated as a success factor in governance and management activities. 5. Information define its attributes: Physical (Carrier, Media); Empirical (User Interface); Syntactic (Language, Format); Semantic (Meaning); Type, Currency; Pragmatic (Use) Includes Retention, Status, Contingency, Novelty; and Social (Context) 6. Services, infrastructure and applications. Includes: reuse, buy-vs-build, agility, simplicity and openness. Definition of Architecture Principles, Architecture Viewpoints, and Service Levels. 7. People, skills and competencies are linked to people. Define Role Skill, Requirements, Skill Levels, Skill Categories and Skill Definitions. 5. Cobit Enabler dimensions 1. Stakeholders 2. Goals (Intrinsic quality [results, process according best practices, information is actual and true], contextual quality [fit for purpose, relevant, easy to apply, effectiveness], Access and security 3. Life cycle (Plan, Design, Build/Acquire/Create/ Implement, Use/Operate, Evaluate/Monitor, Update/Dispose) 4. Good practices 6. Process Capability Model and Levels Capability Model is now based on ISO/IEC 15504 (SPICE). • Level 0: Incomplete. The process is not implemented or fails to achieve its purpose; • Level 1: Performed (Informed). The process is implemented and achieves its purpose; • Level 2: Managed (Planned and monitored).The process is managed and results are specified, controlled and maintained; • Level 3: Established (Well defined). A standard process is defined and used throughout the organization; • Level 4: Predictable (Quantitatively managed). The process is executed consistently within defined limits • Level 5: Optimizing (Continuous improvement). The process is continuously improved to meet relevant current and projected business goals. 7. Process attributes The capability of processes is measured using process attributes. The international standard defines nine process attributes: 1.1 Process Performance 2.1 Performance Management 2.2 Work Product Management 3.1 Process Definition 3.2 Process Deployment 4.1 Process Measurement 4.2 Process Control 5.1 Process Innovation 5.2 Process Optimization. Each process attribute is assessed on a four-point (N-P-L-F) rating scale: • Not achieved (0 - 15%) • Partially achieved (>15% - 50%) • Largely achieved (>50%- 85%) • Fully achieved (>85% - 100%)
  • 3.
    © 2012-13 MaatConsulting Ltd www.maatconsulting.com COBIT is a registered trade mark of ISACA and the IT Governance Institute (ITGI) V1.3 Feb 2013 This is not an official COBIT publication and is not endorsed, sponsored, or otherwise affiliated with ISACA or ITGI. COBIT 5 Foundation Exam Revision on a page! Governance of Enterprise IT (GEIT) Enterprise = organisation = commercial (corporate) OR public sector OR not for profit Governance Objective: Value Creation from Benefits Realisation + Risk Optimisation+ Resource Optimisation Governance Scope = where governance applies: usually the enterprise, but can be just some assets GOALS CASCADE: Stakeholder Needs ! ! ! ! Enterprise Goals ! ! ! ! IT-related Goals ! ! ! ! Enabler Goals 5 Principles of COBIT 5 1. Meeting stakeholder needs 2. Covering the Enterprise end-to-end 3. Single integrated Framework 4. Holistic approach of 7 enterprise Enablers 5. Separating governance from management Memory aid: “Stakeholder FEES” 7 Enablers of COBIT 5 (i.e. Governance Enablers) 1. Principles, policies and frameworks 2. Processes 3. Organisational structures 4. Culture, ethics and behaviours 5. Information 6. Service infrastructure and applications 7. People skills and competencies Generic Governance Enablers Enabler Dimensions Stakeholders Internal & External Goals = expected outcome of enabler Intrinsic Quality (work well & provide results) Contextual Quality (Relevance, effectiveness) Accessibility & Security (of enablers + outcomes) Life Cycle Plan, Design, Build/Acquire/Create/Implement Use/Operate Evaluate/Monitor Update/Dispose Good Practices Practices Work Products (Inputs & Outputs) Enabler Performance Management Questions to be answered: Outcomes (Lag indicators) Are stakeholders’ needs addressed? Are enabler goals achieved? Functioning of enabler itself (Lead indicator) Is the enabler lifecycle managed? Are good practices applied? Information Enabler (Enabler 5) Intrinsic quality: Accuracy, Objectivity, Believability, Reputation Information layers Physical world (carrier/media), Empiric (User interface) Syntactic (code/language), Semantic (meaning) Pragmatic (use) Social world (e.g. contracts, law, culture) COBIT 5 Processes COBIT 5 Process Capability Assessment Model (PAM) 5 Domains = 37 processes Governance Evaluate, Direct & Monitor (EDM) Management Align, Plan & Organise (APO) – strategic Build, Acquire & Implement (BAI) – tactical Deliver, Service & Support (DSS) - operational Monitor, Evaluate & Assess (MEA) EDM(5) APO(13) BAI(10) DSS(6) MEA(3) Memory aid: Management domains are in alphabetic order. E is 5th letter in alphabet and EDM has 5 processes. In alphabetic order, Management processes get less by 3 or 4 0 Incomplete 1 Performed PA1.1 Process Performance 2 Managed PA2.1 Performance Management PA2.2 Work Product Management 3 Established PA3.1 Process Definition PA3.2 Process Deployment 4 Predictable PA4.1 Process Measurement PA4.2 Process Control 5 Optimising PA5.1 Process Innovation PA5.2 Process Optimisation COBIT 5 Implementation Lifecycle Phase 1 2 3 4 5 6 7 What are the drivers? Where are we now? Where do we want to be? What needs to be done? How do we get there? Did we get there? How do we keep the momentum going? Programme Management Initiate program Define problems & opportunities Define road map Plan programme Execute plan Realise benefits Review Effectiveness Change Enablement Establish desire to change Form implementation team Communicate outcome Identify role players Operate and use Embed new approaches Sustain Continual Improvement Lifecycle Recognise need to act Assess current state Define target state Build improvements Implement improvements Operate improvements Monitor and evaluate Memory aid: POP PICS Performance Attribute (PA)
  • 4.
    COBIT 5 Principles 1. Meeting Stakeholder Needs 5.Seperating Governance from Management 2. Covering the Enterprise End-to-end 3. Applying a Single Integrated Framework 4. Enabling a Holistic Approach Governance Objectives:Value Creation Benefits Realisation Resource Optimisation Risk Optimisation Stakeholder Needs Drive Culture thics and Behaviour rocesses Or ani ational Structures nformation Services nfrastructure and pplications eople Skills and Competencies Resources rinciples olicies and rame orks Enablers COBIT 5 Principles Value Creation Principles, policies and frameworks are the vehicle to translate the desired behaviour into practical guidance for day-to-day management. A process describes an organized set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals. Organizational structures are the key decision-making entities in an enterprise. Culture, ethics and behaviour of individuals and of the enterprise are very often underestimated as a success factor in governance and management activities. Information is pervasive throughout any organization and includes all information produced and used by the enterprise. Information is required for keeping the organization running and well governed, but at the operational level, information is very often the key product of the enterprise itself. Services, infrastructure and applications include the infrastructure, technology and applications that provide the enterprise with information technology processes and services. People, skills and competencies are linked to people and are required for successful completion of all activities and for making correct decisions and taking corrective actions. or o o e e ue Generate and rocess us ess rocess ransform ransform Drive Create rocesses Information Cycle Contextual Goals Relevancy Completeness Appropriateness Conciseness Consistency Understandability Ease of Manipulation D e f in e t a r g e t s t a t e As se ss cu rr en t st at e Recognise need to act Monitor and evaluate O p er at e an d m ea su re E m b ed n ew ap p ro ac h es Sustain Establish desire to change F o r m im p le m e n ta ti o n te a m O p e r a t e a n d u s e Identify role players C o m m u n i c a t e o u t c o m e Review effectiveness Initiate programme D e fi n e p ro b le m s a n d o p p o r tu n it ie s R e a li se b e n e fi ts E x e c u t e p l a n Plan programme D e f i n e r o a d m a p Programme management (outer ring) Change enablement (middle ring) Continual improvement life cycle (inner ring) Level 5 Level 4 Level 3 Level 2 Level 1 Level 0 Capability Dimension Process Dimension PA5.2 Continuous optimization PA5.1 Process innovation PA4.2 Process control PA4.1 Process measurement PA3.2 Process deployment PA3.1 Process definition