Scribd Logo
Upload

Welcome to Scribd!

  • Cobit Audit

    Uploaded by

    Togrul Asgerli
    9 views25 pages
    The document provides information on COBIT analysis and design factors. It introduces the project team members and shows diagrams mapping enterprise strategy and goals to resulting governance objectives. The diagrams indicate the importance of each objective from -100 to 100.

    Original Description:

    Original Title

    Cobit_Audit

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides information on COBIT analysis and design factors. It introduces the project team members and shows diagrams mapping enterprise strategy and goals to resulting governance objectives. The diagrams indicate the importance of each objective from -100 to 100.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views25 pages

    Cobit Audit

    Uploaded by

    Togrul Asgerli
    The document provides information on COBIT analysis and design factors. It introduces the project team members and shows diagrams mapping enterprise strategy and goals to resulting governance objectives. The diagrams indicate the importance of each objective from -100 to 100.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 25

    COBIT ANALYSIS

    MEET OUR TEAM

    Agil Aghazada To g r u l A s g e r l i Etibar Zeynalli


    COBIT Core
    Design Factor 1 Enterprise Strategy Design Factor 1 Enterprise Strategy
    Resulting Governance/Management Objectives Resulting Governance/Management Objectives Importance (Output)
    Importance (Output)
    EDM02 EDM01 MEA04
    -100 -75 -50 -25 0 25 50 75 100 EDM03 MEA03
    EDM01 EDM04 MEA02
    EDM02 100
    EDM03 EDM05 MEA01
    EDM04 75
    EDM05 APO01 DSS06
    APO01 50
    APO02 APO02 DSS05
    APO03 25
    APO04
    APO03 DSS04
    APO05 0
    APO06
    APO07 APO04 -25 DSS03
    APO08
    APO09 -50
    APO10 APO05 DSS02
    APO11 -75
    APO12
    APO13 APO06 -100 DSS01
    APO14
    BAI01
    BAI02
    BAI03 APO07 BAI11
    BAI04
    BAI05
    BAI06 APO08 BAI10
    BAI07
    BAI08 APO09 BAI09
    BAI09
    BAI10
    BAI11 APO10 BAI08
    DSS01
    DSS02 APO11 BAI07
    DSS03
    DSS04 APO12 BAI06
    DSS05
    APO13 BAI05
    DSS06
    APO14 BAI04
    MEA01 BAI01 BAI03
    BAI02
    MEA02
    MEA03
    MEA04
    Importance (1- Design Factor 2 Enterprise Goals (Input)
    Value 5) Baseline

    EG01—Portfolio of competitive products and services 3 3 EG01—Portfolio of competitive products and services 3
    EG02—Managed business risk 4 3
    EG02—Managed business risk 4
    EG03—Compliance with external laws and regulations 5 3
    EG04—Quality of financial information 1 3 EG03—Compliance with external laws and regulations 5
    EG05—Customer-oriented service culture 4 3
    EG06—Business-service continuity and availability 2 3 EG04—Quality of financial information 1

    EG07—Quality of management information 2 3


    EG05—Customer-oriented service culture 4
    EG08—Optimization of internal business process
    functionality 2 3
    EG06—Business-service continuity and availability 2
    EG09—Optimization of business process costs 3 3
    EG10—Staff skills, motivation and productivity 3 3 EG07—Quality of management information 2
    EG11—Compliance with internal policies 3 3
    EG08—Optimization of internal business process functionality 2
    EG12—Managed digital transformation programs 3 3
    EG13—Product and business innovation 1 3 EG09—Optimization of business process costs 3

    EG10—Staff skills, motivation and productivity 3

    EG11—Compliance with internal policies 3

    EG12—Managed digital transformation programs 3

    EG13—Product and business innovation 1


    Design Factor 2 Enterprise Goals Design Factor 2 Enterprise Goals
    Resulting Governance/ Management Ob- Resulting Governance/Management Objectives Importance
    jectives Importance

