Memahami Cobit Versi NUS

8/20/2019 Memahami Cobit Versi NUS

1/32

© 2010 NUS. All Rights Reserved UnlessOtherwise Stated.

ATA/Lucid/2010-01-25 MUS/

COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0

COBIT® 5 as IT Management Best

Practice Framework

1

Please see Acknowledgements & Notices in last few slides


2/32




What is COBIT?

Control OB jectives for Information and related Technology

International framework from ISACA and IT Governance Institute

Helps maximise value of IT to businesses

Originally, more for monitoring/ audit /risk assessment of ITmanagement processes

Increasingly recognised as comprehensive framework of ITManagement best practices■ Advises on WHAT to do■ Some high-level of how to do

Currently Version 5

2


3/32




COBIT - Governance and Management

3

Strategic Tactical Operational

Nb: Words in green above NOT part of COBIT but added by the author of this presentation.

generally, the responsibility of

Board of Directors


4/32




COBIT5 Processes

4

Align, Plan &

Organise

Build, Acquire &

Implement

Monitor, Evaluate &

Assess

Deliver, Service &

Support

• Manage the IT ManagementFramework

• Manage Strategy• Manage Innovation• Manage EnterpriseArchitecture

• Manage Portfolio• Manage Budget and Costs• Manage Human Resources• Manage Relationships• Manage Service Agreements• Manage Suppliers• Manage Quality• Manage Risk• Manage Security

• Manage Programmes &Projects

• Manage RequirementsDefinition

• Manage SolutionsIdentification and Build

• Manage Availability &Capacity

• Manage Change Acceptanceand Transitioning

• Manage OrganisationalChange Management

• Manage Changes• Manage Knowledge• Manage Assets• Manage Configuration

• Monitor, Evaluate andAssess Performance &Conformance

• Monitor, Evaluate andAssess the System ofInternal Control

• Monitor, Evaluate andAssess Compliance with

External Requirements

Governance

• Manage Operations• Manage Service Requests& Incidents

• Manage Problems• Manage Continuity• Manage Security Services• Manage Business ProcessControls

• Ensure Governance FrameworkSetting and Maintenance

• Ensure Benefits Delivery• Ensure Risk Optimisation

• Ensure Resource Optimisation• Ensure StakeholderTransparency

Domains

Processes


5/32




Domain BAI - Build, Acquire & Implement

5

Nb: Bold headings are

author’s own categorisation& are not part of COBIT

Programmes

■ Manage Programmes (and Projects)

Projects

■ Manage (Programmes and) Projects

Requirements

■ Manage Requirements Definition

■ Manage Availability & Capacity Design & Build

■ Manage Solutions Identification and Build

Test & Implement

■ Manage Change Acceptance and Transitioning

Changes

■ Manage (IT) Changes■ Manage Organisational Change Management

Supporting Processes

■ Manage Knowledge

■ Manage Assets

■ Manage Configuration


6/32




Domain BAI - Build, Acquire & Implement

6

Build, Acquire

& Implement

(BAI)

Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.

Programme Management

(Generic) Project Management

IT Systems Devt Life Cycle Mgt

Support Processes

Knowledge, Asset, Configuration

Requirements &

Feasibility

Design &

Build

Test &

Implement

Manage Changes

IT and Organisational


7/32




IT Strategy / Innovation / Ent. Architecture / Portfolio Management

BAI Relationship with APO

7

Build, Acquire

& Implement

(BAI)

Align, Plan

& Organise

(APO)


Pre-Project Development Production




Support Processes


Requirements &

Feasibility

Design &

Build

Test &

Implement

Manage Changes

IT and Organisational(Tactical)

(Strategic)

