More Related Content Similar to Cobit as IT Management Best Practice Framework (20) Cobit as IT Management Best Practice Framework1. COBIT as IT Management Best Practice
Framework
Adapted from Jan 2011
Management Update Seminar:
“Beyond IT Project Management: Advanced IT Management Best Practices”
Goh BoonNam
Institute of Systems Science
ISACA®, IT Governance Institute® and CobiT® are registered trademarks of ISACA, Use of these trademarks in this document does NOT imply any association, sponsorship, affiliation, or endorsement by ISACA.
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 1
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
2. What is COBIT?
Control OBjectives for Information and related Technology
International framework from ISACA (Information Systems
Control & Audit Association) and IT Governance Institute
Helps maximise value of IT to business and minimise issues
such as those listed earlier
Originally, more for monitoring/audit /risk assessment of IT
management processes
Increasingly recognised as comprehensive framework of IT
Management best practices
■ Advises on WHAT to do
■ Some high-level of how to do
Currently Version 4.1
COBIT References: http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx
http://www.isaca.org/Knowledge-Center/cobit/Pages/Downloads.aspx
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 2
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
3. Why COBIT?
Why COBIT as IT Management Best Practice
Framework?
■ Comprehensive coverage of IT Management
■ Helps avoids issues such as:
• Strategic oversights
• Architecture oversights
• Implementation oversights
• Service Delivery oversights
• Governance oversights
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 3
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
4. Avoid Issue #1 – Strategic Oversight
Past report from Director of Audit of a large
organisation:
■ no formal IT strategy exists which leads to
piecemeal development and absence of
monitoring and evaluation (of projects).
■ hence, additional expenditure had to be
incurred ….
■ systems cannot satisfy objectives
Reference: http://www.gov.mu/portal/site/auditsite/menuitem.afcc311f8d4ff832b4c3bb4e52a521ca/?content_id=a4ac207a78d48010VgnVCM100000ca6a12acRCRD
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 4
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
5. Avoid Issue #2 - Architecture oversights
A leading European bank
■ struggled with a tangle of applications that
hampered its retail-banking operations
■ the lack of unifying standards created
difficulties in satisfying bank-wide business
requirements, such as speeding time to
market for a new banking services
Reference : https://www.mckinseyquarterly.com/Overhauling_banks_IT_systems_2554
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 5
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
6. IT Issue #3 - Implementation oversights
Passport system in a European country:
■ half a million new passports couldn't be issued on
time
■ Passport Agency had brought in a new system
that was (not properly designed/developed and)
without sufficient testing and staff training
■ hundreds of people missed their holidays with
money in the millions spent in compensation for
staff overtime and umbrellas for the poor people
queuing in the rain for passports
Reference : http://www.zdnet.com/news/the-top-10-it-disasters-of-all-time/177729
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 6
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
7. IT Issue #4 - Service Delivery oversights
Bank in a European country:
■ Online banking services, that had been in
operation for some time, suddenly went down
for nearly a week
Reference : http://www.computerweekly.com/blogs/management-matters/2010/07/has-the-private-sector-caught-the-public-sector-it-disease.html
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 7
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
8. IT Issue #5 - Governance oversights
The Office of Inspector General (OIG) of the U.S. House
of Representatives (House) sought to improve IT activities
within the House.
■ A large number of the first audit reports issued by the OIG
addressed weaknesses in various IT operations of the
House - including the lack of policies and procedures (e.g.,
systems development life cycle), poor systems design and
development, the lack of planning and performance
measures, poor management of the mainframe and the lack
of adequate information security.
■ Management needed to take control of the situation and
establish clear roles and responsibilities…and adopt an IT
governance framework.
