Professional Documents
Culture Documents
Cobit4 1 Comparing Cobit41 and Cobit 5misacaorgcobitdocumentscomparing Cobitpdfcomparing
Cobit4 1 Comparing Cobit41 and Cobit 5misacaorgcobitdocumentscomparing Cobitpdfcomparing
C i g COBIT4.1
COBIT4 1
and COBIT 5
3
Where are we…
4
Stakeholder Value and
Business Objectives
Business Objectives
y Enterprises exist to create value for their stakeholders
y Consequently, any enterprise, commercial or not—will
have value creation as a governance objective
y Value creation:
Realising benefits at an
optimal resource cost while
optimising risk
5
Stakeholder Value and
Business Objectives
Business Objectives
Principle 1.
Meeting Stakeholder Needs:
y Stakeholder needs transformed
into an enterprise’s
enterprise s actionable
strategy
y COBIT 5 goals cascade translates
stakeholder needs into specific,
actionable and customised goals
within
ithi the
th context
t t off the
th
enterprise, IT-related goals and
enabler ggoals
7
Stakeholder Value and Business
Objectives (cont.)
Objectives (cont )
9
COBIT framework evolution
Governance of Enterprise IT
scope
IT Governance
Evolution of s
V l IT 2.0
Val 20
Management (2008)
Control
Ri k IT
Risk
(2009)
Audit
10
© 2012 ISACA® All rights reserved.
Governance and Management Defined
11
Governance and Management Defined
13
New GEIT Principles
15
Focus on Enablers
17
New Process Reference
Model for COBIT 5
Model for COBIT 5
y Revised process reference model with a new
governance domain
Several new and modified processes
Enterprise activities end-to-end
y Aligns
Ali with
ith currentt bbestt practices,
ti e.g., ITIL
ITIL, TOGAF,
TOGAF
PmBok, ISO\IEC 27000, etc
y The new model can be used as a guide for adjusting as
necessary the enterprise’s own process model
18
19
Source: COBIT® 5, figure 16. © 2012 ISACA® All rights reserved.
New and Modified Processes
20
New and Modified Processes
21
New and Modified Processes
y New and modified processes:
y APO03 M
Manage enterprise
t i architecture.
hit t
y APO04 Manage innovation.
y APO05 Manage
g pportfolio.
y APO06 Manage budget and costs.
y APO08 Manage relationships.
y A O13 Manage security.
APO13 i
y BAI05 Manage organisational change enablement.
y BAI08 Manage knowledge
knowledge.
y BAI09 Manage assets.
y DSS05 Manage security service.
y DSS06 Manage business process controls.
22
New and Modified Processes
23
Practices and Activities
24
Goals and Metrics
26
RACI Charts
27
RACI Charts (cont.)
Source: COBIT® 4.1, page 39. © 2007 IT Governance Institute® All rights reserved.
28 Source: COBIT® 5: Enabling Processes, page 31. © 2012 ISACA® All rights reserved.
Process Capability Maturity
Models and Assessments
Models and Assessments
y COBIT 4.1, Val IT and Risk IT CMM-based capability
maturity
i modelling
d lli approachh terminated
i d
y New process capability assessment approach based on
ISO/IEC 15504,
15504 and the COBIT Assessment
Programme
www.isaca.org/Knowledge-Center/cobit/Pages/COBIT-
A
Assessment-Programme.aspx
P
y COBIT 4.1, Val IT and Risk IT CMM-based approaches
are not considered compatible with the ISO/IEC
15504 approach because the methods use different
attributes and measurement scales.
29
Process Capability Maturity
Models and Assessments
Models and Assessments
COBIT 4.1/5
31
Process Capability Maturity
Models and Assessments
Models and Assessments
y COBIT Process Assessment Model (PAM): Using
COBIT 4.1
41
Serves as a base reference document for the performance of a
capability assessment of an organisation’s current IT processes
against COBIT
y COBIT Assessor Guide: Using COBIT 4.1
Provides details on how to undertake a full ISO-compliant
p
assessment
y COBIT Self-assessment Guide: Using COBIT 4.1
Provides
P id guidance
id on how
h to t perform
f a basic
b i self-assessment
lf t off
an organisation’s current IT process capability levels against
COBIT processes
32
Process Capability Maturity
Models and Assessments
Models and Assessments
y COBIT 4.1, Val IT and Risk IT users wishing to move
to the new COBIT Assessment Programme approach
will need to:
realign
li their
th i previous
i ratings
ti
adopt and learn the new method
33
Process Capability Maturity
Models and Assessments
Models and Assessments
y COBIT 4.1, Val IT and Risk IT users wishing to
continue with the CMM-based approach, either as an
interim or ongoing approach, can use the COBIT 5
guidance but must use the COBIT 4.1
guidance, 4 1 generic attribute
table without the high-level maturity models.
34
COBIT 5 delivers value!
y COBIT 5 helps
p enterprises
p create optimal
p value from IT
by maintaining a balance between realising benefits and
optimising risk levels and resource use.
y COBIT 5 enables information and related technology to
be governed and managed in a holistic manner
y The COBIT 5 principles and enablers are generic –
generally applicable!
y A series of publications, education and online
collaboration will drive COBIT forward!
35
COBIT 5 Product Family
• Enabler Guides:
• COBIT 5 5: E
Enabling
bli IInformation
f ti
• COBIT Online Replacement
• COBIT Assessment Programme:
• Process Assessment Model (PAM): Using COBIT 5