IT

Ongoing

Management


8/32




Domain APO – Align, Plan & Organise

Strategy/ Architecture / Portfolio■ Manage the IT Management Framework

■ Manage Strategy

■ Manage Innovation

■ Manage Enterprise Architecture

■ Manage Portfolio IT Ongoing Management

■ Manage Budget and Costs

■ Manage Human Resources

■ Manage Relationships

■ Manage Service Agreements

■ Manage Suppliers■ Manage Quality

■ Manage Risk

■ Manage Security

8


author’s own categorisation

& are not part of COBIT

IT Strategy / Architecture / Portfolio Management




Support Processes


Requirements &

Feasibility

Design &

Build

Test &

Implement

Manage Changes

IT and Organisational

ITOngoing

Management


9/32




COBIT Domains – Deliver, Service &

Support (DSS)

Service Operations

■ Manage Operations

■ Manage Service Requests &

Incidents

■ Manage Problems

■ Manage Continuity

■ Manage Security Services

■ Manage Business ProcessControls

9


author’s own categorisation& are not part of COBIT


10/32




DSS Relationship with BAI & APO

10


Support Processes

Knowledge, Assets, Configuration

Requirements

& Feasibility

Design &

Build

Test &

Implement

Manage ChangesIT & Organisational

Build,

Acquire &

Implement

(BAI)

Align, Plan

& Organise

(APO)

Deliver,

Service &

Support (DSS)

Service

Operations






IT

Ongoing

Management

(Strategic)

(Tactical)

(Operational)


11/32




COBIT Domains – Monitor, Evaluate &

Assess

Monitor, Evaluate and Assess

■ Performance & Conformance

■ System of Internal Control

■ Compliance with External Requirements

11





12/32




MEA Relationship with APO / BAI / DSS

12


Support Processes


Requirements

& Feasibility

Design &

Build

Test &

Implement

Manage ChangesIT & Organisational

Build,

Acquire &

Implement

(BAI)

Align, Plan

& Organise

(APO)

Deliver,

Service &

Support (DSS)

Service

Operations






IT

Ongoing

Management

Measure,

Evaluate

&

Assess

Measure,

Evaluate &Assess (MEA)

(Strategic)

(Tactical)

(Operational)


13/32




COBIT Domains – Governance

Monitor, Evaluate & Direct to:

■ Ensure Governance Framework Setting

and Maintenance

■ Ensure Benefits Delivery

■ Ensure Risk Optimisation

■ Ensure Resource Optimisation

■ Ensure Stakeholder Transparency

13





14/32




Governance Relationship To Management

14


Support Processes


Requirements

& Feasibility

Design &

Build

Test &

Implement

Manage Changes

IT & Organisational

Build,

Acquire &

Implement

(BAI)

Align, Plan

& Organise(APO)

Deliver, Service &

Support (DSS)

Service

Operations






IT

Ongoing

Management

Measure,

Evaluate

&

Assess

Measure,

Evaluate &

Assess (MEA)

(Strategic Mgt)

(Tactical Mgt)

(Operational Mgt)

(Governance)

Monitor

Evaluate

Direct


15/32




Further Process Details

COBIT provides further details to the Process

■ Breakdown of Process

• Process

–

Management Practices» Activities

■ RACI for Management Practices

■ Inputs-Outputs for each Activity

■ Metrics for the overall process• IT-related

• Process-related

15


16/32


ATA/Lucid/2010-01-25 MUS/COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0

COBIT Process Details – Management

Practices

16

Manage Programmes and Projects■ Maintain a standard approach for programme and project

management

■ Initiate a programme.

■ Manage stakeholder engagement.

■ Develop and maintain the programme plan.

■ Launch and execute the programme■ Monitor, control and report on the programme outcomes.

■ Start up and initiate projects within a programme.

■ Plan projects

■ Manage programme and project quality

■ Manage programme and project risk

■ Monitor and control projects■ Manage project resources and work packages.

■ Close a project or iteration

■ Close a programme.

Process

Management

Practices


17/32



COBIT Process Details – Management

Practices and Activities

17

Manage Programmes and Projects

■ Maintain a standard approach for programme and project management

■ Initiate a programme

• Agree on programme sponsorship and appoint a programme board/committee with members who have

strategic interest in the programme, have responsibility for the investment decision making, will be

significantly impacted by the programme and will be required to enable delivery of the change.

