"Introduction to IT Governance with CobiT 4.1 and CobiT Quickstart"
Use COBIT for IT SAVINGS
-
Upload
sanjiv-arora -
Category
Business
-
view
375 -
download
1
description
Transcript of Use COBIT for IT SAVINGS
![Page 1: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/1.jpg)
Introduction-Benefits Introduction-Benefits COBIT FrameworkCOBIT FrameworkWith ExampleWith Example
Sanjiv Arora, CISA, CISM, CGEIT
Principal Consultant
TECHNOLOGICS & CONTROLSProtecting the ABCs of your business.
![Page 2: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/2.jpg)
AgendaAgenda
IT Governance COBIT framework Example - Cost Management Controls in IT Operations using
COBIT About Technologics and Controls
![Page 3: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/3.jpg)
IT Governance – Need?IT Governance – Need?
What is driving today’s businesses?
Assertive StakeholdersAggressive CompetitionEmerging Regulations
Recessionary trends direct / indirectExtremely high IT Dependence
Impacts
Enterprise GovernanceEnterprise Governance
![Page 4: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/4.jpg)
IT Governance - AlignmentIT Governance - Alignment
Value Delivery
•Secure•On Time•Within Budgets•Good Quality•Reduce Expense•Proven best practices
Business Benefits
•Customer satisfaction•Brand Loyalty•Competitive advantage•Profitability
Crux - Fill what's empty. Empty what's full. And scratch where it itches. – Murphy’s law
![Page 5: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/5.jpg)
Why COBIT?Why COBIT?
Better alignment based on business focus Demonstrates management viewpoint and expectations Clear ownerships and responsibilities based on
processes Increasing acceptability with third parties and regulators Eases IT Governance communication between
stakeholders and other parties Fulfillment of the COSO requirements for IT control
environment
![Page 6: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/6.jpg)
Lack of IT Governance makes it.... Lack of IT Governance makes it....
Difficult to make a link to the business requirements Complex to measure performance against the
requirements Cumbersome to control activities using a generally
accepted process model Difficult to identify the resources to be leveraged A problem to define management control objectives
![Page 7: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/7.jpg)
Use of COBIT – Practical ScenarioUse of COBIT – Practical Scenario
Uses are Implement and Manage IT governance Risk Assessment and Management Defining KPI and KGI Mapping to other standards Customize controls Provides direction and recommendations for weak
controls Aid to implement ERP, BCP, BPR and other IT
projects Implement Cost Savings on IT spend (Capex and
Opex) Assessment of IT governance maturity Demonstrate IT alignment (using Balance Score card)
![Page 8: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/8.jpg)
COBIT – It is Implementable COBIT – It is Implementable
Based on self assessment Very comprehensive yet flexible Does not enforce COMPLETE implementation Customizable Easy to understand (Subject Matter Experts are
available) Implementation maybe fast track, with help of tools
![Page 9: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/9.jpg)
COBIT – Importance Vs Other standardsCOBIT – Importance Vs Other standards
Comprehensive for business requirements Business operations completely dependent on IT Business applications (ERP), workflows, resource sharing,
communication (chat, email,video conferencing) controls are all logical controls
Approval and authorization – financial or non-financial is mostly handled by logical controls
Confidentiality is primarily managed within technology COBIT encompasses all aspects of IT Governance
Other standards where COBIT is useful ITIL SOX compliance PCI-DSS NIST HIPAA ISO27001 Others
![Page 10: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/10.jpg)
COBITCOBIT – Other Standards – Other Standards
http://www.isaca.org/AMTemplate.cfm?Section=COBIT_Focus&Template=/ContentManagement/ContentDisplay.cfm&ContentID=31702
Common misunderstanding: We already have xyz standard, so we do not need COBIT.
![Page 11: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/11.jpg)
COBIT FrameworkCOBIT Framework
Source – ITGI presentation materials
![Page 12: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/12.jpg)
The following slides explain an example of COBIT framework implementation.
The slides are prepared using the Meycor COBIT suite software tools.
Actual tool may also be demonstrated as necessary, time and audience permitting.
Thanks.
