COBIT® 5 As IT Management Best Practice Framework PDF

COBIT 5 as IT Management Best
Practice Framework
Please see Acknowledgements & Notices in last few slides
ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 1

COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 Otherwise Stated.
What is COBIT?
Control OBjectives for Information and related Technology
International framework from ISACA and IT Governance Institute
Helps maximise value of IT to businesses
Originally, more for monitoring/ audit /risk assessment of IT

management processes
Increasingly recognised as comprehensive framework of IT

Management best practices
Advises on WHAT to do
Some high-level of how to do
Currently Version 5

COBIT - Governance and Management
generally, the responsibility of

Board of Directors
Strategic Tactical Operational

Nb: Words in green above NOT part of COBIT but added by the author of this presentation.

Ensure Governance Framework
COBIT5 Processes Setting and Maintenance
Ensure Benefits Delivery
Ensure Risk Optimisation Processes
Domains Ensure Resource Optimisation
Governance Ensure Stakeholder
Transparency
Align, Plan & Build, Acquire & Deliver, Service & Monitor, Evaluate &
Organise Implement Support Assess
Manage the IT Management Manage Programmes & Manage Operations Monitor, Evaluate and
Framework Projects Manage Service Requests Assess Performance &
Manage Strategy Manage Requirements & Incidents Conformance
Manage Innovation Definition Manage Problems Monitor, Evaluate and
Manage Enterprise Manage Solutions Manage Continuity Assess the System of
Architecture Identification and Build Manage Security Services Internal Control
Manage Portfolio Manage Availability & Manage Business Process Monitor, Evaluate and
Manage Budget and Costs Capacity Controls Assess Compliance with
Manage Human Resources Manage Change Acceptance External Requirements
Manage Relationships and Transitioning
Manage Service Agreements Manage Organisational
Manage Suppliers Change Management
Manage Quality Manage Changes
Manage Risk Manage Knowledge
Manage Security Manage Assets
Manage Configuration

Domain BAI - Build, Acquire & Implement
Programmes
Manage Programmes (and Projects)
Projects
Manage (Programmes and) Projects
Requirements
Manage Requirements Definition
Manage Availability & Capacity
Design & Build
Manage Solutions Identification and Build
Test & Implement
Manage Change Acceptance and Transitioning
Changes
Manage (IT) Changes
Manage Organisational Change Management
Supporting Processes
Manage Knowledge Nb: Bold headings are
authors own categorisation
Manage Assets & are not part of COBIT
Manage Configuration

Domain BAI - Build, Acquire & Implement
Programme Management
(Generic) Project Management

Build, Acquire
& Implement
(BAI)
IT Systems Devt Life Cycle Mgt
Requirements & Design & Test &
Feasibility Build Implement
Manage Changes
IT and Organisational
Support Processes
Knowledge, Asset, Configuration
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.

BAI Relationship with APO
(Strategic)
Pre-Project Development Production
Align, Plan
IT Strategy / Innovation / Ent. Architecture / Portfolio Management
& Organise
(APO)

Build, Acquire
& Implement IT
Ongoing
(BAI) Management
Requirements & Design & Test &
Feasibility Build Implement
Manage Changes
(Tactical) IT and Organisational
Support Processes

Domain APO Align, Plan & Organise
Strategy/ Architecture / Portfolio
Manage the IT Management Framework
Manage Strategy
Manage Innovation
Manage Enterprise Architecture
Manage Portfolio
IT Ongoing Management
Manage Budget and Costs
IT Strategy / Architecture / Portfolio Management
Manage Human Resources
Programme Management Manage Relationships
(Generic) Project Management Manage Service Agreements

IT

Ongoing
Management Manage Suppliers
Requirements &
Feasibility
Design &
Build
Test &
Implement Manage Quality
Manage Changes Nb: Bold headings are
IT and Organisational
Support Processes
Manage Risk authors own categorisation
Manage Security & are not part of COBIT

