SlideShare une entreprise Scribd logo

Cobit 41 framework

Télécharger en tant que PPTX, PDF
Yulias Sihombing, Ak, MAk, CIA
Yulias Sihombing, Ak, MAk, CIA
BusinessTechnologie
1  sur  36
Primary source: COBIT 4.1
IT governance: merupakan tanggung jawab eksekutif dan BoD. Terdiri dari kepemimpinan, struktur organisasi dan proses yang menjamin bahwa enterprise’s IT mendukung dan mengembangkan tujuan dan strategi organisasi. COBIT supports IT governance by providing a framework to ensure that: IT is aligned with the business IT enables the business and maximises benefits IT resources are used responsibly IT risks are managed appropriately IT transparency is achieved through performance measurement.
Strategic alignment: ensuring linkage of business and IT plan; defining, maintaining and validating IT value proposition; and aligning IT operations with enterprise operations. Value delivery: executing value proposition throughout delivery cycle, ensuring that IT deliver the promised benefit against strategy, concentrating on optimising costs and proving the intrinsic value of IT. Resource management: optimal investment in, and proper mgt of critical IT resource: applications, inf, infrastructure and people. Key issue relate to optimisation of knowledge and infrastructure. Risk management: risk awareness by senior officers, clear understanding of appetite for risk, understanding of compliance requirements, transparency about the sig. risk to enterprise and embedding of RM responsibilities into org. Perf measurement: track and monitor strategy implement, project completion, resource usage, process perf and service delivery, using, ex: BSC that translate strategy into action to achieve goals measurable beyond conventional accounting.
Business goals IT goals IT Processes Key Activities requirements information Control Outcomes Test Control Objectives Responsibilities and Accountibilities Chart Performance Indicators Outcomes Measures Control Design Test Control Practices based on Maturity Models derived from
A control framework for IT governance defines the reasons IT governance is needed, the stakeholders and what it needs to accomplish. Why In particular, management needs to know if inf is being managed, so that it is:  Likely to achieve its objectives  Resilient enough to learn and adapt  Judiciously managing the risks it faces  Appropriately recognising opportunities and acting upon them Enterprise cannot deliver effectively against business and governance requirement w/o adopting and implementing a governance and control FW for IT to:  Make a link to the business requirements  Make performance against these requirements transparent  Organise its activities into a generally accepted process model  Identify the major resources to be leveraged  Define the management control objectives to be considered.
Who A gov and control FW needs to serve a variety of internal and external stakeholders, each of whom has specific needs:  Stakeholders within enterprise who have interest in generating value fr IT invest:  Internal and external stakeholders who provide IT services:  Internal and external stakeholders who have a control/risk responsibility: What To meet the requirement listed in previous section, a FW for IT gov and control should:  Provide a business focus to enable alignment between business and IT objectives  Establish process orientation to define scope and extent of coverage, w/ defined structure enabling easy navigation of content.  Be generally acceptable by being consistent w/ accepted IT good practices and standard and independent of specific technologies.  Supply a common language w/ a set of terms and definitions that are generally understandable by all stakeholders.  Help meet regulatory req by being consistent with generally accepted corporate gov standard (e.g., COSO) and IT control expected by regulator and external auditor.
In response to the needs, the COBIT FW was created w/ main characteristics of being: business-focused, process-oriented, controls-based, and measurement-driven. Sumber: IT Governance Institute, COBIT 4.1, 2007
Business orientation is the main theme of COBIT, designed to: (1) be employed by IT service providers, users, and auditors, and (2) to provide comprehensive guidance for mgt and business process owners. COBIT’S INFORMATION CRITERIA To satisfy business obj, inf needs to conform to certain control criteria, which refers to as business requirement for inf. Inf criterias are defined as follows: 1. Effectiveness: inf being relevant and pertinent to business process as well as being delivered in a timely, correct, consistent, and usable manner. 2. Efficiency: provision of inf through optimal (productive and eco) use of resource. 3. Confidentiality: the protection of sensitive inf from unauthorised disclosure. 4. Integrity: accuracy and completeness of inf as well as to its validity. 5. Availability: inf being available when required by business process now and in future. 6. Compliance: complying with law, regulation and contractual arrangement. 7. Reliability: provision of appropriate inf for mgt to operate entity and exercise its fiduciary and governance responsibilities.