PA2.2 Performance management PA2.1 Work product management PA1.1 Process performance BP : Base practices (Level 1) WP :Work products (Level 1) GP : Generic Practice (Levels 2 to 5 only) GR : Generic Resource (Not defined) GWP : Generic Work Product (Levels 2 to 5 only) EDM Evaluate, Direct, Monitor APO Align Plan and Organize BAI - Build,Acquire and Implement DSS Deliver, Service and Support MEA Monitor, Evaluate & Assess COBIT 5 Processes Process Attributes Level 1 to 5 Process Capability Attribute Indicators (PCAIs) Level 1 to 5 Process Performance Indicators COBIT 5 PCAIs Process Assessment Model Implementation Life Cycle Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; monitoring performance, compliance and progress against agreed direction and objectives. Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives © Copyright 2014 by Service Management Art Inc. All rights reserved. These materials include COBIT 5 & 4.1, which is used with the permission of ISACA. ©1996-2012 ITGI. COBIT is a registered trademark of the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). NOT FOR RESALE,Version 2.3 s u ce COB Val Risk B S Current Guidance and Contents Structure for uture Contents o e e se Content ilter for no led e Base COB roduct amil COB COB Online Collaborative nvironment COB rofessional Guides COB nabler Guides e u ce er s er r s r e or s nablers provide structure to the COB kno led e base Service Capabilities Skills and Competencies rinciples and olicies nformation Or ani ational Structures Culture thics Behaviour rocesses COB nablers Single Integrated Framework COB mplementation COB for nformation Securit COB for ssurance COB for Risk Other rofessional Guides Other nabler Guides COB : nablin nformation COB : nablin rocesses COB Online Collaborative nvironment COB COB nabler Guides COB rofessional Guides Product Family Benefits Reali ation Resource Optimi ation Risk Optimi ation o er ce ec e ue re o Governance nablers Governance Scope Ro es c es Re o s s Governance & Management • Intrinsic Quality • Contextual Quality (Relevance, Effectiveness) • Accessibility and Security • Plan • Design • Build/Acquire/ Create/Implement • Use/Operate • Evaluate/Monitor • Update/Dispose • Practices • Work Products (Inputs/Outputs) • Internal Stakeholders • External Stakeholders Stakeholders Goals Life Cycle Good Practices Enabler Dimension Enabler Performance Management Are Stakeholders Needs Addressed? Are Enabler Goals Achieved? Is Life Cycle Managed? Are Good Practices Applied? Metrics for Achievement of Goals (Lag Indicators) Metrics for Application of Practice (Lead Indicators) Enablers: Generic ana ement eedback Business Needs o er ce e e u e rec o or u Ru o or r se u c u re e e e er er ce u or rocesses or e e o er r se valuate Direct and onitor rocesses or o er ce o er r se ana e Operations ana e roblems ana e Continuit ana e Securit Services ana e Business rocess Controls ana e Service Re uests and ncidents ana e ro rammes and rojects ana e Re uirements Definition ana e Solutions dentification and Build ana e vailabilit and Capacit ana e Or ani ational Chan e nablement ana e Chan es ana e Chan e cceptance and ransitionin ana e no led e ana e ssets ana e Confi uration o or u e ssess onitor valuate and ssess erformance and Conformance onitor valuate and ssess the S stem of nternal Control onitor valuate and ssess Compliance ith ternal Re uirements ana e the ana ement rame ork ana e Strate ana e nterprise rchitecture ana e nnovation ana e ortfolio ana e Bud et and Costs ana e uman Resources ana e Relationships ana e Service reements ana e Suppliers ana e ualit ana e Risk ana e Securit nsure Governance rame ork Settin and aintenance nsure Benefits Deliver nsure Risk Optimi ation nsure Resource Optimi ation nsure Stakeholder ransparenc Key Areas Process Reference Model (PRM) O ners and Stakeholders Ro es c es Re o s s Governin Bod ana ement Operations and ecution nstruct and li n Report onitor Set Direction ccountable Dele ate Stakeholder Needs Benefits Realisation Resource Optimisation Risk Optimisation Cascade to Cascade to Influence Stakeholder Drivers (Environment, Technology Evolution, ...) Enterprise Goals IT-related Goals Enabler Goals Cascade to Goals Cascade COBIT 5 Foundation Overview proven experience • proven tactics • proven success For more information: Call:Toll Free 1 866 616 4195 Email: [email protected] C O B I T 5 E d i t i o n
  • 5.
