2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT 5 as IT Management Best
Practice Framework
1
Please see Acknowledgements & Notices in last few slides
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
What is COBIT?
Control OBjectives for Information and related Technology
International framework from ISACA and IT Governance Institute
Helps maximise value of IT to businesses
Originally, more for monitoring/ audit /risk assessment of IT management processes
Increasingly recognised as comprehensive framework of IT Management best practices Advises on WHAT to do Some high-level of how to do
Currently Version 5
2
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT - Governance and Management
3
Strategic Tactical Operational
Nb: Words in green above NOT part of COBIT but added by the author of this presentation.
generally, the responsibility of
Board of Directors
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT5 Processes
4
Align, Plan &
Organise
Build, Acquire &
Implement
Monitor, Evaluate &
Assess
Deliver, Service &
Support
Manage the IT Management Framework
Manage Strategy Manage Innovation Manage Enterprise Architecture
Manage Portfolio Manage Budget and Costs Manage Human Resources Manage Relationships Manage Service Agreements Manage Suppliers Manage Quality Manage Risk Manage Security
Manage Programmes & Projects
Manage Requirements Definition
Manage Solutions Identification and Build
Manage Availability & Capacity
Manage Change Acceptance and Transitioning
Manage Organisational Change Management
Manage Changes Manage Knowledge Manage Assets Manage Configuration
Monitor, Evaluate and Assess Performance & Conformance
Monitor, Evaluate and Assess the System of Internal Control
Monitor, Evaluate and Assess Compliance with External Requirements
Governance
Manage Operations Manage Service Requests & Incidents
Manage Problems Manage Continuity Manage Security Services Manage Business Process Controls
Ensure Governance Framework Setting and Maintenance
Ensure Benefits Delivery Ensure Risk Optimisation Ensure Resource Optimisation Ensure Stakeholder Transparency
Domains Processes
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Domain BAI - Build, Acquire & Implement
5
Nb: Bold headings are
authors own categorisation & are not part of COBIT
Programmes
Manage Programmes (and Projects)
Projects
Manage (Programmes and) Projects
Requirements
Manage Requirements Definition
Manage Availability & Capacity
Design & Build
Manage Solutions Identification and Build
Test & Implement
Manage Change Acceptance and Transitioning
Changes
Manage (IT) Changes
Manage Organisational Change Management
Supporting Processes
Manage Knowledge
Manage Assets
Manage Configuration
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Domain BAI - Build, Acquire & Implement
6
Build, Acquire
& Implement
(BAI)
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.
Programme Management
(Generic) Project Management
IT Systems Devt Life Cycle Mgt
Support Processes
Knowledge, Asset, Configuration
Requirements &
Feasibility
Design &
Build
Test &
Implement
Manage Changes
IT and Organisational
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
IT Strategy / Innovation / Ent. Architecture / Portfolio Management
BAI Relationship with APO
7
Build, Acquire
& Implement
(BAI)
Align, Plan
& Organise
(APO)
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.
Pre-Project Development Production
Programme Management
(Generic) Project Management
IT Systems Devt Life Cycle Mgt
Support Processes
Knowledge, Asset, Configuration
Requirements &
Feasibility
Design &
Build
Test &
Implement
Manage Changes
IT and Organisational (Tactical)
(Strategic)
IT
Ongoing
Management
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Domain APO Align, Plan & Organise
Strategy/ Architecture / Portfolio Manage the IT Management Framework
Manage Strategy
Manage Innovation
Manage Enterprise Architecture
Manage Portfolio
IT Ongoing Management Manage Budget and Costs
Manage Human Resources
Manage Relationships
Manage Service Agreements
Manage Suppliers
Manage Quality
Manage Risk
Manage Security
8
Nb: Bold headings are
authors own categorisation & are not part of COBIT
IT Strategy / Architecture / Portfolio Management
Programme Management
(Generic) Project Management
IT Systems Devt Life Cycle Mgt
Support Processes
Knowledge, Asset, Configuration
Requirements &
Feasibility
Design &
Build
Test &
Implement
Manage Changes
IT and Organisational
IT
Ongoing
Management
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Domains Deliver, Service & Support (DSS)
Service Operations
Manage Operations
Manage Service Requests & Incidents
Manage Problems
Manage Continuity
Manage Security Services
Manage Business Process Controls
9
Nb: Bold headings are
authors own categorisation & are not part of COBIT
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
DSS Relationship with BAI & APO
10
IT Systems Devt Life Cycle Mgt
Support Processes
Knowledge, Assets, Configuration
Requirements
& Feasibility
Design &
Build
Test &
Implement
Manage Changes
IT & Organisational
Build,
Acquire &
Implement
(BAI)
Align, Plan
& Organise
(APO)
Deliver,
Service &
Support (DSS)
Service
Operations
IT Strategy / Innovation / Ent. Architecture / Portfolio Management
Programme Management
(Generic) Project Management
Pre-Project Development Production
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.
IT
Ongoing
Management
(Strategic)
(Tactical)
(Operational)
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Domains Monitor, Evaluate & Assess
Monitor, Evaluate and Assess
Performance & Conformance
System of Internal Control
Compliance with External Requirements
11
Nb: Bold headings are
authors own categorisation & are not part of COBIT
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
MEA Relationship with APO / BAI / DSS
12
IT Systems Devt Life Cycle Mgt
Support Processes
Knowledge, Assets, Configuration
Requirements
& Feasibility
Design &
Build
Test &
Implement
Manage Changes
IT & Organisational
Build,
Acquire &
Implement
(BAI)
Align, Plan
& Organise
(APO)
Deliver,
Service &
Support (DSS)
Service
Operations
IT Strategy / Innovation / Ent. Architecture / Portfolio Management
Programme Management
(Generic) Project Management
Pre-Project Development Production
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.
