Cobit5-Assurance Lam en 0513

8/11/2019 Cobit5-Assurance Lam en 0513

1/8

COBIT 5 Product Family

Source: COBIT 5, figure 11 and COBIT 5 for Assurance, figure 1

COBIT 5

COBIT 5 Online Collaborative Environment

COBIT5 Enabler Guides

COBIT5 Professional Guides

COBIT5 Implementation

COBIT5:Enabling Information

COBIT5:Enabling Processes

Other Enabler

Guides

COBIT5for Assurance

COBIT5for Information

Security

COBIT5for Risk

Other Professional

Guides

COBIT 5 Principles

Source: COBIT 5, figure 2 and COBIT 5 for Assurance, figure 7

1. MeetingStakeholder

Needs

5. SeparatingGovernance

FromManagement

4. Enabling aHolistic

Approach

3. Applying aSingle

IntegratedFramework

2. Covering theEnterpriseEnd-to-end

COBIT 5Principles

3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA

Phone: +1.847.253.1545 Fax: +1.847.253.1443 Email: [email protected]

Web site: www.isaca.org

2 0 1 3 I S A C A . A L L R I G H T S R E S E R V E D .

FORASSURANCE


2/8

COBIT 5 Goals Cascade Overview

Source: COBIT 5, figure 4

BenefitsRealisation

Stakeholder Drivers(Environment, Technology Evolution, )

Enterprise Goals

IT-related Goals

Enabler Goals

Influence

Cascade to

Cascade to

ResourceOptimisation

RiskOptimisation

Stakeholder Needs

Cascade to

FORASSURANCE

Selected Guidance From the COBIT 5 Family

These charts and figures are elements of COBIT 5 and its supporting guides. This excerpt is available as a complimentaryPDF (www.isaca.org/cobit) and for purchase in hard copy (www.isaca.org/bookstore). It provides an overview of the

COBIT 5 guidance, its five principles and seven enablers. We encourage you to share this document with your enterpriseleaders, team members, clients and/or consultants.COBIT enables enterprises to maximise the value and minimise the risk related to information, which has become thecurrency of the 21stcentury. COBIT 5 is a comprehensive framework of globally accepted principles, practices, analyticaltools and models that can help any enterprise effectively address critical business issues related to the governance andmanagement of information and technology. Additional information is available at www.isaca.org/cobit.


3/8

Governance and Management in COBIT 5


Key Roles, Activities and Relationships


Roles, Activities and Relationships

Owners andStakeholders

Governing

Body

ManagementOperations

and

Execution

Instruct andAlign

Report

Set Direction

Monitor

Delegate

Accountable

Benefits

Realisation

GovernanceEnablers

Roles, Activities and Relationships

GovernanceScope

Resource

Optimisation

Risk

Optimisation

Governance Objective: Value Creation

COBIT 5 Governance and Management Key Areas


Governance

Management

Evaluate

Direct Monitor

Plan(APO)

Build(BAI)

Run(DSS)

Monitor(MEA)

Management Feedback

Business Needs

FORASSURANCE


4/8

Assurance Components

Source: COBIT 5 for Assurance, figure 4

Scope of COBIT 5 for Assurance


FORASSURANCE

AssuranceProfessional

User

Three-partyRelationship

involving an accountableparty for the subjectmatter, an assuranceprofessional and an

intended user

A. Determine Scopeof the

Assurance Initiative

Subject Matterover which the assurance

is to be provided

Suitable Criteriaagainst which

the subjectmatter will

be assessed

Execute theassurance

engagement

Conclusionissued by the

assuranceprofessional

Provides Comfort to

Performs

Secondary

Primary

Governs andManages

Assurance Process that the assurance professional will undertake:

B. Understand the Subject Matter,Set Suitable Assessment

Criteria and AssessC. Communication

AccountableParty

AssuranceFunction

Perspective

Processes OrganisationalStructures

Principles, Policies and Frameworks

Culture, Ethicsand Behaviour

InformationServices,

Infrastructureand Applications

People, Skillsand

Competencies

COBIT 5 Enablers for theAssurance Function

Assurance AssessmentPerspective

COBIT5 for Assurance

Genericmethod

forprovidingassurance

overCOBIT 5enablers

ITAF

ISACA Audit/Assurance Programmes

Audit/Assurance Programmes for Subject Matter

COBIT 5 framework andCOBIT5: Enabling Processes


5/8

Generic COBIT 5-based Assurance Engagement Approach


Assurance Engagement Scoping Summary


FORASSURANCE

A-1Determine the stakeholders of theassurance initiative and their stake.

B-1Agree on metrics and criteria for enterprise goals and

IT-related goals. Assess enterprise goals andIT-related goals.

B-2Obtain understanding of the principles, policies

and frameworksin scope.Assess principles, policies and frameworks.

B-3Obtain understanding of the processes in scope and

set suitable assessment criteria.Assess the processes.

B-4Obtain understanding of the organisational structures

in scope.Assess the organisational structures.

B-5

Obtain understanding of the culture,ethics and behaviour in scope.

Assess culture, ethics and behaviour.

B-8Obtain understanding of the people, skills and

competencies in scope.Assess people, skills and competencies.

B-7Obtain understanding of the services, infrastructure

and applicationsin scope.Assess services, infrastructure and applications.

B-6Obtain understanding of the information itemsin scope.

Assess information.

C-1Document exceptions

and gaps.A-2Determine the assurance objectives

based on assessment of the internal andexternal environment/context and of the

relevant risk and related opportunities.

A-3Determine the enablers in scope and the

instance(s) of the enablers in scope.

Principles, Policies and Frameworks Processes Organisational Structures Culture, Ethics and Behaviour Information Services, Infrastructure and Applications People, Skills and Competencies

C-2

Communicate the workperformed and findings.

