Professional Documents
Culture Documents
INTRODUCING
TABLE OF CONTENTS
1. COBIT ® 2019
2. Drivers and Benefits
3. Introduction
▪ Enterprise Governance of Information & Technology (EGIT)
▪ COBIT as an I&T framework
▪ Governance and Management Defined
▪ What COBIT is and What It is Not
4. Overview
▪ Product Family
▪ COBIT 2019 Product Architecture
▪ Stakeholders
5. Key concepts
▪ Overview
▪ Principals
▪ Governance and Management Objectives
▪ Goals Cascade
▪ Components of a Governance System
▪ Focus Areas
▪ Design Factors
1
11/14/2018
COBIT® 2019
2
11/14/2018
COBIT 2019
DRIVERS AND BENEFITS
COBIT 2019
UPDATE DRIVERS Building on
Staying
COBIT
relevant in a
strengths and
changed
identifying
environment
opportunities
Addressing
Optimizing I&T
COBIT 5
Governance
imperfections
COBIT
2019
3
11/14/2018
Building on
Staying relevant COBIT
Enterprise
Business/IT
Governance of Value Creation
Alignment
I&T
Building on
Staying
COBIT
relevant in a
strengths and
changed
identifying
COBIT 2019 environment
opportunities
Addressing
STAYING RELEVANT IN A CHANGED ENVIRONMENT Optimizing I&T
Governance
COBIT5
imperfections
COBIT
2019
4
11/14/2018
Building on
Staying
COBIT
relevant in a
strengths and
changed
identifying
COBIT 2019 environment
opportunities
Buildng on
Staying relevant COBIT
in a changed strengths and
environment identifying
COBIT 2019 opportunities
STRENGTHS
• COBIT is a unique overarching IT Governance framework
• COBIT process guidance has matured and has reached its best quality level yet
• COBIT’s business perspective on IT brings a unique opportunity to further expand
its impact
OPPORTUNITIES
• The current (target) audience for COBIT is still very much IT- and Assurance
oriented
• There is an opportunity to re-discover or re-launch some of COBIT hidden gems
• More prescriptive implementation guidance such as incorporating specific design
factors
5
11/14/2018
Building on
Staying relevant COBIT
in a changed strengths and
• COBIT users find it hard to locate relevant contents for their needs
• Perceived as complex and challenging to apply in practice
• The enabler model is incomplete in terms of development and guidance, and
thus often ignored
• A challenging process capability model and general lack of support of
performance management for other enablers
• The perceived reputation of IT Governance itself as an inhibitor of change and
(administrative) overhead – not per se a COBIT weakness but an IT Governance
problem at large
INTRODUCTION
ENTERPRISE GOVERNANCE OF INFORMATION &
TECHNOLOGY (EGIT) AND THE NATURE OF COBIT
6
11/14/2018
INTRODUCTION
ENTERPRISE GOVERNANCE OF INFORMATION AND TECHNOLOGY (EGIT)
INTRODUCTION
ENTERPRISE GOVERNANCE OF INFORMATION AND TECHNOLOGY (EGIT)
Given the centrality of I&T for enterprise risk management and value
generation, a specific focus on enterprise governance of information
and technology (EGIT) has arisen over the last two decades.
7
11/14/2018
INTRODUCTION
ENTERPRISE GOVERNANCE OF INFORMATION AND TECHNOLOGY (EGIT)
Benefits
Fundamentally, EGIT is concerned with value Realization
delivery from digital transformation and the
mitigation of business risk that results from
digital transformation.
Risk
More specifically, three main outcomes can be Optimization
expected after successful adoption of EGIT.
Resource
Optimization
INTRODUCTION
COBIT AS AN INFORMATION & TECHNOLOGY (I&T) FRAMEWORK
• Enterprise I&T means all the technology and information processing the
enterprise puts in place to achieve its goals, regardless of where this
happens in the enterprise
• Enterprise I&T is not limited to the IT department of an organization, but
certainly includes it
8
11/14/2018
INTRODUCTION
GOVERNANCE AND MANAGEMENT DEFINED
INTRODUCTION
WHAT IS COBIT AND WHAT IT IS NOT: SETTING THE RIGHT EXPECTATIONS
9
11/14/2018
OVERVIEW
PRODUCT FAMILY ARCHITECHTURE
OVERVIEW
PRODUCT FAMILY
The COBIT 2019 product family is open-ended. The following publications will
be available in Q4 2018.
10
11/14/2018
COBIT OVERVIEW
COBIT® 2019 Product Architecture
Provides insights on how to get value from the use of I&T and explains
OVERVIEW relevant board responsibilities
INTERNAL STAKEHOLDERS
Boards
Provides guidance on how to organize and
Helps to ensure the identification and monitor performance of I&T across the
management of all IT-related risk enterprise
Risk Executive
Management Management
Internal
Stakeholders
IT
Managers
Provides guidance on how best to build and structure the IT
department, manage performance of IT, run an efficient and
effective IT operation, control IT costs, align IT strategy to
business priorities, etc.
11
11/14/2018
OVERVIEW
Determines whether the enterprise is
EXTERNAL STAKEHOLDERS compliant with applicable rules and
regulations and advises that the enterprise
has the right governance system in place to
manage and sustain compliance
Regulators
Business
IT Vendors Partners
KEY CONCEPTS
KEY CONCEPTS & CONCEPTUAL MODEL
12
11/14/2018
KEY CONCEPTS
OVERVIEW
Principles
Governance
Design and
Factors Management
Objectives
COBIT 2019
Concepts
Goals
Focus Areas
Cascade
Components
of a
Governance
System
KEY CONCEPTS
PRINCIPLES
PRINCIPLES PRINCIPLES
Governance System Governance Framework
13
11/14/2018
KEY CONCEPTS
GOVERNANCE SYSTEM PRINCIPLES
The six (6) principles are the core requirements for a governance
system for enterprise information and technology.
