1 / 9

COBIT Framework

COBIT Framework. Introduction. Problems with IT?. Increasing pressure to leverage technology in business strategies Growing complexity of IT environments Fragmented IT infrastructures Communication gap between business and IT managers

africa
Télécharger la présentation

COBIT Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COBIT Framework Introduction

  2. Problems with IT? • Increasing pressure to leverage technology in business strategies • Growing complexity of IT environments • Fragmented IT infrastructures • Communication gap between business and IT managers • IT service levels that are disappointing from internal IT functions and from increasingly outsourced IT providers • IT costs perceived to be out of control • Marginal ROI/productivity gains on technology investments • Impaired organisational flexibility and nimbleness to change • User frustration leading to ad hoc solutions

  3. IT Governance The purpose of IT governance is to direct IT endeavors, to ensure that IT’s performance meets the following objectives: • Alignment of IT with the enterprise and realisation of the promised benefits • Use of IT to enable the enterprise by exploiting opportunities and maximising benefits • Responsible use of IT resources • Appropriate management of IT-related risks

  4. Focus Areas of IT Governance

  5. Why do we need a Framework? • Increasing dependence on information and the systems that deliver this information • Increasing vulnerabilities and a wide spectrum of threats, such as cyberthreats and information warfare • Scale and cost of the current and future investments in information and information systems • The need to comply with regulations • The potential for technologies to dramatically change organisations and business practices, create new opportunities and reduce costs • Recognition by many organisations of the potential benefits that technology can yield

  6. Successful organisations understand and manage the risks associated with implementing new technologies. Firms need to ensure that - • IT provides value - Cost, time and functionality are as expected • IT does not provide surprises - Risks are mitigated • IT pushes the envelope - New opportunities and innovations for process, product and services

  7. Who Needs a Framework? • Board and Executive • To ensure management follows and implements the strategic direction for IT • Management • To make IT investment decisions • To balance risk and control investment • To benchmark existing and future IT environment • Users • To obtain assurance on security and control of products and services they acquire internally or externally • Auditors • To substantiate opinions to management on internal controls • To advise on what minimum controls are necessary

  8. COBIT Control Objectives for Information and related Technology (COBIT) is a set of best practices (framework) for IT management created by the Information systems audit and control association (ISACA), • Incorporates major international standards • Has become the de facto standard for overall control over IT • Starts from business requirements • Is process-oriented

  9. COBIT: Basics? • Starts from the premise that IT needs to deliver the information that the enterprise needs to achieve its objectives • Promotes process focus and process ownership • Divides IT into 34 processes belonging to four domains and provides a high-level control objective for each • Considers fiduciary, quality and security needs of enterprises, providing seven information criteria that can be used to generically define what the business requires from IT • Is supported by a set of over 300 detailed control objectives • Plan and Organise • Acquire and Implement • Deliver and Support • Monitor and Evaluate • Effectiveness • Efficiency • Availability • Integrity • Confidentiality • Reliability • Compliance

More Related