Professional Documents
Culture Documents
apmg-international.com 1
© The APMG Group Ltd. 2018. All rights reserved.
[Webinar handout]
COBIT 2019 Use Cases
Tailoring Governance of Your
Enterprise IT
With thanks to: Mark Thomas, Escoute
apmg-international.com 2
© The APMG Group Ltd. 2018. All rights reserved.
3
apmg-international.com 3
© The APMG Group Ltd. 2018. All rights reserved.
Use Cases
Use COBIT as a “framework to manage frameworks”
apmg-international.com 4
© The APMG Group Ltd. 2018. All rights reserved.
Use Cases
1. My enterprise uses multiple frameworks, 2. I am a launching a new IT Governance group
how does COBIT fit? at our company, where does COBIT say I should
start?
3. Our company uses previous versions of COBIT 3. With the increase in security compromises we
how do we move to COBIT 2019? are seeing in this industry, I’d like to leverage
COBIT to help me. How do I do this?
UC Understand the key differences between UC Select the appropriate COBIT measures to
3.1 COBIT5 and COBIT 2019 4.1 ensure proper information protection
apmg-international.com 5
© The APMG Group Ltd. 2018. All rights reserved.
Use Case 1.1: Use COBIT as a “framework to manage frameworks”
Pre conditions Success Scenario COBIT 2019 References
• Multiple frameworks
1 Understand principles •COBIT 2019 Framework guide, Ch. 3
across the organization
• Determine your governance system principles
• Application of • Determine your governance framework principles
frameworks is
inconsistent
• No (or weak) overarching
framework for the 2 Conduct a goals cascade •COBIT 2019 Framework guide, Ch. 4
governance and • Understand stakeholder drivers and needs •COBIT 2019 Design guide, Mapping
management of I&T • Map enterprise goals, alignment goals and Appendix
governance and management objectives
•COBIT 2019 Objectives guide, Ch. 4
3 Determine design factors and focus areas •COBIT 2019 Framework guide, Ch. 4, 5
Post conditions • Select design factors and focus areas •COBIT 2019 Design guide, Ch 4, 6
• End to end governance • Conduct a tool analysis using the design tool kit to
system •COBIT 2019 Toolkit (Excel tool)
select governance and management objectives
• Provides stakeholder
value
4 Map to industry frameworks •COBIT 2019 Objectives guide, Ch. 4
• Holistic approach
• Refer to the applicable standards section of each •Refer to the related guidance section for
• Dynamic governance governance and management objective each governance or management objective
system • Determine what frameworks are most applicable
• Governance distinct from
management
• Tailored to meet 5 Document and implement •COBIT 2019 Design guide
• Implement a tailored governance system using •COBIT 2019 Implementation guide
enterprise needs
applicable industry standards
apmg-international.com 6
© The APMG Group Ltd. 2018. All rights reserved.
Use Case 1.2: Use COBIT to determine which industry standards are applicable to a selected process
Pre conditions Success Scenario COBIT 2019 References
• An understanding of the
1 Select the appropriate process •COBIT 2019 Framework guide, Ch. 4
current processes used in
• Determine the governance or management •COBIT 2019 Objectives guide, Ch 4
the IT organization
objective related to your process (each
governance or management objective relates to
one process)
• Select the process
2 Understand COBIT guidance for each process •COBIT 2019 Objectives guide, Ch 4
• Locate the COBIT guidance for each process
• Review the details of the components
Post conditions
• Identified industry
standards applicable to a
selected process by
governance component
• Knowledge of which 3 Determine the applicable standards •COBIT 2019 Objectives guide, Ch 4
standards, best practices • For each component, locate the “Related
and bodies of knowledge Guidance” section
will provide deeper
information on how to
manage and improve the
process
apmg-international.com 7
© The APMG Group Ltd. 2018. All rights reserved.
Use Case 2.1: Use COBIT to identify an organizational structure for EGIT
Pre conditions Success Scenario COBIT 2019 References
• A current organization
1 Identify governance and management objectives • COBIT 2019 Framework guide, Ch. 4.2
chart exists
• Identify the potential governance and • COBIT 2019 Objectives guide, Ch 4
• A desire to adopt an management objectives for EGIT structures within
organization structure for your defined scope
EGIT • Examples: EDM01 through EDM05
Post conditions Locate the details for selected objectives • COBIT 2019 Objectives guide, Ch 4
3
• RACI chart for EGIT • Locate the details of the selected governance or
governance and management objectives
management objectives • Identify the organizational structures component
• Related guidance and guidance for each selected objective
(standards, frameworks,
compliance
requirements) associated Design the organizational structure • COBIT 2019 Objectives guide, Ch 3, 4,
with organizational 4
• Use the descriptions and RACI model provided in Appendix B
structures COBIT (only R and A are provided)
• Refer to COBIT roles and organizational structures
table for applicable descriptions
apmg-international.com 8
© The APMG Group Ltd. 2018. All rights reserved.