A. Determine Scope of theAssurance Initiative

B. Understand Enablers, Set SuitableAssessment Criteria and Perform the Assessment C. Communicate the

Results of theAssessment

A-1

Determine the stakeholders of the

assurance initiative and their stake.

A-2

Determine the assurance objectivesbased on assessment of the internal and

external environment/context and of the

relevant risk and related opportunities.

8. Use the RACI charts of the selected processes to identify potential organisational structuresin scope, and refine the list.

2. Identify the enterprise goals that are most related to the high-level assurance objective.

11. Identify which other enablerssupport the

achievement of theselected IT goals.

5. Refinetaking into account the specific environmentthe set of potential IT goals to a manageable set of key IT goals and additional IT goals.

7. Refine the list of selected processes to a

manageable list.

1. Define the assurance objective in

simple language.

12. Consolidate the list of enablers in scope and remove redundancies.

6. Use the mapping table between IT goals and COBIT 5 processes to identify potential processesthat support the IT goals.

9. Use the RACI chartsof the selected processes to identfy potential people, skills and competenciesin scope, and refine the list.

3. Refine the list of potential enterprise goals to a

manageable set of key goals and additional goals.

10. Use the input/outputtables of the selected processes to identify potential information itemsin scope, and refine the list.

4. Use the mapping table between enterprise goals and IT goals to identify potential

IT goalsthat need to be achieved.

A-3Determine the enablers in scope and theinstance(s) of the enablers in scope.

Principles, Policies and Frameworks

Processes Organisational Structures Culture, Ethics and Behaviour Information Services, Infrastructure and Applications People, Skills and Competencies

A. Determine Scope of theAssurance Initiative


6/8

ProcessesforM

anagementofEnterpris

eIT

Evaluate,DirectandMonitor

ProcessesforGovernanceofEnterpriseIT

Align,PlanandOrganise

Monitor,Ev

aluate

andAss

ess

Build,AcquireandIm

plement

Deliver,ServiceandSupport

EDM01Ensure

Governance

Framework

Setting

andMaintenance

APO01Manage

theITManagement

Framework

APO08Manage

Relationships

APO

02Manage

Strategy

APO

09Manage

Service

Ag

reements

APO03Manage

Enterprise

Architecture

APO10Manage

Suppliers

APO04M

anage

Innovation

APO11M

anage

Qua

lity

APO05Manage

Port

folio

APO12Manage

Risk

APO06Mana

ge

BudgetandCosts

APO07Manage

HumanResources

MEA01Mo

nitor,

Evaluateand

Assess

Performanc

eand

Con

forma

nce

MEA02Mo

nitor,

Evaluateand

Assess

the

System

of

Internal

Contro

l

MEA03Mo

nitor,

Evaluateand

Assess

Compliance

With

ExternalRequirements

APO13Mana

ge

Security

DSS01Manage

Operations

DSS

02Manage

ServiceRequests

andIncidents

DSS03Manage

Problems

DSS04M

anage

Continuity

DSS05Manage

Security

Services

DSS06Mana

ge

Business

Process

Cont

rols

BAI01Manage

Programmesand

Projects

BAI08Manage

Knowledge

BAI

02Manage

Requirements

D

efinition

BAI

09Manage

Assets

BAI03Manage

Solutions

Identi

fication

andBuild

BAI10Manage

Con

figuration

BAI04M

anage

Availa

bility

and

Ca

pacity

BAI05Manage

Organisational

Change

Enablement

BAI06Mana

ge

Changes

BAI07Manage

Change

Acceptanceand

Transitioning

EDM02Ensure

Bene

fitsDelivery

EDM03

Ensure

Risk

Optimisation

EDM04Ensure

Resource

Optimisation

EDM05Ensure

Stakeholder

Transparency

COBIT

5ProcessReferenceModel

Source:

COBIT5forAssurancefigure

15

FORASSURANCE

This figure highlights the key supporting COBIT 5 processes (shown in dark pink), as well as the

other supporting processes (shown in light pink). COBIT 5 for Assurance, section 2A, 3.2.1 ad 3.2.2

provide short descriptions of each supporting process, the reason it is important and the key outputs.

MEA activities (shown in light blue) are detailed in COBIT 5 for Assurance, section 2, chapter 1.


7/8

COBIT 5 Enterprise Enablers

Source: COBIT 5, figure 12 and COBIT 5 for Assurancefigure 10

2. Processes3. Organisational

Structures

1. Principles, Policies and Frameworks

6. Services,Infrastructure

and Applications

7. People,Skills and

Competencies

Resources

5. Information

4. Culture, Ethics

and Behaviour

COBIT 5 Enablers: Generic

Source: COBIT 5,figure 13 and COBIT 5 for Assurancefigure 11

EnablerDimension Stakeholders Goals Life Cycle Good Practices

Internal Stakeholders External Stakeholders

PracticesWork Products (Inputs/Outputs)

Intrinsic Quality Contextual Quality (Relevance, Effectiveness) Accessibility and

Security

Plan Design Build/Acquire/ Create/Implement Use/Operate

Evaluate/Monitor Update/Dispose

En

ablerPerformance

Management Are Stakeholders

Needs Addressed?Are Enabler

Goals Achieved?

Metrics for Achievement of Goals(Lag Indicators)

Metrics for Application of Practice(Lead Indicators)

Is Life CycleManaged?

Are Good PracticesApplied?

FORASSURANCE


8/8

Date post:	03-Jun-2018
Category:	Documents
Upload:	linda-maia
View:	223 times
Download:	0 times

Cobit5-Assurance Lam en 0513

Documents