COBIT Domains Deliver, Service &
Support (DSS)
Service Operations
Manage Operations
Manage Service Requests &
Incidents
Manage Problems
Manage Continuity
Manage Security Services
Manage Business Process
Controls
Nb: Bold headings are
& are not part of COBIT

DSS Relationship with BAI & APO
(Strategic) Pre-Project Development Production
Align, Plan
& Organise IT Strategy / Innovation / Ent. Architecture / Portfolio Management
(APO)
(Tactical)
Build,
Acquire & IT
Ongoing IT Systems Devt Life Cycle Mgt
Implement
Management Requirements Design & Test &
(BAI) & Feasibility Build Implement
Manage Changes
IT & Organisational
Support Processes
Knowledge, Assets, Configuration
Deliver,
Service & Service
Operations
Support (DSS)
(Operational)

COBIT Domains Monitor, Evaluate &
Assess
Monitor, Evaluate and Assess

Performance & Conformance
System of Internal Control
Compliance with External Requirements


MEA Relationship with APO / BAI / DSS
Measure,
(Strategic) Pre-Project Development Production Evaluate &
Assess (MEA)
Align, Plan
& Organise IT Strategy / Innovation / Ent. Architecture / Portfolio Management
(APO)
(Tactical)
Build,
Measure,
Acquire & IT
IT Systems Devt Life Cycle Mgt Evaluate
Implement Ongoing
&
Management Requirements Design & Test &
(BAI) & Feasibility Build Implement
Assess
Manage Changes
IT & Organisational
Support Processes
Deliver,
Service & Service
Operations
Support (DSS)
(Operational)

COBIT Domains Governance
Monitor, Evaluate & Direct to:

Ensure Governance Framework Setting
and Maintenance
Ensure Benefits Delivery
Ensure Risk Optimisation
Ensure Resource Optimisation
Ensure Stakeholder Transparency


Governance Relationship To Management
Evaluate
(Governance)
Direct Monitor
(Strategic Mgt) Pre-Project Development Production Measure,

Evaluate &
Align, Plan Assess (MEA)
IT Strategy / Innovation / Ent. Architecture / Portfolio Management
& Organise
(APO) Programme Management

(Tactical Mgt)
Build, Measure,
IT IT Systems Devt Life Cycle Mgt
Acquire & Evaluate
Ongoing
Implement Requirements Design & Test & &
Management
(BAI) & Feasibility Build Implement Assess
Manage Changes
IT & Organisational
Support Processes
Deliver, Service & Service

Support (DSS) Operations
(Operational Mgt) Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.

Further Process Details
COBIT provides further details to the Process
Breakdown of Process
Process
Management Practices
Activities
RACI for Management Practices
Inputs-Outputs for each Activity
Metrics for the overall process
IT-related
Process-related
COBIT Process Details Management
Practices
Process
Manage Programmes and Projects
Maintain a standard approach for programme and project
management
Initiate a programme.
Manage stakeholder engagement.
Develop and maintain the programme plan.
Launch and execute the programme
Monitor, control and report on the programme outcomes. Management
Start up and initiate projects within a programme. Practices
Plan projects
Manage programme and project quality
Manage programme and project risk
Monitor and control projects
Manage project resources and work packages.
Close a project or iteration
Close a programme.

COBIT Process Details Management
Practices and Activities Process
Manage Programmes and Projects
Maintain a standard approach for programme and project management Management
Initiate a programme Practices
Agree on programme sponsorship and appoint a programme board/committee with members who have
strategic interest in the programme, have responsibility for the investment decision making, will be
significantly impacted by the programme and will be required to enable delivery of the change.
Confirm the programme mandate with sponsors and stakeholders. Articulate the strategic objectives for
the programme, potential strategies for delivery, improvement and benefits that are expected to result,
and how the programme fits with other initiatives.
Develop a detailed business case for a programme, if warranted. Involve all key stakeholders to develop
and document a complete understanding of the expected enterprise outcomes, how they will be
measured, the full scope of initiatives required, the risk involved and the impact on all aspects of the
Activities enterprise. Identify and assess alternative courses of action to achieve the desired enterprise outcomes.
Develop a benefits realisation plan that will be managed throughout the programme to ensure that
planned benefits always have owners and are achieved, sustained and optimised.
Prepare and submit for in-principle approval the initial (conceptual) programme business case, providing
essential decision-making information regarding purpose, contribution to business objectives, expected
value created, time frames, etc
Appoint a dedicated manager for the programme, with the commensurate competencies and skills to
manage the programme effectively
and efficiently.
Manage stakeholder engagement.