BUSINESS GOALS AND IT GOALS  Defining set of business goal and IT goal provides a business-related and refined basis for establishing business req and developing measurement. See Appendix I.  Defining IT Goals and Enterprise Architecture for IT
IT RESOURCES  IT resources (people, infrastructure, applications, information) together with the processes, constitute an enterprise architecture for IT.  Enterprise needs to invest in resource to create technical capability (e.g., ERP), to support a capability (e.g., implementing a supply chain), resulting in the desired outcome (increase sales and fin benefit).  The IT resources: Applications: automated system and manual procedure that process inf. Information: data, input, processed and output by IS, used by business. Infrastructur: tech and facilities (HW, OS, DMS, network, multimedia). People: required to plan, organise, acquire, implement, deliver, support, monitor and evaluate IS and services.
An operational model is initial step toward good gov, and also provide FW for measuring and monitoring IT perf, communicating w/ service providers and integrating best mgt practices. Within the COBIT framework, generic process model are within four domains: Plan and Organise (PO)—Provides direction to solution delivery (AI) and service delivery (DS) Acquire and Implement (AI)—Provides solutions and passes them to be turned into services. Deliver and Support (DS)—Receives solutions and makes them usable for end user. Monitor and Evaluate (ME)—Monitors all processes to ensure that the direction provided is followed
PLAN AND ORGANISE (PO) PO covers strategy and tactics, and concerns identf of the way IT can best contribute to achievement of business obj, which addresses following mgt questions: Are IT and the business strategy aligned? Is the enterprise achieving optimum use of its resources? Does everyone in the organisation understand the IT objectives? Are IT risks understood and being managed? Is the quality of IT systems appropriate for business needs? ACQUIRE AND IMPLEMENT (AI) IT solutions need to be identified, developed or acquired, implemented and integrated into the business process. In addition, changes in and maintenance of existing systems are covered. This domain typically addresses the following mgt questions: Are new projects likely to deliver solutions that meet business needs? Are new projects likely to be delivered on time and within budget? Will the new systems work properly when implemented? Will changes be made without upsetting current business operations?
DELIVER AND SUPPORT (DS) DS is concerned w/ actual delivery of services, includes mgt of security and continuity, service support, and mgt of data and facilities. It addresses following mgt questions: Are IT services being delivered in line with business priorities? Are IT costs optimised? Is the workforce able to use the IT systems productively and safely? Are adequate confidentiality, integrity and availability in place for inf security? MONITOR AND EVALUATE (ME) ME addresses performance mgt, monitoring of IC, regulatory compliance and governance. It addresses the following mgt questions: Is IT’s performance measured to detect problems before it is too late? Does mgt ensure that IC are effective and efficient? Can IT performance be linked back to business goals? Are adequate confidentiality, integrity and availability control in place for inf security? Across these four domains, COBIT has identified 34 IT processes that are generally used (refer to figure 22 for the complete list).
PROCESSES NEED CONTROLS IT control obj provide a complete set of high-level requirements to be considered by mgt for effective control of each IT process, they:  Are statements of managerial actions to increase value or reduce risk.  Consist of policies, procedures, practices and organisational structures  Provide reasonable assurance that business obj will be achieved. Mgt needs to make choices relative to these control objectives by:  Selecting those that are applicable;  Deciding upon those will be implemented;  Choosing how to implement them (frequency, span, automation, etc.);  Accepting the risk of not implementing. Standard control has analogy: When room temperature (standard) for heating system (process) is set, system will check (compare) ambient room temp (control inf) and will signal (act) system to provide more or less heat.
PROCESSES NEED CONTROLS To achieve effective gov, controls need to be implemented by operational managers within a defined control FW for all IT processes. The control obj are identified by a 2-character domain reference (PO, AI, DS and ME) + a process no. and a control obj no. In addition to control obj, each process has generic control requirements that are identified by PCn (process control no.).  PC1 Process Goals and Objectives Define and communicate specific, measurable, actionable, realistic, results- oriented and timely (SMARRT) process goals and objectives. Ensure that they are linked to the business goals and supported by suitable metrics.  PC2 Process Ownership Assign owner for each IT process, and clearly define roles and responsibilities of the process owner. Include, for example, responsibility for process design, interaction, accountability, measurement, and identification of improvement.
PROCESSES NEED CONTROLS  PC3 Process Repeatability Design and establish each key IT process such that it is repeatable and consistently produces the expected results.  PC4 Roles and Responsibilities Define the key activities and end deliverables of the process. Assign and communicate unambiguous roles and responsibilities for effective and efficient execution of key activities and their documentation as well as accountability.  PC5 Policy, Plans and Procedures Define and communicate how all policies, plans and procedures that drive an IT process are documented, reviewed, maintained, approved, stored, communicated and used for training.  PC6 Process Performance Improvement Identify a set of metrics that provides insight into outcomes and performance of the process. Establish targets that reflect on the process goals and performance indicators that enable the achievement of process goals.
