2. WHY IT GOVERNANCE
Promotes Diligence.
IT is Critical & Strategic to the
Business.
Expectations Vs Reality
IT Involves Huge Investments
and High Risks.
Balance b/w Performance &
Conformance
2
Performance
Conformance
ITGOVERNANCE–COBITPERSPECTIVE
3. NEED FOR IT GOVERNANCE
3
VALUE /
COST
ALIGNING IT
WITH BUSINESS
SECURITY
KEEP IT
RUNNING
MANAGING
COMPLEXITY
REGULATION
• Structured Approach is Required by Organizations to Manage these Challenges.
• Governance ensures that there are:
• Agreed Objectives for IT
• Adequate Controls are in place
• Effective Performance Monitoring
ITGOVERNANCE–COBITPERSPECTIVE
4. WITHOUT GOVERNANCE
4
R E S U LT
“Over” Budgeting Proceedings “Late”
Business Needs
“Not Met”
Benefits
“Not” Received
“Lack” of Confidence
in IT
L E A D S TO
“Too Many” Projects “Quality” of Execution “Cant Kill” Projects
“Under-Estimation”
Risks & Costs
“Not” Aligned to
Strategy
S I T UA T I O N
Reluctance to Say
“No” to Projects
“Lack” of Strategic
Focus
“No” Strong View
for Projects
“Over Emphasis”
Financial ROI
“No” Clear Strategic
Criteria
ITGOVERNANCE–COBITPERSPECTIVE
5. IT GOVERNANCE - DEFINED
5
IT
GOVERNANCE
Strategic
Alignment
Value
Delivery
Performance
Measurement
Resource
Management
Risk
Management
Information Technology
Governance controls the present
and future use of ICT in a manner
aligned to Business Requirements
Involves maintaining, evaluating
and directing support to the
Organization for Effective
Monitoring, Strategy, Policy
development and Enabling ICT
use
Governance Goals
• Providing Strategic Direction
• Ensure Objectives are Achieved
and Yield Expected Value.
• Performance is Maintained.
• Risks are Identified & Managed
• Verify Enterprise’s Resources
Usage with Responsibility.
ITGOVERNANCE–COBITPERSPECTIVE
6. IT G OVERNANC E
IT DISCIPLINES, DRIVERS & ISSUES
6
• Business Ser vice Management
• Business Technology Optimization
• Enterprise Technology Architecture
• Asset Management
• Portfolio Management
• Security Assessment
• Ser vice Management
• Project Governance
• Project Management
ITGOVERNANCE–COBITPERSPECTIVE
DRIVERS
IT is Central to Business Success.
Optimize Returns on IT Related
Business Investments.
Holding Transparency.
Legal & Regulatory Compliance
And Assure that all Stated is Achieved.
ISSUES
Understanding & Managing all IT
Related Risks.
Deliver Value from IT
Expenditure.
Assure Business Maximize
Opportunities for use of IT
including new technologies.
Enhance Understanding between
IT Function & Business.
Ensure and Maintain
Appropriate IT Capabilities.
7. IT G OVERNANC E
MAKING IT WORK – CONTINUED..
7
BOARD OF DIRECTORS:
Set Direction for IT, Monitor Results and Insist on Corrective Measures.
BUSINESS MANAGEMENT:
Defines Business Requirements for IT and Ensures that Value is Delivered and
Risks Managed.
IT MANAGEMENT
Delivers and Improves IT Services as Required by Business.
IT AUDIT
Provides Independent Assurance to Demonstrate that IT Delivers the Needed.
COMPLIANCE
Measures Compliance with Policies and Focuses on Alerts to Emerging Risks.
PositionAvailable–RoleDefinitionRequired.
ITGOVERNANCE–COBITPERSPECTIVE
8. COBIT
C O M M O N O B J E C T I V E S F O R I N F O R M AT I O N & R E L AT E D T E C H N O L O G Y
Control Objectives for Information and Related Technology (COBIT) is a Set of Best Practices for IT
Management developed by Information Systems Audit & Control Association (ISACA), and the IT
Governance Institute (ITGI) in 1992.
