COBIT Introductory Workshop
1 / 32

COBIT Introductory Workshop - PowerPoint PPT Presentation

  • Updated On :
  • Presentation posted in: General

COBIT Introductory Workshop. Excerpts from University of Calgary IT Session entitled “Introduction to COBIT, its Role in IT Governance and How to Apply it In UCIT” From June 5, 2009. Workshop Agenda. General Overview and Background of COBIT Rationale for Using COBIT at the UofC

Related searches for COBIT Introductory Workshop

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentationdownload

COBIT Introductory Workshop

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Slide1 l.jpg

  • COBIT Introductory Workshop

Excerpts from University of Calgary IT Session


“Introduction to COBIT, its Role in IT

Governance and How to Apply it


From June 5, 2009

Slide2 l.jpg

Workshop Agenda

  • General Overview and Background of COBIT

  • Rationale for Using COBIT at the UofC

  • COBIT Foundations

  • COBIT vs. Other Frameworks

  • Practical Application of COBIT at the UofC

  • This excerpt covers the 1st two points


Slide3 l.jpg

General Overview and

Background of COBIT

Slide4 l.jpg


A Little Bit on Governance

Slide5 l.jpg

  • Enterprise Governance

  • Enterprise governance is a set of responsibilities and practices exercised by the board and executive management with the goals of:

    • Providing strategic direction

    • Ensuring that defined objectives are achieved

    • Ensuring that risks are managed appropriately

    • Applying enterprise’s resources responsibly

      • Effective and efficient

©2007 IT Governance Institute

Slide6 l.jpg

  • Organizational Challenges Relating to IT



IT Running


IT with







Organisations require a structured approach for managing these and other challenges.

This will ensure that there are agreed objectives for IT, good management controls in place and effective monitoring of performance to keep on track and avoid unexpected outcomes.

Slide7 l.jpg

What is IT Governance?

  • Ensuring IT is aligned to and leveraged to help address enterprise needs

  • Decision making that leads to better alignment of IT and the business

  • IT delivering more business value

  • IT resources are used responsibly

  • IT risks are managed appropriately

Slide8 l.jpg

  • Governance is About Balance

  • Enterprise governance is about:

  • Conformance

    • Adhering to legislation, internal policies, audit requirements, etc.

  • Performance

    • Improving profitability, efficiency, effectiveness, growth, etc.



Both Enterprise governance and IT governance require a balance between conformance and performance goals directed by the board.

©2007 IT Governance Institute

Slide9 l.jpg











  • IT Governance, as Defined by IT Governance Institute (ITGI)

  • IT governance is:

  • The responsibility of the board of directors and executive management

  • An integral part of enterprise governance, consisting of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategies and objectives

Slide10 l.jpg

  • IT Governance Domains

Focuses on ensuring the linkage of business and IT plans and on aligning IT operationswith enterprise operations



Value delivery

IT delivers the promised benefits against the strategy, concentrating on optimizing costs and proving the intrinsic value of IT

Is about the optimal investment in, and the proper management of, critical IT resources: applications, information, infrastructure and people



Risk management

Senior management’s appetite for risk, compliance requirements, transparency about the significant risks to the organisation



Tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery to achieve goals measurable beyond conventional accounting

©2007 IT Governance Institute

Slide11 l.jpg

  • IT Governance Stakeholders

Board and


Set direction for IT, monitor key results and insist on corrective measures

Defines business requirements for IT and ensures that value is delivered and risks are managed

Business management

Delivers and improves IT services as required by the business

IT management

Provides independent assurance to demonstrate that IT delivers what is needed

IT audit

Risk and


Measures compliance with related policies and focuses on identification/mitigation of new risks

©2007 IT Governance Institute

Slide12 l.jpg

  • So what is COBIT?

  • COBIT is a controls framework that supports IT Governance

  • COBIT stands for Control Objectives for Information and Related Technology.

