Aucune remarque pour cette diapositive
Value creation means realizing benefits at an optimal resource cost while optimising risk. Benefits can take many forms, e.g., financial for commercial enterprises or public service for government entities.For each decision, questions should be asked: For whom are the benefits? Who bears the risk? What resources are required?
Every enterprise operates in a different context : external and internal factors, and requires customized governance and management systemStakeholder needs have to be transformed into an enterprise’s actionable strategy.The COBIT 5 goals cascade translates stakeholder needs into specific, actionable and customized enterprise goals, IT-related goals and enabler goals:Allows setting specific goals at every levelSupports alignment between enterprise needs and IT solutions and servicesIdentifies and communicate how enablers are important to achieve enterprise goals Each enterprise should build its own goals cascade, compare it with COBIT and then refine it.
Means:Integrates governance of enterprise IT into enterprise governance.Covers all functions and processes related to IT (internal and external, IT and business).Governance approach:Enablers (frameworks, principles, structures, processes, practices, resources, people, information, …)Scope (enterprise [COBIT 5], entity, tangible or intangible asset, …)Roles, activities and relationships (who is involved, how they are involved, what they do, how they interact)
COBIT 5 framework delivers to its stakeholders the most complete and up-to-date guidance on governance and management of enterprise IT by:New content development (COBIT+VALIT+RISK IT, needed updates, alignment to other standards and framework (ITIL, ISO, TOGAF, …))Set of governance and management enablersCOBIT 5 knowledge base with all guidance and contentReference of good practices
Enablers are factors that influence whether governance and management over enterprise IT will work. They are driven by the goals cascade.Principles, policies and frameworks are the vehicle to translate the desired behaviour into practical guidance for day-to-day management.Processes describe an organised set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals.Organisational structures are the key decision-making entities in an enterprise.Culture, ethics and behaviourof individuals and of the enterprise are very often underestimated as a success factor in governance and management activities.Information is pervasive throughout any organisation and includes all information produced and used by the enterprise.Services, infrastructure and applications provide the enterprise with information technology processing and services.People, skills and competencies are required for successful completion of all activities and for making correct decisions and taking corrective actions.
Set of common dimensions: simple and structured way to deal with enablers.Enablers dimensionsEnablers have:Stakeholders: internal or externalGoals (expected outcomes, application or operation of the enabler): Intrinsic quality: work accurately, objectively, (accurate, objective, reputable results)Contextual quality: enablers and outcomes fit for purpose given the context. Outcomes are relevant, complete, current, appropriate, consistent, easy to use, …Access and security: enablers and outcomes are accessible and securedLife cycle: enablers have life cycleGood practices: how to best implement enablers, required inputs and outputsEnabler performance managementExpect positive outcomes from application and use of enablers. Monitoring and metrics on regular basis (see Enabling Processes):Are stakeholder needs addressed? (KGI - lag indicator)Are enabler goals achieved? (KGI - lag indicator)Is enabler life cycle managed? (KPI - lead indicator)Are good practices applied? (KPI - lead indicator)
Clear distinction between governance and management: different types of activities, require different organisational structures and serve different purposes.Governance: ensures that stakeholder needs are evaluated to determine enterprise objectives; setting direction through prioritisation and decision making; and monitoring performance and compliance against agreed-on direction and objectives.Responsibility of the board of directors under the leadership of the chairperson.Management: plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives.Responsibility of the executive management under the leadership of the CEO.
Defines and describes in detail 37 governance and management processes normally found in an enterprise relating to IT activities. Each enterprise must define its own process set, taking into account its specific situation.2 main process domains:Governance: Contains five governance processes; within each process, evaluate, direct and monitor (EDM) practices are defined.Management: Contains four domains, in line with plan, build, run and monitor (PBRM),and provides end-to-end coverage of IT. These domains are an evolution of the COBIT 4.1 domain and process structure:– Align, Plan and Organise (APO)– Build, Acquire and Implement (BAI)– Deliver, Service and Support (DSS)– Monitor, Evaluate and Assess (MEA)
Governance and management of enterprise IT will be different for every enterprise, context needs to be understood, adapt COBIT implementation of governance and management of enterprise IT enablers.Practical and guidance in publication “COBIT 5 Implementation”Supported by an implementation tool kit containing assessment, measurement and diagnostic tools, documentation for various audiences, articles and explanations.
Address complexity and challenges encountered during implementation.3 components of the life cycle are the:1. Continual improvement life cycle2. Enablement of change3. Management of the programmePhase 1: identifies desire to changePhase 2: defines scope of implementation or improvement initiative. Assessment of the current statePhase 3: set the targetPhase 4: creates business casesPhase 5: solution implemented into day-to-day practicesPhase 6: operate and monitor of benefitsPhase 7: review for continual improvement
Process maturity models used to measure the current maturity of an enterprise’s IT-related processes, to define a required state of maturity, and to determine the gap between them and how to improve the process to achieve the desired maturity level.COBIT 5 is based on ISO/IEC 15504 Software Engineering—Process Assessment standard.Different from the COBIT 4.1 maturity model in its design and use.
Assessing a process maturity:Assessment whether control objectives for the process were metObtain maturity profile of the process from maturity modelUse generic maturity model for the process to obtain detail view on maturity levelReview process controls
Differences:Cannot compare COBIT 4.1 and COBIT 5 capability scales. Meaning is different. Score in COBIT 5 will be lower.9 process attributes in ISO 15504. Not identical with COBIT 4.1 (overlap, map to a certain extent).Benefits of the changes:Improved focus on process to confirm it achieves purpose and delivers outcomes as expected.Simplified, more reliable and usable process assessment (COBIT 4.1 needed number of specific components)Compliance with process assessment standard.