COBIT – 5A Brief Overview

Anurag PurohitMILES Series

About Me ..

• Computer Engineer with Around 12 Yrs. of Experience in IT

• MS Software Systems – BITS Pilani, India

• ISACA Certified CISA Professional• Working With Saud Bahwan

Group-Muscat for Around 10 Yrs.• Experienced in Application

Developments, Project Management, Agile, BI

• Areas of Interest are Corporate Governance of Enterprise IT, IT Management, Risk, Compliance, QMS, IT Audit, Dashboards & Development of KPIs, KGIs & KRIs

• Can be contacted at purohitanu@gmail.com

References..

• ISACA.org• CISA Manual• CISM Manual• CRISC Manual• Various Publications of COBIT• ISO.org• PMI.org• Google.com and many other websites for diagrams, logos and

Pictures• IBM.com• Microsoft.com• Breach of copyright is totally unintentional and for knowledge

sharing purpose only.• View Presented in the Presentation are purely author’s

understanding of the subject. It may defer than the actual subject.

Let’s Start …

IT and it’s Implementation..

Some of the Exciting, NotableAnd Sometimes Confusing

Common Phrases and Challenging (or Alien) Terms Generally We Come Across

IT projects fail to deliver what they

promised

Restrictions in IT – Hurdle in

business strategyIT is not Available

%of critical business

processes Control cost of IT

Enough people, skill levels and performances

Assurance over IT Information is secured

IT projects fail to deliver what they

promised

Restrictions in IT – Hurdle in

business strategyIT is not available

%of critical business

processes

Efficient and resilient IT operation

Value from ITUser satisfaction

Levels and quality of IT Services

Are we exploiting new technologies for new strategic

opportunities

Structure my IT Dependency on

external providers

Management of outsourcing agreements

Control cost of IT Enough people, skill levels and performances

Assurance over IT

Information is secured

These are Some Common Concerns About

Management & Governance of

IT and Related Technologies

So..?

So What … There is a Solution

If You’re looking forward for the Solution…then Refer

Control Objectives for Information & Related Technologies

COBIT Is a

Business Framework for the

Governance & Management of

Enterprise IT

Generates Optimal Value from IT By

Benefit Realization

Risk Optimization

Based on

5Key Principles

Meeting Stakeholders Needs

Covering Enterprise End to End

Applying a Single Integrated Framework

Enabling a Holistic Approach

Separating Management From Governance

ARE You

StartingTheory???

No ..

Not TheoryBut Yes

It is Conceptand the Learning Path Will be

COBIT 5 Principles

Meeting Stakeholders Needs

Goals Cascade

Covering Enterprise End to End

Governance Enablers

Governance Scope

Roles, Activities and Relationships

Applying a Single Integrated Framework

Framework Integrator

Enabling a Holistic Approach

Enablers

Interconnected Enablers

Enabler Dimensions

Enabler’s Performance Management

Separating Management From Governance

Governance & Management

COBIT 5 Process Reference Model

So…

We Have Challenges

1 • Meeting Stakeholders Needs

2 • Covering Enterprise End to End

3• Applying a Single

Integrated Framework

4 • Enabling a Holistic Approach

5• Separating

Management From Governance

Means, If We Understand the Principles

Then We’ll be Able to Understand COBIT

So, Lets Start the

Journey …

Principle 1 Meeting Stakeholder’s Need

Stakeholder’s Need - Fear of Unknown

• What stakeholder needs?• Governance Objectives?• Enterprise Goals?• IT Goals?• Can I relate these goals with Governance Objectives?• Relation Between Enterprise Goals and IT Goals• Relation Between IT Goals and Process (or any Enablers'

Goal)• Relation Between Stakeholders Needs and Enterprise

Goals

This is How COBIT 5 Helps in Resolving

the Fear of Unknown…

What stakeholder needs? COBIT 5 Provides Generic S/H Needs Statements e.g.

Governance Objectives?COBIT 5 Provides 3 Standard Governance Objectives

Enterprise Goals? COBIT 5 Provides 17 Generic Enterprise Goals and their

relationship with Governance Objectives

IT Goals? COBIT 5 Provides 17 Generic IT Goals

Relation Between Enterprise Goals and IT GoalsCOBIT 5 Provides Mapping of Enterprise and IT Goals

Hence with COBIT 5•We can write an statement of Stakeholder’s Need from a give list of generic Stakeholder's Goals

•These Statements can be mapped with Selected Enterprise Goals

•Enterprise Goals Can be than Mapped with Selected IT Goals

•Subsequently, Enabler Goals (e.g. Processes) can be derived from the Selected IT Goals

This will Result in

A well defined link between Stakeholder’s Need with Process (or Enabler’s Goals) and in term

provide an assurance of IT alignment with Stakeholder’s Needs.

COBIT 5 Principles

• Meeting Stakeholders Needs• Covering Enterprise End to End• Applying a Single Integrated Framework• Enabling a Holistic Approach• Separating Management From Governance

Covering Enterprise End to End Means…

Seamless Integration of Enterprise Governance

With Enterprise IT Governance

i.e. covering all internal and external IT Services & business processes of the Enterprise

Seamless Integration of Enterprise Governance

With Enterprise IT Governance

Means Managed flow of

Information

COBIT 5 Treats Information as One of the Enabler

Information – An Enabler

• The COBIT 5 Allows every stakeholder to define their requirement for information and the information processing life cycle.

• Hence, connecting business and its need for adequate information and IT function in term supporting the business and context focus.

