-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
1/39
COBIT 5 ISACA
COBIT 5 ISACAs new framework for IT Governance, Risk,
Security and Auditing
An overview
M. Garsoux
COBIT 5 Licensed Training Provider
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
2/39
COBIT 5 ISACA
Introduction
Principles
Processes
Implementation
Supporting Products
Questions
2
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
3/39
COBIT 5 ISACA
3
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
4/39
COBIT 5 ISACA
Governance of Enterprise IT
COBIT 5
IT Governance
COBIT4.0/4.1
Management
COBIT3
Control
COBIT2
A business framework from ISACA, at www.isaca.org/cobit
Audit
COBIT1
2005/720001998
Evolutiono
fscope
1996 2012
Val IT 2.0(2008)
Risk IT(2009)
4
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
5/39
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
6/39
COBIT 5 ISACA
Information is a key resource for all enterprises.
Information is created, used, retained, disclosedand destroyed.
Technology plays a key role in these actions.
Technology is becoming pervasive in all aspects ofbusiness and personal life.
What benefits does information and technology
bring to enterprises?
6
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
7/39
COBIT 5 ISACA
Helps enterprises:
Bring Order to Complex
Standards and Frameworks
Extract Value from Information
Chaos
Address all Stakeholders Needs
and Maximize Value ofCorporate Information
Protect and Drive Enterprise
Value
7
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
8/39
COBIT 5 ISACA
Enterprises and their executives strive to : Maintain quality information to support business decisions.
Generate business value from IT-enabled investments, i.e.,achieve strategic goals and realise business benefits througheffective and innovative use of IT.
Achieve operational excellence through reliable and efficientapplication of technology.
Maintain IT-related risk at an acceptable level.
Optimise the cost of IT services and technology.
How can these benefits be realized to create
enterprise stakeholder value?
8
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
9/39
COBIT 5 ISACA
COBIT 5 is a comprehensive framework that helpsenterprises to create optimal value from IT by maintaining abalance between realising benefits and optimising risk levelsand resource use.
COBIT 5 enables information and related technology to be
governed and managed in a holistic manner for the wholeenterprise, taking in the full end-to-end business andfunctional areas of responsibility, considering the IT-relatedinterests of internal and external stakeholders.
The COBIT 5 principles and enablers are generic and usefulfor enterprises of all sizes, whether commercial, not-for -
profit or in the public sector.
9
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
10/39
COBIT 5 ISACA
10
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
11/39
COBIT 5 ISACA
11
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
12/39
COBIT 5 ISACA
Enterprises exist to create value for their stakeholders
12
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
13/39
COBIT 5 ISACA
Delivering enterprise stakeholder value requires good governanceand management of information and technology (IT) assets.
Enterprise boards, executives and management have to embraceIT like any other significant part of the business.
External legal, regulatory and contractual compliance
requirements related to enterprise use of information and
technology are increasing, threatening value if breached.
COBIT 5 provides a comprehensive framework that assists
enterprises to achieve their goals and deliver value through
effective governance and management of enterprise IT.
Stakeholder Value
13
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
14/39
COBIT 5 ISACA
Stakeholder needs have to be
transformed into an enterprises
actionable strategy.
The COBIT 5 goals cascadetranslates stakeholder needs into
specific, actionable and customised
goals within the context of the
enterprise, IT-related goals and
enabler goals.
Goals cascade
14
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
15/39
COBIT 5 ISACA
COBIT 5 entreprise goals
Governance objectivesBSC Description Benefits Risk Resource
FINANCIAL
1.Stakeholder value of business investments P S
2.Portfolio of competitive products and services P P S
3.Managed business risks (safeguarding of assets) P S
4.Compliance with external laws and regulations P
5.Financial transparency P S S
CUSTOMER
6.Customer oriented service culture P S
7.Business service continuity and availability P
8.Agile responses to a changing business environment P S
9.Information based strategic decision making P P P
10.Optimisation of service delivery costs P P
IN
TERNAL
11.Optimisation of business process functionality P P
12.Optimisation of business process costs P P
13.Managed business change programmes P P S
14.Operational and staff productivity P P
15.Compliance with internal policies P
Learning
&Growth
16.Skilled and motivated people S P P
17.Product and business innovation culture P 15
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
16/39
COBIT 5 ISACA
COBIT 5 IT-related goals
BSC Description
FINANCI
AL
1. Alignment of IT and business strategy
2. IT compliance and support for business compliance with external laws & regulations
3. Commitment of executive management for making IT related decisions
4. Managed IT related business risks
5. Realised benefits form IT-enabled investments and services portfolio
6. Transparency of IT costs, benefits and riskCUST
7. Delivery of IT services in line with business requirements
8. Adequate use of applications, information and technology structure
INTER
NAL
9. IT agility
10. Security of information, processing infrastructure and applications
11. Optimisation of IT assets, resources and capabilities
12. Enablement and support of business processes by integrating applications and technology
13. Delivery of programme on time, on budget, and meeting requirements and quality standards14. Availability of reliable and useful information for decision making
15. IT compliance with internal policies
L
&G
16. Competent and motivated business and IT personnel
17. Knowledge, expertise and initiatives for business innovation16
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
17/39
COBIT 5 ISACA
Stakeholder Value of
Business investments
Customer - oriented
service culture
Optimisation of business
process functionality
Skilled and
motivated peole
1 6 11 16
Financial Customer Internal Learning and Growth
Financial 1
Alignment of IT and
business strategy P P P S
Customer 7
Delivery of IT services
in line with business
requirementsP P P S
Internal 9 IT agility S S P S
Learning
and Growth 16
Competent and
motivated businessand IT personnel
S S P
Enterprise Goal
IT -Related Goal
Mapping of Enterprise goals into IT-goals
17
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
18/39
COBIT 5 ISACA
Mapping IT goals to processes
18
Alignment of IT and
business strategy
Delivery of IT services
in line with business
requirements IT agility
Knowledge, expertise
and initiatives for
business innovation1 7 9 17
Financial Customer Internal
EDM01
Ensure
Governance
Framework
Setting and
Maintenance
P P S S
EDM02
Ensure
Benefits
DeliveryP P P
EDM03Ensure Risk
Optimisation S S S
EDM0
4
Ensure
Ressource
OptimisationS S P S
EDM05
Ensure
Stakeholder
TransparencyS P S
Evaluate,
Direct and
Monitor
IT - Related Go al
COBIT 5 Proces s
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
19/39
COBIT 5 ISACA
Key components of a
governance system
19
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
20/39
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
21/39
COBIT 5 ISACA
COBIT 5 defines a set ofenablers to support the
implementation of a comprehensive governance and
management system for enterprise IT.
