Post on 16-Apr-2017
COBIT – 5A Brief Overview
Anurag PurohitMILES Series
About Me ..
• Computer Engineer with Around 12 Yrs. of Experience in IT
• MS Software Systems – BITS Pilani, India
• ISACA Certified CISA Professional• Working With Saud Bahwan
Group-Muscat for Around 10 Yrs.• Experienced in Application
Developments, Project Management, Agile, BI
• Areas of Interest are Corporate Governance of Enterprise IT, IT Management, Risk, Compliance, QMS, IT Audit, Dashboards & Development of KPIs, KGIs & KRIs
• Can be contacted at purohitanu@gmail.com
References..
• ISACA.org• CISA Manual• CISM Manual• CRISC Manual• Various Publications of COBIT• ISO.org• PMI.org• Google.com and many other websites for diagrams, logos and
Pictures• IBM.com• Microsoft.com• Breach of copyright is totally unintentional and for knowledge
sharing purpose only.• View Presented in the Presentation are purely author’s
understanding of the subject. It may defer than the actual subject.
Let’s Start …
IT and it’s Implementation..
Some of the Exciting, NotableAnd Sometimes Confusing
Common Phrases and Challenging (or Alien) Terms Generally We Come Across
IT projects fail to deliver what they
promised
Restrictions in IT – Hurdle in
business strategyIT is not Available
%of critical business
processes Control cost of IT
Enough people, skill levels and performances
Assurance over IT Information is secured
IT projects fail to deliver what they
promised
Restrictions in IT – Hurdle in
business strategyIT is not available
%of critical business
processes
Efficient and resilient IT operation
Value from ITUser satisfaction
Levels and quality of IT Services
Are we exploiting new technologies for new strategic
opportunities
Structure my IT Dependency on
external providers
Management of outsourcing agreements
Control cost of IT Enough people, skill levels and performances
Assurance over IT
Information is secured
These are Some Common Concerns About
Management & Governance of
IT and Related Technologies
So..?
So What … There is a Solution
If You’re looking forward for the Solution…then Refer
Control Objectives for Information & Related Technologies
COBIT Is a
Business Framework for the
Governance & Management of
Enterprise IT
Generates Optimal Value from IT By
Benefit Realization
Risk Optimization
Based on
5Key Principles
Meeting Stakeholders Needs
Covering Enterprise End to End
Applying a Single Integrated Framework
Enabling a Holistic Approach
Separating Management From Governance
ARE You
StartingTheory???
No ..
Not TheoryBut Yes
It is Conceptand the Learning Path Will be
COBIT 5 Principles
Meeting Stakeholders Needs
Goals Cascade
Covering Enterprise End to End
Governance Enablers
Governance Scope
Roles, Activities and Relationships
Applying a Single Integrated Framework
Framework Integrator
Enabling a Holistic Approach
Enablers
Interconnected Enablers
Enabler Dimensions
Enabler’s Performance Management
Separating Management From Governance
Governance & Management
COBIT 5 Process Reference Model
So…
We Have Challenges
1 • Meeting Stakeholders Needs
2 • Covering Enterprise End to End
3• Applying a Single
Integrated Framework
4 • Enabling a Holistic Approach
5• Separating
Management From Governance
Means, If We Understand the Principles
Then We’ll be Able to Understand COBIT
So, Lets Start the
Journey …
Principle 1 Meeting Stakeholder’s Need
Stakeholder’s Need - Fear of Unknown
• What stakeholder needs?• Governance Objectives?• Enterprise Goals?• IT Goals?• Can I relate these goals with Governance Objectives?• Relation Between Enterprise Goals and IT Goals• Relation Between IT Goals and Process (or any Enablers'
Goal)• Relation Between Stakeholders Needs and Enterprise
Goals
This is How COBIT 5 Helps in Resolving
the Fear of Unknown…
What stakeholder needs? COBIT 5 Provides Generic S/H Needs Statements e.g.
Governance Objectives?COBIT 5 Provides 3 Standard Governance Objectives
Enterprise Goals? COBIT 5 Provides 17 Generic Enterprise Goals and their
relationship with Governance Objectives
IT Goals? COBIT 5 Provides 17 Generic IT Goals
Relation Between Enterprise Goals and IT GoalsCOBIT 5 Provides Mapping of Enterprise and IT Goals
Hence with COBIT 5•We can write an statement of Stakeholder’s Need from a give list of generic Stakeholder's Goals
•These Statements can be mapped with Selected Enterprise Goals
•Enterprise Goals Can be than Mapped with Selected IT Goals
•Subsequently, Enabler Goals (e.g. Processes) can be derived from the Selected IT Goals
This will Result in
A well defined link between Stakeholder’s Need with Process (or Enabler’s Goals) and in term
provide an assurance of IT alignment with Stakeholder’s Needs.
COBIT 5 Principles
• Meeting Stakeholders Needs• Covering Enterprise End to End• Applying a Single Integrated Framework• Enabling a Holistic Approach• Separating Management From Governance
Covering Enterprise End to End Means…
Seamless Integration of Enterprise Governance
With Enterprise IT Governance
i.e. covering all internal and external IT Services & business processes of the Enterprise
Seamless Integration of Enterprise Governance
With Enterprise IT Governance
Means Managed flow of
Information
COBIT 5 Treats Information as One of the Enabler
Information – An Enabler
• The COBIT 5 Allows every stakeholder to define their requirement for information and the information processing life cycle.
• Hence, connecting business and its need for adequate information and IT function in term supporting the business and context focus.
