Memahami Cobit Versi NUS

COBIT 5 as IT Management Best
Practice Framework
Please see Acknowledgements & Notices in last few slides

ATA/Lucid/2010-01-25 MUS/
COBIT as IT Mgt Bst-Prctce Frmwrk.ppt/v1.0
2010 NUS. All Rights Reserved Unless

Otherwise Stated.
What is COBIT?
Control OBjectives for Information and related Technology
International framework from ISACA and IT Governance Institute
Helps maximise value of IT to businesses
Originally, more for monitoring/ audit /risk assessment of IT
management processes
Increasingly recognised as comprehensive framework of IT
Management best practices
Advises on WHAT to do
Some high-level of how to do
Currently Version 5

Otherwise Stated.
COBIT - Governance and Management
generally, the responsibility of

Board of Directors
Strategic
Tactical
Operational
Nb: Words in green above NOT part of COBIT but added by the author of this presentation.

Otherwise Stated.
COBIT5 Processes
Domains
Governance
Align, Plan &

Organise
Manage the IT Management

Framework
Manage Strategy
Manage Innovation
Manage Enterprise
Architecture
Manage Portfolio
Manage Budget and Costs
Manage Human Resources
Manage Relationships
Manage Service Agreements
Manage Suppliers
Manage Quality
Manage Risk
Manage Security
Build, Acquire &

Implement
Manage Programmes &

Projects
Manage Requirements
Definition
Manage Solutions
Identification and Build
Manage Availability &
Capacity
Manage Change Acceptance
and Transitioning
Manage Organisational
Change Management
Manage Changes
Manage Knowledge
Manage Assets
Manage Configuration
Ensure Governance Framework

Setting and Maintenance
Ensure Benefits Delivery
Ensure Risk Optimisation
Ensure Resource Optimisation
Ensure Stakeholder
Transparency
Deliver, Service &

Support
Manage Operations
Manage Service Requests
& Incidents
Manage Problems
Manage Continuity
Manage Security Services
Manage Business Process
Controls
Processes
Monitor, Evaluate &

Assess
Monitor, Evaluate and

Assess Performance &
Conformance
Assess the System of
Internal Control
Assess Compliance with
External Requirements

Otherwise Stated.
Domain BAI - Build, Acquire & Implement
Programmes
Manage Programmes (and Projects)
Projects
Manage (Programmes and) Projects
Requirements
Manage Requirements Definition
Manage Availability & Capacity
Design & Build
Manage Solutions Identification and Build
Test & Implement
Manage Change Acceptance and Transitioning
Changes
Manage (IT) Changes
Manage Organisational Change Management
Supporting Processes
Manage Knowledge
Manage Assets
Manage Configuration
Nb: Bold headings are

authors own categorisation
& are not part of COBIT

Otherwise Stated.
Domain BAI - Build, Acquire & Implement
Programme Management
(Generic) Project Management
Build, Acquire
& Implement
(BAI)
IT Systems Devt Life Cycle Mgt

Requirements &
Feasibility
Design &
Build
Test &
Implement
Manage Changes
IT and Organisational
Support Processes
Knowledge, Asset, Configuration
Nb: Above is NOT part of COBIT. Used only to help in explaining the relationships within COBIT.

Otherwise Stated.
BAI Relationship with APO

(Strategic)
Pre-Project
Align, Plan
& Organise
(APO)
Development
Production
IT Strategy / Innovation / Ent. Architecture / Portfolio Management
Build, Acquire
& Implement
(BAI)

Requirements &
Feasibility
(Tactical)
Design &
Build
IT
Ongoing
Management
Test &
Implement
Manage Changes
Support Processes

Otherwise Stated.
Domain APO Align, Plan & Organise

Strategy/ Architecture / Portfolio
Manage the IT Management Framework

Manage Strategy
Manage Innovation
Manage Enterprise Architecture
Manage Portfolio
IT Ongoing Management
IT Strategy / Architecture / Portfolio Management

Requirements &
Feasibility
Design &
Build
Test &
Implement
Manage Changes
Support Processes
IT
Ongoing
Management
Manage Budget and Costs

Manage Human Resources
Manage Relationships
Manage Service Agreements
Manage Suppliers
Manage Quality
Manage Risk
Manage Security

Otherwise Stated.
COBIT Domains Deliver, Service &

Support (DSS)
Service Operations
Manage Operations
Manage Service Requests &
Incidents
Manage Problems
Manage Continuity
Manage Security Services
Manage Business Process
Controls

Otherwise Stated.
DSS Relationship with BAI & APO

(Strategic)
Pre-Project
Align, Plan
& Organise
(APO)
Development
Production
(Tactical)
Build,
Acquire &
Implement
(BAI)
IT
Ongoing
Management

