Cobit5 owerwiev and implementation proposal

• 1. Presented by Emilio Gratton ISACA Member n. 630629

2. 2 1. COBIT 5 A. THE FRAMEWORK (A BIT OF HISTORY) B. PRINCIPLES C. ENABLING PROCESSES D. COVERAGE E. IMPLEMENTATION APPROACH 2. WAY-AHEAD OUTLINE 3. Governance of Enterprise IT COBIT 5 IT Governance COBIT4.0/4.1 Management COBIT3 Control COBIT2 An business framework from ISACA, at www.isaca.org/cobit Audit COBIT1 COBIT 5: Now One Complete Business Framework for 2005/720001998 Evolutionofscope 1996 2012 Val IT 2.0 (2008) Risk IT (2009) 4 2012 ISACA All rights reserved. 4. 5 COBIT 5 Product Family and framework Source: COBIT 5, figure 11. 2012 ISACA All rights reserved. 5. The Five COBIT 5 Principles 7 ISO 38500 principles: 1. RESPONSABILITY 2. STRATEGY 3. ACQUISITION 4. PERFORMANCE 5. CONFORMANCE 6. HUMAN BEHAVIOUR 6. 1. Meeting Stakeholder Needs Principle 1. Meeting Stakeholder Needs Enterprises exist to create value for their stakeholders. 8 Source: COBIT 5, figure 3. 2012 ISACA All rights reserved. 7. 1. Meeting Stakeholder Needs (cont.) Principle 1. Meeting Stakeholder Needs: Stakeholder needs have to be transformed into an enterprises actionable strategy. The COBIT 5 goals cascade translates stakeholder needs into specific, actionable and customised goals within the context of the enterprise, IT-related goals and enabler goals. 9 Source: COBIT 5, figure 4. 2012 ISACA All rights reserved. Cascades to Cascades to Cascades to Enterprise Goals IT-related Goals Enabler Goals 8. 2. Covering the Enterprise End-to-end Key components of a governance system 10 9. . 11 3. Applying a Single Integrated Framework 10. 4. Enabling a Holistic Approach (cont.) Principle 4. Enabling a Holistic Approach 12Source: COBIT 5, figure 12. 2012 ISACA All rights reserved. 11. 4. Enabling a Holistic Approach (cont). COBIT 5 Enabler Dimensions: 13 Source: COBIT 5, figure 13. 2012 ISACA All rights reserved. 12. 5. Separating Governance From Management (cont.) Principle 5. Separating Governance From Management: COBIT 5 is not prescriptive, but it advocates that organisations implement governance and management processes such that the key areas are covered, as shown. 14 Source: COBIT 5, figure 15. 2012 ISACA All rights reserved. 13. COBIT 5: Enabling Processes 16 Source: COBIT 5, figure 29. 2012 ISACA All rights reserved. 14. COBIT 5: Enabling Processes (cont.) 17 15. COBIT 5: COVERAGE 19 Evaluate, Direct and Monitor Align, Plan and Organise Build Acquire and Implement Delivery Service and Support Monitor, Evaluate and Asses ISO/IEC 38500 ISO/IEC 31000 TOGAF PRINCE2/PMBOK CMMI ITIL V3 2011 AND ISO/IEC 20000 ISO/IEC 27000 16. COBIT 5 Implementation 21 Programme management (outer ring) Change enablement (middle ring) Continual improvement Life Cycle (inner ring) PROFESSIONAL GUIDE FOR A LIFE CYCLE PROGRAMME 17. 1ST STEP: CREATING THE APPROPRIATE ENVIRONMENT 22 ROLES BOARD & EXECUTIVES Set direction for the programme, ensure alignment with enterprisewide governance and risk management, approve key programme roles and define responsibilities, and give visible support and commitment. Sponsor, communicate and promote the agreed-on initiative. Business management Provide appropriate stakeholders and champions to drive commitment and to support the programme. Nominate key programme roles and define and assign responsibilities. IT management Ensure that the business and executives understand and appreciate the high- level IT-related issues and objectives. Nominate key programme roles and define and assign responsibilities. Nominate a person to drive the programme in agreement with the business Internal audit Agree on the role and reporting arrangements for audit participation. Ensure that an adequate level of audit participation is provided through the duration of the programme Risk, compliance and legal Ensure an adequate level of participation through the duration of the programme. 18. 1ST STEP: CREATING THE APPROPRIATE ENVIRONMENT 23 Board ITExecutiveCom m ittee CIO BusinessExecutive ITM anagersITProcessOw ners ITAudit Riskand Com pliance Program m eSteering SET DIRECTION FOR THE PROGRAMME. A R R C C I C C C PROVIDE PROGRAMME MANAGEMENT RESOURCES. C A R R C C R R I ESTABLISH AND MAINTAIN DIRECTION AND OVERSIGHT STRUCTURES AND PROCESSES. C A C I I I I I R ESTABLISH AND MAINTAIN PROGRAMME. I A R C C I I I R ALIGN APPROACHES WITH ENTERPRISE APPROACHES. I A R C C I C C R 19. COBIT5 IMPLEMENTATION STEP-AHEAD 25 SPIRAL APPROACH TO ENLARGE SCOPE COVERAGE TOOLS ADOPTIONS 20. COBIT5 IMPLEMENTATION STEP-AHEAD 26 SCOPE Continual Improvement Life Cycle Program Plan CIO endorse Change Enablement 21. COBIT5 IMPLEMENTATION STEP-AHEAD 27 COVERAGE Teams (matrix procedures) Groups Main Boards Teams (single procedures) 22. COBIT5 IMPLEMENTATION STEP-AHEAD 28 TOOLS Enterprise Projects Test-bed or Proof-of-concept Pilot Project PMO aggregation