it governance & cobit 5

Dr. Santipat Arunthari Chief Technology officer (CTO)

PTT ICT Solutions

Governance

COBIT 4.1 to COBIT 5.0

How to use COBIT 5.0

Governance is the process of decision-

making and the process by which decisions are implemented (or not implemented) – directed and controlled.



What

for whom

How

Governance is about meeting strategic objectives (performance) …

Governance is about meeting strategic

objectives (performance) …

◦ Directing the business

◦ Setting strategic aims


• Programs achieve their intended results, • Resources are used consistent with agency

mission,


objectives (performance) while meeting legal and regulatory, contractual and other obligatory requirements often supported by policies (conformance).

• Programs and resources are

protected from waste, fraud, and mismanagement,

• Laws and regulations are followed, and


objectives (performance) while meeting legal and regulatory, contractual and other obligatory requirements often supported by policies (conformance).

ITG Best Practices & Standards • COBIT • COSO • ITIL/ISO20000 • ISO 27001 • CMMI • PMBOK/Prince2 • TOGAF • ISO17799

Value delivery

Focuses on ensuring the linkage of business and IT plans;

on defining, maintaining and validating the IT value proposition;

and on aligning IT operations with enterprise operations

Is about executing the value proposition throughout the delivery cycle, ensuring

that IT delivers the promised benefits against the strategy, concentrating on

optimising costs and proving the intrinsic value of IT

Is about the optimal investment in, and the proper management of, critical IT

resources: applications, information, infrastructure and people. Key issues

relate to the optimisation of knowledge and infrastructure.

Requires risk awareness by senior corporate officers, a clear understanding of

the enterprise’s appetite for risk, understanding of compliance

requirements, transparency about the significant risks to the enterprise, and

embedding of risk management responsibilities in the organisation

Tracks and monitors strategy implementation, project completion, resource

usage, process performance and service delivery, using, for example,

balanced scorecards that translate strategy into action to achieve goals

measurable beyond conventional accounting

Performance

measurement

Risk management

Resource

management

Strategic

alignment

COBIT 4.1 to COBIT 5.0

Linking Business Goals to IT Goals and Processes

1. New Principles 2. Increased Focus on Enablers 3. New Process Reference

Model 4. New and Modified Processes 5. Practices and Activities 6. Goals and Metrics 7. Inputs and Outputs 8. RACI Charts 9. Process Capability Maturity

Models and Assessments

COBIT 5 helps enterprises to create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use.

• APO03 Manage enterprise architecture. • APO04 Manage innovation. • APO05 Manage portfolio. • APO06 Manage budget and costs. • APO08 Manage relationships. • APO13 Manage security.

• BAI05 Manage organizational change

enablement. • BAI08 Manage knowledge. • BAI09 Manage assets.

• DSS05 Manage security service. • DSS06 Manage business process controls.

Financial: • 01 Alignment

of IT and business strategy

56

Santipat Arunthari, Ph.D.

Chief Technology Officer (CTO)

PTT ICT Solutions Company Limited

Energy Complex, Building A, 4th Floor,

555/1 Vibhavadi Rangsit Road

Chatuchak, Bangkok, 10900 Mobile: +66 (0) 8-66173000

"If you are not thinking and acting strategically,

then you are merely following orders and responding to pressure.“

Date: 22/8/2555

it governance & cobit 5

Education