this presentation is extracted to one given recently to explain how I could help a University to align the teaching objectives to a required IT complete renovation. feel free to download but, please send me also a message and stay connected. maybe we have the same interest and we could share experiences
2. OUTLINE
1. NEED AND MEANING
2. MANAGEMENT SELECTION
3. COBIT FOCUS AREAS
4. COBIT FRAMEWORK
5. VALIT AT A GLANCE
6. RISKIT AT A GLANCE
7. COBIT PROCESS EXAMPLE
8. CONCLUSIONS
3. NEED AND MEANING
1. HOW TO EXPLOIT THE BENEFIT OF IT (IT VALUE) IN FAVOUR OF AN ENTERPRISE
2. HOW TO MANAGE IT ASSOCIATED RISKS (NON COMPLIANCE / CRITICAL
DEPENDENCIES)
3. HOW TO MAINTAIN THE CONTROL OVER VALUE AND RISK
IT Risks
IT
IT Value
Controls
IT Governance
4. NEED AND MEANING
IT Governance
RESPONSIBILITY CONSIST OF:
OF THE ― LEADERSHIP
EXECUTIVES ― ORGANISATIONAL STRUCTURES
AND ― PROCESSES
BOARD OF
DIRECTORS
ENTERPRISE’S IT MANAGEMENT
SUSTAIN AND EXTENDS
THE ORGANIZATION’S STRATEGIES & OBJECTIVES
6. MANAGEMENT SELECTION
what IT
management ?
COBIT Professional association with
95,000 constituents. Worldwide
(160) leader in IT governance,
control, security and assurance.
Offers the CISA, CISM, CRISC and
CGEIT certifications.
Controlled OBjectives for Information and related Technologies
7. MANAGEMENT SELECTION
IT Governance
ISACA
INTEGRATES ENTERPRISE’S IT
INSTITUTIONALISES SUPPORTS THE
GOOD PRACTISES BUSINESS OBJECTIVES
• linking to the business requirements
• Organising IT activities into a process model
COBIT • Identifying the major IT resources to be leveraged
• Defining the management control objectives
9. COBIT FOCUS AREAS
• STRATEGIC ALIGNMENT linkage of business and IT plans
defining, maintaining and validating the IT value proposition
aligning IT operations with enterprise operations.
• VALUE DELIVERY executing the value throughout the delivery cycle,
ensuring that IT delivers the promised benefits against the strategy,
optimising costs and proving the intrinsic value of IT.
• RESOURCE MANAGEMENT investment in – management of – critical IT resources:
applications, information, infrastructure and people.
Key issues optimisation of knowledge and infrastructure.
• RISK MANAGEMENT Requires : risk awareness by senior corporate officers, understanding
of the enterprise’s appetite for risk, understanding of compliance
requirements, transparency about the significant risks to the
enterprise and embedding of risk management responsibilities into
the organisation.
• PERFORMANCE MEASUREMENT Tracks and monitors strategy implementation, project
completion, resource usage, process performance and
service delivery, using, for example, balanced
scorecards that translate strategy into action to achieve
goals measurable beyond conventional accounting.
10. BUSINESS-FOCUSED COBIT
COBIT
• BASIC PRINCIPLE
• INFORMATION CRITERIA FRAMEWORK
• ALIGN BUSINESS GOALS TO IT GOALS
• ALIGN RESOURCE AND IT
ARCHITECTURE
PROCESS-ORIENTED
• 4 DOMAINS
• 34 IT PROCESSES
CONTROL-BASED
• 6 PROCESS CONTROLS
• 6 APPLICATION CONTROLS
MEASUREMENT-DRIVEN
• MATURITY SCALE
MATURITY LEVELS
MATURITY MODELS
12. COBIT FRAMEWORK – THE BUSINESS
INFORMATION CRITERIA
BUSINESS REQUIREMENT FOR INFORMATION
1. Effectiveness : information being relevant and pertinent to the business process as well as
delivery in a timely, correct, consistent and usable manner.
