Slide1 l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 32

COBIT Introductory Workshop PowerPoint PPT Presentation


  • 186 Views
  • Uploaded on
  • Presentation posted in: General

COBIT Introductory Workshop. Excerpts from University of Calgary IT Session entitled “Introduction to COBIT, its Role in IT Governance and How to Apply it In UCIT” From June 5, 2009. Workshop Agenda. General Overview and Background of COBIT Rationale for Using COBIT at the UofC

Download Presentation

COBIT Introductory Workshop

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Slide1 l.jpg

  • COBIT Introductory Workshop

Excerpts from University of Calgary IT Session

entitled

“Introduction to COBIT, its Role in IT

Governance and How to Apply it

In UCIT”

From June 5, 2009


Slide2 l.jpg

Workshop Agenda

  • General Overview and Background of COBIT

  • Rationale for Using COBIT at the UofC

  • COBIT Foundations

  • COBIT vs. Other Frameworks

  • Practical Application of COBIT at the UofC

  • This excerpt covers the 1st two points

2


Slide3 l.jpg

General Overview and

Background of COBIT


Slide4 l.jpg

First:

A Little Bit on Governance


Slide5 l.jpg

  • Enterprise Governance

  • Enterprise governance is a set of responsibilities and practices exercised by the board and executive management with the goals of:

    • Providing strategic direction

    • Ensuring that defined objectives are achieved

    • Ensuring that risks are managed appropriately

    • Applying enterprise’s resources responsibly

      • Effective and efficient

©2007 IT Governance Institute


Slide6 l.jpg

  • Organizational Challenges Relating to IT

Security

Keeping

IT Running

Aligning

IT with

Business

Managing

Complexity

Regulatory

Compliance

Value/Cost

Organisations require a structured approach for managing these and other challenges.

This will ensure that there are agreed objectives for IT, good management controls in place and effective monitoring of performance to keep on track and avoid unexpected outcomes.


Slide7 l.jpg

What is IT Governance?

  • Ensuring IT is aligned to and leveraged to help address enterprise needs

  • Decision making that leads to better alignment of IT and the business

  • IT delivering more business value

  • IT resources are used responsibly

  • IT risks are managed appropriately


Slide8 l.jpg

  • Governance is About Balance

  • Enterprise governance is about:

  • Conformance

    • Adhering to legislation, internal policies, audit requirements, etc.

  • Performance

    • Improving profitability, efficiency, effectiveness, growth, etc.

Performance

Conformance

Both Enterprise governance and IT governance require a balance between conformance and performance goals directed by the board.

©2007 IT Governance Institute


Slide9 l.jpg

STRATEGIC

VALUE

ALIGNMENT

DELIVERY

RISK

PERFORMANCE

MANAGEMENT

MEASUREMENT

www.itgi.org

www.itgi.org

RESOURCE

MANAGEMENT

  • IT Governance, as Defined by IT Governance Institute (ITGI)

  • IT governance is:

  • The responsibility of the board of directors and executive management

  • An integral part of enterprise governance, consisting of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategies and objectives


Slide10 l.jpg

  • IT Governance Domains

Focuses on ensuring the linkage of business and IT plans and on aligning IT operationswith enterprise operations

Strategic

alignment

Value delivery

IT delivers the promised benefits against the strategy, concentrating on optimizing costs and proving the intrinsic value of IT

Is about the optimal investment in, and the proper management of, critical IT resources: applications, information, infrastructure and people

Resource

management

Risk management

Senior management’s appetite for risk, compliance requirements, transparency about the significant risks to the organisation

Performance

measurement

Tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery to achieve goals measurable beyond conventional accounting

©2007 IT Governance Institute


Slide11 l.jpg

  • IT Governance Stakeholders

Board and

executive

Set direction for IT, monitor key results and insist on corrective measures

Defines business requirements for IT and ensures that value is delivered and risks are managed

Business management

Delivers and improves IT services as required by the business

IT management

Provides independent assurance to demonstrate that IT delivers what is needed

IT audit

Risk and

compliance

Measures compliance with related policies and focuses on identification/mitigation of new risks

©2007 IT Governance Institute


Slide12 l.jpg

  • So what is COBIT?

  • COBIT is a controls framework that supports IT Governance

  • COBIT stands for Control Objectives for Information and Related Technology.

