Professional Documents
Culture Documents
1
COBIT Overview
• Enterprise strategy
• Enterprise goals
• Enterprise size
• Role of IT
Inputs to COBIT 2019 COBIT 2019 • Sourcing model for IT
• Compliance requirements
• Etc.
External Stakeholders
Regulators Helps to ensure the enterprise is compliant with applicable rules and regulations and has
the right governance system in place to manage and sustain compliance
Business Partners Helps to ensure that a business partner’s operations are secure, reliable and compliant with
applicable rules and regulations
IT Vendors Helps to ensure that an IT vendor’s operations are secure, relaible and compliant with
applicable rules and regulations
Figure 3.1
Governance System Principles
1. Provide 3. Dynamic
2. Holistic
Stakeholder Governance
Approach
Value System
Figure 3.2
Governance Framework Principles
1. Based on
2. Open and
Conceptual
Flexible
Model
3. Aligned to
Major Standards
Enterprise
Cascade to Goals
Alignment
Cascade to
Goals
Governance
and
Cascade to
Management
Objectives
Figure 4.3
COBIT Components of a Governance System
Processes
Services,
Infrastructure Organizational
and Structures
Applications
Governance
People, Skills System Principles,
and Policies,
Competencies Procedures
Culture, Ethics
and Information
Behavior
EDM01—Ensured
Governance EDM02—Ensured EDM03—Ensured EDM04—Ensured EDM05—Ensured
Framework Setting Benefits Delivery Risk Optimization Resource Stakeholder
and Maintenance Optimization Engagement
MEA02—Managed
isaca.org
System of Internal
BAI03—Managed BAI04—Managed BAI07—Managed Control
BAI01—Managed BAI02—Managed Solutions BAI05—Managed IT Change
Programs Requirements Availability BAI06—Managed
Identification Organizational IT Changes Acceptance and
Definition and Capacity Change
and Build Transitioning
MEA03—Managed
BAI08—Managed BAI09—Managed BAI10—Managed BAI11—Managed Compliance With
I N T E R N AT I O N A L H E A D Q U A R T E R S
Knowledge Assets Configuration Projects External
Requirements
Sourcing IT Technology
Compliance Model Implementation Adoption Enterprise
Role of IT
Requirements for IT Methods Strategy Size
Future Factors
3. Specific 2. Component
Focus Areas Variations
2. Determine
1. Understand the initial 3. Refine the 4. Conclude the
the enterprise scope of the scope of the governance
context and governance governance system design.
strategy. system. system.
• 1.1 Understand enterprise • 2.1 Consider enterprise • 3.1 Consider the threat • 4.1 Resolve inherent priority
strategy. strategy. landscape. conflicts.
• 1.2 Understand enterprise • 2.2 Consider enterprise • 3.2 Consider compliance • 4.2 Conclude the
goals. goals and apply the requirements. governance system
• 1.3 Understand the risk COBIT goals cascade. • 3.3 Consider the role of IT. design.
profile. • 2.3 Consider the risk profile • 3.4 Consider the sourcing
• 1.4 Understand current of the enterprise. model.
I&T-related issues. • 2.4 Consider current • 3.5 Consider IT
I&T-related issues. implementation methods.
• 3.6 Consider the IT adoption
strategy.
• 3.7 Consider enterprise size.
Figure 8.1 ep
COBIT Implementation Road Map d
e ke
o w m going?
1 What a
w u re t
Ho ent he
dri
7e mom iew Initia
te p
ve
rs?
th v s
Re enes iv rog
ect ram
eff
Establ
is
sta
in to ch h des
Su ang ire
2
ere?
e
Def opport
Whe
s
6 Did we get th
ine
efit
r Recog
nito need nize
re are
Mo and
• Program management
imp team
act to
Realize ben
probleities
ate
approach ew
lu
es
a
ev
leme
(outer ring)
Embed n
Form ation
un
we now?
Operate
Asseent
e
curr te
• Change enablement
nt
ms and
measur
sta
and
ss
(middle ring)
• Continual improvement life cycle
I m p ov e m
rg n e
imp
De
ta et
fi
le m
ta
r
e
te
en n t (inner ring)
me te
s
co ca
ts B u il d
O p d us
i m p ro
ut u n i
ve m e n ts
an
er e
ap
e
m
m
e?
at
E xe
Co o
dm
5H
to b
cu
Identify role
oa
ow
te
a nt
la
er
fin
n p l a ye r s
p
do
ew
De
we
ow
ge
th
er
ed
e re
t
? Plan program Wh
3
4 W h a t n e e d s to b e d o n e ?