References

• COBIT Student Book

• www.isaca.org/cobit

• Cobit Transforming Enterprise IT by ISACA, 2009

Why does IT need an IT control Why does IT need an IT control framework?framework?

What does Cobit do?What does Cobit do?

How does Cobit support the governance of How does Cobit support the governance of IT?IT?

Who needs an IT control framework?Who needs an IT control framework?

What are the benefits of implementing What are the benefits of implementing Cobit?Cobit?

2009 ISACA All Rights reserved. 4

Is my information technologyorganisation doing the right things?

Are we doing them the right way?

Are we getting them done well?

Are we getting the benefits? *

Is my information technologyorganisation doing the right things?

Are we doing them the right way?

Are we getting them done well?

Are we getting the benefits? *

* Based on the “Four Ares” as described by John Thorp in his book The Information Paradox, written jointly with Fujitsu, first published in 1998 and revised in 2003

COBIT answers Key Business Questions

2009 ISACA All Rights reserved. 5

•Enterprises are sacrificing money, productivity and competitive advantage by not implementing effective IT governance

•Executives need a better way to:– Direct IT for optimal advantage– Measure the value provided by IT– Manage IT-related risks

Why does IT need a control framework?

IT Governance Is the Key IssueIT Governance Is the Key Issue

What does COBIT do?

• Improves IT efficiency and effectiveness• Helps IT understand the needs of the business• Puts practices in place to meet the business

needs as efficiently as possible• Ensure alignment of business an IT• Helps executives understand and manage IT

investments throughout their life cycle

How does COBIT support the governance of IT?

COBIT support IT governance by providing a framework to ensure that:•IT is aligned with the business•IT enables the business and maximizes benefits•IT resources are used responsibly•IT risks are managed appropriately

The benefits of implementing COBIT include:• A common language for executives, management

and ITprofessionals• A better understanding of how the business and IT

can work together for successful delivery of IT initiatives

• Improved efficiency and optimization of cost• Reduced operational risk• Clear policy development• More efficient and successful audits• Clear ownership and responsibilites, based on

process orientation

What are the benefits of implementing COBIT?

Board and Executive• To ensure management follows and implements the strategic

direction for ITManagement

• To make IT investment decisions• To balance risk and control investment• To benchmark existing and future IT environment

Users• To obtain assurance on security and control of products and

services they acquire internally or externally Auditors

• To substantiate opinions to management on internal controls• To advise on what minimum controls are necessary

Who needs a control framework?

2009 ISACA All Rights reserved. 10

•Accepted globally as a set of tools that ensures IT is working effectively

•Functions as an overarching framework •Provides common language to communicate goals,

objectives and expected results to all stakeholders•Based on, and integrates, industry standards and

good practices in:– Strategic alignment of IT with business goals– Value delivery of services and new projects– Risk management– Resource management– Performance measurement

COBIT COBIT is a Road Map to Good IT is a Road Map to Good IT GovernanceGovernance

The COBIT Framework

The CThe COBIOBIT framework explained:T framework explained:

Business focusBusiness focus

Process orientationProcess orientation

IT resourcesIT resources

Starts from the premise that IT needs to deliver the information that the enterprise needs to achieve its objectives

Promotes process focus and process ownership

Divides IT into 34 processes belonging to four domains and provides a high-level control objective for each

Considers fiduciary, quality and security needs of enterprises, providing seven information criteria that can be used to generically define what the business requires from IT

Is supported by a set of over 300 detailed control objectives

Effectiveness Efficiency Availability Integrity Confidentiality Reliability Compliance

Plan and Organise Acquire and Implement Deliver and Support Monitor and Evaluate

COBIT: Of what does it consist?

“In order to provide the information that the organisation needs to achieve its objectives, IT resources need to be managed by a set of naturally grouped processes.”

Relates to business requirements (expressed as information criteria)

Links to business processes Empowers business owners

Decomposes IT into four domains and 34 processes

Domains: (plan-build-run) + monitor Control, audit, implementation and

performance management knowledge structured by process

Bu

sin

es

sP

roces

s

Business Orientation and Process Focus

IT IT ProcessesProcesses

BusinessRequirements

IT IT ResourcesResources

IT IT ProcessesProcesses

BusinessRequirements

IT IT ResourcesResources