cobit introduction by collin smith
Post on 19-Dec-2015
220 views
TRANSCRIPT
Introduction
• COBIT – Control Objectives for Information and related Technology
• COBIT development started in 1994 with first version published in 1996 by ISACA (Information Systems Audit and Control Association) http://www.isaca.org
• Currently at version 4.1
• A model designed to control of the IT function
• Supports IT governance by providing a comprehensive description of the control objectives for IT processes
COBIT Target Groups
• COBIT is primarily intended for management, business users of IT and auditors
• Main target groups– Managers – holding executive responsibility for operation of the
enterprise
– End users – provide assurance of security and controls
– Auditors – independent assurance of quality and controls
– Business and IT consultants – bring knowledge and advice
– IT Service Management Professionals – provides a framework covering complete lifecycle of IT systems and services
COBIT Structure
• IT Governance Cube with 3 interrelated viewpoints(Quality Criteria,IT Processes, and IT Resources
4 COBIT Domains
• Plan & Organize – concerned with identification of the way IT can best contribute to the achievement of business objectives
• Acquire and Implement – acquiring, implementing or development of IT Solutions to be integrated into business process
• Deliver & Support – delivery of required services including traditional operations, security, and training
• Monitor & Evaluate – regular assessment over time for quality and compliance with control requirements
Domains and processes
• A Domain contains the relationships of each individual processes
• For example: Plan and Organize
COBIT Process Descriptions
• COBIT does offer detailed descriptions for all 34 processes.
• The Process Descriptions:– contain the inputs, outputs, responsibilities, metrics and goals
– Provide a basis of expert knowledge from which the enterprise may decide is relevant to their organization
– Diagrams with relationships to other processes are also illustrated
COBIT as an IT Governance Framework
• COBIT provides a framework to control IT and supports the following 5 requirements for an IT control framework
– Providing a sharper business focus
– Ensuring a process orientation
– Having a general acceptability among organizations
– Defining a common language
– Helping to meet regulatory requirements
IT Governance Focus Areas
• Strategic Alignment – focus on ensuring the linkage of business and IT plans
• Value Delivery – executing the value proposition throughout the delivery cycle
• Risk Management – requires risk awareness by senior corporate officers, compliance requirements, transparency
• Resource Management – optimal investment in and management of critical resources: people, applications, information and infrastructure
• Performance Measurement – tracks and monitors strategy implementation