2. AgendaAgenda
IT Governance
COBIT framework
Example - Cost Management Controls in IT Operations using
COBIT
About Technologics and Controls
3. IT Governance – Need?IT Governance – Need?
What is driving today’s businesses?
Assertive Stakeholders
Aggressive Competition
Emerging Regulations
Recessionary trends direct / indirect
Extremely high IT Dependence
Impacts
Enterprise GovernanceEnterprise Governance
4. IT Governance - AlignmentIT Governance - Alignment
Value Delivery
•Secure
•On Time
•Within Budgets
•Good Quality
•Reduce Expense
•Proven best
practices
Business Benefits
•Customer satisfaction
•Brand Loyalty
•Competitive advantage
•Profitability
Crux - Fill what's empty. Empty what's full. And scratch where
it itches. – Murphy’s law
5. Why COBIT?Why COBIT?
Better alignment based on business focus
Demonstrates management viewpoint and expectations
Clear ownerships and responsibilities based on
processes
Increasing acceptability with third parties and regulators
Eases IT Governance communication between
stakeholders and other parties
Fulfillment of the COSO requirements for IT control
environment
6. Lack of IT Governance makes it....Lack of IT Governance makes it....
Difficult to make a link to the business requirements
Complex to measure performance against the
requirements
Cumbersome to control activities using a generally
accepted process model
Difficult to identify the resources to be leveraged
A problem to define management control objectives
7. Use of COBIT – Practical ScenarioUse of COBIT – Practical Scenario
Uses are
Implement and Manage IT governance
Risk Assessment and Management
Defining KPI and KGI
Mapping to other standards
Customize controls
Provides direction and recommendations for weak
controls
Aid to implement ERP, BCP, BPR and other IT
projects
Implement Cost Savings on IT spend (Capex and
Opex)
Assessment of IT governance maturity
Demonstrate IT alignment (using Balance Score card)
8. COBIT – It is ImplementableCOBIT – It is Implementable
Based on self assessment
Very comprehensive yet flexible
Does not enforce COMPLETE implementation
Customizable
Easy to understand (Subject Matter Experts are
available)
Implementation maybe fast track, with help of tools
9. COBIT – Importance Vs Other standardsCOBIT – Importance Vs Other standards
Comprehensive for business requirements
Business operations completely dependent on IT
Business applications (ERP), workflows, resource sharing,
communication (chat, email,video conferencing) controls are all
logical controls
Approval and authorization – financial or non-financial is mostly
handled by logical controls
Confidentiality is primarily managed within technology
COBIT encompasses all aspects of IT Governance
Other standards where COBIT is useful
ITIL
SOX compliance
PCI-DSS
NIST
HIPAA
ISO27001
Others
10. COBITCOBIT – Other Standards– Other Standards
http://www.isaca.org/AMTemplate.cfm?Section=COBIT_Focus&Template=/ContentManagement/ContentDisplay.cfm&ContentID=31702
Common misunderstanding: We already have xyz standard, so we do
not need COBIT.
12. The following slides explain an example
of COBIT framework implementation.
The slides are prepared using the Meycor COBIT suite software tools.
Actual tool may also be demonstrated as necessary,
time and audience permitting.
Thanks.
14. COBIT – Key Objectives and ControlsCOBIT – Key Objectives and Controls
15. COBIT – Map Business objectives using Funnel ApproachCOBIT – Map Business objectives using Funnel Approach
4 Domains
34 Processes
(select applicable processes)
210 Control Objectives
(select from applicable objectives)
Controls
(Select / add / modify controls to
Suit your IT Governance needs)
* Equals =
4 Domains
22 processes
145 controls objectives
N Controls
* An example
23. COBIT – Tangible Cost Management–Tasks Manage / ComplyCOBIT – Tangible Cost Management–Tasks Manage / Comply
Verify and validate to ensure
compliance and success.
24. COBIT – Tangible Cost Management– Communicate ResultsCOBIT – Tangible Cost Management– Communicate Results
Proactive IT initiatives and operational improvements
Enhance credibility of the IT organization
Benefits
Tangibles
Current period vs previous period
% saving from alternate options
Forecast reduction in expense / ROI
Intangibles
Efficiency of operations
Reduced incidents
High uptime
Link to business objectives
Faster product launch
Timely service delivery
Increase in customers / revenue
25. COBIT – Map Business objectives using Funnel ApproachCOBIT – Map Business objectives using Funnel Approach
4 Domains
34 Processes
(select applicable processes)
210 Control Objectives
(select from applicable objectives)
Controls
(Select / add / modify controls to
Suit your IT Governance needs)
* Equals =
4 Domains
22 processes
145 controls objectives
N Controls
* An example
The funnel model can be used for
implementation of ERP, Other IT Projects,
Project Monitoring and controls,
Compliance checklists
26. Introduction : Technologics & ControlsIntroduction : Technologics & Controls
Founded in 2001
Based in New Delhi, India
Services: IT Audits, Risk Management consulting, Information
security assessment and management, IT Governance services,
compliance and related services.
Products: Sole reseller in India of DataSec S.R.L providing software
solutions based on COBIT / ISO27001 / COSO and other standards
27. COBIT – BenefitsCOBIT – Benefits
We offer our rich experience to meet your Business Requirements and Objectives in the IT
Audits, IT Governance, Risk, Security Awareness, CISA, CISM Training and IT Strategy
consulting areas.
Our specializations includes reviews of ERP, CBS, Information Architecture, IT Efficiency
and Effectiveness to deliver value amongst other things.
We have worked with Al Rajhi Takaful in KSA, Qatar Steel, WFP, WHO, UNOPS, Govt of
India and many other reputed companies across the world.
We shall be happy to discuss your requirements,
Look forward.
Sanjiv Arora
Contact us on +91 98102 93733 or email sa@tech-controls.com
www.tech-controls.com