Dr.

Santipat Arunthari
Chief Technology officer (CTO)
PTT ICT Solutions
 Governance
COBIT 4.1 to COBIT 5.0
How to use COBIT 5.0
 Governance is the process of decision-
making and the process by which decisions
are implemented (or not implemented)
directed and controlled.
 Governance is the process of decision-
making and the process by which decisions
are implemented (or not implemented)
directed and controlled.
What
for whom
How
 Governance is about meeting strategic
objectives (performance)
 Governance is about meeting strategic
objectives (performance)

Directing the business

Setting strategic aims
 Governance is about meeting strategic
objectives (performance)
 Governance is about meeting strategic
objectives (performance)
Programs achieve their intended results,
Resources are used consistent with agency
mission,
 Governance is about meeting strategic
objectives (performance) while meeting legal
and regulatory, contractual and other
obligatory requirements often supported by
policies (conformance).

Programs and resources are

protected from waste, fraud,
and mismanagement,
Laws and regulations are
followed, and
 Governance is about meeting strategic
objectives (performance) while meeting legal
and regulatory, contractual and other
obligatory requirements often supported by
policies (conformance).
 Governance is the process of decision-
making and the process by which decisions
are implemented (or not implemented)
directed and controlled.
ITG Best Practices & Standards
COBIT
COSO
ITIL/ISO20000
ISO 27001
CMMI
PMBOK/Prince2
TOGAF
ISO17799
15
Strategic Focuses on ensuring the linkage of business and IT plans;
on defining, maintaining and validating the IT value proposition;
alignment and on aligning IT operations with enterprise operations

Is about executing the value proposition throughout the delivery cycle, ensuring
Value delivery that IT delivers the promised benefits against the strategy, concentrating on
optimising costs and proving the intrinsic value of IT

Is about the optimal investment in, and the proper management of, critical IT
Resource resources: applications, information, infrastructure and people. Key issues
management relate to the optimisation of knowledge and infrastructure.

Requires risk awareness by senior corporate officers, a clear understanding of

Risk management the enterprises appetite for risk, understanding of compliance
requirements, transparency about the significant risks to the enterprise, and
embedding of risk management responsibilities in the organisation

Performance Tracks and monitors strategy implementation, project completion, resource

usage, process performance and service delivery, using, for example,
measurement balanced scorecards that translate strategy into action to achieve goals
measurable beyond conventional accounting
COBIT 4.1 to COBIT 5.0
Linking Business Goals to
IT Goals and Processes
1. New Principles
2. Increased Focus on Enablers
3. New Process Reference
Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts
9. Process Capability Maturity
Models and Assessments
 COBIT 5 helps enterprises to create optimal
value from IT by maintaining a balance
between realizing benefits and optimizing
risk levels and resource use.
1. New Principles
2. Increased Focus on Enablers
3. New Process Reference
Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts
9. Process Capability Maturity
Models and Assessments
1. New Principles
2. Increased Focus on Enablers
3. New Process Reference
Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts
9. Process Capability Maturity
Models and Assessments
 APO03 Manage enterprise architecture.
APO04 Manage innovation.
APO05 Manage portfolio.
APO06 Manage budget and costs.
APO08 Manage relationships.
APO13 Manage security.

BAI05 Manage organizational change

enablement.
BAI08 Manage knowledge.
BAI09 Manage assets.

DSS05 Manage security service.

DSS06 Manage business process controls.
1. New Principles
2. Increased Focus on Enablers
3. New Process Reference
Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts
9. Process Capability Maturity
Models and Assessments
1. New Principles
2. Increased Focus on Enablers
3. New Process Reference
Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts
9. Process Capability Maturity
Models and Assessments
 Source: COBIT 4.1, page 39. 2007 IT Governance Institute All rights
reserved.

Source: COBIT 5: Enabling Processes , page 31. 2012 ISACA All rights
reserved.
35
Financial:
01 Alignment
of IT and
business
strategy
Santipat Arunthari, Ph.D.
Chief Technology Officer (CTO)

PTT ICT Solutions Company Limited

Energy Complex, Building A, 4th Floor,
555/1 Vibhavadi Rangsit Road
Chatuchak, Bangkok, 10900 Mobile: +66 (0) 8-66173000

"If you are not thinking and acting strategically,

then you are merely following orders and responding to pressure.

Date: 22/8/2555

56