References
• COBIT Student Book
• www.isaca.org/cobit
• Cobit Transforming Enterprise IT by ISACA, 2009
Why does IT need an IT control Why does IT need an IT control framework?framework?
What does Cobit do?What does Cobit do?
How does Cobit support the governance of How does Cobit support the governance of IT?IT?
Who needs an IT control framework?Who needs an IT control framework?
What are the benefits of implementing What are the benefits of implementing Cobit?Cobit?
2009 ISACA All Rights reserved. 4
Is my information technologyorganisation doing the right things?
Are we doing them the right way?
Are we getting them done well?
Are we getting the benefits? *
Is my information technologyorganisation doing the right things?
Are we doing them the right way?
Are we getting them done well?
Are we getting the benefits? *
* Based on the “Four Ares” as described by John Thorp in his book The Information Paradox, written jointly with Fujitsu, first published in 1998 and revised in 2003
COBIT answers Key Business Questions
2009 ISACA All Rights reserved. 5
•Enterprises are sacrificing money, productivity and competitive advantage by not implementing effective IT governance
•Executives need a better way to:– Direct IT for optimal advantage– Measure the value provided by IT– Manage IT-related risks
Why does IT need a control framework?
IT Governance Is the Key IssueIT Governance Is the Key Issue
What does COBIT do?
• Improves IT efficiency and effectiveness• Helps IT understand the needs of the business• Puts practices in place to meet the business
needs as efficiently as possible• Ensure alignment of business an IT• Helps executives understand and manage IT
investments throughout their life cycle
How does COBIT support the governance of IT?
COBIT support IT governance by providing a framework to ensure that:•IT is aligned with the business•IT enables the business and maximizes benefits•IT resources are used responsibly•IT risks are managed appropriately
The benefits of implementing COBIT include:• A common language for executives, management
and ITprofessionals• A better understanding of how the business and IT
can work together for successful delivery of IT initiatives
• Improved efficiency and optimization of cost• Reduced operational risk• Clear policy development• More efficient and successful audits• Clear ownership and responsibilites, based on
process orientation
What are the benefits of implementing COBIT?
Board and Executive• To ensure management follows and implements the strategic
direction for ITManagement
• To make IT investment decisions• To balance risk and control investment• To benchmark existing and future IT environment
Users• To obtain assurance on security and control of products and
services they acquire internally or externally Auditors
• To substantiate opinions to management on internal controls• To advise on what minimum controls are necessary
Who needs a control framework?
2009 ISACA All Rights reserved. 10
•Accepted globally as a set of tools that ensures IT is working effectively
•Functions as an overarching framework •Provides common language to communicate goals,
objectives and expected results to all stakeholders•Based on, and integrates, industry standards and
good practices in:– Strategic alignment of IT with business goals– Value delivery of services and new projects– Risk management– Resource management– Performance measurement
COBIT COBIT is a Road Map to Good IT is a Road Map to Good IT GovernanceGovernance
The COBIT Framework
The CThe COBIOBIT framework explained:T framework explained:
Business focusBusiness focus
Process orientationProcess orientation
IT resourcesIT resources
Starts from the premise that IT needs to deliver the information that the enterprise needs to achieve its objectives
Promotes process focus and process ownership
Divides IT into 34 processes belonging to four domains and provides a high-level control objective for each
Considers fiduciary, quality and security needs of enterprises, providing seven information criteria that can be used to generically define what the business requires from IT
Is supported by a set of over 300 detailed control objectives
Effectiveness Efficiency Availability Integrity Confidentiality Reliability Compliance
Plan and Organise Acquire and Implement Deliver and Support Monitor and Evaluate
COBIT: Of what does it consist?
“In order to provide the information that the organisation needs to achieve its objectives, IT resources need to be managed by a set of naturally grouped processes.”
Relates to business requirements (expressed as information criteria)
Links to business processes Empowers business owners
Decomposes IT into four domains and 34 processes
Domains: (plan-build-run) + monitor Control, audit, implementation and
performance management knowledge structured by process
Bu
sin
es
sP
roces
s
Business Orientation and Process Focus
IT IT ProcessesProcesses
BusinessRequirements
IT IT ResourcesResources
IT IT ProcessesProcesses
BusinessRequirements
IT IT ResourcesResources