COBIT Process Details RACI for
Management Practices

COBIT Process Details Inputs-
Outputs for Each Activity

COBIT Process Details IT-Related
Metrics
Example - from Manage Programmes and Projects process

COBIT Process Details Process-
Related Metrics
Example - from Manage Programmes and Projects process

Other Key Elements of COBIT
Principles
Enablers
Lifecycle Approach
Process Capability Model
COBIT 5 Product Family

Principles

Enablers

Lifecycle Approach

Process Capability Model

COBIT 5 Product Family

COBIT 5 Mapping to Other Frameworks
Nb: Some of the other frameworks can map to more than one COBIT domain (eg. ITIL/COBIT) but for simplicity, only one domain is mapped here

For Further Information
For further details on COBIT course
http://www.iss.nus.edu.sg/ProfessionalCourse
s/SearchCourse/CourseDetail/tabid/267/cid/20
/cname/nicf-cobit-foundation/Default.aspx
For other related courses:

http://www.iss.nus.edu.sg/ProfessionalCourse
s/CourseCatalogue.aspx

Acknowledgements & Sources
Sources used in this presentation:
Information Systems Audit and Control
Association. (2012). COBIT 5: Enabling
processes. Rolling Meadows, IL: ISACA.

Acknowledgements & Notices
COBIT is a registered trade mark of ISACA and the IT Governance Institute
CGEIT is a registered trade mark of ISACA
TOGAF is a registered trademark of The Open Group in the United States and
other countries
CBAP is a registered certification mark owned by International Institute of
Business Analysis
CISSP is a registered Trademark of (ISC)2
SCRUM Alliance REP SM is a service mark of Scrum Alliance, Inc.
PMP is a registered mark of Project Management Institute, Inc.
ITIL, PRINCE2, P3O, MSP are registered trade marks of the Cabinet
Office
CMMI is registered in the U.S. Patent and Trademark Office by Carnegie Mellon
University
The Swirl logo is a trade mark of the Cabinet Office
2011 NUS unless otherwise stated. The contents of this document may not be
reproduced in any form or by any means, without the written permission of ISS,
NUS, other than for the purpose for which it has been supplied
ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless

The End


COBIT® 5 As IT Management Best Practice Framework PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

COBIT® 5 As IT Management Best Practice Framework PDF

Uploaded by

Copyright:

Available Formats

COBIT 5 as IT Management Best

Please see Acknowledgements & Notices in last few slides

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 1

International framework from ISACA and IT Governance Institute

Helps maximise value of IT to businesses

Originally, more for monitoring/ audit /risk assessment of IT

Increasingly recognised as comprehensive framework of IT

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 2

generally, the responsibility of

Strategic Tactical Operational

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 3

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 4

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 5

(Generic) Project Management

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 6

(Generic) Project Management

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 7

IT Systems Devt Life Cycle Mgt

Manage Security & are not part of COBIT

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 8

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 9

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 10

Monitor, Evaluate and Assess

Nb: Bold headings are

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 11

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 12

Monitor, Evaluate & Direct to:

Nb: Bold headings are

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 13

(Strategic Mgt) Pre-Project Development Production Measure,

(Generic) Project Management

Deliver, Service & Service

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 14

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 16

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 18

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 19

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 20

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 21

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 22

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 23

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 24

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 25

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 26

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 27

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 28

For other related courses:

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 29

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 30

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless

ATA/Lucid/2010-01-25 MUS/ 2010 NUS. All Rights Reserved Unless 32

You might also like