How COBIT 5 & BiSL address governance and management of information
-
Upload
mark-constable -
Category
Education
-
view
323 -
download
4
description
Transcript of How COBIT 5 & BiSL address governance and management of information
![Page 1: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/1.jpg)
APMG International Webinar
How COBIT® 5 & BiSL® address governance and management of information
Tuesday 16 December 2014 / 15:00 GMT (London, UK)
Presenters:Steven de Haes (Antwerp Management School)
Mark Smalley (ASL BiSL Foundation)
SUPPORTING WEBINAR RECORDING AVAILABLE AT: WWW.APMG-INTERNATIONAL.COM/WEBINARS
![Page 2: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/2.jpg)
Agenda
• Welcome & introduction– Mark Constable, APMG International
• How COBIT 5 & BiSL address governance and management of information– Steven de Haes, Antwerp Management School– Mark Smalley, ASL BiSL Foundation
• Q&A
• Further information
• Close
• Twitter @stevendehaes @marksmalley @APMG_Inter
![Page 3: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/3.jpg)
About APMG International
• Global examination & accreditation institute• Examination Institute (EI) for the AXELOS Global Best Practice
portfolio (ITIL® , PRINCE2® , MSP® , etc.)• Extensive portfolio of professional management certification schemes aimed
at improving business processes, capability and results• Complete portfolio of IT Service Management, Governance & Security
certifications • Work with key industry partners (e.g. AXELOS, ASL BiSL Foundation,
IAITAM, ISACA & itSMF) to develop and promote best practice• 300+ Accredited Training (ATOs) and Consulting (ACOs) organizations
with 1000+ approved trainers and consultants• 1000s of candidates every month• Full details at www.APMG-International.com
![Page 4: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/4.jpg)
Our IT/Cyber Portfolio…
![Page 5: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/5.jpg)
Your presenters…
Mark SmalleyThe IT Paradigmologist, Smalley.ITAmbassador-at-large, ASL BiSL FoundationASL BiSL Product Champion, APMG-InternationalBookStore Delivery Partner & Lead Trainer, GamingWorksInaugural member, Taking Service ForwardReviewer, COBIT 5 Enabling Information publication
Prof Dr Steven de HaesAssociate Professor in Information Technology Governance, Alignment and ValueUniversity of Antwerp - Antwerp Management SchoolChairman COBIT 5 IRM Task ForceAcademic Director Executive Master of IT Governance & Assurance Enterprise IT Architecture Information Technology Management
![Page 6: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/6.jpg)
The ‘knowing’ is high…
• Topics such as IT governance and business/IT alignment have been on the top-priority list of organizations the past decade. (SIM-CIOnet, 2014)
• Promising results: "Firms with superior IT governance have at least 20% higher profits...than firms with poor governance given the same strategic objectives." (Weill and Ross, 2004)
![Page 7: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/7.jpg)
But what about the ‘doing’?
I hate IT !
We hate IT too !
You get the IT that you
deserve!
![Page 8: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/8.jpg)
Too much IT…
• Due to the focus on ‘IT’ in the naming of the concept, the IT governance discussion mainly remained a discussion within IT.
• The Paradoxical Role of IT in Leading IT Governance
(De Haes & Van Grembergen, Enterprise Governance of IT: Achieving Alignment and Value, Springer, 2015)
![Page 9: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/9.jpg)
A shift towards Enterprise Governance of IT
Enterprise governance of IT (EGIT) is an integral part of corporate governance exercised by the Board overseeing the definition and implementation of processes, structures and relational mechanism in the organisation that enable both business and IT people to execute their responsibilities in support of business/IT alignment and the creation of business value from IT-enabled business investments.
(De Haes and Van Grembergen, 2015)
![Page 10: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/10.jpg)
Also in ISO...
Principles for “Corporate Governance of IT”1.Responsibility2.Strategy3.Acquisition4.Performance5.Conformance6.Human Behaviour
(ISO 38500)
![Page 11: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/11.jpg)
Also in COBIT 5
COBIT 5 provides a comprehensive framework that assists enterprises to achieve their objectives for the governance and management of enterprise IT. COBIT 5 enables IT to be governed and managed in a holistic manner for the whole enterprise, taking in the full end-to-end business and IT functional areas of responsibility, considering the IT-related interests of internal and external stakeholders.
