COBIT Introduction

By Collin Smith

http://techinitiatives.blogspot.com

Contents

Introduction 3

COBIT Domains 6

Video 8

COBIT Processes 9

Governance 14

Introduction

• COBIT – Control Objectives for Information and related Technology

• COBIT development started in 1994 with first version published in 1996 by ISACA (Information Systems Audit and Control Association) http://www.isaca.org

• Currently at version 4.1

• A model designed to control of the IT function

• Supports IT governance by providing a comprehensive description of the control objectives for IT processes

COBIT Target Groups

• COBIT is primarily intended for management, business users of IT and auditors

• Main target groups– Managers – holding executive responsibility for operation of the

enterprise

– End users – provide assurance of security and controls

– Auditors – independent assurance of quality and controls

– Business and IT consultants – bring knowledge and advice

– IT Service Management Professionals – provides a framework covering complete lifecycle of IT systems and services

COBIT Structure

• IT Governance Cube with 3 interrelated viewpoints(Quality Criteria,IT Processes, and IT Resources

4 COBIT Domains

• Plan & Organize – concerned with identification of the way IT can best contribute to the achievement of business objectives

• Acquire and Implement – acquiring, implementing or development of IT Solutions to be integrated into business process

• Deliver & Support – delivery of required services including traditional operations, security, and training

• Monitor & Evaluate – regular assessment over time for quality and compliance with control requirements

COBIT mapped onto Management Cycle

VIDEO

• http://www.youtube.com/watch?v=bg_GEN8AZA0

COBIT Processes within Domains

• Each of the previous Domains are composed of processes(34):

Domains and processes

• A Domain contains the relationships of each individual processes

• For example: Plan and Organize

COBIT Domains with Processes

COBIT Process Descriptions

• COBIT does offer detailed descriptions for all 34 processes.

• The Process Descriptions:– contain the inputs, outputs, responsibilities, metrics and goals

– Provide a basis of expert knowledge from which the enterprise may decide is relevant to their organization

– Diagrams with relationships to other processes are also illustrated

PO1 – Define a Strategic PlanProcess Description

COBIT as an IT Governance Framework

• COBIT provides a framework to control IT and supports the following 5 requirements for an IT control framework

– Providing a sharper business focus

– Ensuring a process orientation

– Having a general acceptability among organizations

– Defining a common language

– Helping to meet regulatory requirements

IT Governance Focus Areas

• Strategic Alignment – focus on ensuring the linkage of business and IT plans

• Value Delivery – executing the value proposition throughout the delivery cycle

• Risk Management – requires risk awareness by senior corporate officers, compliance requirements, transparency

• Resource Management – optimal investment in and management of critical resources: people, applications, information and infrastructure

• Performance Measurement – tracks and monitors strategy implementation

IT Governance Focus Areas

References

• “IT Governance based on COBIT 4.0” (itSMF International)

• http://en.wikipedia.org/wiki/COBIT