    Enterprise Goal COBIT5 Processes Stakeholder value of business investments Portfolio of competitive products and services Managed business risk (safeguarding of assets) Compliance with external laws and regulations Financial transparency Customer-oriented service culture Business service continuity and availability Agile responses to a changing business environment Information-based strategic decision making Optimization of service delivery costs Optimization of business process functionality Optimization of business process costs Managed business change programmes Operational and staff productivity Compliance with internal policies Skilled and motivated people Product and business innovation culture Ensure Governance Framework Setting and Maintenance Ensure Beneits Delivery Ensure Risk Optimization Ensure Resource Optimization Ensure Stakeholder Transparency Manage the IT Management Framework Manage Strategy Manage Enterprise Architecture Manage Innovation Manage Portfolio Manager Budgets and Costs Manage Human Resources Manage Relationships Manage Service Agreements Manage Suppliers Manage Quality Manage Risk Manage Security Manage Programmes and Projects Manage Requirements Deinition Manage Solutions Identiication and Build Manage Availability and Capacity Manage Organizational Change Enablement Manage Changes Manage Change Acceptance and Transitioning Manage Knowledge Manage Assets Manage Coniguration Manage Operations Manage Service Requests and Incidents Mange Problems Manage Continuity Manage Security Services Manage Business Process Controls Monitor, Evaluate and Assess Performance and Conformance Monitor, Evaluate and Assess the System on Internal Controls Monitor, Evaluate and Assess Compliance with External Requirements 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 EDM01 EDM02 EDM03 EDM04 EDM05 APO01 APO02 APO03 APO04 APO05 APO06 APO07 APO08 APO09 APO10 APO11 APO12 APO13 BAI01 BAI02 BAI03 BAI04 BAI05 BAI06 BAI07 BAI08 BAI09 BAI10 DSS01 DSS02 DSS03 DSS04 DSS05 DSS06 MEA01 MEA02 MEA03 IT-related Goal Financial Customer Internal Learning and Growth Evaluate, Direct and Monitor Align, Plan and Organize Build, Acquire and Implement Deliver, Service and Support Monitor, Evaluate and Assess Financial 01 Alignment of IT and business strategy P P S P S P P S P S P S S ð P P S S S P P P S P S P P S S P P S S S S S S 02 IT compliance and support for business compliance with external laws and regulations S P P ð S S S P S S S P P S S P S S S P S S P P 03 Commitment of executive management for making IT-related decisions P S S S S S P S S ð P S S S P S S S S S S S S S S S S 04 Managed IT-related business risk P S P S P S S S ð S P S S S S S S S S S S P S P P P S S S P S S S P P P P P P P P P 05 Realized beneits from IT-enabled investments of services portfolio P P S S S S P S S ð S P S S S P P P S S S P P S S S S S S S S S S S S 06 Transparency of IT costs, beneits and risk S S P S P P ð S P P S P S S P S S S P P S P S S S Customer 07 Delivery of IT services in line with business requirements P P S S P S P S P S S S S ð P P S S P S P S S S S P P P P S S S P P P S P S S S P P P P S P P S S 08 Adequate use of applications, information and technology solutions S S S S S S S P S P S S ð S S S S S P S S S S S S S S S S S S P S P S S S S S S S S S S Internal 09 IT agility S P S S P P S S S P ð S P P S P P S S S P S S S S S S S P S S S S S S 10 Security and information, processing infrastructure and applications P P P P ð S P S S S S S P P S P S S S S S S P S S S S 11 Optimization of IT assets, resources and capabilities P S S P S P S S S ð S S P P S P P S S P S S S S S S S P S S S P P P P S S S P 12 Enablement and support of business processes by integrating applications and technology into business processes S P S S S S P S S S S ð S S S S S S P P S S S P S S S S 13 Delivery of programmes delivering beneits, on time, on budget, and meeting requirements and quality standards P S S S S S P ð S S S S S S S P S P S S S P P P S S S P S S S 14 Availability of reliable and useful information for decision making S S S S P P S ð S S S S S S S S P S S S P S S P S S S S P S S P P S S S S 15 IT compliance with internal policies S S P ð S P S P S S S S S S S S S S S S S S S S S P P S Learning and Growth 16 Competent and motivated business and IT personnel S S P S S P P S ð S S S P P S P S S S S S S S S S 17 Knowledge, expertise and initiatives for business innovation S P S P S S S S P ð S P S S S P P S P S P P S S S S S S S P S S P S S S S S S S S COBIT 5 Goals Cascade P S Primary Relationship Secondary Relationship Cascade to Cascade to Enterprise Goals IT-related Goals Process Goals
  • 6.