IT
Ongoing
Management
Measure,
Evaluate
&
Assess
Measure,
Evaluate &
Assess (MEA)
(Strategic)
(Tactical)
(Operational)
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Domains Governance
Monitor, Evaluate & Direct to:
Ensure Governance Framework Setting and Maintenance
Ensure Benefits Delivery
Ensure Risk Optimisation
Ensure Resource Optimisation
Ensure Stakeholder Transparency
13
Nb: Bold headings are
authors own categorisation & are not part of COBIT
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Governance Relationship To Management
14
IT Systems Devt Life Cycle Mgt
Support Processes
Knowledge, Assets, Configuration
Requirements
& Feasibility
Design &
Build
Test &
Implement
Manage Changes
IT & Organisational
Build,
Acquire &
Implement
(BAI)
Align, Plan
& Organise
(APO)
Deliver, Service &
Support (DSS)
Service
Operations
IT Strategy / Innovation / Ent. Architecture / Portfolio Management
Programme Management
(Generic) Project Management
Pre-Project Development Production
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.
IT
Ongoing
Management
Measure,
Evaluate
&
Assess
Measure,
Evaluate &
Assess (MEA)
(Strategic Mgt)
(Tactical Mgt)
(Operational Mgt)
(Governance)
Monitor
Evaluate
Direct
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Further Process Details
COBIT provides further details to the Process
Breakdown of Process
Process
Management Practices
Activities
RACI for Management Practices
Inputs-Outputs for each Activity
Metrics for the overall process
IT-related
Process-related
15
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Process Details Management Practices
16
Manage Programmes and Projects Maintain a standard approach for programme and project
management
Initiate a programme. Manage stakeholder engagement. Develop and maintain the programme plan. Launch and execute the programme Monitor, control and report on the programme outcomes. Start up and initiate projects within a programme. Plan projects Manage programme and project quality Manage programme and project risk Monitor and control projects Manage project resources and work packages. Close a project or iteration Close a programme.
Process
Management
Practices
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Process Details Management Practices and Activities
17
Manage Programmes and Projects
Maintain a standard approach for programme and project management
Initiate a programme
Agree on programme sponsorship and appoint a programme board/committee with members who have strategic interest in the programme, have responsibility for the investment decision making, will be
significantly impacted by the programme and will be required to enable delivery of the change.
Confirm the programme mandate with sponsors and stakeholders. Articulate the strategic objectives for the programme, potential strategies for delivery, improvement and benefits that are expected to result,
and how the programme fits with other initiatives.
Develop a detailed business case for a programme, if warranted. Involve all key stakeholders to develop and document a complete understanding of the expected enterprise outcomes, how they will be
measured, the full scope of initiatives required, the risk involved and the impact on all aspects of the
enterprise. Identify and assess alternative courses of action to achieve the desired enterprise outcomes.
Develop a benefits realisation plan that will be managed throughout the programme to ensure that planned benefits always have owners and are achieved, sustained and optimised.
Prepare and submit for in-principle approval the initial (conceptual) programme business case, providing essential decision-making information regarding purpose, contribution to business objectives, expected
value created, time frames, etc
Appoint a dedicated manager for the programme, with the commensurate competencies and skills to manage the programme effectively
and efficiently.
Manage stakeholder engagement.
Process
Management
Practices
Activities
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Process Details RACI for Management Practices
18
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Process Details Inputs-Outputs for Each Activity
19
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Process Details IT-Related Metrics
20
Example - from Manage Programmes and Projects process
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT Process Details Process-Related Metrics
21
Example - from Manage Programmes and Projects process
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Other Key Elements of COBIT
Principles
Enablers
Lifecycle Approach
Process Capability Model
COBIT 5 Product Family
22
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Principles
23
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Enablers
24
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Lifecycle Approach
25
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Process Capability Model
26
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT 5 Product Family
27
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
COBIT 5 Mapping to Other Frameworks
28
Nb: Some of the other frameworks can map to more than one COBIT domain (eg. ITIL/COBIT) but for simplicity, only one domain is mapped here
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
For Further Information
For further details on COBIT course
http://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20
/cname/nicf-cobit-foundation/Default.aspx
For other related courses:
http://www.iss.nus.edu.sg/ProfessionalCourses/CourseCatalogue.aspx
29
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Acknowledgements & Sources
Sources used in this presentation:
Information Systems Audit and Control Association. (2012). COBIT 5: Enabling
processes. Rolling Meadows, IL: ISACA.
30
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
Acknowledgements & Notices COBIT is a registered trade mark of ISACA and the IT Governance Institute
CGEIT is a registered trade mark of ISACA
TOGAF is a registered trademark of The Open Group in the United States and other countries
CBAP is a registered certification mark owned by International Institute of Business Analysis
CISSP is a registered Trademark of (ISC)2
SCRUM Alliance REP SM is a service mark of Scrum Alliance, Inc.
PMP is a registered mark of Project Management Institute, Inc.
ITIL, PRINCE2, P3O, MSP are registered trade marks of the Cabinet Office
CMMI is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University
The Swirl logo is a trade mark of the Cabinet Office
2011 NUS unless otherwise stated. The contents of this document may not be reproduced in any form or by any means, without the written permission of ISS, NUS, other than for the purpose for which it has been supplied
2010 NUS. All Rights Reserved Unless
Otherwise Stated.
ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
The End
32