    -100 -75 -50 -25 0 25 50 75 100


    EDM01
    EDM02 EDM01 MEA04
    EDM03 MEA03
    EDM03
    EDM04 MEA02
    EDM05 EDM05 MEA01
    100
    APO02 APO01 DSS06
    75
    APO04
    APO02 50 DSS05
    APO06
    25
    APO03 DSS04
    APO08
    0
    APO10 APO04 DSS03
    -25
    APO12
    APO05 -50 DSS02
    APO14
    -75
    BAI02
    APO06 -100 DSS01
    BAI04

    BAI06 APO07 BAI11

    BAI08
    APO08 BAI10
    BAI10

    DSS01 APO09 BAI09

    DSS03
    APO10 BAI08
    DSS05
    APO11 BAI07
    MEA01
    APO12 BAI06
    MEA03 APO13 BAI05
    APO14 BAI04
    BIA01 BAI02 BAI03
    Impact Likelihood (1- Design Factor 3 IT Risk Profile
    Risk Scenario Category (1-5) 5) Risk Rating Baseline
    Risk Rating of IT Risk Scenario Categories (Input)
    IT investment decision making, portfolio definition & 2 1 2 9 0 5 10 15 20 25
    maintenance
    IT investment decision making, portfolio definition & maintenance
    Program & projects life cycle management 4 3 12 9
    Program & projects life cycle management

    IT cost & oversight 4 4 16 9 IT cost & oversight


    IT expertise, skills & behavior 4 4 16 9 IT expertise, skills & behavior
    Enterprise/IT architecture 2 2 4 9 Enterprise/IT architecture
    IT operational infrastructure incidents 4 2 8 9 IT operational infrastructure incidents
    Unauthorized actions 4 2 8 9 Unauthorized actions
    Software adoption/usage problems 4 2 8 9 Software adoption/usage problems
    Hardware incidents 3 1 3 9
    Hardware incidents
    Software failures 5 2 10 9
    Software failures
    Logical attacks (hacking, malware, etc.) 4 5 20 9
    Logical attacks (hacking, malware, etc.)
    Third-party/supplier incidents 3 2 6 9
    Third-party/supplier incidents
    Noncompliance 2 2 4 9
    Noncompliance
    Geopolitical Issues 4 4 16 9
    Geopolitical Issues
    Industrial action 1 2 2 9
    Industrial action
    Acts of nature 4 4 16 9
    Acts of nature
    Technology-based innovation 3 2 6 9
    Technology-based innovation
    Environmental 4 2 8 9
    Environmental
    Data & information management 4 2 8 9
    Data & information management
    Design Factor 3 IT Risk Profile
    Resulting Governance/Management
    Objectives Importance

    -100 -75 -50 -25 0 25 50 75 100 EDM01


    EDM02 MEA04
    EDM01 EDM03 MEA03
    EDM02 EDM04 MEA02
    EDM03
    EDM05 MEA01
    EDM04 100
    EDM05 APO01 DSS06
    APO01 75
    APO02 APO02 DSS05
    APO03 50
    APO04
    APO03 25 DSS04
    APO05
    APO06 0
    APO07 APO04 DSS03
    APO08 -25
    APO09
    APO10 APO05 -50 DSS02
    APO11
    -75
    APO12
    APO13 APO06 -100 DSS01
    APO14
    BIA01
    BAI02 APO07 BAI11
    BAI03
    BAI04
    BAI05 APO08 BAI10
    BAI06
    BAI07
    BAI08 APO09 BAI09
    BAI09
    BAI10 APO10 BAI08
    BAI11
    DSS01 APO11 BAI07
    DSS02
    DSS03 APO12 BAI06
    DSS04 APO13 BAI05
    DSS05 APO14 BAI04
    DSS06 BIA01 BAI02 BAI03
    MEA01
    MEA02
    MEA03
    MEA04
    Importance
    IT-Related Issue Baseline
    (1-3)
    Design Factor 4 IT-Related Issues
    Frustration between diff erent IT entities across the organization Importance of IT-Related Issues (Input)
    2
    because of a perception of low contribution to business value