    COBIT® Poster Series #1 FreeResource Library www.goodelearning.com © Good e-Learning 2015. COBIT® is a Registered Trademark of ISACA Transforming Stakeholder Needs into Actions Good e-Learning Resources :: www.goodelearning.com/downloads @goodelearning /goodelearning /company/good-e-learning by Gregor Polančič The COBIT 5 goals cascade is the mechanism to translate stakeholder needs into speciic, actionable and customized enterprise goals, IT-related goals and enabler goals. This translation allows setting speciic goals at every level and in every area of the enterprise in support of the overall goals and stakeholder requirements, and thus efectively supports alignment between enterprise needs and IT solutions and services. Stakeholder Drivers Stakeholder Needs Enterprise Goals IT Related Goals Enabler Goals A stakeholder is anyone who has a responsibility for, an expectation from or some other interest in an enterprise. Stakeholder needs are inluenced by a number of drivers, e.g., organizational changes, business changes and technology changes. COBIT 5 deines 22 common internal stakeholder needs. How do I best build and structure my IT department? COBIT 5 deines 17 generic enterprise goals. Stakeholder value of business investments. Stakeholder value of business investments. COBIT 5 deines all goals according to Balances ScoreCard (BSC) dimensions. COBIT 5 deines 17 information and related technology (i.e. IT-related) goals. Transparency of IT costs, beneits and risk. Achieving IT-related goals requires the successful application and use of a number of enablers. Enablers are broadly deined as anything that can help to achieve the objectives of the enterprise. COBIT 5 contains a mapping between IT-related goals and the relevant COBIT 5 processes, which then contain related process goals. Value creation means realizing beneits at an optimal resource cost while optimizing risk. Drive Value Creation Common internal stakeholder needs and enterprise goals are interrelated. Enablers include processes, information, organizational structures, policies, culture, people, services, infrastructure, and applications. For each enabler a set of speciic goals can be deined in support of the IT-related goals. Inf uence Cascade to Realize Cascade to Realize Cascade to Realize Enterprise goals and IT-related goals are interrelated.
  • 7.
    Free Resource Library www.goodelearning.com ©Good e-Learning 2015. COBIT® is a Registered Trademark of ISACA registered in United States of America and other countries, www.isaca.org Good e-Learning Resources :: www.goodelearning.com/downloads @goodelearning /goodelearning /company/good-e-learning COBIT5® Poster Series #2 What drives IT Governance by Gregor Polančič and Boris Ovčjak GOVERNANCE AND MANAGEMENT OVER ENTERPRISE IT GOALS CASCADE ENABLERS Governance, as deined in the scope of COBIT 5, is driven by enablers. Enablers are factors that individually and collectively inluence whether something will work. In the case of COBIT 5 this refers to governance and management over enterprise IT. COBIT 5 Framework describes seven categories of enablers that are listed bellow. Some of the enablers are also enterprise resources that need to be managed and governed as well. Enablers are driven by the goals cascade, that are high level IT-related goals that deine what the diferent enablers should achieve. These enterprise goals for IT are used to formalise and structure the stakeholder needs. Enterprise goals can be linked to IT-related goals, and these can be achieved through the optimal use and execution of all enablers. PROCESSES Describe an organised set of practices and activities to achieve certain objectives. Produce a set of outputs and support of achieving overall IT-related goals. ORGANI- SATIONAL STRUCTURES Key decision-making entities in an enterprise. CULTURE, ETHICS AND BEHAVIOUR Often underestimated as a success factor in governance and management activities. PRINCIPLES, POLICIES AND FRAMEWORKS To achieve the main objectives of the enterprise, it must always consider an interconnected set of enablers. That is, that each enabler: • Needs the input of other enablers to be fully efective • Delivers output to the beneit of other enablers RESOURCES INFORMATION • Pervasive throughout any organisation. • Includes all information produced and used by the enterprise. • Required for keeping the organisation running and well governed. • Key product of the enterprise. SERVICES, INFRASTRUC- TURE AND APPLICATION PEOPLE, SKILL AND COMPETENCIES Linked to people and required to: • Successful completion of all activities • Making correct decisions • Taking corrective actions 2 5 3 6 4 7 1 PRACTICAL GUIDANCE DAY-TO-DAY MANAGEMENT TRANSLATE INFRA- STRUCTURE TECHNOLOGY ENTERPRISE APPLICATION Provide with information technology processing and services DESIRED BEHAVIOUR ENABLERS DIRECTLY INFLUENCE GOVERNANCE AND MANAGEMENT OVER ENTERPRISE IT.
  • 8.
