Cobit as IT Management Best Practice Framework

COBIT as IT Management Best Practice
Framework

Adapted from Jan 2011
Management Update Seminar:
“Beyond IT Project Management: Advanced IT Management Best Practices”

Goh BoonNam
Institute of Systems Science

ISACA®, IT Governance Institute® and CobiT® are registered trademarks of ISACA, Use of these trademarks in this document does NOT imply any association, sponsorship, affiliation, or endorsement by ISACA.

ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 1
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/

What is COBIT?
 Control OBjectives for Information and related Technology

 International framework from ISACA (Information Systems
Control & Audit Association) and IT Governance Institute
 Helps maximise value of IT to business and minimise issues
such as those listed earlier

 Originally, more for monitoring/audit /risk assessment of IT
management processes
 Increasingly recognised as comprehensive framework of IT
Management best practices
■ Advises on WHAT to do
■ Some high-level of how to do

 Currently Version 4.1
COBIT References: http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx
http://www.isaca.org/Knowledge-Center/cobit/Pages/Downloads.aspx


Why COBIT?
 Why COBIT as IT Management Best Practice
Framework?
■ Comprehensive coverage of IT Management
■ Helps avoids issues such as:
• Strategic oversights
• Architecture oversights
• Implementation oversights
• Service Delivery oversights
• Governance oversights


Avoid Issue #1 – Strategic Oversight
 Past report from Director of Audit of a large
organisation:
■ no formal IT strategy exists which leads to
piecemeal development and absence of
monitoring and evaluation (of projects).
■ hence, additional expenditure had to be
incurred ….
■ systems cannot satisfy objectives

Reference: http://www.gov.mu/portal/site/auditsite/menuitem.afcc311f8d4ff832b4c3bb4e52a521ca/?content_id=a4ac207a78d48010VgnVCM100000ca6a12acRCRD


Avoid Issue #2 - Architecture oversights
 A leading European bank
■ struggled with a tangle of applications that
hampered its retail-banking operations
■ the lack of unifying standards created
difficulties in satisfying bank-wide business
requirements, such as speeding time to
market for a new banking services

Reference : https://www.mckinseyquarterly.com/Overhauling_banks_IT_systems_2554


IT Issue #3 - Implementation oversights
 Passport system in a European country:
■ half a million new passports couldn't be issued on
time
■ Passport Agency had brought in a new system
that was (not properly designed/developed and)
without sufficient testing and staff training
■ hundreds of people missed their holidays with
money in the millions spent in compensation for
staff overtime and umbrellas for the poor people
queuing in the rain for passports

Reference : http://www.zdnet.com/news/the-top-10-it-disasters-of-all-time/177729


IT Issue #4 - Service Delivery oversights
 Bank in a European country:
■ Online banking services, that had been in
operation for some time, suddenly went down
for nearly a week

Reference : http://www.computerweekly.com/blogs/management-matters/2010/07/has-the-private-sector-caught-the-public-sector-it-disease.html


IT Issue #5 - Governance oversights
 The Office of Inspector General (OIG) of the U.S. House
of Representatives (House) sought to improve IT activities
within the House.
■ A large number of the first audit reports issued by the OIG
addressed weaknesses in various IT operations of the
House - including the lack of policies and procedures (e.g.,
systems development life cycle), poor systems design and
development, the lack of planning and performance
measures, poor management of the mainframe and the lack
of adequate information security.

■ Management needed to take control of the situation and
establish clear roles and responsibilities…and adopt an IT
governance framework.

Reference : http://www.isaca.org/Knowledge-Center/cobit/Pages/US-House-of-Representatives.aspx


• Define a Strategic IT Plan
• Define the Information
COBIT - Overview Architecture
• Determine Technological
• Monitor and Evaluate IT Direction
Processes • Define the IT Processes,
• Monitor and Evaluate Internal Organization and Relationships
Control • Manage the IT Investment
• Ensure Regulatory Compliance • Communicate Management Aims
• Provide IT Governance and Direction
• Manage IT Human Resources
Monitor & Evaluate Plan & Organise
• Manage Quality
• Assess and Manage IT Risks
• Define and Manage Service • Manage Projects
Levels
• Manage Third-party Services
• Manage Performance and
Capacity Deliver & Support Acquire & Implement
• Identify Automated Solutions
• Ensure Continuous Service • Acquire and Maintain Application
• Ensure Systems Security Software
• Identify and Allocate Costs • Acquire and Maintain Technology
• Educate and Train Users Infrastructure
• Manage Service Desk and • Enable Operation and Use
Incidents • Procure IT Resources
• Manage the Configuration • Manage Changes
• Manage Problems • Install and Accredit Solutions and
• Manage Data Changes
• Manage the Physical
Environment
• Manage Operations


COBIT Components • Define a Strategic IT Plan
• Define the Information Architecture
PROCESSES • Determine Technological Direction
• Define the IT Processes, Organization and
Relationships
• Manage the IT Investment
• Communicate Management Aims and Direction
• Manage IT Human Resources
Monitor & Evaluate Plan & Organise • Manage Quality
• Assess and Manage IT Risks
• Manage Projects
• Programme Management Framework
• Project Management Framework
• Project Management Approach
• Stakeholder Commitment
Deliver & Support Acquire & Implement • Project Scope Statement
• Project Phase Initiation
• Integrated Project Plan
• Project Resources
• Project Risk Management
• Project Quality Plan
DOMAINS • Project Change Control
• Project Planning of Assurance Methods
• Project Performance Measurement, Reporting and
CONTROL Monitoring
• Project Closure
OBJECTIVES