1. Each enterprise needs a governance system to satisfy
stakeholder needs and to generate value from the use of
I&T.
2. A governance system for enterprise I&T is built from a
number of components that can be of different types and
that work together in a holistic way.
3. A governance system should be dynamic. This means
that each time one or more of the design factors are
changed the impact of these changes on the EGIT
system must be considered.
4. A governance system should clearly distinguish between
governance and management activities and structures.
5. A governance system should be tailored to the Reference: COBIT® 2019 Framework: Introduction and Methodology, Chapter
enterprise’s needs, using a set of design factors as 3 COBIT Principles, Figure 3.1
parameters to customize and prioritize the governance
system components.
6. A governance system should cover the enterprise end to
end, focusing not only on the IT function but on all
technology and information processing the enterprise
puts in place to achieve its goals.
KEY CONCEPTS
GOVERNANCE FRAMEWORK PRINCIPLES
14
11/14/2018
KEY CONCEPTS
GOVERNANCE AND MANAGEMENT OBJECTIVES
KEY CONCEPTS
GOVERNANCE AND MANAGEMENT OBJECTIVES
Similar to COBIT 5, The governance and management objectives in COBIT® 2019 are grouped
into five domains. The domains have names that express the key purpose and areas of activity of
the objectives contained in them.
Governance
Management objectives
objectives
15
11/14/2018
Known as the
Process Reference
Model, or PRM in
COBIT 5, COBIT®
2019 identifies this
as the COBIT Core
Model.
Reference:COBIT®
Reference: COBIT®2019
2019Framework:
Framework:Introduction
Introduction and
and Methodology,
Methodology, Chapter
Chapter 4 4Basic
BasicConcepts:
Concepts: Governance
Governance Systemsand
Systems and Components,
Components, Figure4.2
Figure 4.2
KEY CONCEPTS
GOVERNANCE AND MANAGEMENT OBJECTIVES
16
11/14/2018
KEY CONCEPTS
GOALS CASCADE
KEY CONCEPTS
COMPONENTS OF A GOVERNANCE SYSTEM
17
11/14/2018
KEY CONCEPTS
COMPONENTS OF A GOVERNANCE SYSTEM
but
▪ Tailored for a specific purpose or context
within a focus area (e.g., for information
security, DevOps, a particular regulation)
KEY CONCEPTS
FOCUS AREAS
18
11/14/2018
KEY CONCEPTS
DESIGN FACTORS
KEY CONCEPTS
DESIGN FACTORS: EXAMPLES
• Growth/Acquisition
Enterprise • Innovation/Differentiation
Strategy • Cost Leadership
• Client Service/Stability
Threat • Normal
Landscape • High
• Support
• Factory
Role of IT • Turnaround
• Strategic
19
11/14/2018
DESIGNING AND
IMPLEMENTING A TAILORED
GOVERNANCE SYSTEM
USING COBIT 2019
Specific Component
Focus Areas Variations
20
11/14/2018
Specific Component
Focus Areas Variations
Specific Component
Focus Areas Variations
21
11/14/2018
Specific Component
Focus Areas Variations
22
11/14/2018
23
11/14/2018
PERFORMANCE
MANAGEMENT
CAPABILITY & MATURITY
PERFORMANCE MANAGEMENT
OVERVIEW
24
11/14/2018
PERFORMANCE MANAGEMENT
CAPABILITY AND MATURITY
PERFORMANCE MANAGEMENT
CAPABILITY AND MATURITY
25
11/14/2018
PERFORMANCE MANAGEMENT
CAPABILITY AND MATURITY
MAJOR DIFFERENCES
COBIT 5 vs. COBIT 2019
26
11/14/2018
MAJOR DIFFERENCES
ALIGNMENT TO COBIT 5
COBIT 2019
COBIT 2019 COBIT 2019 COBIT 2019
DESIGN GUIDE IMPLEMENTATION
FRAMEWORK FRAMEWORK
Designing Your GUIDE
COBIT Introduction & COBIT Governance & Implementing and Optimizing Your
Methodology Information &
Management Objectives Technology Governance Information & Technology
Governance System
System
27
11/14/2018
• The generic enabler model has been removed from the Framework
▪ Similar structures will still be part of the COBIT conceptual model, but will
remain hidden and hence make COBIT look less complex
• The detailed ‘Enabler Guidance’ has also been removed, further
simplifying COBIT
• Process Goals have been removed
• Their role is taken over by the process practice statements
• The COBIT 5 PAM and the ISO15504 (now ISO33000) based
process capability assessment model have been replaced by a
CMMI inspired capability model.
• Note: those who want to keep using that model can do so, but there is no
separate PAM publication provided with COBIT 2019
28
11/14/2018
29
11/14/2018
APPENDIX
30
11/14/2018
ABOUT ISACA
Nearing its 50th year, ISACA® (isaca.org) is a global association helping individuals
and enterprises achieve the positive potential of technology. Today’s world is
powered by technology, and ISACA equips professionals with the knowledge,
credentials, education and community to advance their careers and transform their
organizations.
31