    Free Resource Library www.goodelearning.com ©Good e-Learning 2015. COBIT® is a Registered Trademark of ISACA registered in United States of America and other countries, www.isaca.org Good e-Learning Resources :: www.goodelearning.com/downloads @goodelearning /goodelearning /company/good-e-learning COBIT5® Poster Series #3 Can We Separate Governance From Management? by Gregor Polančič and Boris Ovčjak In the scope of COBIT 5 there is a clear distinction between governance and management. Although they comprise diferent types of activities with diferent responsibilities, a set of interactions is required between governance and management to result in an eicient and efective governance system. To achieve that, COBIT 5 also advocates that enterprises implement governance and management processes such that key areas are covered. GOVERNANCE MANAGEMENT INTERACTION IS REQUIRED Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced agreed-on enterprise objectives to be achieved; setting direction through prioritisation and decision making; and monitoring performance and compliance against agreed-on direction and objectives Management plans, builds, runs and monitors activities in alignment with the direction set by governance body to achieve the enterprise objectives. INFORMATION Information used for evaluating, directing and monitoring enterprise IT is exchanged between governance and management as described in the process model inputs and outputs. CULTURE, ETHICS AND BEHAVIOUR Behaviour is a key enabler of good governance and management of the enterprise PROCESS There exist a distinction between governance and management processes, including specific sets of practices and activities for each. The process model also includes RACI charts, describing the responsibilities of different organisational structures and roles within the enterprise PRINCIPLES, POLICIES ANDFRAMEWORKS Principles, policies and frameworks are the vehicle by which governance decisions are institutionalized within the enterprise, and for that reason are an interaction between governance decisions and management. ORGANISATIONAL STRUCTURES In the scope of organisational structures the interaction takes place between the decisions taken by the governance structures and the decisions and operations implementing the former. PEOPLE, SKILLS AND COMPETENCIES Governance and management activities require different skill sets, but an essential skill for both governance body memebers and management is to understand both tasks and how they are different. SERVICES, INFRASTRUCTURE AND APPLICATIONS Services are required, supported by applications and infrastructure to provide the governance body with adequate information and to support governance activities of evaluating, setting direction and monitoring. ENABLER GOVERNANCE-MANAGEMENT INTERACTION PROCESS REFERENCE MODEL WITHIN GOVERNANCE AND MANAGEMENT KEY AREAS DIRECT Ensure Risk Optimisation Ensure Benefits Delivery Ensure Governance Framework Setting And Maintenance Ensure Stakeholder Transparency Ensure Resources Optimisation MANAGEMENT FEEDBACK GOVERNANCE MANAGEMENT ALIGN, PLAN AND ORGANISE BUILD ACQUIRE AND IMPLEMENT DELIVER, SERVICE AND SUPPORT MONITOR, EVALUATE AND ASSESS Manage the IT Management Framework Manage Programmers and Projects Manage Strategy Manage Requirements Definition Manage Operations Manage Enterprise Architecture Manage Knowledge Manage Service Requests and Incidents Monitor, Evaluate and Assess Performance and Conformance Manage Innovation Manage Availability and Capacity Manage Portfolio Manage Assets Manage Problems Manage Budget and Costs Manage Changes Manage Security Services Monitor, Evaluate and Assess the System of Internal Manage Suppliers Man. Solutions Identification and Builds Manage Quality Manage Risk Manage Human Resources Manage Configuration Manage Relationships Manage Change Acceptance and Transitioning Manage Continuity Manage Service Agreements Manage Organisational Change Enablement Manage Business Process Controls Monitor, Evaluate and Assess Compliance With External Requirements Manage Security BUSINESS NEEDS MONITOR EVALUATE
  • 9.
    ISACA COBIT® 5- Glossary (EN) 63 terms by miroslawdabrowski Like this study set? Create a free account to save it. Create a free account Create a free account accountable party (RACI) The individual, group or entity that is ultimately responsible for a subject matter, process or scope In a RACI chart, answers the question: Who accounts for the success of the task? accountability of governance Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against plans. In most enterprises, governance is the responsibility of the board of directors, under the leadership of the chairperson.
  • 10.
    Activity In COBIT,the main action taken to operate the process. Guidance to achieve management practices for successful governance and management of enterprise IT. Activities: - Describe a set of necessary and sufficient action-oriented implementation steps to achieve a Governance Practice or Management Practice - Consider the inputs and outputs of the process - Are based on generally accepted standards and good practices - Support establishment of clear roles and responsibilities - Are non-prescriptive and need to be adapted and developed into specific procedures appropriate for the enterprise alignment A state where the enablers of governance and management of enterprise IT support the goals and strategies of the enterprise application architecture Description of the logical grouping of capabilities that manage the objects necessary to process information and support the enterprise's objectives architecture board A group of stakeholders and experts who are accountable for guidance on enterprise architecture related matters and decisions, and for setting architectural policies and standards
  • 11.
    authentication The actof verifying the identity of a user and the user's eligibility to access computerised information Scope Note: Assurance: Authentication is designed to protect against fraudulent logon activity. It can also refer to the verification of the correctness of a piece of data. baseline architecture The existing description of the fundamental underlying design of the components of the business system before entering a cycle of architecture review and redesign benefits realisation One of the objectives of governance. The bringing about of new benefits for the enterprise, the maintenance and extension of existing forms of benefits, and the elimination of those initiatives and assets that are not creating sufficient value. business continuity Preventing, mitigating and recovering from disruption. The terms 'business resumption planning', 'disaster recovery planning' and 'contingency planning' also may be used in this context; they focus on recovery aspects of continuity, and for that reason the 'resilience' aspect should also be taken into account. business goal The translation of the enterprise's mission from a statement of intention into performance targets and results Business process control The translation of the enterprise's mission from a statemenThe policies, procedures, practices and organisational structures designed to provide reasonable assurance that a business process will achieve its objectives of intention into performance targets and results
  • 12.