  • It was created by ISACA (Information Systems Audit and Control Association) in 1996

  • Initially created to define control objectives for business applications

  • It has evolved in Version 4.1 into a governance framework

  • Now owned by the IT Governance Institute (ITGI)

  • The COBIT framework was created with the main characteristics:

    • Business-focused

    • Process-oriented

    • Controls-based

    • Measurement-driven

Slide13 l.jpg

  • Key Characteristics of COBIT

  • Is freely downloadable

  • Has internationally accepted good practices

  • Is management-oriented

  • Is supported by tools and training

  • Allows the knowledge of expert volunteers to be shared and leveraged

  • Continually evolves and is maintained by a reputable not-for-profit organisation

  • Maps strongly to all major, related standards and audit practices

  • However:

  • Is a reference, not an ‘off-the-shelf’ cure

  • Enterprises still need to analyse control requirements and customise COBIT based on their:

    • Value drivers

    • Risk profile

    • IT infrastructure, organisation and project portfolio

Slide14 l.jpg














  • History of COBIT

Page 14

Slide15 l.jpg

Business Strategy

IT Processes

IT Resources

Information Criteria

  • Links to Business Strategy

An organisation depends on reliable and timely data and information. COBIT components provide a comprehensive framework for delivering value while managing risk and control over data and information.

Slide16 l.jpg

  • COBIT Framework

  • The “COBIT Cube”

Information Criteria

IT Processes

IT Resources

Slide17 l.jpg

for achieving

Business Objectives


Business Processes




IT Resources and Processes

  • Basic Concepts

  • The COBIT framework is based on the premise that IT needs to deliver the information that an enterprise requires to achieve its objectives.

  • The COBIT framework helps align IT with the business by focusing on business information requirements and organising IT resources. COBIT provides the framework and guidance to implement IT governance.

Slide18 l.jpg

  • What Does it do?

COBIT helps bridge the gaps between business risks, control needs and technical issues. It provides good practices across a domain and process framework and presents activities in a manageable and logical structure.

  • COBIT:

  • It provides tools that both support effectiveness and enable audit

  • Starts from business requirements

  • Is process-oriented, organising IT activities into a generally accepted process model

  • Identifies the major IT resources to be leveraged

  • Defines the management control objectives to be considered

  • Maps all the way to measurements – performance, audit, maturity

  • Incorporates major standards and has become the de facto standard for overall control of IT

IT resources need to be managed by a set of naturally grouped processes. COBIT provides a framework that achieves this objective.

Slide19 l.jpg

  • COBIT vs Other Frameworks

Organisations will consider and use a variety of IT models, standards and best practices. These must be understood in order to consider how they can be used together, with COBIT acting as the consolidator (‘umbrella’).



ISO 27001/002

ISO 9000






COSO – Committee of Sponsoring Agencies of the Treadway Commission – Internal Control Integrated Framework – focused on business controls

ISO 27001/002 – Information Security Policy

ISO 9000 – Family of standards for Quality Management

Slide20 l.jpg

  • Another View


Basel II, Sarbanes-

Oxley Act, etc.


Business Goals




Enterprise Governance



IT Governance









Best Practice Standards

Lean Six Sigma



Processes and Procedures





ITDDM stands for IT Definition and Delivery Method – used at the UofC as a standard methodology for project initiatives

Slide21 l.jpg

Rationale for Using

COBIT at the UofC

Slide22 l.jpg

  • We’re Not Alone

How do most research universities govern the large and rapidly evolving set of information technology initiatives that take place on their campuses?

ANSWER: Inefficiently, ineffectively and not as well as they should.

~ Source: Educause – IT Governance in Higher Education 2006 ~

Slide23 l.jpg

  • Why COBIT?

Some of the advantages of adopting COBIT are:

  • COBIT is aligned with and can be used with other standards and good practices

  • COBIT’s framework and supporting best practices provide a well-managed and flexible IT environment in an organisation.

  • COBIT provides a control environment that is responsive to business needs and serves management and audit functions in terms of their control responsibilities.

  • COBIT provides tools to help manage and measure IT activities.

  • COBIT is used by the Provincial Auditors in their annual audit review

  • COBIT has been selected by Alberta Advanced Education & Technology as a target control framework for Post Secondary Institutions

    • Target maturity level defined as 3 within 3 years

Slide24 l.jpg

  • How it Supports IT Governance?

