1 / 9

High level overview of COBIT 4.0

High level overview of COBIT 4.0.

ellette
Télécharger la présentation

High level overview of COBIT 4.0

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. High level overview of COBIT 4.0 IT governance relates to directing and controlling an enterprise’s information technology. Effective IT governance helps ensure that IT supports business goals, optimizes business investment in IT, and appropriately manages IT-related risks and opportunities.Page 5: Organizations should satisfy quality, fiduciary and security requirements for their information, as for all assets. Management should also optimize the use of available IT resources, including applications, information, infrastructure and people.

  2. Cobit 4.0 high level overview • To discharge these responsibilities, as well as to achieve its objectives, management should understand the status of its enterprise architecture for IT and decide what governance and control it should provide. Cobit contributes to the management need of establishing an internal control framework by: • Making a link to the business requirements. • Organizing IT activities into a generally accepted process model • Identifying the major IT resources to be leveraged • Defining the management control objectives to be considered.

  3. IT governance focus areas: • Strategic alignment: focuses on ensuring linkage of business and IT plans; on defining, maintaining and validating the IT value proposition; and on aligning IT operations with enterprise operations. • Value Delivering is about executing the value proposition throughout the delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimizing costs and proving the intrinsic value of IT. • Resource Management is about the optimal investment in, and the proper management of, critical IT resources, applications, information, infrastructure and people. Key issues relate to the optimization of knowledge and infrastructure. • Risk Management requires risk awareness by senior corporate officers, a clear understanding of the enterprise’s appetite for risk, understanding of compliance requirements, transparency about the significant risks to the enterprise, and embedding of risk management responsibilities into the organization. • Performance measurement tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery.

  4. Operational Management focus: • Operational management uses processes to organize and manage ongoing IT activities. COBIT provides a generic process model that represents all the processes normally found in IT functions, providing a common reference model understandable to operational IT and business managers. • To achieve effective governance, executives expect controls to be implemented by Operational managers within a defined control framework for all IT processes. COBIT’s IT control objectives are organized by IT processes; therefore framework provides a clear link among IT governance requirements, IT processes and IT controls. • COBIT is focused on what is required to achieve adequate management and control of IT, and is positioned at a high level.

  5. Management Guidelines: • Management guidelines provides tools to help assign responsibility, measure performance, and benchmark and address gaps in capability. The guidelines help provide answers to typical management questions: • How far should we go in controlling IT, and is the cost justified buy the benefit > what are the indicators for good performance ? What are the key management practices to apply ? What do others do ? How do we measure and compare.

  6. Summary of IT Activities • Plan and Organize: This domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to achievement of the business objectives. Furthermore, the realization of the strategic vision need to be planned, communicated and managed for different perspectives. Finally a proper organization as well as technological infrastructure should be put in place. • Acquire and Implement: To realize the IT strategy, It solutions need to identified, developed or acquired, as well as implemented and integrated into the business process. In addition, changes in and maintenance of existing systems are covered by this domain to make sure the solutions continue to meet business objectives. • Deliver and Support: This domain is concerned with actual delivery of required services, this includes service delivery, management of security and continuity, service support for users, and management of data and operational facilities. • Monitor and evaluate: All IT processes need to be regularly assessed for their quality and compliance with control requirements. This domain addresses performance management, monitoring of internal control, regulatory compliance and providing governance.

  7. Measurement-driven • A basic need for every enterprise is to understand the status of its own IT systems and to decide what level of management and control the enterprise should provide. Obtaining an objective view of an enterprise’s own performance level is challenging. What should be measured and how ? Enterprise should measure where they are and where improvement is required, and implement a management tool kit to monitor this improvement: • Cobit deals with these issues by providing: • Maturity models to enable benchmarking a identification of necessary capability improvements. • Performance goals and metrics for IT processes, demonstrating how processes meet business and IT goals and are used for measuring internal process performance based on balanced scorecard principles. • Activity goals for enabling effective process performance.

  8. Maturity Models • Maturity modeling for management and control over IT processes is based on a method of evaluating the organization, so it can evaluate itself from a level of non-existent (0) to optimized (5). The maturity models are designed as profiles of the IT processes tat an enterprise would recognize as descriptions of possible current and future states. Using the maturity models developed for each of the COBIT’s 34 IT processes, management can identify: • The actual performance of the enterprise – where the enterprise is today. • The current status of the industry – the comparison • The enterprise’s target for improvement – where the enterprise wants to be. • 0 – Non existent – Management processes are not applied at all, • 1 – Initial processes are ad hoc and disorganized, • 2 – Repeatable – processes follow a regular pattern • 2 –Defined Processes are documented and communicated, • 3 – Managed processes are monitored and measured, • 4- Optimized - Good practices are followed and automated.

  9. Cobit framework navigation: • Control over IT process of – process Name • That satisfies the business requirement for IT – the summary of most important business goals. • By focusing on – summary of most important IT goals • Is achieved by – Key controls • And is measured by - key metrics.

More Related