    Chargeback The redistributionof expenditures to the units within a company that gave rise to them Scope Note: Chargeback is important because without such a policy, misleading views may be given as to the real profitability of a product or service, as certain key expenditures will be ignored or calculated according to an arbitrary formula. COBIT 1. COBIT 5: Formerly known as Control Objectives for Information and related Technology (COBIT); now used only as the acronym in its fifth iteration. A complete, internationally accepted framework for governing and managing enterprise information and technology (IT) that supports enterprise executives and management in their definition and achievement of business goals and related IT goals. COBIT describes five principles and seven enablers that support enterprises in the development, implementation, and continuous improvement and monitoring of good IT-related governance and management practices. Scope Note: Earlier versions of COBIT focused on control objectives related to IT processes, management and control of IT processes and IT governance aspects. Adoption and use of the COBIT framework are supported by guidance from a growing family of supporting products. (See www.isaca.org/cobit for more information.) 2. COBIT 4.1 and earlier: Formerly
  • 13.
    known as ControlObjectives for Information and related Technology (COBIT). A complete, internationally accepted process framework for IT that supports business and IT executives and management in their definition and achievement of business goals and related IT goals by providing a comprehensive IT governance, management, control and assurance model. COBIT describes IT processes and associated control objectives, management guidelines (activities, accountabilities, responsibilities and performance metrics) and maturity code of ethics A document designed to influence individual and organisational behaviour of employees by defining organisational values and the rules to be applied in certain situations. It is adopted to assist those in the enterprise called upon to make decisions understand the difference between 'right' and 'wrong' and to apply this understanding to their decisions. competence The ability to perform a specific task, action or function successfully
  • 14.
    consulted party (RACI)Refers to those people whose opinions are sought on an activity (two-way communication) In a RACI chart, answers the question: Who is providing input? Key roles that provide input. Note that it is up to the accountable and responsible roles to obtain information from other units or external partners, too; however, inputs from the roles listed are to be considered and, if required, appropriate action has to be taken for escalation, including the information of the process owner and/or the steering committee context The overall set of internal and external factors that might influence or determine how an enterprise, entity, process or individual acts Scope Note: Context includes: - Technology context - Technological factors that affect organization's ability to extract value from data - Data context - Data accuracy, availability, currency and quality - Skills and knowledge - General experience, and analytical, technical and business skills - Organization and cultural context - Political factors, and whether the organisation prefers data to intuition - Strategic context - Strategical objectives of the enterprise control The means of managing risk, including policies, procedures, guidelines, practices or organisational structures, which can be of an administrative, technical, management or legal nature. Also used as a synonym for safeguard or countermeasure.
  • 15.
    culture A patternof behaviours, beliefs, assumptions, attitudes and ways of doing things driver External and internal factors that initiate and affect how an enterprise or individuals act or change enterprise goal See Business goal enterprise governance A set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risk is managed appropriately and verifying that the enterprise's resources are used responsibly. It could also mean a governance view focussing on the overall enterprise; the highest-level view of governance to which all others must align. full economic life cycle A period of time during which material business benefits are expected to arise from, and/or during which material expenditures (including investments, running and retirement costs) are expected to be incurred by, an investment programme good practice A proven activity or process that has been successfully used by multiple enterprises and has been shown to produce reliable results governance The framework, principles and policies, structures, processes and practices, information, skills, culture, ethics, and behaviour to set direction and monitor compliance and performance of the enterprise aligned with the overall purpose and defined objectives. Governance defines accountability, responsibility and decision making (among other elements).
  • 16.
    governance/management practice Foreach COBIT process, the governance and management practices provide a complete set of high-level requirements for effective and practical governance and management of enterprise IT. They are statements of actions from governance bodies and management. governance enabler Something (tangible or intangible) that assists in the realization of effective governance governance framework A framework is a basic conceptual structure used to solve or address complex issues; an enabler of governance; a set of concepts, assumptions and practices that define how something can be approached or understood, the relationships amongst the entities involved, the roles of those involved, and the boundaries (what is and is not included in the governance system). Examples: COBIT and COSO's Internal Control—Integrated Framework governance of enterprise IT An asset that, like other important business assets, is essential to an enterprise's business. It can exist in many forms: printed or written on paper, stored electronically, transmitted by post or electronically, shown on films, or spoken in conversation. information An asset that, like other important business assets, is essential to an enterprise's business. It can exist in many forms: printed or written on paper, stored electronically, transmitted by post or electronically, shown on films, or spoken in conversation.