    Frustration between business departments (i.e., the IT customer) and 0 1 2 3


    the IT department because of failed initiatives or a perception of low 2
    Frustration between different IT entities across the organization because of a perception of low contribution to business value
    contribution to business value
    Significant IT-related incidents, such as data loss, security breaches,
    2
    project failure and application errors, linked to IT
    Service delivery problems by the IT outsourcer(s) 2 Significant IT-related incidents, such as data loss, security breaches, project failure and application errors, linked to IT
    Failures to meet IT-related regulatory or contractual requirements 2
    Regular audit findings or other assessment reports about poor IT
    2
    performance or reported IT quality or service problems
    Failures to meet IT-related regulatory or contractual requirements
    Substantial hidden and rogue IT spending, that is, IT spending by user
    departments outside the control of the normal IT investment decision 2
    mechanisms and approved budgets
    Duplications or overlaps between various initiatives, or other forms of
    2 Substantial hidden and rogue IT spending, that is, IT spending by user departments outside the control of the normal IT investment decision mechanisms and approved budgets
    wasted resources
    Insuffi cient IT resources, staff with inadequate skills or staff
    2
    burnout/dissatisfaction
    IT-enabled changes or projects frequently failing to meet business
    2 Insufficient IT resources, staff with inadequate skills or staff burnout/dissatisfaction
    needs and delivered late or over budget

    Reluctance by board members, executives or senior management to


    2
    engage with IT, or a lack of committed business sponsorship for IT

    Complex IT operating model and/or unclear decision mechanisms for IT- Reluctance by board members, executives or senior management to engage with IT, or a lack of committed business sponsorship for IT
    2
    related decisions

    Excessively high cost of IT 2

    Obstructed or failed implementation of new initiatives or innovations Excessively high cost of IT


    2
    caused by the current IT architecture and systems
    Gap between business and technical knowledge, which leads to
    business users and information and/or technology specialists speaking 2
    diff erent languages
    Gap between business and technical knowledge, which leads to business users and information and/or technology specialists speaking different languages
    Regular issues with data quality and integration of data across various
    2
    sources
    High level of end-user computing, creating (among other problems) a
    lack of oversight and quality control over the applications that are being 2 High level of end-user computing, creating (among other problems) a lack of oversight and quality control over the applications that are being developed and put in operation
    developed and put in operation

    Business departments implementing their own information solutions


    with little or no involvement of the enterprise IT department (related
    2
    to end-user computing, which often stems from dissatisfaction with IT Ignorance of and/or noncompliance with privacy regulations
    solutions and services)
    Ignorance of and/or noncompliance with privacy regulations 2
    Inability to exploit new technologies or innovate using I&T 2
    Design Factor 4 IT-Related Issues
    Resulting Governance/ Management Objectives Importance
    -100 -75 -50 -25 0 25 50 75 100
    EDM02 EDM01 MEA04
    EDM01 EDM03 MEA03
    EDM02 EDM04 MEA02
    EDM03
    EDM04 EDM05 MEA01
    100
    EDM05
    APO01 DSS06
    APO01 75
    APO02
    APO03 APO02 50 DSS05
    APO04
    25
    APO05 APO03 DSS04
    APO06 0
    APO07
    APO04 DSS03
    APO08 -25
    APO09
    APO10 APO05 -50 DSS02
    APO11
    APO12 -75
    APO13
    APO06 -100 DSS01
    APO14
    BIA01
    BAI02
    APO07 BAI11
    BAI03
    BAI04
    BAI05 APO08 BAI10
    BAI06
    BAI07
    BAI08 APO09 BAI09
    BAI09
    BAI10 APO10 BAI08
    BAI11
    DSS01 APO11 BAI07
    DSS02
    DSS03 APO12 BAI06
    DSS04
    APO13 BAI05
    DSS05
    APO14 BAI04
    DSS06 BIA01 BAI03
    BAI02
    MEA01
    MEA02
    MEA03
    MEA04
    -100 -80 -60 -40 -20 0 20 40 60 80 100
    EDM01 20
    -20EDM02
    EDM03 65
    -5
    EDM04
    -20EDM05
    0
    APO01
    -80 APO02
    -55 APO03
    -95 APO04
    -65 APO05
    0
    APO06
    APO07 25
    APO08 25
    APO09 75
    APO10 20
    APO11 40
    APO12 100
    APO13 95
    -15
    APO14
    -5
    BAI01
    -15
    BAI02
    BAI03 35
    BAI04 75
    BAI05 5
    BAI06 5
    BAI07 5
    -25 BAI08
    -55 BAI09
    BAI10 35
    BAI11 20
    0
    DSS01
    DSS02 75
    DSS03 55
    DSS04 45
    DSS05 55
    DSS06 15
    MEA01 40
    MEA02 45
    MEA03 80
    MEA04 40
    Design Factor 5 IT Threat Landscape
    High Normal