  • It was created by ISACA (Information Systems Audit and Control Association) in 1996

  • Initially created to define control objectives for business applications

  • It has evolved in Version 4.1 into a governance framework

  • Now owned by the IT Governance Institute (ITGI)

  • The COBIT framework was created with the main characteristics:

    • Business-focused

    • Process-oriented

    • Controls-based

    • Measurement-driven


Slide13 l.jpg

  • Key Characteristics of COBIT

  • Is freely downloadable

  • Has internationally accepted good practices

  • Is management-oriented

  • Is supported by tools and training

  • Allows the knowledge of expert volunteers to be shared and leveraged

  • Continually evolves and is maintained by a reputable not-for-profit organisation

  • Maps strongly to all major, related standards and audit practices

  • However:

  • Is a reference, not an ‘off-the-shelf’ cure

  • Enterprises still need to analyse control requirements and customise COBIT based on their:

    • Value drivers

    • Risk profile

    • IT infrastructure, organisation and project portfolio


Slide14 l.jpg

Governance

Management

Evolution

Control

Audit

COBIT 1

COBIT 2

COBIT 3

COBIT 4

1996

1998

2000

2005

  • History of COBIT

Page 14


Slide15 l.jpg

Business Strategy

IT Processes

IT Resources

Information Criteria

  • Links to Business Strategy

An organisation depends on reliable and timely data and information. COBIT components provide a comprehensive framework for delivering value while managing risk and control over data and information.


Slide16 l.jpg

  • COBIT Framework

  • The “COBIT Cube”

Information Criteria

IT Processes

IT Resources


Slide17 l.jpg

for achieving

Business Objectives

i

Business Processes

to

Information

provide

IT Resources and Processes

  • Basic Concepts

  • The COBIT framework is based on the premise that IT needs to deliver the information that an enterprise requires to achieve its objectives.

  • The COBIT framework helps align IT with the business by focusing on business information requirements and organising IT resources. COBIT provides the framework and guidance to implement IT governance.


Slide18 l.jpg

  • What Does it do?

COBIT helps bridge the gaps between business risks, control needs and technical issues. It provides good practices across a domain and process framework and presents activities in a manageable and logical structure.

  • COBIT:

  • It provides tools that both support effectiveness and enable audit

  • Starts from business requirements

  • Is process-oriented, organising IT activities into a generally accepted process model

  • Identifies the major IT resources to be leveraged

  • Defines the management control objectives to be considered

  • Maps all the way to measurements – performance, audit, maturity

  • Incorporates major standards and has become the de facto standard for overall control of IT

IT resources need to be managed by a set of naturally grouped processes. COBIT provides a framework that achieves this objective.


Slide19 l.jpg

  • COBIT vs Other Frameworks

Organisations will consider and use a variety of IT models, standards and best practices. These must be understood in order to consider how they can be used together, with COBIT acting as the consolidator (‘umbrella’).

COSO

COBIT

ISO 27001/002

ISO 9000

ITIL

HOW

WHAT

Others

SCOPE OF COVERAGE

COSO – Committee of Sponsoring Agencies of the Treadway Commission – Internal Control Integrated Framework – focused on business controls

ISO 27001/002 – Information Security Policy

ISO 9000 – Family of standards for Quality Management


Slide20 l.jpg

  • Another View

CONFORMANCE

Basel II, Sarbanes-

Oxley Act, etc.

PERFORMANCE:

Business Goals

Drivers

Balanced

Scorecard

Enterprise Governance

COSO

COBIT

IT Governance

ISO

9001:2000

ISO

27001/002

ISO

20000

PMBOK

Others

Best Practice Standards

Lean Six Sigma

Security

Principles

Processes and Procedures

ITSM

ITDDM

TOGAF,

others

ITDDM stands for IT Definition and Delivery Method – used at the UofC as a standard methodology for project initiatives


Slide21 l.jpg

Rationale for Using

COBIT at the UofC


Slide22 l.jpg

  • We’re Not Alone

How do most research universities govern the large and rapidly evolving set of information technology initiatives that take place on their campuses?

ANSWER: Inefficiently, ineffectively and not as well as they should.

~ Source: Educause – IT Governance in Higher Education 2006 ~


Slide23 l.jpg

  • Why COBIT?

Some of the advantages of adopting COBIT are:

  • COBIT is aligned with and can be used with other standards and good practices

  • COBIT’s framework and supporting best practices provide a well-managed and flexible IT environment in an organisation.

  • COBIT provides a control environment that is responsive to business needs and serves management and audit functions in terms of their control responsibilities.

  • COBIT provides tools to help manage and measure IT activities.

  • COBIT is used by the Provincial Auditors in their annual audit review

  • COBIT has been selected by Alberta Advanced Education & Technology as a target control framework for Post Secondary Institutions

    • Target maturity level defined as 3 within 3 years


Slide24 l.jpg

  • How it Supports IT Governance?