COBIT provides Managers, IT Resources & Auditors with a set of Generally Accepted Measures,
Indicators, Processes and Best-Practices, assisting them in Maximizing Benefits in appropriation for
Governance and Control.
Comprise of 34 High Level Processes covering 210 Control Objectives categorized in Four
Domains:
Planning & Organization
Acquisition & Implementation
Delivery & Support
Monitoring & Evaluation.
8
ITGOVERNANCE–COBITPERSPECTIVE
COBIT 1
AU D I T
COBIT 2
C O N T R O L
COBIT 3
M A N AG E M E N T
COBIT 4
G OV E R N A N C E
1996 1998 2000 2005
EVOLUTION
9. COBIT
PRODUCT & CONTENT
COBIT products are organized
into three levels, designed to
support:
Executive Management &
Board
Business & IT Management
Governance, Assurance,
Control and Security
Professionals.
9
How Does the Board
Exercise its
Responsibilities?
Executives & Board
•How do we Measure
Performance?
•How do we Compare to Others?
•How do Improve over Time?
Business & Technology Management
• IT Governance Framework?
• Implementation in the Enterprise?
• Assessment of IT Governance Framework?
Governance, Assurance, Control & Security Pro.
Board Briefing on
IT Governance
Mgt.
Guidelines
COBIT & Val
IT Framework
Control
Objectives
Key Mgt
Practices
IT Gov.
Implementation
Guide
COBIT Control
Practices
IT Assurance
Guide
ITGOVERNANCE–COBITPERSPECTIVE
10. COBIT – PRINCIPLE
Starts from Business
Requirements.
Process-Oriented:
Organizing IT activities into
a generally accepted
Process Model.
Identify Major IT Resources
to be leveraged.
Define Management
Control Objectives for
Consideration.
Incorporate International
IS Service Standards.
Valuated as the de-facto
standard for IT Governance
& Control.
10
COBIT allow Managers to Bridge-Gap between Control Requirements, Technical Issues
and Business Risks. Thus enabling Clear Policy Development, Inline Implementation and
Practiced IT Controls throughout the Enterprise, engaging Assured & Improved Value
from IT Investments.
IT
Resources
IT
Processes
Info.
Criteria
Business
Strategy
COBIT
COMPONENTS
Drives
Investments
Responds to
Used
by
To
Deliver
ITGOVERNANCE–COBITPERSPECTIVE
11. 11
It is Imperative that Stake Holders take Process Ownership (What Needs to be Delivered)
& Specify Direction (And How) by IT.
C O B I T
BUSINESS GOALS & IT GOALS
Enterprise
Strategy
Business
Goals For IT
IT Goals
Enterprise
Arch. For IT
IT
Scorecard
Business
Requirements
Information
Services
Governance
Requirements
Information
Criteria
BUSINESS GOALS FOR IT
Require
Influence
Imply
IT Processes
Information
Applications
Infrastructure
& People
ENTERPRISE ARCHITECTU RE - IT
Deliver
Need
Run
ITGOVERNANCE–COBITPERSPECTIVE
12. COBIT – FRAMEWORK DEFINED
12
CONTROL FRAMEWORK
Business
Focus
Common
Language
Process
Orientation
General
Acceptability
Regulatory
Requirements
1. Aligning IT with
business objectives.
2. Measure IT
performance on its
contribution in
enabling &
extending business
strategy.
3. Supported by
business-focused
metrics, assures
value delivery as
primary focus not
technical excellence
as an end in itself.
1. Commonality
enable everybody
on the same page
by defining major
terms and glossary.
2. Co-ordination
within, across
project teams and
organizations play
a key role in the
project success.
3. Build confidence &
trust.
1. Implementation
process-oriented.
2. Incidents &
problems no longer
divert attention
from processes.
3. Exceptions clearly
defined as part of
standard processes.
4. With ownership
defined, assigned
and accepted,
better controls are
exercised.
1. Proven globally
accepted standards
for increasing
contribution of IT
to company’s
success.
2. The framework
continues to
improve & develop
good practices.