    20%

    Value Importance (100%) Baseline

    High 80% 33%

    Normal 20% 67%

    80%
    Design Factor 5 Threat Landscape
    Resulting Governance/Management
    Objectives Importance

    -100 -75 -50 -25 0 25 50 75 100 EDM02 EDM01 MEA04


    EDM03 MEA03
    EDM01
    EDM02 EDM04 MEA02
    EDM03 EDM05 MEA01
    EDM04 100
    EDM05 APO01 DSS06
    75
    APO01
    APO02 APO02 50 DSS05
    APO03
    APO04 APO03 25 DSS04
    APO05
    APO06 0
    APO07 APO04 DSS03
    -25
    APO08
    APO09 -50
    APO10 APO05 DSS02
    APO11 -75
    APO12
    APO13 APO06 -100 DSS01
    APO14
    BIA01
    BAI02 APO07 BAI11
    BAI03
    BAI04
    BAI05 APO08 BAI10
    BAI06
    BAI07 APO09 BAI09
    BAI08
    BAI09
    BAI10 APO10 BAI08
    BAI11
    DSS01 APO11 BAI07
    DSS02
    DSS03 APO12 BAI06
    DSS04 APO13 BAI05
    DSS05 APO14 BAI04
    DSS06 BIA01 BAI02 BAI03
    MEA01
    MEA02
    MEA03
    MEA04
    Design Factor 7 Role of IT (Input)
    0 1 2 3 4 5

    0
    Support

    Value Importance (1-5) Baseline

    Support 0 3
    Factory 1
    Factory 1 3

    Turnaround 4 3

    Strategic 2 3 Turnaround 4

    Strategic 2
    Design Factor 7 Role of IT
    Resulting Governance/Management Ob-
    jectives Importance
    EDM02 EDM01 MEA04
    -100 -75 -50 -25 0 25 50 75 100 EDM03 MEA03
    EDM01 EDM04 MEA02
    EDM02
    EDM05 100 MEA01
    EDM03
    EDM04
    APO01 75 DSS06
    EDM05
    APO01
    APO02 APO02 50 DSS05
    APO03
    APO04 25
    APO03 DSS04
    APO05
    APO06 0
    APO07 APO04 DSS03
    APO08 -25
    APO09
    APO10 -50
    APO05 DSS02
    APO11
    APO12 -75
    APO13
    APO14 APO06 -100 DSS01
    BIA01
    BAI02
    BAI03
    APO07 BAI11
    BAI04
    BAI05
    BAI06
    APO08 BAI10
    BAI07
    BAI08
    BAI09 APO09 BAI09
    BAI10
    BAI11
    DSS01 APO10 BAI08
    DSS02
    DSS03 APO11 BAI07
    DSS04
    DSS05 APO12 BAI06
    DSS06
    MEA01 APO13 BAI05
    MEA02 APO14 BAI04
    MEA03 BIA01 BAI02 BAI03
    MEA04
    Design Factor 8 IT Sourcing Model (Input)

    Outsourcing Cloud Insourced

    20%

    Value Importance (100%) Baseline


    Outsourcing
    20% 33%
    Cloud
    20% 33%
    Insourced
    60% 34%

    60% 20%
    Design Factor 8 Sourcing Model for IT
    Resulting Governance/Management Objectives Design Factor 8 Sourcing Model for IT
    Importance Resulting Governance/ Management Objectives Importance

