john krogh - cobit5 not just for your auditor
DESCRIPTION
Bridging the Gap, Cobit 5! - Not Just For Your Auditor Anymore Your are the CIO and you are on the elevator. It stops on the 3rd floor on its way to your meeting on the 21st floor. The CEO walks in, and as the elevator doors close she turns to you and asks "What is the most important thing on your plate right now and why is it important to me?". You feel your blood pressure rise like the floor indicator on the elevator. As you begin to talk about the big high cost infrastructure project, you see her roll her eyes. You spout off generic benefits of virtualization and notice the CEO has a blank look on her face…you know you missed the mark! You think to yourself, I should have been more prepared! This presentation will show you how Cobit 5 helps IT organizations integrate their improvement efforts to business objectives. Providing both a governance and a management framework, Cobit 5 gives us a simple set of tools that allows you to map IT improvements quickly and effectively to the business benefit that is delivered. The integration of business and IT goals is the key to alignment, or better yet, "integration". Organizations that have an IT entity that is integrated to the business are able to make decisions based on the Value IT delivers and the Risk IT mitigates or creates instead of just making decisions based on IT costs.TRANSCRIPT
Cobit 5!Not just for your Auditor!!
(Cobit as an approach to Business & IT Alignment)!
Integra(on
Fusion
John Krogh
Twitter:@jakrogh
Blog:
www.johnakrogh.com!
Cobit 5 !
proven experience • proven tactics • proven success
© Service Management Art 2013!
What is Cobit!
Control Objectives for IT & Related Technology!
!A Business Framework for the Governance
and Management of Enterprise IT!
What is Governance!
?!
History of Cobit!
Cobit 1 published in 1994!Audit Focus
In 1977 the EDP Auditors (EDPAA) associa(on published the fore bearer of Cobit
Cobit 2nd Edition (1998)!Control Focus
Cobit 3rd Edition (2000)!Management Focus?
Established Management Guidelines Key Goal Indicators & Key Performance Indicators
!!
History of Cobit!Cobit 4.0 (2005)!IT Governance Focus
Val IT & Risk IT The goals cascade – buried in the guidance
Cobit 5 (2012) !Governance of Enterprise IT focus Tying together the ISACA Assets
Clearly iden(fying and isola(on "Governance" from "Management"
The "Improved" Goals Cascade an integrated part of the framework
Beyond Process! -‐ the 7 enablers. !
Cobit 5 Accreditation Scheme!
COBIT 5 Founda(on
COBIT 5 Processes
COBIT 5 Implementa(on
COBIT 5 Assessment
Cer(fied COBIT
Implementer
Cer(fied COBIT
Assessor
Under Development
(subject to change)
Cobit Myths!
Cobit is just the ITIL processes – reworded!Cobit is meant to be implemented!
Cobit only applies to large organizations!
Cobit addresses IT but not ITSM!Cobit adds bureaucracy!
Cobit is for IT not for the business!
Cobit as a Strategic Tool!
Stakeholder Needs
Enterprise Goals
IT Related Goals
Process (Enabler) Goals
The Goals Cascade
Workshops
Tes(ng & Valida(on
Steps to Strategic Alignment!
Agree enterprise goals (priority)!Stakeholder workshops /Needs analysis
map stakeholder needs to Cobit’s generic business goals (documen(ng excep(ons / condi(ons)
Mapping enterprise goals to IT-related goals!Validate with stakeholders
Mapping IT related goals to process goals!Validate process outcomes against stakeholder
needs Implementation !
Stakeholders!
Board!Shareholders!
CEO, CFO, CIO, CRO!Business Executives!
Business Process Owners!HR!
IT Mangers!etc!
Stakeholder Questions!
How do I get value from the use of IT?!How do I manage performance of IT!How can I best exploit technology?!
How do I best structure my IT department!How do I gain assurance of external providers!
What are the control requirements for information!
...!! Define….
Stakeholder Needs!
Map to ……
Governance Objec(ve: Value Crea(on
Benefits Realiza(on
Risk Op(miza(on
Resource Op(miza(on
Stakeholder Needs
Drive
Enterprise Goals!
Shareholder value of business investments!Portfolio of competitive products and services!
Manages business risk!Financial transparency!
Customer oriented service culture!Optimization of service delivery!
Skilled & motivated people!10 others…!
! Cascade to….
IT – Related Goals!
Alignment of IT and Business Strategy!Compliance with….!
Manage IT related business risk!Delivery of IT services in line with bus
requirements!IT Agility!
Delivery of IT Programs!Knowledge!10 others…!
! Cascade to….
Process Goals(and other enablers)!
Ensure benefits delivery!Ensure resource optimization!Manage service agreements!
Manage availability and capacity!Manage change!
Manage problems!31 others….!
COBIT Processes!
Cascade – in Practice!
Big Oil – IT Objective Statement!!
IT will be recognized internally as a strategic differentiator for the business. Providing clear value for money and responding to
changing business requirements.!
Big Oil – Stakeholder Workshop!
With Key Stakeholders!!
Agree objective statement!Prioritize generic enterprise goals!
Agree scope of improvements!Document variances from generic goals!
Big Oil – Enterprise Goals!
1. Stakeholder Value of Business Investments!
5. Financial Transparency!8. Agile Responses to a Changing Business
Environment!17. Products and Business Innovation
Culture!
Big Oil – Stakeholder Workshop!
With Key Stakeholders and using “goals cascade”!
!Identify candidate IT related goals!
Validate goal outcomes against stakeholder needs!
Agree IT related goals in scope!!
Big Oil – IT Related Goals!
1. Alignment of IT and business strategy!3. Commitment of exec. For making IT
related decisions!7. Delivery of IT services in line with
business requirements!9. IT agility!
11. Optimization of IT assets resources and capabilities!
Big Oil – Stakeholder Workshop!
With Key Stakeholders and using “goals cascade”!
!Identify candidate IT processes for
improvement!Perform Capability Assessment!
Agree process target capabilities!Initiate and charter an improvement program!
!
Big Oil – IT Processes!
EDM01 Ensure governance framework setting and maintenance!
EDM02 Ensure benefits delivery!APO08 Manage Relationships!
APO10 Manage Suppliers!DSS03 Manage Problems!
MEA01 Monitor, Evaluate and Assess Performance and Conformance!
Answering the Question!
This investment in achieving the enabler goals:!! ! !!____________________________!
Will allow IT to achieve the IT related goal of:!! ! !!____________________________!Which support the Enterprise Goals of:!! ! !!____________________________!
Which address your need to: !! ! !!____________________________!
!
Questions!
?!