COBIT Domains – Plan & Organise (PO)
Plan &
 Strategy / Architecture / Portfolio
■ Define a Strategic IT Plan
Monitor &
Evaluate Organise

■ Define the Information Architecture
■ Determine Technological Direction
Deliver & Acquire &
Support Implement

 Programme & Project Management
■ Manage Projects
 IT Organisation Management
■ Define the IT Processes, Organization and
Relationships
■ Manage the IT Investment
■ Communicate Management Aims and
Direction
Nb: Bold headings are
author’s own categorisation ■ Manage IT Human Resources
& are not part of COBIT
■ Manage Quality
■ Assess and Manage IT Risks


Plan & Organise (PO)
Strategic Pre-Project Development Production

IT Strategy /
Architecture /
Portfolio Management
Level of Work

IT
Programme Organisation
Management Management

Project
Management

Tactical

Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within PO.


COBIT Domains – Acquire & Implement (AI)

Monitor &
 Requirements & Feasibility
■ Identify Automated Solutions
Plan & Organise
Evaluate

Deliver &
Acquire &
 Design & Build
Support
Implement
■ Acquire and Maintain Application Software
■ Acquire and Maintain Technology
Infrastructure
 Test & Implement
■ Install and Accredit Solutions and Changes
■ Enable Operation and Use
 Changes
■ Manage Changes
author’s own categorisation
& are NOT part of COBIT
 Procurement Management
 Procure IT Resources

AI Relationship with PO
Pre-Project Development Production

IT Strategy / Architecture / Portfolio Management

Plan & Programme Management
Organise
(PO)
(Generic) Project Management

IT Systems Devt Life Cycle Mgt
Requirements & Design & Test &
Acquire & Feasibility Build Implement
Implement Manage (System-Related) Changes
(AI)
Procurement Management
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.


COBIT Domains – Deliver & Support
 Service Delivery
■ Define and Manage Service Levels Monitor &
Evaluate
Plan & Organise

■ Manage Third-party Services
■ Manage Performance and Capacity Deliver &
Acquire &
Implement

■ Ensure Continuous Service Support
■ Ensure Systems Security
■ Identify and Allocate Costs
 Service Support
■ Educate and Train Users
■ Manage Service Desk and Incidents
■ Manage the Configuration Nb: Bold headings are
■ Manage Problems & are not part of COBIT
■ Manage Data
■ Manage the Physical Environment
■ Manage Operations


DS Relationship with AI & PO
Pre-Project Development Production


Plan & Programme Management
Organise
(PO)

Acquire & Requirements &
Feasibility
Design &
Build
Test &
Implement
Implement Manage (System-Related) Changes
(AI)

Deliver & Service Delivery
Support
Service Support
(DS) Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.


COBIT Domains – Monitor & Evaluate
 Monitor & Evaluate Monitor &
Evaluate
■ Monitor and Evaluate IT Processes
Plan & Organise

■ Monitor and Evaluate Internal Control Deliver &
Support
Acquire &
Implement

■ Ensure Regulatory Compliance
 Direct
■ Provide IT Governance

& are not part of COBIT


COBIT Overview
ME Relationship with PO / AI / DS Measure &
Pre-Project Development Production Evaluate
(ME)

Plan &
Programme Management
Organise
(PO)
Measure &
Evaluate
IT
Organisation
Acquire & /
Management Requirements Design & Test &
Implement & Feasibility Build Implement
Direct
(AI) Manage (System-Related) Changes


Deliver &
Service Delivery
Support
(DS) Service Support

Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.


Other Elements of COBIT
 Besides
■ Domains
■ Processes
■ Control Objectives
 Some Key Elements
■ Management Guidelines
• roles and responsibilities
• goals and metrics
■ Maturity Model
■ Associated Toolkits (for ISACA members)
• Implementation Guide
• Assurance Guide


COBIT Mapping to Other Frameworks
P3O
TOGAF
PRINCE2
PMP
CITPM
CMMI
SCRUM
CBAP
COMIT
ISO20000
CISSP
ITIL Monitor &
Plan & Organise
CGEIT Evaluate
COBIT

Acquire &
Deliver & Support
Implement

Nb: Some of the other frameworks can map to more than one COBIT domain (eg. ITIL/COBIT) but for simplicity, only one domain is mapped here


Future of COBIT as IT Management
Framework – Draft COBIT v5


Future of COBIT as IT Management
Framework – Draft COBIT v5
 Some Key New Features
■ Explicit recognition of COBIT as covering
IT Management processes in addition to IT
Governance processes
■ Identification of degree of involvement of
IT and Business in the various processes
■ Enterprise Architecture (instead of
Information Architecture of prior versions)
■ Consolidation into one new “Manage the
IT Organisation” process those v4.1
processes that were for internal IT
organisation support - eg.
• Define IT Processes, Organization and
Relationships
• Communicate Management Aims and
Direction
• Manage IT Human Resources etc


For Further Information

Please refer to:
http://www.iss.nus.edu.sg/

Or email BoonNam Goh at:
issgbn@nus.edu.sg


The End


Cobit as IT Management Best Practice Framework

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (13)

Similar to Cobit as IT Management Best Practice Framework

Similar to Cobit as IT Management Best Practice Framework (20)

Recently uploaded

Recently uploaded (20)

Cobit as IT Management Best Practice Framework