(ISACA, 2012)
![Page 12: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/12.jpg)
Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.
COBIT 5: Principles
![Page 13: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/13.jpg)
COBIT 5: Principles
Enterprise Goals
IT related Goals
COBIT 5 Enablers
![Page 14: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/14.jpg)
COBIT 5 Enabling Processes
![Page 15: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/15.jpg)
• Guidance on the management of the “Information Enabler”
• Guidance on typical “Information Governance & Information Management” issues
COBIT 5 Enabling Information
![Page 16: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/16.jpg)
Guidance on the “Information Enabler”
![Page 17: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/17.jpg)
• Demand side/use of information• Big data, covering three areas: - Marketing situational awareness (variety of information) - Fraud detection (volume of information) - IT Predictive analytics (velocity of information)• Master and reference data management• End-user computing• Disintermediation• Regulatory compliance• Data privacy
Important Governance/Management Issues
![Page 18: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/18.jpg)
Mark SmalleyThe IT Paradigmologist, Smalley.ITAmbassador-at-large, ASL BiSL FoundationASL BiSL Product Champion, APMG-InternationalBookStore Delivery Partner & Lead Trainer, GamingWorksInaugural member, Taking Service ForwardReviewer, COBIT 5 Enabling Information publication
Prof Dr Steven de HaesAssociate Professor in Information Technology Governance, Alignment and ValueUniversity of Antwerp - Antwerp Management SchoolChairman COBIT 5 IRM Task ForceAcademic Director Executive Master of IT Governance & Assurance Enterprise IT Architecture Information Technology Management
Your presenters…
![Page 19: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/19.jpg)
• Demand side/use of information• Big data, covering three areas: - Marketing situational awareness (variety of information) - Fraud detection (volume of information) - IT Predictive analytics (velocity of information)• Master and reference data management• End-user computing• Disintermediation• Regulatory compliance• Data privacy
Important Governance/Management Issues
![Page 20: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/20.jpg)
Identify
Demand and Use
Mgmt AD/AM
Users ITSM
Benefit
Use
Demand
Supply
Consume
Provide
Evaluate
Apply
Specify
Develop
Deploy
Run
Support
Info Syst
![Page 21: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/21.jpg)
How well do your users use their information systems, apply the information and achieve business benefits?•Don’t know•Worse than average •About average •Better than average
POLL
![Page 22: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/22.jpg)
How well do your users use their information systems, apply the information and achieve business benefits?•Don’t know•Worse than average •About average •Better than average
Average ~ 3-5% productivity loss
POLL
![Page 23: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/23.jpg)
• Managers don’t know or don’t care
• Staff don’t know where to get help and learn more from co-workers than the service desk
Sources: • Ctrl Alt Delete: Lost productivity due to IT
problems and inadequate computer skills in the workplace, Van Deursen, A.J.A.M. & Van Dijk, J.A.G.M. (2012)
• Insight into IT skills (Dutch), Van Deursen, A.J.A.M. & Van Dijk, J.A.G.M. (2013)
Poor IT skills cause productivity losses, but users are left to their own devices
► 6-10% productivity loss is caused by IT, of which half by poor use
► 47% of managers have no insight into their staff’s IT skills
► 41% of managers consider their staff’s IT skills insufficient
► 35% of managers do not invest in formal improvement of IT skills
► 48% of staff take no initiative to improve IT skills, say managers
► 71% of staff are not monitored for adequate IT skills
► 25% of staff say their IT skills are insufficient
► 61% of staff are uncertain that IT help is available
► 59% of staff get help from co-workers► 44% of staff learn more from co-workers
than the helpdesk
![Page 24: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/24.jpg)
So what do people actually do with information?
![Page 25: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/25.jpg)
So what do people actually do with information?
![Page 26: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/26.jpg)
So what do people actually do with information?
![Page 27: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/27.jpg)
What guidance is there for demand and use?