Reference : http://www.isaca.org/Knowledge-Center/cobit/Pages/US-House-of-Representatives.aspx
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 8
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
9. • Define a Strategic IT Plan
• Define the Information
COBIT - Overview Architecture
• Determine Technological
• Monitor and Evaluate IT Direction
Processes • Define the IT Processes,
• Monitor and Evaluate Internal Organization and Relationships
Control • Manage the IT Investment
• Ensure Regulatory Compliance • Communicate Management Aims
• Provide IT Governance and Direction
• Manage IT Human Resources
Monitor & Evaluate Plan & Organise
• Manage Quality
• Assess and Manage IT Risks
• Define and Manage Service • Manage Projects
Levels
• Manage Third-party Services
• Manage Performance and
Capacity Deliver & Support Acquire & Implement
• Identify Automated Solutions
• Ensure Continuous Service • Acquire and Maintain Application
• Ensure Systems Security Software
• Identify and Allocate Costs • Acquire and Maintain Technology
• Educate and Train Users Infrastructure
• Manage Service Desk and • Enable Operation and Use
Incidents • Procure IT Resources
• Manage the Configuration • Manage Changes
• Manage Problems • Install and Accredit Solutions and
• Manage Data Changes
• Manage the Physical
Environment
• Manage Operations
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 9
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
10. COBIT Components • Define a Strategic IT Plan
• Define the Information Architecture
PROCESSES • Determine Technological Direction
• Define the IT Processes, Organization and
Relationships
• Manage the IT Investment
• Communicate Management Aims and Direction
• Manage IT Human Resources
Monitor & Evaluate Plan & Organise • Manage Quality
• Assess and Manage IT Risks
• Manage Projects
• Programme Management Framework
• Project Management Framework
• Project Management Approach
• Stakeholder Commitment
Deliver & Support Acquire & Implement • Project Scope Statement
• Project Phase Initiation
• Integrated Project Plan
• Project Resources
• Project Risk Management
• Project Quality Plan
DOMAINS • Project Change Control
• Project Planning of Assurance Methods
• Project Performance Measurement, Reporting and
CONTROL Monitoring
• Project Closure
OBJECTIVES
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 10
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
11. COBIT Domains – Plan & Organise (PO)
Plan &
Strategy / Architecture / Portfolio
■ Define a Strategic IT Plan
Monitor &
Evaluate Organise
■ Define the Information Architecture
■ Determine Technological Direction
Deliver & Acquire &
Support Implement
Programme & Project Management
■ Manage Projects
IT Organisation Management
■ Define the IT Processes, Organization and
Relationships
■ Manage the IT Investment
■ Communicate Management Aims and
Direction
Nb: Bold headings are
author’s own categorisation ■ Manage IT Human Resources
& are not part of COBIT
■ Manage Quality
■ Assess and Manage IT Risks
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 11
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
12. Plan & Organise (PO)
Strategic Pre-Project Development Production
IT Strategy /
Architecture /
Portfolio Management
Level of Work
IT
Programme Organisation
Management Management
Project
Management
Tactical
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within PO.