2. Efficiency : provision of information through the optimal (most productive and
economical) use of resources.
3. Confidentiality : protection of sensitive information from unauthorised disclosure.
4. Integrity : accuracy and completeness of information as well as validity in accordance
with business values and expectations.
5. Availability : information being available when required by the business process now and
in the future, safeguarding of necessary resources and associated capabilities.
6. Compliance : complying with the laws, regulations and contractual arrangements to which
the business process is subject.
7. Reliability : provision of appropriate information for management to operate the entity
and exercise its fiduciary and governance responsibilities.
13. COBIT FRAMEWORK – THE GOALS
DEFINING IT GOALS AND ENTERPRISE ARCHITECTURE FOR IT
25. COBIT FRAMEWORK – THE COBIT CUBE
THE THREE DIMENSIONS OF IT CONTROLLED MANAGEMENT
26. COBIT FRAMEWORK – THE GOVERNANCE MAPPING
HOW COBIT FRAMEWORK MAP IT GOVERNANCE FOCUS AREAS
27. IT GOVERNANCE FOCUS AREAS
COBIT
IT
Governance
Resource
Management
ValIT
BASED ON COBIT
28. ValIT VALIT AT A GLANCE 1
A COMPREHENSIVE APPROACH
• Many enterprises practice elements of Val IT already ™
• Val IT provides a consistent, repeatable and comprehensive
™
approach
• IT and business become equal shareholders because Val IT™ helps
management to answer these key questions:*
The strategic question The value question
The architecture question The delivery question
* Based on the Four ‘Area's as described by John Thorp in his book The Information Paradox, written jointly
with Fujitsu, first published in 1998 and revised in 2003
29. ValIT VALIT AT A GLANCE 2
DOMAINS AND PROCESSES
30. ValIT VALIT AT A GLANCE 3
CONTRIBUTION TO IT GOVERNANCE
31. IT GOVERNANCE FOCUS AREAS
COBIT
IT
Governance
Resource
Management
ValIT RiskIT
BASED ON COBIT BASED ON COBIT
32. RiskIT RISKIT AT A GLANCE 1
RISK AND OPPORTUNITY MANAGEMENT
33. RiskIT RISKIT AT A GLANCE 2
BUSINESS OBJECTIVE
34. RiskIT RISKIT AT A GLANCE 3
RISK IT’S THREE DOMAINS
RISKIT AT A GLANCE 3
35. RiskIT
RISKIT AT A GLANCE 4
RISKIT AT A GLANCE 3
RISK RESPONSE APPROACH
36. RiskIT RISKIT AT A GLANCE 4
RISKIT AT A CONTRIBUTION 5 IT GOVERNANCE
GLANCE TO
45. CONCLUSIONS
SOLUTION STRENGHT
1. UNIQUE SET OF TOOLS AND STANDARDIZED
DOCUMENTATION
2. VAST PARTECIPATION OF PROFESSIONALS
3. EXPANDIBILITY OF SCOPES
4. CONTINUOS UPDATE
5. LARGE SET OF CERTIFICATIONS
46. CONCLUSIONS
SOLUTION EASINESS
1. CLEAR GUIDANCES AND THOROUGH
EXPLANATIONS
2. PROCESSES ADAPTABILITY TO MANY
MANAGEMENT SOFTWARE
3. FACILITATE MIGRATION FROM OTHER
MANAGEMENT WORLDS
4. CONSISTENCY AMONG ISACA DOCUMENTATION
IT INFRASTRICTURE LIBRARYINTERNATIONAL STANDARD ORGANIZATION 2000 QUALITY MANAGEMENT SYSTEMS-REQUIREMENTS 27000INFORMATION SECURITY-RELATED STANDARDSPMBOK PROJECT MANAGEMENT BODY OF KNOWLEDGE
Certified Information Systems Auditor (CISA)Certified Information Security Manager (CISM)Certified in the Governance of Enterprise IT(CGEIT)Certified in Risk and Information Systems Control (CRISC)