COBIT®ISO 20000
ITIL®BiSL®
DMBOK
![Page 28: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/28.jpg)
• Process model ‘Business Information Management’• ‘Library’ of best practices from BiSL users• Implementation guidance• Publications (free and commercial)• Foundation level training by accredited partners• Certification by APMG• Origins in 1998, provided by ASL BiSL Foundation• Knowledge sharing community• Used by private and public organizations
Business Information Services Library
![Page 29: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/29.jpg)
Business•Fewer disruptions of service delivery to customers•Improved business productivity•Easier integration with another company during merger
Business-I&T•Better governance and (financial) management of I&T•Improved business satisfaction with I&T•Better alignment of I&T with business needs•Better response to users’ problems and requests•More improvement proposals from users
I&T•Fewer surprises in project planning•Projects more often on time and within budget•Lower I&T costs and risks •Fewer escalations
Reported benefits from using BiSLAnnual ASL BiSL Award
![Page 30: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/30.jpg)
Manage resources and quality
Define information
strategy
Organize information management
Change functionality
Supportuse
Use management Functionality management
Information strategyI-organization strategy
Connectingprocesses
ManagementProcesses
Connectingprocesses
Man
agin
gSt
rate
gic
Ope
ratio
nal
![Page 31: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/31.jpg)
Planning and resourcemanagement
Financialmanagement
Demandmanagement
Contract management
Use management Functionality management
Information strategyI-organization strategy
Connectingprocesses
Changemanagement
Transitionmanagement
End usersupport
Business datamanagement
Operational supplier
management
Specifyinformation
requirements
Design non-automated
informationsystems
Prepare transition
Review and testing
Establishbusiness process
developments
Establish information
chain developments
Establishtechnologicaldevelopments
ManagementProcesses
Connectingprocesses
Infor-mationcoor-
dination
Strategic user relationship
management
Strategic supplier
management
Define I-organization
strategy
Strategic information
partnermanagement
Informationlifecycle
management
Informationportfolio
management
Stra
tegi
cM
anag
ing
Ope
ratio
nal
![Page 32: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/32.jpg)
BiSL enhances COBIT® Enablers, and interfaces with ISO 20000, ITIL® etc.
I-Organization
Strategy Cluster CP
Information Strategy Cluster
Management processes
Use Mgt Cluster
CP Functionality Mgt
Cluster
Stra
tegi
c us
er r
elat
ions
hip
man
agem
ent
Stra
tegi
c su
pplie
r m
anag
emen
t
Def
ine
I-org
aniz
atio
n St
rate
gy
Stra
tegi
c in
form
atio
n pa
rtne
r m
anag
emen
t
Info
rmat
ion
Coor
dina
tion
Esta
blis
h In
form
atio
n Ch
ain
Dev
elpm
ents
Esta
blis
h Te
chno
logi
cal D
evel
opm
ents
Info
rmat
ion
Life
cycl
e M
anag
emen
t
Info
rmat
ion
Port
folio
Man
agem
ent
Esta
blis
h Bu
sine
ss P
roce
ss D
evel
opm
ents
Plan
ning
and
Res
ourc
e M
anag
emen
t
Fina
ncia
l Man
agem
ent
Dem
and
Man
agem
ent
Cont
ract
Man
agem
ent
End
Use
r Sup
port
Busi
ness
Dat
a M
anag
emen
t
Ope
ratio
nal S
uppl
ier
Man
agem
ent
Chan
ge M
anag
emen
t
Tran
sitio
n M
anag
emen
t
Spec
ify In
form
atio
n Re
quire
men
ts
Des
ign
non-
auto
mat
ed in
form
atio
n sy
stem
s
Revi
ew a
nd T
estin
g
Prep
are
Tran
sitio
n
Aan
tal B
iSL
proc
esse
n w
aarin
cob
it pr
oces
s ge
rege
ld k
an w
orde
n
Aan
tal g
emee
nsch
appe
lijke
act
ivit
eite
n
EDM
EDM01 Ensure Governance Framework Setting and Maintenance
0 0
EDM02 Ensure benefits delivery 3 3 6 3 12
EDM03 Ensure risk optimisation 0 0
