Date post: | 03-Jun-2018 |
Category: |
Documents |
Upload: | linda-maia |
View: | 223 times |
Download: | 0 times |
of 8
8/11/2019 Cobit5-Assurance Lam en 0513
1/8
COBIT 5 Product Family
Source: COBIT 5, figure 11 and COBIT 5 for Assurance, figure 1
COBIT 5
COBIT 5 Online Collaborative Environment
COBIT5 Enabler Guides
COBIT5 Professional Guides
COBIT5 Implementation
COBIT5:Enabling Information
COBIT5:Enabling Processes
Other Enabler
Guides
COBIT5for Assurance
COBIT5for Information
Security
COBIT5for Risk
Other Professional
Guides
COBIT 5 Principles
Source: COBIT 5, figure 2 and COBIT 5 for Assurance, figure 7
1. MeetingStakeholder
Needs
5. SeparatingGovernance
FromManagement
4. Enabling aHolistic
Approach
3. Applying aSingle
IntegratedFramework
2. Covering theEnterpriseEnd-to-end
COBIT 5Principles
3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA
Phone: +1.847.253.1545 Fax: +1.847.253.1443 Email: [email protected]
Web site: www.isaca.org
2 0 1 3 I S A C A . A L L R I G H T S R E S E R V E D .
FORASSURANCE
8/11/2019 Cobit5-Assurance Lam en 0513
2/8
COBIT 5 Goals Cascade Overview
Source: COBIT 5, figure 4
BenefitsRealisation
Stakeholder Drivers(Environment, Technology Evolution, )
Enterprise Goals
IT-related Goals
Enabler Goals
Influence
Cascade to
Cascade to
ResourceOptimisation
RiskOptimisation
Stakeholder Needs
Cascade to
FORASSURANCE
Selected Guidance From the COBIT 5 Family
These charts and figures are elements of COBIT 5 and its supporting guides. This excerpt is available as a complimentaryPDF (www.isaca.org/cobit) and for purchase in hard copy (www.isaca.org/bookstore). It provides an overview of the
COBIT 5 guidance, its five principles and seven enablers. We encourage you to share this document with your enterpriseleaders, team members, clients and/or consultants.COBIT enables enterprises to maximise the value and minimise the risk related to information, which has become thecurrency of the 21stcentury. COBIT 5 is a comprehensive framework of globally accepted principles, practices, analyticaltools and models that can help any enterprise effectively address critical business issues related to the governance andmanagement of information and technology. Additional information is available at www.isaca.org/cobit.
8/11/2019 Cobit5-Assurance Lam en 0513
3/8
Governance and Management in COBIT 5
Source: COBIT 5, figure 8
Key Roles, Activities and Relationships
Source: COBIT 5, figure 9
Roles, Activities and Relationships
Owners andStakeholders
Governing
Body
ManagementOperations
and
Execution
Instruct andAlign
Report
Set Direction
Monitor
Delegate
Accountable
Benefits
Realisation
GovernanceEnablers
Roles, Activities and Relationships
GovernanceScope
Resource
Optimisation
Risk
Optimisation
Governance Objective: Value Creation
COBIT 5 Governance and Management Key Areas
Source: COBIT 5, figure 15
Governance
Management
Evaluate
Direct Monitor
Plan(APO)
Build(BAI)
Run(DSS)
Monitor(MEA)
Management Feedback
Business Needs
FORASSURANCE
8/11/2019 Cobit5-Assurance Lam en 0513
4/8
Assurance Components
Source: COBIT 5 for Assurance, figure 4
Scope of COBIT 5 for Assurance
Source: COBIT 5 for Assurance, figure 6
FORASSURANCE
AssuranceProfessional
User
Three-partyRelationship
involving an accountableparty for the subjectmatter, an assuranceprofessional and an
intended user
A. Determine Scopeof the
Assurance Initiative
Subject Matterover which the assurance
is to be provided
Suitable Criteriaagainst which
the subjectmatter will
be assessed
Execute theassurance
engagement
Conclusionissued by the
assuranceprofessional
Provides Comfort to
Performs
Secondary
Primary
Governs andManages
Assurance Process that the assurance professional will undertake:
B. Understand the Subject Matter,Set Suitable Assessment
Criteria and AssessC. Communication
AccountableParty
AssuranceFunction
Perspective
Processes OrganisationalStructures
Principles, Policies and Frameworks
Culture, Ethicsand Behaviour
InformationServices,
Infrastructureand Applications
People, Skillsand
Competencies
COBIT 5 Enablers for theAssurance Function
Assurance AssessmentPerspective
COBIT5 for Assurance
Genericmethod
forprovidingassurance
overCOBIT 5enablers
ITAF
ISACA Audit/Assurance Programmes
Audit/Assurance Programmes for Subject Matter
COBIT 5 framework andCOBIT5: Enabling Processes
8/11/2019 Cobit5-Assurance Lam en 0513
5/8
Generic COBIT 5-based Assurance Engagement Approach
Source: COBIT 5 for Assurance, figure 32
Assurance Engagement Scoping Summary
Source: COBIT 5 for Assurance, figure 34
FORASSURANCE
A-1Determine the stakeholders of theassurance initiative and their stake.