COBIT 5 enablers are: Factors that, individually and collectively, influence
whether something will work
Driven by the goals cascade
Described by the COBIT 5 framework in sevencategories
21
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
22/39
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
23/39
COBIT 5 ISACA
1. Principles, policies and frameworksAre the vehicle to translate the desired behaviour
into practical guidance for day-to-day management
2. ProcessesDescribe an organised set of practices and activities to achieve certain
objectives and produce a set of outputs in support of achieving overall IT related goals
3. Organisational structuresAre the key decision-making entities in an organisation
4. Culture, ethics and behaviourOf individuals and of the organisation; very often
underestimated as a success factor in governance and management activities
5. InformationIs pervasive throughout any organisation, i.e., deals with all information
produced and used by the enterprise. Information is required for keeping theorganisation running and well governed, but at the operational level, information is very
often the key product of the enterprise itself.
6. Services, infrastructure and applicationsInclude the infrastructure, technology and
applications that provide the enterprise with information technology processing and
services
7. People, skills and competenciesAre linked to people and are required for successful
completion of all activities and for making correct decisions and taking correctiveactions
23
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
24/39
COBIT 5 ISACA
Governance ensures that enterprise objectives areachieved by evaluating stakeholder needs, conditions
and options; setting direction through prioritisation and
decision making; and monitoring performance,
compliance and progress against agreed direction and
objectives (EDM) Management plans, builds, runs and monitors activities
in alignment with the direction set by the governance
body to achieve the enterprise objectives (PBRM)
24
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
25/39
COBIT 5 ISACA
COBIT 5 is not prescriptive, but it advocates thatorganisations implement governance and management
processes such that the key areas are covered, as shown.
25
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
26/39
COBIT 5 ISACA
COBIT 5 brings together the five principles that
allow the enterprise to build an effective
governance and management framework based on
a holistic set ofseven enablers that optimises
information and technology investment and use forthe benefit of stakeholders.
26
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
27/39
COBIT 5 ISACA
27
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
28/39
COBIT 5 ISACA
28
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
29/39
COBIT 5 ISACA
29
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
30/39
COBIT 5 ISACA
30
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
31/39
COBIT 5 ISACA
31
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
32/39
COBIT 5 ISACA
32
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
33/39
COBIT 5 ISACA
33
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
34/39
COBIT 5 ISACA
Failed IT initiatives Rising costs
Perception of low business value
for IT investments
Significant incidents related to IT
risk (e.g. data loss)
Service delivery problems
Failure to meet regulatory or
contractual requirements
Audit findings for poor IT
performance or low service levels
Hidden and/or rogue IT spending
Resource waste through duplicationor overlap in IT initiatives
Insufficient IT resources
IT staff burnout / dissatisfaction
IT enabled changes frequently
failing to meet business needs (late
deliveries or budget overruns) Multiple and complex IT assurance
efforts
Board members or senior managers
that are reluctant to engage with IT
34
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
35/39
COBIT 5 ISACA
Merger, acquisition or divestiture
Shift in the market, economy or
competitive position
Change in business operating
model or sourcing arrangements
New regulatory or compliance
requirements
Significant technology change or
paradigm shift
An enterprise-wide governance focus
or project
A new CIO, CFO, COO or CEO
External audit or consultant
assessments
A new business strategy or priority
By using pain points or trigger events as the
launching point for IT governance initiatives,
the business case for GEIT improvement can
be related to issues being experienced,
which will improve buy-in to the business
case.
35
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
36/39
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
37/39
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
38/39
COBIT 5 ISACA
38
-
8/10/2019 Qecb Glc Cobit 5 Isaca s New Framework 201303
39/39
COBIT 5 ISACA
39