• Confirm the programme mandate with sponsors and stakeholders. Articulate the strategic objectives for

the programme, potential strategies for delivery, improvement and benefits that are expected to result,

and how the programme fits with other initiatives.

• Develop a detailed business case for a programme, if warranted. Involve all key stakeholders to develop

and document a complete understanding of the expected enterprise outcomes, how they will be

measured, the full scope of initiatives required, the risk involved and the impact on all aspects of the

enterprise. Identify and assess alternative courses of action to achieve the desired enterprise outcomes.

• Develop a benefits realisation plan that will be managed throughout the programme to ensure that

planned benefits always have owners and are achieved, sustained and optimised.

• Prepare and submit for in-principle approval the initial (conceptual) programme business case, providing

essential decision-making information regarding purpose, contribution to business objectives, expectedvalue created, time frames, etc

• Appoint a dedicated manager for the programme, with the commensurate competencies and skills to

manage the programme effectively

• and efficiently.

■ Manage stakeholder engagement.

■ …

Process

Management

Practices

Activities


18/32



COBIT Process Details – RACI for

Management Practices

18


19/32



COBIT Process Details – Inputs-

Outputs for Each Activity

19


20/32



COBIT Process Details – IT-Related

Metrics

20

Example - from Manage Programmes and Projects process


21/32



COBIT Process Details – Process-

Related Metrics

21

Example - from Manage Programmes and Projects process


22/32



Other Key Elements of COBIT

Principles

Enablers

Lifecycle Approach

Process Capability Model

COBIT 5 Product Family

22


23/32



Principles

23


24/32



Enablers

24


25/32



Lifecycle Approach

25


26/32



Process Capability Model

26


27/32



COBIT 5 Product Family

27


28/32



COBIT 5 Mapping to Other Frameworks

28

Nb: Some of the other frameworks can map to more than one COBIT domain (eg. ITIL/COBIT) but for simplicity, only one domain is mapped here

http://www.scrumalliance.org/


29/32




For Further Information

For further details on COBIT course

■ http://www.iss.nus.edu.sg/ProfessionalCourse

s/SearchCourse/CourseDetail/tabid/267/cid/20

/cname/nicf-cobit-foundation/Default.aspx

For other related courses:

■ http://www.iss.nus.edu.sg/ProfessionalCourse

s/CourseCatalogue.aspx

29

http://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/CourseCatalogue.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/CourseCatalogue.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/CourseCatalogue.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/CourseCatalogue.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspxhttp://www.iss.nus.edu.sg/ProfessionalCourses/SearchCourse/CourseDetail/tabid/267/cid/20/cname/nicf-cobit-foundation/Default.aspx


30/32




Acknowledgements & Sources

Sources used in this presentation:

■ Information Systems Audit and Control

Association. (2012). COBIT 5: Enabling

processes. Rolling Meadows, IL: ISACA.

30


31/32




Acknowledgements & Notices COBIT® is a registered trade mark of ISACA and the IT Governance Institute

CGEIT® is a registered trade mark of ISACA

TOGAF is a registered trademark of The Open Group in the United States andother countries

CBAP® is a registered certification mark owned by International Institute ofBusiness Analysis

CISSP is a registered Trademark of (ISC)2

SCRUM Alliance REP SM is a service mark of Scrum Alliance, Inc.

PMP is a registered mark of Project Management Institute, Inc.

ITIL®, PRINCE2®, P3O®, MSP® are registered trade marks of the CabinetOffice

CMMI is registered in the U.S. Patent and Trademark Office by Carnegie Mellon

University The Swirl logo™ is a trade mark of the Cabinet Office

© 2011 NUS unless otherwise stated. The contents of this document may not bereproduced in any form or by any means, without the written permission of ISS,NUS, other than for the purpose for which it has been supplied

Memahami Cobit Versi NUS

Documents

Transcript of Memahami Cobit Versi NUS