Use Case 2.2: Use COBIT to create a tailored governance system
Pre conditions Success Scenario COBIT 2019 References
• No (or weak) overarching
1 Understand principles •COBIT 2019 Framework guide, Ch. 3
framework for the
• Determine your governance system principles
governance and
• Determine your governance framework principles
management of I&T
• Management supports
the integration of a single
integrated framework 2 Conduct a goals cascade •COBIT 2019 Framework guide, Ch. 4
• Understand stakeholder drivers and needs •COBIT 2019 Design guide, Mapping
• Map enterprise goals, alignment goals and Appendix
governance and management objectives
•COBIT 2019 Objectives guide, Ch. 4
3 Determine design factors and focus areas •COBIT 2019 Framework guide, Ch. 4
• Select design factors and focus areas •COBIT 2019 Design guide, Ch 2, 3
Post conditions • Understand your relationship with each design
factor
• End to end governance
system
• Provides stakeholder 4 Analyze design factors and focus areas •COBIT 2019 Toolkit (Excel tool)
value • Conduct a tool analysis using the design tool kit to •COBIT 2019 Design guide, Ch. 4
• Holistic approach select governance and management objectives
•COBIT 2019 Framework guide, Ch. 6
• Determine target capability levels
• Dynamic governance
system
• Governance distinct from 5 Document governance components •COBIT 2019 Framework guide, Ch. 4
management • Understand the governance components for each •COBIT 2019 Objectives guide, Ch. 4
• Tailored to meet governance or management objective selected
•Refer to the related guidance section for
enterprise needs • Modify the tailored governance system as required
each governance or management objective
apmg-international.com 9
© The APMG Group Ltd. 2018. All rights reserved.
Use Case 3.1: Understand the key differences between COBIT5 and COBIT 2019
Pre conditions Success Scenario COBIT 2019 References
• Basic understanding of
1 Understand modified principles •COBIT 2019 Framework guide, Ch. 3
the COBIT5 framework
• Recognize the differences between COBIT5
principles and COBIT 2019 principles
2 Understand governance system and components •COBIT 2019 Framework guide, Ch. 4
• These were known as enablers in COBIT5
• Review the seven components
apmg-international.com 10
© The APMG Group Ltd. 2018. All rights reserved.
Use Case 3.2: Update an existing capability assessment to the COBIT 2019 performance management guidance
3 Understand current and target capability ratings •COBIT 2019 Design guide, Ch. 4
• Determine current and target capability ratings for •COBIT 2019 Framework guide, Ch. 6
Post conditions activities associated with each process •COBIT5 Process Assessment Model
• Updated capability or
maturity based on COBIT
2019 guidance 4 Select process practices and activities •COBIT 2019 Framework guide, Ch 6
• Note: this is for process • Activities are associated with capability levels •COBIT 2019 Objectives guide, Ch 4
capability – maturity • Select improvements for activities that will •Design guide tool results
levels are completed at support the target capability
the focus areas.
• Note: the COBIT5 PAM
5 Implement improvements •COBIT 2019 Implementation guide
can still be used to assess
• Implement selected improvements to meet target
capability levels with
capability levels
minor modifications to
• Continuously improve through iterations
processes
apmg-international.com 11
© The APMG Group Ltd. 2018. All rights reserved.
Use Case 4.1: Select the appropriate COBIT measures to ensure proper information protection
Pre conditions Success Scenario COBIT 2019 References
• The need to protect
1 Determine scope •Framework guide, Ch. 4
enterprise information
• Using the design guide tool, determine the •Design guide, Ch 2-4, 6
• Stakeholder concerns appropriate inputs for each design factor
over information security •Design guide tool
• Compliance requirements
related to information
security 2 Select governance and management objectives •Framework guide, Ch. 4
• These will be a result of the design guide tool •Design guide, Ch. 6
calculations •Objectives guide, Ch. 4
• Examples: APO13, DSS04, APO12, MEA03
•Design guide tool
Post conditions Determine target capability level •Framework guide, Ch. 6
3
• Documented and • Based on the data entered into the tool, a •Design guide Ch. 6
understood practices to suggested target capability level will be identified
ensure proper •Objectives guide, Ch. 4
information protection •Design guide tool
• Understanding of all
components related to 4 Analyze components for each objective •Framework guide, Ch. 4
the governance or • Process practices, Policies, Organizational •Objectives guide, Ch. 4
management objective structures, Culture, Information, Services, People
• Agreed on target
capability levels
• Related industry 5 Refer to industry standards and frameworks •Objectives guide, Ch. 4
standards and • Plan and implement the appropriate actions
frameworks required to attain the appropriate capability level
apmg-international.com 12
© The APMG Group Ltd. 2018. All rights reserved.
Use Case 4.2: Use COBIT to determine appropriate information protection policies
Pre conditions Success Scenario COBIT 2019 References
• Lack of or insufficient
1 Select security related governance or management •COBIT 2019 objectives guide, Appendix A
information security
objectives
policies
• Select using the goals cascade
• The need to protect • Include enterprise and alignment goals to pick
enterprise information security related objectives
• Stakeholder concerns
over information security
Post conditions
3 Research related guidance •Objectives guide, Ch. 4
• Relevant and updated • Related guidance offers industry standards and
information security frameworks relevant to the process and can
policies provide further guidance on potential policies
• Policies consistent with
COBIT 2019 and industry
related guidance
apmg-international.com 13
© The APMG Group Ltd. 2018. All rights reserved.
Get in touch….
https://apmg-international.com/product/cobit-2019
apmg-international.com 14
© The APMG Group Ltd. 2018. All rights reserved.