1. COBIT as IT Management Best Practice Framework Adapted from Jan 2011Management Update Seminar: Beyond IT Project Management: Advanced IT Management Best Practices Goh BoonNam Institute of Systems ScienceISACA, IT Governance Institute and CobiT are registered trademarks of ISACA, Use of these trademarks in this document does NOT imply any association, sponsorship, affiliation, or endorsement by ISACA.ATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved. 1COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0http://www.iss.nus.edu.sg/

2. What is COBIT? Control OBjectives for Information and related Technology International framework from ISACA (Information SystemsControl & Audit Association) and IT Governance Institute Helps maximise value of IT to business and minimise issuessuch as those listed earlier Originally, more for monitoring/audit /risk assessment of ITmanagement processes Increasingly recognised as comprehensive framework of ITManagement best practices Advises on WHAT to do Some high-level of how to do Currently Version 4.1COBIT References: http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspxhttp://www.isaca.org/Knowledge-Center/cobit/Pages/Downloads.aspx ATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved. 2 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/ 3. Why COBIT? Why COBIT as IT Management Best PracticeFramework? Comprehensive coverage of IT Management Helps avoids issues such as: Strategic oversights Architecture oversights Implementation oversights Service Delivery oversights Governance oversightsATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved. 3COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/ 4. Avoid Issue #1 Strategic Oversight Past report from Director of Audit of a largeorganisation: no formal IT strategy exists which leads to piecemeal development and absence of monitoring and evaluation (of projects). hence, additional expenditure had to be incurred . systems cannot satisfy objectivesReference: http://www.gov.mu/portal/site/auditsite/menuitem.afcc311f8d4ff832b4c3bb4e52a521ca/?content_id=a4ac207a78d48010VgnVCM100000ca6a12acRCRD ATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved. 4 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/ 5. Avoid Issue #2 - Architecture oversights A leading European bank struggled with a tangle of applications thathampered its retail-banking operations the lack of unifying standards createddifficulties in satisfying bank-wide businessrequirements, such as speeding time tomarket for a new banking services Reference : https://www.mckinseyquarterly.com/Overhauling_banks_IT_systems_2554ATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved. 5COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/ 6. IT Issue #3 - Implementation oversights Passport system in a European country: half a million new passports couldnt be issued ontime Passport Agency had brought in a new systemthat was (not properly designed/developed and)without sufficient testing and staff training hundreds of people missed their holidays withmoney in the millions spent in compensation forstaff overtime and umbrellas for the poor peoplequeuing in the rain for passports Reference : http://www.zdnet.com/news/the-top-10-it-disasters-of-all-time/177729 ATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved. 6 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/ 7. IT Issue #4 - Service Delivery oversights Bank in a European country: Online banking services, that had been in operation for some time, suddenly went down for nearly a week Reference : http://www.computerweekly.com/blogs/management-matters/2010/07/has-the-private-sector-caught-the-public-sector-it-disease.htmlATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved.7COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/ 8. IT Issue #5 - Governance oversights The Office of Inspector General (OIG) of the U.S. Houseof Representatives (House) sought to improve IT activitieswithin the House. A large number of the first audit reports issued by the OIGaddressed weaknesses in various IT operations of theHouse - including the lack of policies and procedures (e.g.,systems development life cycle), poor systems design anddevelopment, the lack of planning and performancemeasures, poor management of the mainframe and the lackof adequate information security. Management needed to take control of the situation andestablish clear roles and responsibilitiesand adopt an ITgovernance framework. Reference : http://www.isaca.org/Knowledge-Center/cobit/Pages/US-House-of-Representatives.aspx ATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved. 8 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/ 9. Define a Strategic IT Plan Define the InformationCOBIT - Overview Architecture Determine Technological Monitor and Evaluate ITDirectionProcesses Define the IT Processes, Monitor and Evaluate InternalOrganization and RelationshipsControl Manage the IT Investment Ensure Regulatory Compliance Communicate Management Aims Provide IT Governanceand Direction Manage IT Human ResourcesMonitor & EvaluatePlan & Organise Manage Quality Assess and Manage IT Risks Define and Manage Service Manage ProjectsLevels Manage Third-party Services Manage Performance andCapacityDeliver & Support Acquire & Implement Identify Automated Solutions Ensure Continuous Service Acquire and Maintain Application Ensure Systems SecuritySoftware Identify and Allocate Costs Acquire and Maintain Technology Educate and Train UsersInfrastructure Manage Service Desk and Enable Operation and UseIncidents Procure IT Resources Manage the Configuration Manage Changes Manage Problems Install and Accredit Solutions and Manage DataChanges Manage the PhysicalEnvironment Manage OperationsATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved.9COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/ 10. COBIT Components Define a Strategic IT Plan Define the Information Architecture PROCESSES Determine Technological Direction Define the IT Processes, Organization and Relationships Manage the IT Investment Communicate Management Aims and Direction Manage IT Human ResourcesMonitor & Evaluate Plan & Organise Manage Quality Assess and Manage IT Risks Manage Projects Programme Management Framework Project Management Framework Project Management Approach Stakeholder CommitmentDeliver & SupportAcquire & Implement Project Scope Statement Project Phase Initiation Integrated Project Plan Project Resources Project Risk Management Project Quality Plan DOMAINS Project Change Control Project Planning of Assurance Methods Project Performance Measurement, Reporting andCONTROL Monitoring Project ClosureOBJECTIVES ATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved. 10 