EDM04 Ensure resource optimisation 5 4 2 9
EDM05 Ensure stakeholder transparency 3 1 3
APO
APO01 Ensure stakeholder transparency 9 8 8 3 1 1 6 30
APO02 Manage Strategy 5 3 11 11 5 5 35
APO03 Manage Enterprise Architecture 5 1 2 6
APO04 Manage Innovation 4 3 7 3 4 17
APO05 Manage Portfolio 5 1 7 2 4 15
APO06 Manage Budget and Costs 8 1 8
APO07 Manage Human Resources 15 1 15
APO08 Manage Relationships 5 5 1 9 1 1 6 22
APO09 Manage Service Agreements 5 1 5
APO10 Manage Suppliers 6 2 2 6 4 16
APO11 Manage Quality 3 1 3
APO12 Manage Risk 4 4 2 8
APO13 Manage Security 0 0
BAI
BAI01 Manage Programmes and Projects 9 9 4 1 4 23
BAI02 Manage Requirements Definition 3 2 3 2 7 1 6 18
BAI03 Manage Solutions Identification and Build 3 3 3 5 5 5 19
BAI04 Manage Availibility and Capacity 1 1 3 3 5
BAI05 Manage Organisational Change
Enablement 1 1 1
3 3
BAI06 Manage Changes 1 5 1 3 7
BAI07 Manage Change Acceptance and
Transitioning 2 2 1 3 6
5 14
BAI08 Manage Knowledge 1 1 1
BAI09 Manage Assets 0 0
BAI10 Manage Configuration 0 0
DSS
DSS01 Manage Operations 3 4 2 7
DSS02 Manage Service Requests and Incidents 8 1 8
DSS03 Manage Problems 1 1 1
DSS04 Manage Continuity 4 1 4
DSS05 Manage Sercurity Services 0 0
DSS06 Manage Business Process Controls 1 1 2 2
MEA
MEA01 Monitor, Evaluate and Asess Performance and Conformance
4 4 2 4
4 14
MEA02 Monitor, Evaluate and Asess the System of
Internal Control 1
1 1
MEA03 Monitor, Evaluate and Asess Compliance
With External Requirements
0 0
Aantal Cobit processen waaraan BiSL (enige) aandacht geeft 3 1 1 2 0 3 2 5 6 3 10 8 13 6 2 1 5 3 2 3 2 3 1
Aantal gemeenschappelijke activiteiten 17 6 8 13 0 10 6 33 30 9 44 42 24 22 9 1 14 8 3 11 6 9 6
![Page 33: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/33.jpg)
• Badly informed business decisions are hazardous and affect competitive advantage
• Misuse of systems or information undermines the analysis of costs and benefits in the business case
• When information or IT is handled badly, disclosure of sensitive information may accidentally occur
• Poor training leads to substantial productivity loss• Business users abandon poor solutions, causing
frustration with IT, unnecessary costs and other risks
Source: COBIT®5 Enabling Information
Don’t underestimate poor Demand & Use
![Page 34: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/34.jpg)
►COBIT 5 offers comprehensive and rigorous guidance for governing and managing information by using seven enablers
►COBIT Enabling Information refers to BiSL for more detailed guidance
►BiSL focuses on the processes involved in demand and use of information and related technology
►COBIT and BiSL can be used to create an effective way of working for individual organizations
Summary + Q&A
![Page 35: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/35.jpg)
Questions?
![Page 36: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/36.jpg)
• COBIT 5 Enabling Information, ISACA
• BiSL, A Framework for Business Information Management, Van Haren Publishing
• Steven de Haes @stevendehaes [email protected] www.antwerpmanagementschool.be
• Mark Smalley @marksmalley [email protected] www.aslbislfoundation.org
Further information
![Page 37: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/37.jpg)
Further information
• APMG International website:• www.APMG-International.com
• ASL BiSL Foundation website:• www.aslbislfoundation.org
• BiSL qualification scheme:• www.APMG-International.com/BISL
• COBIT 5 qualification scheme:• www.APMG-International.com/COBIT5
http://www.linkedin.com/company/apmg-international @APMG_Inter
![Page 38: How COBIT 5 & BiSL address governance and management of information](https://reader033.fdocuments.in/reader033/viewer/2022042817/559eaf661a28ab0a118b4846/html5/thumbnails/38.jpg)
International