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 12
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
13. COBIT Domains – Acquire & Implement (AI)
Monitor &
Requirements & Feasibility
■ Identify Automated Solutions
Plan & Organise
Evaluate
Deliver &
Acquire &
Design & Build
Support
Implement
■ Acquire and Maintain Application Software
■ Acquire and Maintain Technology
Infrastructure
Test & Implement
■ Install and Accredit Solutions and Changes
■ Enable Operation and Use
Changes
■ Manage Changes
Nb: Bold headings are
author’s own categorisation
& are NOT part of COBIT
Procurement Management
Procure IT Resources
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 13
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
14. AI Relationship with PO
Pre-Project Development Production
IT Strategy / Architecture / Portfolio Management
Plan & Programme Management
Organise
(PO)
(Generic) Project Management
IT Systems Devt Life Cycle Mgt
Requirements & Design & Test &
Acquire & Feasibility Build Implement
Implement Manage (System-Related) Changes
(AI)
Procurement Management
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 14
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
15. COBIT Domains – Deliver & Support
Service Delivery
■ Define and Manage Service Levels Monitor &
Evaluate
Plan & Organise
■ Manage Third-party Services
■ Manage Performance and Capacity Deliver &
Acquire &
Implement
■ Ensure Continuous Service Support
■ Ensure Systems Security
■ Identify and Allocate Costs
Service Support
■ Educate and Train Users
■ Manage Service Desk and Incidents
■ Manage the Configuration Nb: Bold headings are
author’s own categorisation
■ Manage Problems & are not part of COBIT
■ Manage Data
■ Manage the Physical Environment
■ Manage Operations
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 15
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
16. DS Relationship with AI & PO
Pre-Project Development Production
IT Strategy / Architecture / Portfolio Management
Plan & Programme Management
Organise
(PO)
(Generic) Project Management
IT Systems Devt Life Cycle Mgt
Acquire & Requirements &
Feasibility
Design &
Build
Test &
Implement
Implement Manage (System-Related) Changes
(AI)
Procurement Management
Deliver & Service Delivery
Support
Service Support
(DS) Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 16
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
17. COBIT Domains – Monitor & Evaluate
Monitor & Evaluate Monitor &
Evaluate
■ Monitor and Evaluate IT Processes
Plan & Organise
■ Monitor and Evaluate Internal Control Deliver &
Support
Acquire &
Implement
■ Ensure Regulatory Compliance
Direct
■ Provide IT Governance
Nb: Bold headings are
author’s own categorisation
& are not part of COBIT
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 17
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
18. COBIT Overview
ME Relationship with PO / AI / DS Measure &
Pre-Project Development Production Evaluate
(ME)
IT Strategy / Architecture / Portfolio Management
Plan &
Programme Management
Organise
(PO)
(Generic) Project Management
Measure &
Evaluate
IT
IT Systems Devt Life Cycle Mgt
Organisation
Acquire & /
Management Requirements Design & Test &
Implement & Feasibility Build Implement
Direct
(AI) Manage (System-Related) Changes
Procurement Management
Deliver &
Service Delivery
Support
(DS) Service Support
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 18
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
19. Other Elements of COBIT
Besides
■ Domains
■ Processes
■ Control Objectives
Some Key Elements
■ Management Guidelines
• roles and responsibilities
• goals and metrics
■ Maturity Model
■ Associated Toolkits (for ISACA members)
• Implementation Guide
• Assurance Guide
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 19
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
20. COBIT Mapping to Other Frameworks
P3O
TOGAF
PRINCE2
PMP
CITPM
CMMI
SCRUM
CBAP
COMIT
ISO20000
CISSP
ITIL Monitor &
Plan & Organise
CGEIT Evaluate
COBIT
Acquire &
Deliver & Support
Implement
Nb: Some of the other frameworks can map to more than one COBIT domain (eg. ITIL/COBIT) but for simplicity, only one domain is mapped here
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 20
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
21. Future of COBIT as IT Management
Framework – Draft COBIT v5
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 21
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
22. Future of COBIT as IT Management
Framework – Draft COBIT v5
Some Key New Features
■ Explicit recognition of COBIT as covering
IT Management processes in addition to IT
Governance processes
■ Identification of degree of involvement of
IT and Business in the various processes
■ Enterprise Architecture (instead of
Information Architecture of prior versions)
■ Consolidation into one new “Manage the
IT Organisation” process those v4.1
processes that were for internal IT
organisation support - eg.
• Define IT Processes, Organization and
Relationships
• Communicate Management Aims and
Direction
• Manage IT Human Resources etc
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 22
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/
23. For Further Information
Please refer to:
http://www.iss.nus.edu.sg/
Or email BoonNam Goh at:
issgbn@nus.edu.sg
ATA/Lucid/2010-01-25 MUS/ © NUS. All Rights Reserved. 23
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0 http://www.iss.nus.edu.sg/