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/ 11. COBIT Domains Plan & Organise (PO)Plan & Strategy / Architecture / Portfolio Define a Strategic IT PlanMonitor &Evaluate Organise Define the Information Architecture Determine Technological DirectionDeliver & Acquire &SupportImplement Programme & Project Management Manage Projects IT Organisation Management Define the IT Processes, Organization and Relationships Manage the IT Investment Communicate Management Aims and DirectionNb: Bold headings areauthors own categorisation Manage IT Human Resources& are not part of COBIT Manage Quality Assess and Manage IT RisksATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved. 11COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/ 12. Plan & Organise (PO) StrategicPre-ProjectDevelopment Production IT Strategy / Architecture / Portfolio ManagementLevel of WorkITProgramme OrganisationManagementManagementProjectManagement TacticalNb: Above is NOT part of COBIT. Used only to help in explaining the relationships within PO.ATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved.12COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0http://www.iss.nus.edu.sg/ 13. COBIT Domains Acquire & Implement (AI)Monitor & Requirements & Feasibility Identify Automated Solutions Plan & OrganiseEvaluateDeliver & Acquire & Design & BuildSupportImplement Acquire and Maintain Application Software Acquire and Maintain TechnologyInfrastructure Test & Implement Install and Accredit Solutions and Changes Enable Operation and Use Changes Manage ChangesNb: Bold headings areauthors own categorisation& are NOT part of COBIT Procurement Management Procure IT Resources ATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved. 13 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/ 14. AI Relationship with POPre-ProjectDevelopment Production IT Strategy / Architecture / Portfolio ManagementPlan &Programme ManagementOrganise(PO) (Generic) Project Management IT Systems Devt Life Cycle Mgt Requirements & Design &Test &Acquire &Feasibility BuildImplementImplementManage (System-Related) Changes(AI) Procurement ManagementNb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT. ATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved.14 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0http://www.iss.nus.edu.sg/ 15. COBIT Domains Deliver & Support Service Delivery Define and Manage Service LevelsMonitor & EvaluatePlan & Organise Manage Third-party Services Manage Performance and CapacityDeliver & Acquire &Implement Ensure Continuous ServiceSupport Ensure Systems Security Identify and Allocate Costs Service Support Educate and Train Users Manage Service Desk and Incidents Manage the Configuration Nb: Bold headings areauthors own categorisation Manage Problems& are not part of COBIT Manage Data Manage the Physical Environment Manage Operations ATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved.15 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/ 16. DS Relationship with AI & PO Pre-Project Development Production IT Strategy / Architecture / Portfolio ManagementPlan &Programme ManagementOrganise(PO)(Generic) Project ManagementIT Systems Devt Life Cycle MgtAcquire & Requirements &Feasibility Design &Build Test & ImplementImplement Manage (System-Related) Changes(AI)Procurement ManagementDeliver &Service DeliverySupport Service Support(DS)Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT. ATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved. 16 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/ 17. COBIT Domains Monitor & Evaluate Monitor & Evaluate Monitor & Evaluate Monitor and Evaluate IT ProcessesPlan & Organise Monitor and Evaluate Internal ControlDeliver &Support Acquire &Implement Ensure Regulatory Compliance Direct Provide IT GovernanceNb: Bold headings areauthors own categorisation& are not part of COBIT ATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved.17 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/ 18. COBIT OverviewME Relationship with PO / AI / DSMeasure & Pre-Project DevelopmentProduction Evaluate (ME)IT Strategy / Architecture / Portfolio ManagementPlan & Programme ManagementOrganise(PO) (Generic) Project ManagementMeasure & EvaluateITIT Systems Devt Life Cycle MgtOrganisationAcquire & /ManagementRequirements Design & Test &Implement& FeasibilityBuild ImplementDirect(AI) Manage (System-Related) Changes Procurement ManagementDeliver & Service DeliverySupport(DS) Service SupportNb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT. ATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved. 18 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0http://www.iss.nus.edu.sg/ 19. Other Elements of COBIT Besides Domains Processes Control Objectives Some Key Elements Management Guidelines roles and responsibilities goals and metrics Maturity Model Associated Toolkits (for ISACA members) Implementation Guide Assurance GuideATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved. 19COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/ 20. COBIT Mapping to Other Frameworks P3O TOGAF PRINCE2 PMP CITPM CMMI SCRUM CBAP COMIT ISO20000 CISSP ITILMonitor &Plan & Organise CGEIT Evaluate COBIT Acquire & Deliver & SupportImplementNb: Some of the other frameworks can map to more than one COBIT domain (eg. ITIL/COBIT) but for simplicity, only one domain is mapped hereATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved. 20COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/ 21. Future of COBIT as IT ManagementFramework Draft COBIT v5ATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved. 21COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/ 22. Future of COBIT as IT ManagementFramework Draft COBIT v5 Some Key New Features Explicit recognition of COBIT as covering IT Management processes in addition to IT Governance processes Identification of degree of involvement of IT and Business in the various processes Enterprise Architecture (instead of Information Architecture of prior versions) Consolidation into one new Manage the IT Organisation process those v4.1 processes that were for internal IT organisation support - eg. Define IT Processes, Organization andRelationships Communicate Management Aims andDirection Manage IT Human Resources etc ATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved. 22 COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/ 23. For Further InformationPlease refer to:http://www.iss.nus.edu.sg/Or email BoonNam Goh at:issgbn@nus.edu.sgATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved. 23COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/ 24. The EndATA/Lucid/2010-01-25 MUS/ NUS. All Rights Reserved. 24COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/