The Approach of the Governance is
Along with Governance Objectives, the COBIT 5 Provides
• Frameworks
• Principles
• Structures
• Processes & practices
• Service Capabilities (IT Infrastructure, applications etc.)
• people and Information
Governance Scope
• Enterprise, an entity or an asset
Governance of Roles, Activities and Relationships
COBIT 5 Principles
• Meeting Stakeholders Needs• Covering Enterprise End to End• Applying a Single Integrated Framework• Enabling a Holistic Approach• Separating Management From Governance
Means What ?
There are Many Recommended Standards, Frameworks
and Best Practices
Available in the Market
COBIT 5Aligns with Latest Relevant Standards and Frameworks
and hence can be Used as
The Primary or Umbrella FrameworkFor
Integrating Various Governance and Management
Frameworks
COBIT 5 Principles
• Meeting Stakeholders Needs• Covering Enterprise End to End• Applying a Single Integrated Framework• Enabling a Holistic Approach• Separating Management From Governance
Enabling Holistic Approach MeansGovern and Manage IT
on Enterprise Level
While Considering
Full end-to-end Business and IT Functional Areas
+IT Related Interests of All Stakeholders
(Internal and External)
COBIT 5 Achieve it By Means of
Enterprise Wide
Enablers
Enablers are factors that, Individually and/or Collectively
influence whether
Something will work
In our case it is Governance and Management
of Enterprise IT
Enablers are Driven by the
Goals Cascade. Higher Level
IT related goals define
what the different enablers
should achieve.
* Appendix and Other references are provided here from COBIT 5 reference.
COBIT 5 Describes 7
Different Categories of
Enablers
An Enterprise Must Consider Interconnected Enablers
For AchievingSystematic
Governance and Management
An Enabler Needs the i/p from other enabler to be fully effective i.e. process need info,
organizational structure needs skill and behavior
An Enabler Delivers o/p for the benefit of other enabler i.e. process deliver info, skill and
behavior make process sufficient
So..• When dealing with governance and
management of enterprise IT, good decisions can be taken only when this systematic nature of governance and management is taken into account.
• It means to deal with any stakeholder’s need, all interrelated enablers have to be analyzed for relevance and addressed if required.
Challenges With the Enablers
Is there a Common, Simple and Structured
way to deal with enablers?
How to allow an entity to manage its complex
interactions?
How to Facilitate successful outcome of
the enablers?
For this, in COBIT
All Enablers share a set of
Common Dimensions
This Set of Common Dimensions
• Provides a common, simple and structured way to deal with enablers
• Allow an entity to manage its complex interactions
• Facilitate successful outcome of the enablers
Deals with Actual Outcome of the Indicator
Deals with Functioning of Enablers
Enabler Example
Principles, Policies and Frameworks
Enabler Example
Process
Example: Enabler –ProcessJust for Reference
COBIT 5 Principles
• Meeting Stakeholders Needs• Covering Enterprise End to End• Applying a Single Integrated Framework• Enabling a Holistic Approach• Separating Management From Governance
Governance and Management
Two Disciplines
Encompasses Different Types of Activities, Require Different Organizational Structures and
Serve Different Purposes.
COBIT 5 Makes Clear Distinction Between Governance and Management
Governance
• Ensures that Stakeholder’s needs, conditions and options are evaluated to determine balanced, agreed-on-enterprise objectives to be achieved
• Sets directions through prioritization and decision making
• And monitors performance and compliance against agreed on direction and objectives.
Management
Plans, builds, runs and monitor activities in alignment with the direction set by the governance body to achieve enterprise
objectives
COBIT 5 Recommends that an Enterprise must Implement
Governance and Management Processes
Such that
all the Key Areas are Covered
Key Areas of Governance and Management
COBIT Provides
Process Reference ModelTo
Clearly Identify and Segregate Key Areas
in these Domains
COBIT 5 Process Reference Model
Defines and Describes (in detail)a Number of
Governance and Management Processes
Represents all of the Processes Normally found in an Enterprise Relating to IT Activities
• Provides a common reference model understandable to operational IT and business managers.
• A complete, comprehensive model, but it is not the only possible process model
• Allows an enterprise to define its own process set based on its structure and work culture
Process Reference Model Also
?Advantages of the Process Model
Incorporating an operational model and a common language for all parts of the
enterprise involved in IT activities is one of the most important and critical steps towards good
governance
The Process Model Framework
• Can be a critical tool in measuring and monitoring IT performance and Providing IT assurance
• Can help in establishing effective Communication with service providers and
• Helps in Integrating best management practices.
The Process Reference Model Divides the
Governance and Management Processes of Enterprise IT into
2 Main
Process Domains
Governance Domain
Contains Five Governance Processes
Within each process Evaluate, Direct and Monitor (EDM)
Practices are defined
Management Domain
Contains four domainsThese domains are in line with the
responsibility areas of Plan, Build, Run and Monitor (PBRM)
and Hence provides end-to-end coverage of IT.
The names of the domains are chosen in line with these main area designations, but contain more verbs to describe them:
– Align, Plan and Organise (APO)– Build, Acquire and Implement (BAI)– Deliver, Service and Support (DSS)– Monitor, Evaluate and Assess (MEA)
• Each domain contain number of processes
• Most of these processes require planning, Implementation, execution and monitoring activities
In total COBIT 5 Provide
a set of
37 Governance and Management
Processes
The details of all processes, according to the process model are included in “COBIT 5: Enabling Processes”
Thanks You may reach me at
purohitanu@gmail.com