![Page 13: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/13.jpg)
COBIT FrameworkCOBIT Framework
![Page 14: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/14.jpg)
COBIT – Key Objectives and ControlsCOBIT – Key Objectives and Controls
![Page 15: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/15.jpg)
COBIT – Map Business objectives using Funnel ApproachCOBIT – Map Business objectives using Funnel Approach
4 Domains
34 Processes(select applicable processes)
210 Control Objectives(select from applicable objectives)
Controls(Select / add / modify controls to Suit your IT Governance needs)
* Equals = 4 Domains22 processes145 controls objectives N Controls* An example
![Page 16: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/16.jpg)
COBIT – Processes and Controls – Tangible Cost ManagementCOBIT – Processes and Controls – Tangible Cost Management
Source - http://www.isaca.org/AMTemplate.cfm?Section=COBIT_Focus&Template=/ContentManagement/ContentDisplay.cfm&ContentID=47399
Cost Management Controls = Selected 10 processes
![Page 17: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/17.jpg)
COBIT – Processes and Controls – Excess Labour ManagementCOBIT – Processes and Controls – Excess Labour Management
Too many cooks….!
![Page 18: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/18.jpg)
COBIT – Assessment and gaps – Tangible Cost ManagementCOBIT – Assessment and gaps – Tangible Cost Management
![Page 19: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/19.jpg)
COBIT – Tangible Cost Management – Concerns / SavingCOBIT – Tangible Cost Management – Concerns / Saving
Cont’d
![Page 20: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/20.jpg)
COBIT – Tangible Cost Management – Concerns / SavingCOBIT – Tangible Cost Management – Concerns / Saving
![Page 21: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/21.jpg)
COBIT – Tangible Cost Management – Recommendation – DS2COBIT – Tangible Cost Management – Recommendation – DS2
Customize recommendations according to business objectives.
![Page 22: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/22.jpg)
COBIT – Tangible Cost Management–Tasks/linked RecommendationCOBIT – Tangible Cost Management–Tasks/linked Recommendation
![Page 23: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/23.jpg)
COBIT – Tangible Cost Management–Tasks Manage / ComplyCOBIT – Tangible Cost Management–Tasks Manage / Comply
Verify and validate to ensure compliance and success.
![Page 24: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/24.jpg)
COBIT – Tangible Cost Management– Communicate ResultsCOBIT – Tangible Cost Management– Communicate Results Proactive IT initiatives and operational improvements Enhance credibility of the IT organization Benefits
Tangibles Current period vs previous period % saving from alternate options Forecast reduction in expense / ROI
Intangibles Efficiency of operations Reduced incidents High uptime Link to business objectives
Faster product launch Timely service delivery Increase in customers / revenue
![Page 25: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/25.jpg)
COBIT – Map Business objectives using Funnel ApproachCOBIT – Map Business objectives using Funnel Approach
4 Domains
34 Processes(select applicable processes)
210 Control Objectives(select from applicable objectives)
Controls(Select / add / modify controls to Suit your IT Governance needs)
* Equals = 4 Domains22 processes145 controls objectives N Controls* An example
The funnel model can be used for implementation of ERP, Other IT Projects,
Project Monitoring and controls, Compliance checklists
![Page 26: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/26.jpg)
Introduction : Technologics & ControlsIntroduction : Technologics & Controls
Founded in 2001 Based in New Delhi, India
Services: IT Audits, Risk Management consulting, Information security assessment and management, IT Governance services, compliance and related services.
Products: Sole reseller in India of DataSec S.R.L providing software solutions based on COBIT / ISO27001 / COSO and other standards
![Page 27: Use COBIT for IT SAVINGS](https://reader033.fdocuments.in/reader033/viewer/2022061222/54c042f24a795954368b45ba/html5/thumbnails/27.jpg)
COBIT – BenefitsCOBIT – Benefits
We offer our rich experience to meet your Business Requirements and Objectives in the IT Audits, IT Governance, Risk, Security Awareness, CISA, CISM Training and IT Strategy consulting areas.
Our specializations includes reviews of ERP, CBS, Information Architecture, IT Efficiency and Effectiveness to deliver value amongst other things.
We have worked with Al Rajhi Takaful in KSA, Qatar Steel, WFP, WHO, UNOPS, Govt of India and many other reputed companies across the world.
We shall be happy to discuss your requirements,Look forward. Sanjiv Arora
Contact us on +91 98102 93733 or email [email protected]