3. IT professionals
from all over
contribute their
ideas and time to
regular review
meetings.
1. Organization
constantly need to
improve IT
performance and
demonstrate
adequate controls.
2. IT Managers,
Advisors and
Auditors are turning
to COBIT as the
de-facto Regulatory
Plane.
Business Driven Process Oriented Control Driven Measured
ITGOVERNANCE–COBITPERSPECTIVE
13. COBIT – CUBE
13
Focused Key Areas:
• Provide Information to Support Business Objectives & Requirements.
• Treating Resulting Information to be managed by IT processes.
IT Process
Bus. Requirement
Control Approach
Consideration
COBIT
Cube
Information Criteria
Effectiveness
Efficiency
Confidentiality
Integrity
Availability
Compliance
Reliability IT Resources
Applications
Information
Infrastructure
People
IT Process
Domain
Processes
Activities
ITGOVERNANCE–COBITPERSPECTIVE
14. COBIT – OBJECTIVES ILLUSTRATED
14
Information
Plan &
Organize
Acquire &
Implement
Deliver &
Support
Monitor &
Evaluate IT
Resources
P01 Define Strategic Plan.
P02 Define Information
Architecture.
P03 Define Technological
Direction
P04 Define IT Processes,
Organization & Relationship.
P05 Manage IT Investment
P06 Communicate Mgt Aims
& Direction.
P07 Manage IT HR
P08 Manage Quality
P09 Assess & Manage IT
Risks.
P10. Manage Projects
A11 Identify Automated
Solutions
A12 Acquire & Maintain
Application Software.
A13 Acquire & Maintain
Technology Architecture
A14 Enable Operation &
Use.
A15 Procure IT Resources
A16 Manage Changes.
A17 Install & Accredit
Solution & Changes.
ME1 Monitor & Evaluate IT
Performance
ME2 Monitor & Evaluate
Internal Controls.
ME3 Ensure Compliance
with External Requirements.
ME4 Provide IT Governance
DS1 Define & Manage
Service Level.
DS2 Manage Third Party
Service.
DS3. Manage Performance &
Capacity.
DS4 Ensure Continuous
Service.
DS5 Ensure Sys. Security.
DS6 Identify & Allocate Cost
DS7 Educate & Train Users
DS8 Manage Service Desk &
Incidents
DS9 Manage Configuration
DS10 Manage Problem
DS11 Manage Data
DS12 Manage Physical Env.
DS13 Manage Operations.
Application
Information
Infrastructure
People
Efficiency
Effectiveness
Compliance
Reliability
Integrity
Availability
Confidentiality
Business &
Governance Objectives
ITGOVERNANCE–COBITPERSPECTIVE
15. COBIT
FUNCTIONAL BOUNDARIES – BUSINESS & IT
Responsibility is jointly served by and between Stake Holders and IT.
• Business is Responsible to:
• Define Functional & Control Requirements
• Use & Promote Automated Services
• IT is Responsible to:
• Automate & Implement Business Functional & Control Requirements
• Establish Controls to Maintain Information | Data Integrity.
BUSINESS
RESPONSIBILITY
IT
RESPONSIBILITY
BUSINESS
RESPONSIBILITY
Business
Controls
IT General
Controls
Business
Controls
PLAN & ORGANIZE
MONITOR & EVALUATE
ACQUIRE &
IMPLEMENT
DELIVER &
SUPPORT
A P P L I C A T I O N C O N T R O L S
Automated
Services
Functional
Requirements
Control
Requirements
ITGOVERNANCE–COBITPERSPECTIVE
16. COBIT PLACEMENT
16
Performance
Business Goals
Conformance
Balanced Scorecard COSO
C O B I T
ISO 17799 ISO 20000
QA Procedures
Security
Principles
ITSM
DRIVERS
ENTERPRISE
GOVERNANCE
IT
GOVERNANCE
BEST
PRACTICES |
STANDARDS
PROCESSES &
PROCEDURES
W
H
A
T
H
O
W
COVERAGE
ITGOVERNANCE–COBITPERSPECTIVE