Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
308 views32 pages

Cobit 5 - Foundation

Uploaded by

Widianta Harraz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
308 views32 pages

Cobit 5 - Foundation

Uploaded by

Widianta Harraz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 32

COBIT 5 -

FOUNDATION
APRIL 2020
HANDY SANJAYA
THE HISTORY OF COBIT

Governance of Enterprise IT

Evolution of scope
IT Governance

Val IT 2.0
Management (2008)

Control
Risk IT
(2009)
Audit

COBIT1 COBIT2 COBIT3 COBIT4.0/4.1 COBIT 5

1996 1998 2000 2005/7 2012

An business framework from ISACA, at www.isaca.org/cobit


© 2012 ISACA® All rights reserved.
COBIT AND OTHER
STANDARDS/FRAMEWORKS
COBIT 5 PRINCIPLES
1. MEETING STAKEHOLDER NEEDS

Enterprises exist to create value for their stakeholders.


1. MEETING STAKEHOLDER NEEDS (cont.)

• Stakeholder needs have to be transformed into


an enterprise’s practical strategy.
• The COBIT 5 goals cascade translates
stakeholder needs into specific, practical and
customised goals within the context of the
enterprise, IT-related goals and
enabler goals.

Source: COBIT® 5, figure 4. © 2012 ISACA® All rights reserved.


1. MEETING STAKEHOLDER NEEDS (cont.)

• Stakeholder needs have to be transformed into


an enterprise’s practical strategy.
• The COBIT 5 goals cascade translates
stakeholder needs into specific, practical and
customised goals within the context of the
enterprise, IT-related goals and
enabler goals.

Source: COBIT® 5, figure 4. © 2012 ISACA® All rights reserved.


2. COVERING THE ENTERPRISE END-TO-END

• COBIT 5 addresses the governance and management of information


and related technology from an enterprisewide, end-to-end
perspective.
• This means that COBIT 5:
• Integrates governance of enterprise IT into enterprise governance
• Covers all functions and processes within the enterprise; COBIT 5 does not
focus only on the ‘IT function’, but treats information and related
technologies as assets that need to be dealt with just like any other asset by
everyone in the enterprise.
2. COVERING THE ENTERPRISE END-TO-END
(cont.)

Key components
of a governance
system

Source: COBIT® 5, figure 9. © 2012 ISACA® All rights reserved.


3. APPLYING A SINGLE INTEGRATED
FRAMEWORK

• COBIT 5 aligns with the latest relevant other standards and frameworks used by
enterprises:
• Enterprise: COSO, COSO ERM, ISO/IEC 9000, ISO/IEC 31000
• IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, PMBOK/PRINCE2,
CMMI
• This allows the enterprise to use COBIT 5 as the overarching governance and
management framework integrator.
4. ENABLING A HOLISTIC APPROACH

COBIT 5 enablers are:


• Factors that, individually and collectively, influence whether something will
work—in the case of COBIT, governance and management over enterprise IT
• Driven by the goals cascade, i.e., higher-level IT-related goals define what the
different enablers should achieve
• Described by the COBIT 5 framework in seven categories
4. Enabling a Holistic Approach
(cont.)

To Unite

Busines

IT
4. ENABLING A HOLISTIC APPROACH (cont.)

1. Principles, policies and frameworks—Are the vehicles to translate the desired behaviour into practical
guidance for day-to-day management
2. Processes—Describe an organised set of practices and activities to achieve certain objectives and produce a
set of outputs in support of achieving overall IT-related goals
3. Organisational structures—Are the key decision-making entities in an organization
4. Culture, ethics and behaviour—Of individuals and of the organisation; very often underestimated as a
success factor in governance and management activities
5. Information—Is pervasive throughout any organisation, i.e., deals with all information produced and used by
the enterprise. Information is required for keeping the organisation running and well governed, but at the
operational level, information is very often the key product of the enterprise itself.
6. Services, infrastructure and applications—Include the infrastructure, technology and applications that
provide the enterprise with information technology processing and services
7. People, skills and competencies—Are linked to people and are required for successful completion of all
activities and for making correct decisions and taking corrective actions
5. SEPARATING GOVERNANCE FROM
MANAGEMENT

• The COBIT 5 framework makes a clear distinction between governance


and management.
• These two disciplines:
– Encompass different types of activities
– Require different organisational structures
– Serve different purposes
• Governance—In most enterprises, governance is the responsibility of the
board of directors under the leadership of the chairperson.
• Management—In most enterprises, management is the responsibility of
the executive management under the leadership of the CEO.
5. SEPARATING GOVERNANCE FROM
MANAGEMENT (cont.)
COBIT 5 is not prescriptive, but it advocates that organisations implement
governance and management processes such that the key areas are covered, as
shown
COBIT 5 : Enabler Dimensions
Method
People Goal How? Guide
COBIT 5 PROCESS REFERENCE MODEL (PRM)
COBIT 4.1 VS ISO 15504

ISO/IEC 15504
COBIT 4.1 Process Maturity
Level
Capability Level Attribute

PA 5.1 Process Innovation


5 Optimised 5 Optimizing
PA 5.2 Process Optimization

PA 4.1 Process Measurement Measure


4 Manage and Measureable 4 Predictable
PA 4.2 Process Control

PA 3.1 Process Definition Meet


3 Defined 3 Established the Standards
PA 3.2 Process Deployment

PA 2.1 Performance Management Output


2 Repeatable but Intuitive 2 Managed Consistency
PA 2.2 Work Product Management
Manage

1 Initial/ad hoc 1 Performed PA 1.1 Process Performance

0 Non-existent 0 Incomplete
COBIT 5 ASSESSMENT : RATING LEVELS
COBIT 5 ASSESSMENT: LEVELS AND
NECESSARY RATINGS
COBIT 5 IMPLEMENTATION

COBIT 5: Implementation covers the following subjects:


• Positioning GEIT within an enterprise
• Taking the first steps towards improving GEIT
• Implementation challenges and success factors
• Enabling GEIT-related organisational and behavioural change
• Implementing continual improvement that includes change enablement and
programme management
• Using COBIT 5 and its components
COBIT 5 Implementation (cont.)
Thank you
NEW AND MODIFIED PROCESS IN COBIT 5

COBIT 5 has clarified management level processes and


integrated COBIT 4.1, Val IT and Risk IT content into one
process reference model
NEW AND MODIFIED PROCESS IN COBIT 5
(cont.)

There are several new and modified processes that reflect current thinking, in particular:
APO03 Manage enterprise architecture.
APO04 Manage innovation.
APO05 Manage portfolio.
APO06 Manage budget and costs.
APO08 Manage relationships.
APO13 Manage security.
BAI05 Manage organisational change enablement.
BAI08 Manage knowledge.
BAI09 Manage assets.
DSS05 Manage security service.
DSS06 Manage business process controls.
8. RACI CHARTS (cont.)

Source: COBIT® 4.1, page 39. © 2007 IT Governance Institute® All rights reserved.

Source: COBIT® 5: Enabling Processes, page 31. © 2012 ISACA® All rights reserved.
APPENDIX D
FIGURE 5
APPENDIX B
FIGURE 6
APPENDIX C
Thank you
PT INDONESIA COMNETS PLUS
Address Line 1
City, Country, Zipcode

T (021) 000 0000


F (021) 000 0000
E [email protected]
www.iconpln.co.id

You might also like