    -100 -75 -50 -25 0 25 50 75 100


    EDM01
    EDM02
    EDM03 EDM01
    EDM02 MEA04
    EDM04 EDM03 MEA03
    EDM05 EDM04 MEA02
    APO01
    EDM05 100 MEA01
    APO02
    APO03 APO01 DSS06
    75
    APO04
    APO05 APO02 50 DSS05
    APO06
    APO07 25
    APO08 APO03 DSS04
    APO09 0
    APO10 APO04 DSS03
    APO11 -25
    APO12
    APO05 -50 DSS02
    APO13
    APO14 -75
    BIA01
    BAI02 APO06 -100 DSS01
    BAI03
    BAI04
    BAI05 APO07 BAI11
    BAI06
    BAI07
    BAI08 APO08 BAI10
    BAI09
    BAI10 APO09 BAI09
    BAI11
    DSS01
    DSS02 APO10 BAI08
    DSS03
    DSS04 APO11 BAI07
    DSS05
    APO12 BAI06
    DSS06
    MEA01 APO13 BAI05
    MEA02 APO14 BAI04
    MEA03 BIA01 BAI02 BAI03
    MEA04
    Design Factor 9 IT Implementation Methods
    Agile DevOps Traditional

    Value Importance (100%) Baseline


    20%
    Agile 50% 15%

    DevOps 30% 10%

    Traditional 20% 75%


    50%

    30%
    Design Factor 9 IT Implementation Methods
    Resulting Governance/Management Objectives Importance
    Design Factor 9 IT Implementation Methods
    Resulting Governance/Management Objec-
    tives Importance
    EDM02 EDM01 MEA04
    EDM03 MEA03
    EDM04 MEA02
    -100 -75 -50 -25 0 25 50 75 100
    EDM01 EDM05 100 MEA01

    EDM03 APO01 75 DSS06

    EDM05 50
    APO02 DSS05
    APO02 25
    APO03 DSS04
    APO04
    0
    APO06 APO04 DSS03
    -25
    APO08
    -50
    APO05 DSS02
    APO10
    -75
    APO12
    APO06 -100 DSS01
    APO14

    BAI02
    APO07 BAI11
    BAI04

    BAI06 APO08 BAI10


    BAI08
    APO09 BAI09
    BAI10

    DSS01 APO10 BAI08

    DSS03
    APO11 BAI07
    DSS05
    APO12 BAI06
    MEA01
    APO13 BAI05
    MEA03 APO14 BAI04
    BIA01 BAI02 BAI03
    Design Factor 10 Technology Adoption Strategy
    First mover Follower Slow adopter

    Value Importance (100%) Baseline

    First mover 30% 15% 30%

    Follower 70% 70%

    Slow adopter 0% 15%

    70%
    Design Factor 10 Technology Adoption
    Strategy Design Factor 10 Technology Adoption Strategy
    Resulting Governance/Management Objec- Resulting Governance/Management Objectives Importance
    tives Importance
    -100 -75 -50 -25 0 25 50 75 100
    EDM01
    EDM02
    EDM03
    EDM02 EDM01 MEA04
    EDM04
    EDM03 MEA03
    EDM05
    EDM04 MEA02
    APO01
    APO02 EDM05 100 MEA01
    APO03
    APO01 75 DSS06
    APO04
    APO05
    APO02 50 DSS05
    APO06
    APO07 25
    APO08 APO03 DSS04
    APO09 0
    APO10 APO04 DSS03
    APO11 -25
    APO12
    -50
    APO13 APO05 DSS02
    APO14 -75
    BIA01
    BAI02 APO06 -100 DSS01
    BAI03
    BAI04
    BAI05 APO07 BAI11
    BAI06
    BAI07
    APO08 BAI10
    BAI08
    BAI09
    BAI10 APO09 BAI09
    BAI11
    DSS01 APO10 BAI08
    DSS02
    DSS03 APO11 BAI07
    DSS04
    DSS05 APO12 BAI06
    DSS06
    APO13 BAI05
    MEA01
    APO14 BAI04
    MEA02 BIA01 BAI02 BAI03
    MEA03
    MEA04
    THANK YOU

    You might also like