The Approach of the Governance is

Along with Governance Objectives, the COBIT 5 Provides

• Frameworks

• Principles

• Structures

• Processes & practices

• Service Capabilities (IT Infrastructure, applications etc.)

• people and Information

Governance Scope

• Enterprise, an entity or an asset

Governance of Roles, Activities and Relationships

COBIT 5 Principles

• Meeting Stakeholders Needs• Covering Enterprise End to End• Applying a Single Integrated Framework• Enabling a Holistic Approach• Separating Management From Governance

Means What ?

There are Many Recommended Standards, Frameworks

and Best Practices

Available in the Market

COBIT 5Aligns with Latest Relevant Standards and Frameworks

and hence can be Used as

The Primary or Umbrella FrameworkFor

Integrating Various Governance and Management

Frameworks

COBIT 5 Principles

• Meeting Stakeholders Needs• Covering Enterprise End to End• Applying a Single Integrated Framework• Enabling a Holistic Approach• Separating Management From Governance

Enabling Holistic Approach MeansGovern and Manage IT

on Enterprise Level

While Considering

Full end-to-end Business and IT Functional Areas

+IT Related Interests of All Stakeholders

(Internal and External)

COBIT 5 Achieve it By Means of

Enterprise Wide

Enablers

Enablers are factors that, Individually and/or Collectively

influence whether

Something will work

In our case it is Governance and Management

of Enterprise IT

Enablers are Driven by the

Goals Cascade. Higher Level

IT related goals define

what the different enablers

should achieve.

* Appendix and Other references are provided here from COBIT 5 reference.

COBIT 5 Describes 7

Different Categories of

Enablers

An Enterprise Must Consider Interconnected Enablers

For AchievingSystematic

Governance and Management

An Enabler Needs the i/p from other enabler to be fully effective i.e. process need info,

organizational structure needs skill and behavior

An Enabler Delivers o/p for the benefit of other enabler i.e. process deliver info, skill and

behavior make process sufficient

So..• When dealing with governance and

management of enterprise IT, good decisions can be taken only when this systematic nature of governance and management is taken into account.

• It means to deal with any stakeholder’s need, all interrelated enablers have to be analyzed for relevance and addressed if required.

Challenges With the Enablers

Is there a Common, Simple and Structured

way to deal with enablers?

How to allow an entity to manage its complex

interactions?

How to Facilitate successful outcome of

the enablers?

For this, in COBIT

All Enablers share a set of

Common Dimensions

This Set of Common Dimensions

• Provides a common, simple and structured way to deal with enablers

• Allow an entity to manage its complex interactions

• Facilitate successful outcome of the enablers

Deals with Actual Outcome of the Indicator

Deals with Functioning of Enablers

Enabler Example

Principles, Policies and Frameworks

Enabler Example

Process

Example: Enabler –ProcessJust for Reference

COBIT 5 Principles

• Meeting Stakeholders Needs• Covering Enterprise End to End• Applying a Single Integrated Framework• Enabling a Holistic Approach• Separating Management From Governance

Governance and Management

Two Disciplines

Encompasses Different Types of Activities, Require Different Organizational Structures and

Serve Different Purposes.

COBIT 5 Makes Clear Distinction Between Governance and Management

Governance

• Ensures that Stakeholder’s needs, conditions and options are evaluated to determine balanced, agreed-on-enterprise objectives to be achieved

• Sets directions through prioritization and decision making

• And monitors performance and compliance against agreed on direction and objectives.

Management

Plans, builds, runs and monitor activities in alignment with the direction set by the governance body to achieve enterprise

objectives

COBIT 5 Recommends that an Enterprise must Implement

Governance and Management Processes

Such that

all the Key Areas are Covered

Key Areas of Governance and Management

COBIT Provides

Process Reference ModelTo

Clearly Identify and Segregate Key Areas

in these Domains

COBIT 5 Process Reference Model

Defines and Describes (in detail)a Number of

Governance and Management Processes

Represents all of the Processes Normally found in an Enterprise Relating to IT Activities

• Provides a common reference model understandable to operational IT and business managers.

• A complete, comprehensive model, but it is not the only possible process model

• Allows an enterprise to define its own process set based on its structure and work culture

Process Reference Model Also

?Advantages of the Process Model

Incorporating an operational model and a common language for all parts of the

enterprise involved in IT activities is one of the most important and critical steps towards good

governance

The Process Model Framework

• Can be a critical tool in measuring and monitoring IT performance and Providing IT assurance

• Can help in establishing effective Communication with service providers and

• Helps in Integrating best management practices.

The Process Reference Model Divides the

Governance and Management Processes of Enterprise IT into

2 Main

Process Domains

Governance Domain

Contains Five Governance Processes

Within each process Evaluate, Direct and Monitor (EDM)

Practices are defined

Management Domain

Contains four domainsThese domains are in line with the

responsibility areas of Plan, Build, Run and Monitor (PBRM)

and Hence provides end-to-end coverage of IT.

The names of the domains are chosen in line with these main area designations, but contain more verbs to describe them:

– Align, Plan and Organise (APO)– Build, Acquire and Implement (BAI)– Deliver, Service and Support (DSS)– Monitor, Evaluate and Assess (MEA)

• Each domain contain number of processes

• Most of these processes require planning, Implementation, execution and monitoring activities

In total COBIT 5 Provide

a set of

37 Governance and Management

Processes

The details of all processes, according to the process model are included in “COBIT 5: Enabling Processes”

Thanks You may reach me at

purohitanu@gmail.com