Date post: | 22-Jan-2015 |
Category: |
Business |
Upload: | sanjiv-arora |
View: | 375 times |
Download: | 1 times |
Introduction-Benefits Introduction-Benefits COBIT FrameworkCOBIT FrameworkWith ExampleWith Example
Sanjiv Arora, CISA, CISM, CGEIT
Principal Consultant
TECHNOLOGICS & CONTROLSProtecting the ABCs of your business.
AgendaAgenda
IT Governance COBIT framework Example - Cost Management Controls in IT Operations using
COBIT About Technologics and Controls
IT Governance – Need?IT Governance – Need?
What is driving today’s businesses?
Assertive StakeholdersAggressive CompetitionEmerging Regulations
Recessionary trends direct / indirectExtremely high IT Dependence
Impacts
Enterprise GovernanceEnterprise Governance
IT Governance - AlignmentIT Governance - Alignment
Value Delivery
•Secure•On Time•Within Budgets•Good Quality•Reduce Expense•Proven best practices
Business Benefits
•Customer satisfaction•Brand Loyalty•Competitive advantage•Profitability
Crux - Fill what's empty. Empty what's full. And scratch where it itches. – Murphy’s law
Why COBIT?Why COBIT?
Better alignment based on business focus Demonstrates management viewpoint and expectations Clear ownerships and responsibilities based on
processes Increasing acceptability with third parties and regulators Eases IT Governance communication between
stakeholders and other parties Fulfillment of the COSO requirements for IT control
environment
Lack of IT Governance makes it.... Lack of IT Governance makes it....
Difficult to make a link to the business requirements Complex to measure performance against the
requirements Cumbersome to control activities using a generally
accepted process model Difficult to identify the resources to be leveraged A problem to define management control objectives
Use of COBIT – Practical ScenarioUse of COBIT – Practical Scenario
Uses are Implement and Manage IT governance Risk Assessment and Management Defining KPI and KGI Mapping to other standards Customize controls Provides direction and recommendations for weak
controls Aid to implement ERP, BCP, BPR and other IT
projects Implement Cost Savings on IT spend (Capex and
Opex) Assessment of IT governance maturity Demonstrate IT alignment (using Balance Score card)
COBIT – It is Implementable COBIT – It is Implementable
Based on self assessment Very comprehensive yet flexible Does not enforce COMPLETE implementation Customizable Easy to understand (Subject Matter Experts are
available) Implementation maybe fast track, with help of tools
COBIT – Importance Vs Other standardsCOBIT – Importance Vs Other standards
Comprehensive for business requirements Business operations completely dependent on IT Business applications (ERP), workflows, resource sharing,
communication (chat, email,video conferencing) controls are all logical controls
Approval and authorization – financial or non-financial is mostly handled by logical controls
Confidentiality is primarily managed within technology COBIT encompasses all aspects of IT Governance
Other standards where COBIT is useful ITIL SOX compliance PCI-DSS NIST HIPAA ISO27001 Others
COBITCOBIT – Other Standards – Other Standards
http://www.isaca.org/AMTemplate.cfm?Section=COBIT_Focus&Template=/ContentManagement/ContentDisplay.cfm&ContentID=31702
Common misunderstanding: We already have xyz standard, so we do not need COBIT.
COBIT FrameworkCOBIT Framework
Source – ITGI presentation materials
The following slides explain an example of COBIT framework implementation.
The slides are prepared using the Meycor COBIT suite software tools.
Actual tool may also be demonstrated as necessary, time and audience permitting.
Thanks.
COBIT FrameworkCOBIT Framework
COBIT – Key Objectives and ControlsCOBIT – Key Objectives and Controls
COBIT – Map Business objectives using Funnel ApproachCOBIT – Map Business objectives using Funnel Approach
4 Domains
34 Processes(select applicable processes)
210 Control Objectives(select from applicable objectives)
Controls(Select / add / modify controls to Suit your IT Governance needs)
* Equals = 4 Domains22 processes145 controls objectives N Controls* An example
COBIT – Processes and Controls – Tangible Cost ManagementCOBIT – Processes and Controls – Tangible Cost Management
Source - http://www.isaca.org/AMTemplate.cfm?Section=COBIT_Focus&Template=/ContentManagement/ContentDisplay.cfm&ContentID=47399
Cost Management Controls = Selected 10 processes
COBIT – Processes and Controls – Excess Labour ManagementCOBIT – Processes and Controls – Excess Labour Management
Too many cooks….!
COBIT – Assessment and gaps – Tangible Cost ManagementCOBIT – Assessment and gaps – Tangible Cost Management
COBIT – Tangible Cost Management – Concerns / SavingCOBIT – Tangible Cost Management – Concerns / Saving
Cont’d
COBIT – Tangible Cost Management – Concerns / SavingCOBIT – Tangible Cost Management – Concerns / Saving
COBIT – Tangible Cost Management – Recommendation – DS2COBIT – Tangible Cost Management – Recommendation – DS2
Customize recommendations according to business objectives.
COBIT – Tangible Cost Management–Tasks/linked RecommendationCOBIT – Tangible Cost Management–Tasks/linked Recommendation
COBIT – Tangible Cost Management–Tasks Manage / ComplyCOBIT – Tangible Cost Management–Tasks Manage / Comply
Verify and validate to ensure compliance and success.
COBIT – Tangible Cost Management– Communicate ResultsCOBIT – Tangible Cost Management– Communicate Results Proactive IT initiatives and operational improvements Enhance credibility of the IT organization Benefits
Tangibles Current period vs previous period % saving from alternate options Forecast reduction in expense / ROI
Intangibles Efficiency of operations Reduced incidents High uptime Link to business objectives
Faster product launch Timely service delivery Increase in customers / revenue
COBIT – Map Business objectives using Funnel ApproachCOBIT – Map Business objectives using Funnel Approach
4 Domains
34 Processes(select applicable processes)
210 Control Objectives(select from applicable objectives)
Controls(Select / add / modify controls to Suit your IT Governance needs)
* Equals = 4 Domains22 processes145 controls objectives N Controls* An example
The funnel model can be used for implementation of ERP, Other IT Projects,
Project Monitoring and controls, Compliance checklists
Introduction : Technologics & ControlsIntroduction : Technologics & Controls
Founded in 2001 Based in New Delhi, India
Services: IT Audits, Risk Management consulting, Information security assessment and management, IT Governance services, compliance and related services.
Products: Sole reseller in India of DataSec S.R.L providing software solutions based on COBIT / ISO27001 / COSO and other standards
COBIT – BenefitsCOBIT – Benefits
We offer our rich experience to meet your Business Requirements and Objectives in the IT Audits, IT Governance, Risk, Security Awareness, CISA, CISM Training and IT Strategy consulting areas.
Our specializations includes reviews of ERP, CBS, Information Architecture, IT Efficiency and Effectiveness to deliver value amongst other things.
We have worked with Al Rajhi Takaful in KSA, Qatar Steel, WFP, WHO, UNOPS, Govt of India and many other reputed companies across the world.
We shall be happy to discuss your requirements,Look forward. Sanjiv Arora
Contact us on +91 98102 93733 or email [email protected]