B-1Agree on metrics and criteria for enterprise goals and
IT-related goals. Assess enterprise goals andIT-related goals.
B-2Obtain understanding of the principles, policies
and frameworksin scope.Assess principles, policies and frameworks.
B-3Obtain understanding of the processes in scope and
set suitable assessment criteria.Assess the processes.
B-4Obtain understanding of the organisational structures
in scope.Assess the organisational structures.
B-5
Obtain understanding of the culture,ethics and behaviour in scope.
Assess culture, ethics and behaviour.
B-8Obtain understanding of the people, skills and
competencies in scope.Assess people, skills and competencies.
B-7Obtain understanding of the services, infrastructure
and applicationsin scope.Assess services, infrastructure and applications.
B-6Obtain understanding of the information itemsin scope.
Assess information.
C-1Document exceptions
and gaps.A-2Determine the assurance objectives
based on assessment of the internal andexternal environment/context and of the
relevant risk and related opportunities.
A-3Determine the enablers in scope and the
instance(s) of the enablers in scope.
Principles, Policies and Frameworks Processes Organisational Structures Culture, Ethics and Behaviour Information Services, Infrastructure and Applications People, Skills and Competencies
C-2
Communicate the workperformed and findings.
A. Determine Scope of theAssurance Initiative
B. Understand Enablers, Set SuitableAssessment Criteria and Perform the Assessment C. Communicate the
Results of theAssessment
A-1
Determine the stakeholders of the
assurance initiative and their stake.
A-2
Determine the assurance objectivesbased on assessment of the internal and
external environment/context and of the
relevant risk and related opportunities.
8. Use the RACI charts of the selected processes to identify potential organisational structuresin scope, and refine the list.
2. Identify the enterprise goals that are most related to the high-level assurance objective.
11. Identify which other enablerssupport the
achievement of theselected IT goals.
5. Refinetaking into account the specific environmentthe set of potential IT goals to a manageable set of key IT goals and additional IT goals.
7. Refine the list of selected processes to a
manageable list.
1. Define the assurance objective in
simple language.
12. Consolidate the list of enablers in scope and remove redundancies.
6. Use the mapping table between IT goals and COBIT 5 processes to identify potential processesthat support the IT goals.
9. Use the RACI chartsof the selected processes to identfy potential people, skills and competenciesin scope, and refine the list.
3. Refine the list of potential enterprise goals to a
manageable set of key goals and additional goals.
10. Use the input/outputtables of the selected processes to identify potential information itemsin scope, and refine the list.
4. Use the mapping table between enterprise goals and IT goals to identify potential
IT goalsthat need to be achieved.
A-3Determine the enablers in scope and theinstance(s) of the enablers in scope.
