1 / 18

Chief Information Officers (CIO)

Chief Information Officers (CIO). Module 5. IT Governance COBIT Framework. Objectives of Module 5. To enhance the basic understanding of the CIOs to the IT Governance concepts and techniques using the COBIT Framework and explore their applicability in Iraq. Scope of Module 5.

jenna-mckay
Télécharger la présentation

Chief Information Officers (CIO)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chief Information Officers (CIO)

  2. Module 5 IT Governance COBIT Framework

  3. Objectives of Module 5 To enhance the basic understanding of the CIOs to the IT Governance concepts and techniques using the COBIT Framework and explore their applicability in Iraq

  4. Scope of Module 5 • IT Governance Concepts • IT Governance vis-a-vis Enterprise Governance • IT Governance life cycle • IT Domains, Processes and Activities • IT Monitoring Evaluation and Control

  5. ENTERPRISE GOVERNANCE ENTERPRISE ACTIVITIES Drives and Sets Require Information From INFORMATION TECHNOLOGY GOVERNANCE INFORMATION TECHNOLOGY ACTIVITIES Enterprise Governance and IT Governance

  6. Enterprise IT Governance Cycle DIRECT OBJECTIVES IT is aligned with the business, enables the Business and maximises benefits. IT resources are used responsibly. IT-related risks are managed appropriately CONTROL REPORT

  7. BUSINESS REQUIREMENTS IT PROCESSES IT RESOURCES COBIT- IT Governance Concept

  8. IT RESOURCES • Data- Objects in their widest sense (i.e., external and internal), structured and non structured, graphics, sound, etc. • Application Systems • Technology- Hardware, operating system, database management systems, networking, multimedia, etc. • Facilities • People- Staff skills, awareness and productivity to plan, organise, acquire, deliver, support, monitor and evaluate information systems and services

  9. DATA APPLICATION SYSTEM EVENTS Business objectives Business opportunities External requirements Regulations Risks INFORMATION Effectiveness Efficiency Confidentiality Integrity Availability Compliance Reliability FACILITIES PEOPLE TECHNOLOGY IT Resources and Delivery of Services

  10. BUSINESS PROCCESSES What you Need What you GET • Information Criteria • effectiveness • • Efficiency • • Confidentiality • • Integrity • • Availability • • Compliance • • Reliability INFORMATION INFORMATION RESOURCES • People • Application Systems • Technology • Facilities • Data DO They Match? Framework IT Control objects

  11. DOMAIN PROCESSES ACTIVITIES / TASKS IT Domain, Processes and Activities

  12. Processes, Information & Resources Criteria INFORMATION CRITERIA DATA Fiduciary Quality Security FACILITIES Domain TECHNOLOGY Application Sys PEOPLE Processes IT PROCESSES ACTIVITIES IT RESOURCES

  13. IT Governance Framework BUSINESS OBJECTIVES M&E PROCESSES PLAN AND ORGANISE INFORMATION IT MONITOR AND EVALUATE IT RESOURCES DELIVER AND SUPPORT ACQUIRE AND IMPLEMENT

  14. Plan and Organize Processes PO1 define a strategic IT plan PO2 define the information architecture PO3 determine the technological direction PO4 define the IT organisation and relationships PO5 manage the IT investment PO6 communicate management aims and direction PO7 manage human resources PO8 ensure compliance with external requirements PO9 assess risks PO10 manage projects PO11 manage quality

  15. Acquire and Implement Processes • AI1 identify automated solutions • AI2 acquire and maintain application software • AI3 acquire and maintain technology infrastructure • AI4 develop and maintain procedures • AI5 install and accredit systems • AI6 manage changes

  16. Deliver and Support Processes DS1 define and manage service levels DS2 manage third-party services DS3 manage performance and capacity DS4 ensure continuous service DS5 ensure systems security DS6 identify and allocate costs DS7 educate and train users DS8 assist and advise customers DS9 manage the configuration DS10 manage problems and incidents DS11 manage data DS12 manage facilities DS13 manage operations

  17. Monitoring and Evaluation Processes M1 monitor the processes M2 assess internal control adequacy M3 obtain independent assurance M4 provide for independent audit

  18. Maturity Model Non Existent Initial Repeatable Defined Managed Optimized LEGEND FOR RANKINGS USED LEGEND FOR SYMBOLS USED 0 Nonexistent – Management processes are not applied at all. 1 Initial – Processes are ad hoc and disorganised. 2 Repeatable – Processes follow a regular pattern. 3 Defined – Processes are documented and communicated. 4 Managed – Processes are monitored and measured. 5 Optimised – Best practices are followed and automated. Enterprise Current Status International Standard Guidelines Industry Best Practice Enterprise Strategy

More Related