Introduction-Benefits Introduction-Benefits COBIT FrameworkCOBIT FrameworkWith ExampleWith Example

Sanjiv Arora, CISA, CISM, CGEIT

Principal Consultant

TECHNOLOGICS & CONTROLSProtecting the ABCs of your business.

AgendaAgenda

IT Governance COBIT framework Example - Cost Management Controls in IT Operations using

COBIT About Technologics and Controls

IT Governance – Need?IT Governance – Need?

What is driving today’s businesses?

Assertive StakeholdersAggressive CompetitionEmerging Regulations

Recessionary trends direct / indirectExtremely high IT Dependence

Impacts

Enterprise GovernanceEnterprise Governance

IT Governance - AlignmentIT Governance - Alignment

Value Delivery

•Secure•On Time•Within Budgets•Good Quality•Reduce Expense•Proven best practices

Business Benefits

•Customer satisfaction•Brand Loyalty•Competitive advantage•Profitability

Crux - Fill what's empty. Empty what's full. And scratch where it itches. – Murphy’s law

Why COBIT?Why COBIT?

Better alignment based on business focus Demonstrates management viewpoint and expectations Clear ownerships and responsibilities based on

processes Increasing acceptability with third parties and regulators Eases IT Governance communication between

stakeholders and other parties Fulfillment of the COSO requirements for IT control

environment

Lack of IT Governance makes it.... Lack of IT Governance makes it....

Difficult to make a link to the business requirements Complex to measure performance against the

requirements Cumbersome to control activities using a generally

accepted process model Difficult to identify the resources to be leveraged A problem to define management control objectives

Use of COBIT – Practical ScenarioUse of COBIT – Practical Scenario

Uses are Implement and Manage IT governance Risk Assessment and Management Defining KPI and KGI Mapping to other standards Customize controls Provides direction and recommendations for weak

controls Aid to implement ERP, BCP, BPR and other IT

projects Implement Cost Savings on IT spend (Capex and

Opex) Assessment of IT governance maturity Demonstrate IT alignment (using Balance Score card)

COBIT – It is Implementable COBIT – It is Implementable

Based on self assessment Very comprehensive yet flexible Does not enforce COMPLETE implementation Customizable Easy to understand (Subject Matter Experts are

available) Implementation maybe fast track, with help of tools

COBIT – Importance Vs Other standardsCOBIT – Importance Vs Other standards

Comprehensive for business requirements Business operations completely dependent on IT Business applications (ERP), workflows, resource sharing,

communication (chat, email,video conferencing) controls are all logical controls

Approval and authorization – financial or non-financial is mostly handled by logical controls

Confidentiality is primarily managed within technology COBIT encompasses all aspects of IT Governance

Other standards where COBIT is useful ITIL SOX compliance PCI-DSS NIST HIPAA ISO27001 Others

COBITCOBIT – Other Standards – Other Standards

http://www.isaca.org/AMTemplate.cfm?Section=COBIT_Focus&Template=/ContentManagement/ContentDisplay.cfm&ContentID=31702

Common misunderstanding: We already have xyz standard, so we do not need COBIT.

COBIT FrameworkCOBIT Framework

Source – ITGI presentation materials

The following slides explain an example of COBIT framework implementation.

The slides are prepared using the Meycor COBIT suite software tools.

Actual tool may also be demonstrated as necessary, time and audience permitting.

Thanks.

COBIT FrameworkCOBIT Framework

COBIT – Key Objectives and ControlsCOBIT – Key Objectives and Controls

COBIT – Map Business objectives using Funnel ApproachCOBIT – Map Business objectives using Funnel Approach

4 Domains

34 Processes(select applicable processes)

210 Control Objectives(select from applicable objectives)

Controls(Select / add / modify controls to Suit your IT Governance needs)

* Equals = 4 Domains22 processes145 controls objectives N Controls* An example

COBIT – Processes and Controls – Tangible Cost ManagementCOBIT – Processes and Controls – Tangible Cost Management

Source - http://www.isaca.org/AMTemplate.cfm?Section=COBIT_Focus&Template=/ContentManagement/ContentDisplay.cfm&ContentID=47399

Cost Management Controls = Selected 10 processes

COBIT – Processes and Controls – Excess Labour ManagementCOBIT – Processes and Controls – Excess Labour Management

Too many cooks….!

COBIT – Assessment and gaps – Tangible Cost ManagementCOBIT – Assessment and gaps – Tangible Cost Management

COBIT – Tangible Cost Management – Concerns / SavingCOBIT – Tangible Cost Management – Concerns / Saving

Cont’d

COBIT – Tangible Cost Management – Concerns / SavingCOBIT – Tangible Cost Management – Concerns / Saving

COBIT – Tangible Cost Management – Recommendation – DS2COBIT – Tangible Cost Management – Recommendation – DS2

Customize recommendations according to business objectives.

COBIT – Tangible Cost Management–Tasks/linked RecommendationCOBIT – Tangible Cost Management–Tasks/linked Recommendation

COBIT – Tangible Cost Management–Tasks Manage / ComplyCOBIT – Tangible Cost Management–Tasks Manage / Comply

Verify and validate to ensure compliance and success.

COBIT – Tangible Cost Management– Communicate ResultsCOBIT – Tangible Cost Management– Communicate Results Proactive IT initiatives and operational improvements Enhance credibility of the IT organization Benefits

Tangibles Current period vs previous period % saving from alternate options Forecast reduction in expense / ROI

Intangibles Efficiency of operations Reduced incidents High uptime Link to business objectives

Faster product launch Timely service delivery Increase in customers / revenue

COBIT – Map Business objectives using Funnel ApproachCOBIT – Map Business objectives using Funnel Approach

4 Domains

34 Processes(select applicable processes)

210 Control Objectives(select from applicable objectives)

Controls(Select / add / modify controls to Suit your IT Governance needs)

* Equals = 4 Domains22 processes145 controls objectives N Controls* An example

The funnel model can be used for implementation of ERP, Other IT Projects,

Project Monitoring and controls, Compliance checklists

Introduction : Technologics & ControlsIntroduction : Technologics & Controls

Founded in 2001 Based in New Delhi, India

Services: IT Audits, Risk Management consulting, Information security assessment and management, IT Governance services, compliance and related services.

Products: Sole reseller in India of DataSec S.R.L providing software solutions based on COBIT / ISO27001 / COSO and other standards

COBIT – BenefitsCOBIT – Benefits

We offer our rich experience to meet your Business Requirements and Objectives in the IT Audits, IT Governance, Risk, Security Awareness, CISA, CISM Training and IT Strategy consulting areas.

Our specializations includes reviews of ERP, CBS, Information Architecture, IT Efficiency and Effectiveness to deliver value amongst other things.

We have worked with Al Rajhi Takaful in KSA, Qatar Steel, WFP, WHO, UNOPS, Govt of India and many other reputed companies across the world.

We shall be happy to discuss your requirements,Look forward. Sanjiv Arora

Contact us on +91 98102 93733 or email sa@tech-controls.comwww.tech-controls.com