Principles, Policies and Frameworks
Processes Organisational Structures Culture, Ethics and Behaviour Information Services, Infrastructure and Applications People, Skills and Competencies
A. Determine Scope of theAssurance Initiative
8/11/2019 Cobit5-Assurance Lam en 0513
6/8
ProcessesforM
anagementofEnterpris
eIT
Evaluate,DirectandMonitor
ProcessesforGovernanceofEnterpriseIT
Align,PlanandOrganise
Monitor,Ev
aluate
andAss
ess
Build,AcquireandIm
plement
Deliver,ServiceandSupport
EDM01Ensure
Governance
Framework
Setting
andMaintenance
APO01Manage
theITManagement
Framework
APO08Manage
Relationships
APO
02Manage
Strategy
APO
09Manage
Service
Ag
reements
APO03Manage
Enterprise
Architecture
APO10Manage
Suppliers
APO04M
anage
Innovation
APO11M
anage
Qua
lity
APO05Manage
Port
folio
APO12Manage
Risk
APO06Mana
ge
BudgetandCosts
APO07Manage
HumanResources
MEA01Mo
nitor,
Evaluateand
Assess
Performanc
eand
Con
forma
nce
MEA02Mo
nitor,
Evaluateand
Assess
the
System
of
Internal
Contro
l
MEA03Mo
nitor,
Evaluateand
Assess
Compliance
With
ExternalRequirements
APO13Mana
ge
Security
DSS01Manage
Operations
DSS
02Manage
ServiceRequests
andIncidents
DSS03Manage
Problems
DSS04M
anage
Continuity
DSS05Manage
Security
Services
DSS06Mana
ge
Business
Process
Cont
rols
BAI01Manage
Programmesand
Projects
BAI08Manage
Knowledge
BAI
02Manage
Requirements
D
efinition
BAI
09Manage
Assets
BAI03Manage
Solutions
Identi
fication
andBuild
BAI10Manage
Con
figuration
BAI04M
anage
Availa
bility
and
Ca
pacity
BAI05Manage
Organisational
Change
Enablement
BAI06Mana
ge
Changes
BAI07Manage
Change
Acceptanceand
Transitioning
EDM02Ensure
Bene
fitsDelivery
EDM03
Ensure
Risk
Optimisation
EDM04Ensure
Resource
Optimisation
EDM05Ensure
Stakeholder
Transparency
COBIT
5ProcessReferenceModel
Source:
COBIT5forAssurancefigure
15
FORASSURANCE
This figure highlights the key supporting COBIT 5 processes (shown in dark pink), as well as the
other supporting processes (shown in light pink). COBIT 5 for Assurance, section 2A, 3.2.1 ad 3.2.2
provide short descriptions of each supporting process, the reason it is important and the key outputs.
MEA activities (shown in light blue) are detailed in COBIT 5 for Assurance, section 2, chapter 1.
8/11/2019 Cobit5-Assurance Lam en 0513
7/8
COBIT 5 Enterprise Enablers
Source: COBIT 5, figure 12 and COBIT 5 for Assurancefigure 10
2. Processes3. Organisational
Structures
1. Principles, Policies and Frameworks
6. Services,Infrastructure
and Applications
7. People,Skills and
Competencies
Resources
5. Information
4. Culture, Ethics
and Behaviour
COBIT 5 Enablers: Generic
Source: COBIT 5,figure 13 and COBIT 5 for Assurancefigure 11
EnablerDimension Stakeholders Goals Life Cycle Good Practices
Internal Stakeholders External Stakeholders
PracticesWork Products (Inputs/Outputs)
Intrinsic Quality Contextual Quality (Relevance, Effectiveness) Accessibility and
Security
Plan Design Build/Acquire/ Create/Implement Use/Operate
Evaluate/Monitor Update/Dispose
En
ablerPerformance
Management Are Stakeholders
Needs Addressed?Are Enabler
Goals Achieved?
Metrics for Achievement of Goals(Lag Indicators)
Metrics for Application of Practice(Lead Indicators)
Is Life CycleManaged?
Are Good PracticesApplied?
FORASSURANCE
8/11/2019 Cobit5-Assurance Lam en 0513
8/8