  • 17.
    informed party (RACI)Refers to those people who are kept up to date on the progress of an activity (one-way communication) In a RACI chart, answers the question: Who is receiving information? Roles who are informed of the achievements and/or deliverables of the task. To role in 'accountable', of course, should always receive appropriate information to oversee the task, as do the responsible roles for their area of interest. inputs and outputs The process work products/artefacts considered necessary to support operation of the process. They enable key decisions, provide a record and audit trail of process activities, and enable follow-up in the event of an incident. They are defined at the key management practice level, may include some work products used only within the process and are often essential inputs to other processes. The illustrative COBIT 5 inputs and outputs should not be regarded as an exhaustive list since additional information flows could be defined depending on a particular enterprise's environment and process framework. investment portfolio The collection of investments being considered and/or being made IT application Electronic functionality that constitutes parts of business processes undertaken by, or with the assistance of, IT IT goal A statement describing a desired outcome of enterprise IT in support of enterprise goals. An outcome can be an artefact, a significant change of a state or a significant capability improvement.
  • 18.
    IT service Theday-to-day provision to customers of IT infrastructure and applications and support for their use. Examples include service desk, equipment supply and moves, and security authorisations. management Entails the judicious use of means (resources, people, processes, practices, etc.) to achieve an identified end. It is a means or instrument by which the governance body achieves a result or objective. Management is responsible for execution within the direction set by the governance body. Management is about planning, building, organising and controlling operational activities to align with the direction set by the governance body, and reporting back on these activities. model A way to describe a given set of components and how those components relate to each other to describe the main workings of an object, system, or concept objective Statement of a desired outcome organisational structure An enabler of governance and of management. Includes the enterprise and its structures, hierarchies and dependencies. Example: Steering committee output See Inputs and outputs owner Individual or group that holds or possesses the rights of and the responsibilities for an enterprise, entity or asset, e.g., process owner, system owner policy Overall intention and direction as formally expressed by management
  • 19.
    principle An enablerof governance and of management. Comprises the values and fundamental assumptions held by the enterprise, the beliefs that guide and put boundaries around the enterprise's decision making, communication within and outside the enterprise, and stewardship - caring for assets owned by another. Example: Ethics charter, social responsibility charter process Generally, a collection of practices influenced by the enterprise's policies and procedures that takes inputs from a number of sources (including other processes), manipulates the inputs and produces outputs (e.g., products, services) Scope note: Processes have clear business reasons for existing, accountable owners, clear roles and responsibilities around the execution of the process, and the means to measure performance. process (capability) attribute ISO/IEC 15504: A measurable characteristic of process capability applicable to any process process capability ISO/IEC 15504: A characterization of the ability of a process to meet current or projected business goals process goal A statement describing the desired outcome of a process. An outcome can be an artefact, a significant change of a state or a significant capability improvement of other processes.
  • 20.
    programme and projectmanagement office (PMO) The function responsible for supporting programme and project managers, and gathering, assessing and reporting information about the conduct of their programmes and constituent projects quality Being fit for purpose (achieving intended value) RACI chart Illustrates who is responsible, accountable, consulted and informed within an organisational framework resource Any enterprise asset that can help the organisation achieve its objectives resource optimisation One of the governance objectives. Involves effective, efficient and responsible use of all resources - human, financial, equipment, facilities, etc. responsible party (RACI) Refers to the person who must ensure that activities are completed successfully In a RACI chart, answers the question: Who is getting the task done? Roles taking the main operational stake in fulfilling the activity listed and creating the intended outcome risk The combination of the probability of an event and its consequence (ISO/IEC 73) risk management One of the governance objectives. Entails recognising risk; assessing the impact and likelihood of that risk; and developing strategies, such as avoiding the risk, reducing the negative effect of the risk and/or transferring the risk, to manage it within the context of the enterprise's risk appetite. service catalogue Structured information on all IT services available to customers services See IT service
  • 21.
    skill The learnedcapacity to achieve predetermined results stakeholder Anyone who has a responsibility for, an expectation from or some other interest in the enterprise - e.g., shareholders, users, government, suppliers, customers and the public system of internal control The policies, standards, plans and procedures, and organisational structures designed to provide reasonable assurance that enterprise objectives will be achieved and undesired events will be prevented or detected and corrected value creation The main governance objective of an enterprise, achieved when the three underlying objectives (benefits realisation, risk optimisation and resource optimisation) are all balanced