Requirements
& Feasibility
Design &
Build
Test &
Implement
Manage Changes
IT & Organisational
Support Processes
Knowledge, Assets, Configuration
Deliver,
Service &
Support (DSS)
(Operational)
Service
Operations

Otherwise Stated.
10
COBIT Domains Monitor, Evaluate &

Assess
Monitor, Evaluate and Assess
Performance & Conformance
System of Internal Control
Compliance with External Requirements


Otherwise Stated.
11
MEA Relationship with APO / BAI / DSS

(Strategic)
Pre-Project
Align, Plan
& Organise
(APO)
Development
Production
Measure,
Evaluate &
Assess (MEA)
(Tactical)
Build,
Acquire &
Implement
(BAI)
IT
Ongoing
Management
Measure,
Evaluate
&
Assess

Requirements
& Feasibility
Design &
Build
Test &
Implement
Manage Changes
IT & Organisational
Support Processes
Deliver,
Service &
Support (DSS)
(Operational)
Service
Operations

Otherwise Stated.
12
COBIT Domains Governance
Monitor, Evaluate & Direct to:

Ensure Governance Framework Setting
and Maintenance
Ensure Benefits Delivery
Ensure Risk Optimisation
Ensure Resource Optimisation
Ensure Stakeholder Transparency


Otherwise Stated.
13
Governance Relationship To Management

Evaluate
(Governance)
Direct
Pre-Project
(Strategic Mgt)
Align, Plan
& Organise
(APO)
Development
Production
Measure,
Evaluate &
Assess (MEA)
(Tactical Mgt)
Build,
Acquire &
Implement
(BAI)
Monitor
IT
Ongoing
Management
Measure,
Evaluate
&
Assess

Requirements
& Feasibility
Design &
Build
Test &
Implement
Manage Changes
IT & Organisational
Support Processes
Deliver, Service &

Support (DSS)
(Operational Mgt)
Service
Operations

Otherwise Stated.
14
Further Process Details

COBIT provides further details to the Process
Breakdown of Process
Process
Management Practices
Activities
RACI for Management Practices

Inputs-Outputs for each Activity
Metrics for the overall process
IT-related
Process-related

Otherwise Stated.
15
COBIT Process Details Management

Practices
Manage Programmes and Projects
Process
Maintain a standard approach for programme and project

management
Initiate a programme.
Manage stakeholder engagement.
Develop and maintain the programme plan.
Launch and execute the programme
Monitor, control and report on the programme outcomes.
Start up and initiate projects within a programme.
Plan projects
Manage programme and project quality
Manage programme and project risk
Monitor and control projects
Manage project resources and work packages.
Close a project or iteration
Close a programme.
Management
Practices

Otherwise Stated.
16
COBIT Process Details Management

Practices and Activities
Process
Manage Programmes and Projects

Maintain a standard approach for programme and project management
Initiate a programme
Activities
Management
Practices
Agree on programme sponsorship and appoint a programme board/committee with members who have
strategic interest in the programme, have responsibility for the investment decision making, will be
significantly impacted by the programme and will be required to enable delivery of the change.
Confirm the programme mandate with sponsors and stakeholders. Articulate the strategic objectives for
the programme, potential strategies for delivery, improvement and benefits that are expected to result,
and how the programme fits with other initiatives.
Develop a detailed business case for a programme, if warranted. Involve all key stakeholders to develop
and document a complete understanding of the expected enterprise outcomes, how they will be
measured, the full scope of initiatives required, the risk involved and the impact on all aspects of the
enterprise. Identify and assess alternative courses of action to achieve the desired enterprise outcomes.
Develop a benefits realisation plan that will be managed throughout the programme to ensure that
planned benefits always have owners and are achieved, sustained and optimised.
Prepare and submit for in-principle approval the initial (conceptual) programme business case, providing
essential decision-making information regarding purpose, contribution to business objectives, expected
value created, time frames, etc
Appoint a dedicated manager for the programme, with the commensurate competencies and skills to
manage the programme effectively
and efficiently.
Manage stakeholder engagement.

