180 likes | 306 Vues
Chief Information Officers (CIO). Module 5. IT Governance COBIT Framework. Objectives of Module 5. To enhance the basic understanding of the CIOs to the IT Governance concepts and techniques using the COBIT Framework and explore their applicability in Iraq. Scope of Module 5.
E N D
Module 5 IT Governance COBIT Framework
Objectives of Module 5 To enhance the basic understanding of the CIOs to the IT Governance concepts and techniques using the COBIT Framework and explore their applicability in Iraq
Scope of Module 5 • IT Governance Concepts • IT Governance vis-a-vis Enterprise Governance • IT Governance life cycle • IT Domains, Processes and Activities • IT Monitoring Evaluation and Control
ENTERPRISE GOVERNANCE ENTERPRISE ACTIVITIES Drives and Sets Require Information From INFORMATION TECHNOLOGY GOVERNANCE INFORMATION TECHNOLOGY ACTIVITIES Enterprise Governance and IT Governance
Enterprise IT Governance Cycle DIRECT OBJECTIVES IT is aligned with the business, enables the Business and maximises benefits. IT resources are used responsibly. IT-related risks are managed appropriately CONTROL REPORT
BUSINESS REQUIREMENTS IT PROCESSES IT RESOURCES COBIT- IT Governance Concept
IT RESOURCES • Data- Objects in their widest sense (i.e., external and internal), structured and non structured, graphics, sound, etc. • Application Systems • Technology- Hardware, operating system, database management systems, networking, multimedia, etc. • Facilities • People- Staff skills, awareness and productivity to plan, organise, acquire, deliver, support, monitor and evaluate information systems and services
DATA APPLICATION SYSTEM EVENTS Business objectives Business opportunities External requirements Regulations Risks INFORMATION Effectiveness Efficiency Confidentiality Integrity Availability Compliance Reliability FACILITIES PEOPLE TECHNOLOGY IT Resources and Delivery of Services
BUSINESS PROCCESSES What you Need What you GET • Information Criteria • effectiveness • • Efficiency • • Confidentiality • • Integrity • • Availability • • Compliance • • Reliability INFORMATION INFORMATION RESOURCES • People • Application Systems • Technology • Facilities • Data DO They Match? Framework IT Control objects
DOMAIN PROCESSES ACTIVITIES / TASKS IT Domain, Processes and Activities
Processes, Information & Resources Criteria INFORMATION CRITERIA DATA Fiduciary Quality Security FACILITIES Domain TECHNOLOGY Application Sys PEOPLE Processes IT PROCESSES ACTIVITIES IT RESOURCES
IT Governance Framework BUSINESS OBJECTIVES M&E PROCESSES PLAN AND ORGANISE INFORMATION IT MONITOR AND EVALUATE IT RESOURCES DELIVER AND SUPPORT ACQUIRE AND IMPLEMENT
Plan and Organize Processes PO1 define a strategic IT plan PO2 define the information architecture PO3 determine the technological direction PO4 define the IT organisation and relationships PO5 manage the IT investment PO6 communicate management aims and direction PO7 manage human resources PO8 ensure compliance with external requirements PO9 assess risks PO10 manage projects PO11 manage quality
Acquire and Implement Processes • AI1 identify automated solutions • AI2 acquire and maintain application software • AI3 acquire and maintain technology infrastructure • AI4 develop and maintain procedures • AI5 install and accredit systems • AI6 manage changes
Deliver and Support Processes DS1 define and manage service levels DS2 manage third-party services DS3 manage performance and capacity DS4 ensure continuous service DS5 ensure systems security DS6 identify and allocate costs DS7 educate and train users DS8 assist and advise customers DS9 manage the configuration DS10 manage problems and incidents DS11 manage data DS12 manage facilities DS13 manage operations
Monitoring and Evaluation Processes M1 monitor the processes M2 assess internal control adequacy M3 obtain independent assurance M4 provide for independent audit
Maturity Model Non Existent Initial Repeatable Defined Managed Optimized LEGEND FOR RANKINGS USED LEGEND FOR SYMBOLS USED 0 Nonexistent – Management processes are not applied at all. 1 Initial – Processes are ad hoc and disorganised. 2 Repeatable – Processes follow a regular pattern. 3 Defined – Processes are documented and communicated. 4 Managed – Processes are monitored and measured. 5 Optimised – Best practices are followed and automated. Enterprise Current Status International Standard Guidelines Industry Best Practice Enterprise Strategy