1 / 27

Welcome ISACA Baton Rouge Chapter

Welcome ISACA Baton Rouge Chapter. Moving from COBIT 4.1 to COBIT 5. May 24, 2012. Agenda. Differences between COBIT 4.1 and COBIT 5 Review of COBIT 5 Framework and Enabling Processes Incorporation of Application Level Controls LA Legislative Auditor’s Office Implementation of COBIT 5.

nevin
Download Presentation

Welcome ISACA Baton Rouge Chapter

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Welcome ISACA Baton Rouge Chapter Moving from COBIT 4.1 to COBIT 5 May 24, 2012

  2. Agenda • Differences between COBIT 4.1 and COBIT 5 • Review of COBIT 5 Framework and Enabling Processes • Incorporation of Application Level Controls • LA Legislative Auditor’s Office Implementation of COBIT 5

  3. COBIT 4.1 and COBIT 5 Compare and Contrast

  4. COBIT 5 • Created by the IT Governance Institute • How is COBIT different and why do we use it? • Contains IT best practices that can be used by auditors and IT management • Generally acceptable with third parties and regulators • Fulfills the COSO requirements for the IT control environment

  5. COBIT 5 Principles

  6. 1: Meeting Stakeholder Needs • “The COBIT 5 Goals Cascade translates stakeholder needs into specific, actionable, and customized goals within the context of the enterprise, IT-related goals, and enabler goals.”

  7. 2: Covering the Enterprise End-to-End COBIT 5: • Integrates governance of enterprise IT into enterprise governance. • Covers all functions and processes required to govern and manage enterprise information and related technologies wherever that information may be processed.

  8. 3: Applying a Single Integrated Framework

  9. 4: Enabling a Holistic Approach • Enablers are factors that, individually and collectively, influence whether something will work. • COBIT 4.1 contained enablers, but more emphasis has been placed on enablers in COBIT 5.

  10. 5: Separating Governance from Management • Governance: ensures that stakeholder needs, conditions, and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives. • Management: plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives.

  11. 5: Separating Governance from Management • These two disciplines encompass different types of activities, require different organizational structures, and serve different purposes.

  12. COBIT 5 Framework and Enabling Processes

  13. Notable Process Mapping

  14. Practices and Activities • COBIT 5 Practices and Activities are equivalent to COBIT 4.1 Control Objectives and Val IT and Risk IT processes.

  15. RACI Charts

  16. Application Level Controls

  17. Holistic Approach • The terms “general controls” and “application controls” are still commonly used, COBIT 5 does not distinguish between the two as did COBIT 4.1. • The holistic approach maps common enterprise goals and objectives to IT goals as “primary” or “secondary.” • IT goals are mapped to processes and attributes as “primary” or “secondary” that enable an enterprise to achieve the IT goals.

  18. Louisiana Legislative Auditor’s Office Implementation of COBIT 5 into Standard Auditing Procedures

  19. LA Legislative Auditor • Oversee 3500 audits of state and local governments, and conducts independent financial and performance audits of State agencies, colleges, and universities.

  20. Our ApproachControl Matrix for Information Technology (CoMIT) Tool We needed a tool based onCoBIT Criteria • Use of IT has grown and we are resource challenged • Standardize our procedures and have a common measuring tool

  21. Confidentiality?!

  22. Control Matrix for Information Technology (CoMIT) • Governance Enterprise Management Matrix • “Primary Controls” • Organized according to the five domains • Transaction and Application Level Matrix • Evaluates key controls at a more granular level • Organized in accordance with the Confidentiality, Integrity, and Availability (CIA) Triad

  23. Transaction and Application Level

  24. COBIT 5 Family

  25. You Might Be An IT Auditor If… • You have more letters behind your name than a can of alphabet soup • You have a gadget on your desk that you have fondly given a name • Bean counter references make you mad • Balancing your checkbook is fun • When you have your computer repaired, you ask for all the parts back, labeled, and itemized • Your idea of vacation is field work • You and your coworkers represent more nationalities than anywhere else in the office

More Related