Otherwise Stated.
17
COBIT Process Details RACI for

Management Practices

Otherwise Stated.
18
COBIT Process Details InputsOutputs for Each Activity

Otherwise Stated.
19
COBIT Process Details IT-Related

Metrics
Example - from Manage Programmes and Projects process

Otherwise Stated.
20
COBIT Process Details ProcessRelated Metrics

Example - from Manage Programmes and Projects process

Otherwise Stated.
21
Other Key Elements of COBIT

Principles
Enablers
Lifecycle Approach
Process Capability Model
COBIT 5 Product Family

Otherwise Stated.
22
Principles

Otherwise Stated.
23
Enablers

Otherwise Stated.
24
Lifecycle Approach

Otherwise Stated.
25
Process Capability Model

Otherwise Stated.
26
COBIT 5 Product Family

Otherwise Stated.
27
COBIT 5 Mapping to Other Frameworks
Nb: Some of the other frameworks can map to more than one COBIT domain (eg. ITIL/COBIT) but for simplicity, only one domain is mapped here

Otherwise Stated.
28
For Further Information

For further details on COBIT course
http://www.iss.nus.edu.sg/ProfessionalCourse
s/SearchCourse/CourseDetail/tabid/267/cid/20
/cname/nicf-cobit-foundation/Default.aspx
For other related courses:

http://www.iss.nus.edu.sg/ProfessionalCourse
s/CourseCatalogue.aspx

Otherwise Stated.
29
Acknowledgements & Sources

Sources used in this presentation:
Information Systems Audit and Control
Association. (2012). COBIT 5: Enabling
processes. Rolling Meadows, IL: ISACA.

Otherwise Stated.
30
Acknowledgements & Notices

COBIT is a registered trade mark of ISACA and the IT Governance Institute
CGEIT is a registered trade mark of ISACA

TOGAF is a registered trademark of The Open Group in the United States and
other countries
CBAP is a registered certification mark owned by International Institute of
Business Analysis
CISSP is a registered Trademark of (ISC)2

SCRUM Alliance REP SM is a service mark of Scrum Alliance, Inc.
PMP is a registered mark of Project Management Institute, Inc.
ITIL, PRINCE2, P3O, MSP are registered trade marks of the Cabinet
Office
CMMI is registered in the U.S. Patent and Trademark Office by Carnegie Mellon
University
The Swirl logo is a trade mark of the Cabinet Office
2011 NUS unless otherwise stated. The contents of this document may not be
reproduced in any form or by any means, without the written permission of ISS,
NUS, other than for the purpose for which it has been supplied

Otherwise Stated.
The End

Otherwise Stated.
32

Memahami Cobit Versi NUS

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Memahami Cobit Versi NUS

Hochgeladen von

Copyright:

Verfügbare Formate

COBIT 5 as IT Management Best

Please see Acknowledgements & Notices in last few slides

2010 NUS. All Rights Reserved Unless

2010 NUS. All Rights Reserved Unless

COBIT - Governance and Management

generally, the responsibility of

2010 NUS. All Rights Reserved Unless

Align, Plan &

Manage the IT Management

Build, Acquire &

Manage Programmes &

Ensure Governance Framework

Deliver, Service &

Monitor, Evaluate &

Monitor, Evaluate and

2010 NUS. All Rights Reserved Unless

Domain BAI - Build, Acquire & Implement

Nb: Bold headings are

2010 NUS. All Rights Reserved Unless

Domain BAI - Build, Acquire & Implement

IT Systems Devt Life Cycle Mgt

2010 NUS. All Rights Reserved Unless

BAI Relationship with APO

IT Strategy / Innovation / Ent. Architecture / Portfolio Management

IT Systems Devt Life Cycle Mgt

2010 NUS. All Rights Reserved Unless

Domain APO Align, Plan & Organise

Manage the IT Management Framework

IT Systems Devt Life Cycle Mgt

Manage Budget and Costs

2010 NUS. All Rights Reserved Unless

COBIT Domains Deliver, Service &

2010 NUS. All Rights Reserved Unless

DSS Relationship with BAI & APO

IT Strategy / Innovation / Ent. Architecture / Portfolio Management

(Generic) Project Management

IT Systems Devt Life Cycle Mgt

2010 NUS. All Rights Reserved Unless

COBIT Domains Monitor, Evaluate &

Nb: Bold headings are

2010 NUS. All Rights Reserved Unless

MEA Relationship with APO / BAI / DSS

IT Strategy / Innovation / Ent. Architecture / Portfolio Management

(Generic) Project Management

IT Systems Devt Life Cycle Mgt

2010 NUS. All Rights Reserved Unless

COBIT Domains Governance

Monitor, Evaluate & Direct to:

Nb: Bold headings are

2010 NUS. All Rights Reserved Unless

Governance Relationship To Management

IT Strategy / Innovation / Ent. Architecture / Portfolio Management

IT Systems Devt Life Cycle Mgt

Deliver, Service &

2010 NUS. All Rights Reserved Unless

Further Process Details

RACI for Management Practices

2010 NUS. All Rights Reserved Unless

COBIT Process Details Management

Maintain a standard approach for programme and project

2010 NUS. All Rights Reserved Unless

COBIT Process Details Management

Manage Programmes and Projects

Manage stakeholder engagement.