COBIT brings the following

advantages to an IT governance

implementation effort:

  • Enables mapping of IT goals to business goals and vice versa

  • Better alignment, based on a business focus

  • A view of what IT does that is understandable to management

  • Clear ownership and responsibilities based on process orientation

  • General acceptability with third parties and regulators

  • Shared understanding amongst all stakeholders, based on a common language

  • Fulfilment of the COSO requirements for the IT control environment



Slide25 l.jpg

Defines a common language

Ensures process orientation

Helps meet regulatory requirements

Control Framework

Has general acceptability amongst organisations

  • Exploring the Key Benefits

  • COBIT focuses on improving IT governance in organisations.

  • COBIT provides a framework to manage and control IT activities and supports five requirements for a control framework.

Provides sharper business focus

Slide26 l.jpg

Defines a common language

Ensures process orientation

Helps meet regulatory requirements

Control Framework

Has general acceptability amongst organisations

  • Sharper Business Focus

  • COBIT achieves sharper business focus by aligning IT with business objectives.

  • The measurement of IT performance should focus on IT’s contribution to enabling and extending the business strategy.

  • COBIT, supported by appropriate business-focused metrics, can ensure that the primary focus is value delivery and not technical excellence as an end in itself.

Provides sharper business focus

Slide27 l.jpg

Defines a common language

Ensures process orientation

Helps meet regulatory requirements

Control Framework

Has general acceptability amongst organisations

  • Process Orientation

  • When organisations implement COBIT, their focus is more process-oriented.

  • Incidents and problems no longer divert attention from processes.

  • Exceptions can be clearly defined as part of standard processes.

  • With process ownership defined, assigned and accepted, the organisation is better able to maintain control through periods of rapid change or organisationalcrisis.

Provides sharper business focus

Slide28 l.jpg

Provides sharper business

Defines a common language

Ensures process orientation

Helps meet regulatory requirements

Control Framework

Has general acceptability amongst organisations

  • General Acceptability

  • COBIT is a proven and globally accepted standard for increasing the contribution of IT to organisational success.

  • Coming soon to a campus near us

  • The framework continues to improve and develop to keep pace with good practices.

  • IT professionals from all over the world contribute their ideas and time to regular review meetings.


Slide29 l.jpg

Provides sharper business

Defines a common language

Ensures process orientation

Helps meet regulatory requirements

Control Framework

Has general acceptability amongst organisations

  • Regulatory Requirements

  • Recent corporate scandals have increased regulatory pressures on boards of directors to report their status and ensure that internal controls are appropriate. This pressure covers IT controls as well.

  • Organisations constantly need to improve IT performance and demonstrate adequate controls over their IT activities.

  • Many IT managers, advisors and auditors are turning to COBIT as the de facto response to regulatory IT requirements.


Slide30 l.jpg

  • Regulatory Requirements (cont.)

  • In the Auditor General's April 2008 public report, he recommended:

  • "...that the Department of Advanced Education and Technology give guidance to public post-secondary Institutions on using an IT control framework to develop control processes that are well-designed, efficient, and effective"

  • The following excerpt was taken from the OAG’s audit plan for AET:

  • 8.3 IT Controls framework for post-secondary institutions

  • We understand the Department is working, through the Alberta Associations of Higher Education Information Technology, with Institutions to develop an IT Control Framework for Institutions. We support this initiative and will work with the Department to determine the progress made. This will also allow us to determine the extent and timing of work to perform at individual Institutions.

    • Working with PSIs, the Provincial PSI ITM Control Framework will provide a holistic functional perspective built on guidance and requirements of:

    • CoBIT 4.1 as published by the IT Governance Institute (Level 3 maturity targeted)

    • General Computer Controls Review (GCCR) as published by the OAG

    • Legislation / Regulation (FOIP, etc.)

    • Other International Standards (ITIL, ISO27002, etc.)

    • Specific institutional needs and interdependencies

    • Existing principles and governance

  • Slide31 l.jpg

    Provides sharper business

    Defines a common language

    Ensures process orientation

    Helps meet regulatory requirements

    Control Framework

    Has general acceptability amongst organisations

    • Common Language

    • A framework helps get everybody on the same page by defining critical terms and providing a glossary.

    • Co-ordination within and across project teams and organisations can play a key role in the success of any project.

    • Common language helps build confidence and trust.


    Slide32 l.jpg


    IT Governance Institute -

    ISACA -

  • Login