COBIT brings the following

advantages to an IT governance

implementation effort:

  • Enables mapping of IT goals to business goals and vice versa

  • Better alignment, based on a business focus

  • A view of what IT does that is understandable to management

  • Clear ownership and responsibilities based on process orientation

  • General acceptability with third parties and regulators

  • Shared understanding amongst all stakeholders, based on a common language

  • Fulfilment of the COSO requirements for the IT control environment

Performance

Conformance


Slide25 l.jpg

Defines a common language

Ensures process orientation

Helps meet regulatory requirements

Control Framework

Has general acceptability amongst organisations

  • Exploring the Key Benefits

  • COBIT focuses on improving IT governance in organisations.

  • COBIT provides a framework to manage and control IT activities and supports five requirements for a control framework.

Provides sharper business focus


Slide26 l.jpg

Defines a common language

Ensures process orientation

Helps meet regulatory requirements

Control Framework

Has general acceptability amongst organisations

  • Sharper Business Focus

  • COBIT achieves sharper business focus by aligning IT with business objectives.

  • The measurement of IT performance should focus on IT’s contribution to enabling and extending the business strategy.

  • COBIT, supported by appropriate business-focused metrics, can ensure that the primary focus is value delivery and not technical excellence as an end in itself.

Provides sharper business focus


Slide27 l.jpg

Defines a common language

Ensures process orientation

Helps meet regulatory requirements

Control Framework

Has general acceptability amongst organisations

  • Process Orientation

  • When organisations implement COBIT, their focus is more process-oriented.

  • Incidents and problems no longer divert attention from processes.

  • Exceptions can be clearly defined as part of standard processes.

  • With process ownership defined, assigned and accepted, the organisation is better able to maintain control through periods of rapid change or organisationalcrisis.

Provides sharper business focus


Slide28 l.jpg

Provides sharper business

Defines a common language

Ensures process orientation

Helps meet regulatory requirements

Control Framework

Has general acceptability amongst organisations

  • General Acceptability

  • COBIT is a proven and globally accepted standard for increasing the contribution of IT to organisational success.

  • Coming soon to a campus near us

  • The framework continues to improve and develop to keep pace with good practices.

  • IT professionals from all over the world contribute their ideas and time to regular review meetings.

focus


Slide29 l.jpg

Provides sharper business

Defines a common language

Ensures process orientation

Helps meet regulatory requirements

Control Framework

Has general acceptability amongst organisations

  • Regulatory Requirements

  • Recent corporate scandals have increased regulatory pressures on boards of directors to report their status and ensure that internal controls are appropriate. This pressure covers IT controls as well.

  • Organisations constantly need to improve IT performance and demonstrate adequate controls over their IT activities.

  • Many IT managers, advisors and auditors are turning to COBIT as the de facto response to regulatory IT requirements.

focus


Slide30 l.jpg

  • Regulatory Requirements (cont.)

  • In the Auditor General's April 2008 public report, he recommended:

  • "...that the Department of Advanced Education and Technology give guidance to public post-secondary Institutions on using an IT control framework to develop control processes that are well-designed, efficient, and effective"

  • The following excerpt was taken from the OAG’s audit plan for AET:

  • 8.3 IT Controls framework for post-secondary institutions

  • We understand the Department is working, through the Alberta Associations of Higher Education Information Technology, with Institutions to develop an IT Control Framework for Institutions. We support this initiative and will work with the Department to determine the progress made. This will also allow us to determine the extent and timing of work to perform at individual Institutions.

    • Working with PSIs, the Provincial PSI ITM Control Framework will provide a holistic functional perspective built on guidance and requirements of:

    • CoBIT 4.1 as published by the IT Governance Institute (Level 3 maturity targeted)

    • General Computer Controls Review (GCCR) as published by the OAG

    • Legislation / Regulation (FOIP, etc.)

    • Other International Standards (ITIL, ISO27002, etc.)

    • Specific institutional needs and interdependencies

    • Existing principles and governance


  • Slide31 l.jpg

    Provides sharper business

    Defines a common language

    Ensures process orientation

    Helps meet regulatory requirements

    Control Framework

    Has general acceptability amongst organisations

    • Common Language

    • A framework helps get everybody on the same page by defining critical terms and providing a glossary.

    • Co-ordination within and across project teams and organisations can play a key role in the success of any project.

    • Common language helps build confidence and trust.

    focus


    Slide32 l.jpg

    References/Sources

    IT Governance Institute - http://www.itgi.org/

    ISACA - http://www.isaca.org/


  • Login