Professional Documents
Culture Documents
2019 1 1 Intro COBIT5
2019 1 1 Intro COBIT5
Risk Management
Part I – 1 Intro to COBIT 5: Overview
Yüe “Jeff” Zhang, Acct & IS Dept, CSUN
09/07/2023 1
Outline of Part I – 1. Overview
• COBIT 5 Overview
Evolution of COBIT
Benefits of COBIT 5
4
Philosophical framework of IT governance
The COBIT Framework
The Need for a Control Framework
Over the past decade, the term ‘governance’ has moved to the
forefront of business thinking – COBIT 5, Executive Summary
“A control framework for IT Governance
defines the reasons IT Governance is needed,
the stakeholders and
what it needs to accomplish.”
Motto
COBIT
2019
10
2019
The COBIT 5 Framework Benefits
Generic: 通用的;功能本质(而非品牌决定的)
12
The COBIT Framework
The IT Governance Framework
13
The COBIT Framework - Aligning with the Business
Req Deliver 14
09/07/2023
Drivers* for Developing a Framework
17
09/07/2023
Enterprise Architecture – Tech Target Network
18
09/07/2023
Enterprise Architecture - Microsoft's Michael Platt
1. Business perspective defines the processes and standards
by which the business operates on a day-to-day basis.
2. Application perspective defines the interactions among
the processes and standards.
19
09/07/2023
Enterprise Architecture (EA) - Wikipedia
• Architecture is the fundamental organization
(structure) of components, their relationships, and the
principles governing their design and evolution.
a formal description of a system, a detailed plan of the system
at component level, to guide its implementation.
• Enterprise Architecture is the organization logic for
business processes and IT infrastructure
• EA is a conceptual blueprint that defines
the structure and operation of an organization.
The intent of EA is to determine how an organization can
most effectively achieve its current and future objectives.
20
09/07/2023
Benefits of Using COBIT 5
21
Benefits of Using COBIT 5
• helps enterprises create optimal value from IT
by maintaining a balance between realising benefits and
optimising risk levels and resource use (cost).
• enables IT to be governed and managed in a holistic
manner for the entire enterprise,
taking in the full end-to-end business and IT functional areas
of responsibility, considering the IT-related interests of
internal and external stakeholders.
• is generic and useful for enterprises of all sizes, whether
commercial, not-for-profit or in the public sector.
• R - COBIT 5, Executive Summary
eprod
u ced
from
Slide
#11
22
09/07/2023
Benefits of Using COBIT 5
COBIT drives Stakeholder Value:
• Delivering enterprise stakeholder value requires good
governance and management of information and technology
(IT) assets.
• Enterprise boards, executives and management have to
embrace IT like any other significant part of the business.
• External legal, regulatory and contractual compliance
requirements related to enterprise use of info and tech are
increasing, threatening value if breached.
• COBIT 5 provides a comprehensive framework that assists
enterprises to achieve their goals and deliver value through
effective governance and management of enterprise IT.
23
Benefits of Using COBIT 5
COBIT 5:
24
COBIT Case Studies by Industry
• http://www.isaca.org/Knowledge-Center/cobit
/Pages/COBIT-Case-Studies.aspx
26
The COBIT 5 Format & Product Architecture
The COBIT 5 Product Family:
27
COBIT 5 Principles
29
The COBIT Framework
Mapping Goals and Processes
Enabler Goals
30
Principle 1: Meeting Stakeholder Needs
• Stakeholder needs have to
be transformed into an
enterprise’s actionable
strategy.
• The COBIT 5 goals
cascade translates
stakeholder needs into
specific, actionable and
customised goals within
the context of
the enterprise,
IT-related goals and
enabler goals. 31
Principle 2: Covering the Enterprise End-to-End
• COBIT 5 addresses the governance and management of
information and related technology from an enterprise-
wide, end-to-end perspective.
All ons
c ti
fun
32
Principle 3:
Applying a Single Integrated Framework
• COBIT5:
1. ► Is complete in enterprise coverage
2. ► Provides a basis to integrate effectively with
other frameworks, standards and practices used
3. ► Aligns with the latest relevant standards and
frameworks (COSO, ITIL, ISO, PMBOK, NIST
etc)
4. ► Integrates all knowledge previously dispersed
over different ISACA frameworks (Risk IT, Val
IT, BMIS)
33
Principle 4:
Enabling a Holistic Approach ***
COBIT5 defines a set of enablers to support the
implementation of a comprehensive governance &
management system for enterprise IT.
• COBIT5 enablers are:
• ► Factors that, individually and collectively,
influence whether something will work
• ► Driven by the goals cascade
• ► Described by the COBIT5 framework in
seven categories
*** Important &
operationable 34
Principle 4: Enabling a Holistic Approach
35
4. Enabling a Holistic Approach (cont.)
1. Principles, policies and frameworks—Are the vehicles to translate the
desired behaviour into practical guidance for day-to-day management
2. Processes—Describe an organised set of practices and activities to
achieve certain objectives and produce a set of outputs in support of
achieving overall IT-related goals 5 domains, 37 processes
3. Organisational structures—Are the key decision-making entities in an
organisation
4. Culture, ethics and behaviour—Of individuals and of the organisation;
very often underestimated as a success factor in governance and
management activities
5. Information—Is pervasive throughout any organisation, i.e., deals with all
information produced and used by the enterprise.
6. Services, infrastructure and applications—Include the infrastructure,
technology and applications that provide the enterprise with information
technology processing and services
7. People, skills and competencies—Are required for successful completion
of all activities and for making correct decisions and taking corrective
actions
36
Principle 5. Separating
Governance From Management
The COBIT 5 framework makes a clear
distinction between governance and
management.
• Governance—In most enterprises, governance
is the responsibility of the board of directors
under the leadership of the chairperson.
• Management—In most enterprises,
management is the responsibility of the
executive management under the leadership of
the CEO.
37
Governance Domain and
Management Domains
Gov: EDM; Mgmt: PBRM (Fig 15, P. 32)
38
Governance & Management in COBIT 5
• Governance ensures that enterprise objectives are achieved
by evaluating stakeholder needs, conditions and options;
setting direction through prioritisation and decision making;
and monitoring performance, compliance and progress
against agreed direction and objectives (EDM).
• Management plans, builds, runs and monitors activities in
alignment with the direction set by the governance body to
achieve the enterprise objectives (PBRM).
• Exercising governance and management effectively in
practice requires appropriately using all enablers. The
COBIT process reference model allows us to focus easily on
the relevant enterprise activities.
Recap: COBIT 5 Principles
41
Incorporates Good Practices
- 5 domains, 37 Processes [Enabler #2]
42
Zhang’s “Distillation” of COBIT Logic
* * Reference:
IT Governance
Institute,
COBIT 5
Mon
nito
ed
Mo
itor
IT Goals
rol
Cont
Cont
l ed
ed
roll
IT Enabler Goals
© Yue Zhang
2015-2019
R A C I
43
Structure of COBIT components
• 5 Principles
Princ. 1: Meeting stakeholder needs
…
Princ. 4: Holistic approach
7 enablers:
• Enabler #2: Processes
Princ. 5: Separating gov from Mgmt
45
09/07/2023