BUSINESS AND IT CONTROLS The enterprise’s system of IC impacts IT at 3 levels: 1. At the executive mgt level: The overall approach to governance and control is established by the board and communicated throughout the enterprise. IT control environment is directed by top- level set of objectives and policies. 2. At the business process level: Most business processes are automated and integrated w/ IT application system, resulting in many of controls at this level being automated. Known as application control. However, some controls within business process remain as manual procedures, such as authorisation for trans, separation of duties. 3. To support the business processes: IT provides IT services, in a shared service to many business processes, and much of the IT infrastructure is provided as a common service (e.g., networks, databases, OS and storage). The controls applied to all IT service actv are known as IT general controls. Poor change mgt could jeopardise reliability of automated integrity check.
IT GENERAL CONTROLS AND APPLICATION CONTROLS General control: controls embedded in IT processes and services, include:  Systems development, Change management, Security, and Computer operation. Application control: control embedded in business process application, include:  Completeness, Accuracy, Validity, Authorisation, and Segregation of duties Design and implementation of automated AC is responsibility of IT, covered in AI domain, based on COBIT’s information criteria, shown in figure 10. The operational mgt and control responsibility for AC is not w/ IT, but w/ the business process owner. Hence, the responsibility for AC is an end-to-end joint responsibility between business and IT, but the nature of the responsibilities changes as follows: The business is responsible to properly: – Define functional and control requirements – Use automated services IT is responsible to: – Automate and implement business functional and control requirements – Establish controls to maintain the integrity of applications controls.
The following list provides a recommended set of AC objectives:  AC1 Source Data Preparation and Authorisation Ensure that source doc are prepared by authorised and qualified personnel following established procedures, taking into account adequate segregation of duties.  AC2 Source Data Collection and Entry Establish that data input is performed in timely manner by authorised n qualified staff.  AC3 Accuracy, Completeness and Authenticity Checks Ensure that transc are accurate, complete, and valid.  AC4 Processing Integrity and Validity Maintain the integrity and validity of data throughout the processing cycle. Detection of erroneous transactions does not disrupt the processing of valid transactions.  AC5 Output Review, Reconciliation and Error Handling Establish procedures and responsibilities, delivered to appr recipient, and protected during transmission; that verification, detection and correction of accuracy of output.  AC6 Transaction Authentication and Integrity Before passing transc data b/w internal applications and business/opr functions, check it for proper addressing, authenticity of origin and integrity of content.
Enterprises need to measure where they are and where improvement is required, and implement a management tool kit to monitor this improvement. COBIT deals with these issues by providing:  Maturity model to enable benchmark and identify necessary capability improvement.  Perf goals and metric for IT processes, demonstrating how processes meet business and IT goal and are used for measuring internal process perf based on BSC principle.  Activity goals for enabling effective process performanc MATURITY MODELS IT mgt is constantly on lookout for benchmarking and self-assessment tool in response to the need to know what to do in an efficient manner. This responds to 3 needs: 1. A relative measure of where the enterprise is 2. A manner to efficiently decide where to go 3. A tool for measuring progress against the goal. Maturity model for mgt and control over IT processes is based on a method of evaluating organisation, so it can be rated fr a maturity level of non-existent (0) to optimised (5).
MATURITY MODELS  The purpose is to identify where issues are and how to set priorities for improvements, not to assess the level of adherence to the control objectives.  They are not designed for use as a threshold model, where one cannot move to the next higher level without having fulfilled all conditions of the lower level.
 Using MM developed for each of COBIT’s 34 IT processes, mgt can identify: The actual performance of the enterprise—Where the enterprise is today The current status of the industry—The comparison The enterprise’s target for improvement—Where the enterprise wants to be The required growth path between ‘as-is’ and ‘to-be’.
 Capability, coverage and control are all dimensions of process maturity:  Coverage, depth of control, and how the capability is used and deployed are cost-benefit decisions. For example, a high level of security mgt may have to be focused only on most critical enterprise systems. Another example would be choice b/w a weekly manual review and a continuous automated control.
Level Awareness and Communication Policies, Plan, and Procedures Tools and Automation Skill and Expertise Responsibility and Accountability Goal Setting and Measurement 1 Recognition of need for the process is emerging There is sporadic communication of the issues Recognition of the need for to process and practices The process and policies are undefined Some tools may exits; usage is based on standard desktop tools There is no planned approach to tool usage Skills required for the process are not identified A training plan does not exist and no formal training occurs There is no definition of accountability and responsibility. People take ownership of issue based on their own initiative on a reactive basis Goals are not clear and no measurement take place 2 There is awareness of the need to act Mgt communicate the overall issues Similar and common processes emerge, but are largely intuitive because of individual expertise Some aspect of pro- cess are repeatable because of individual expertise, and some docu-mentation and informal under- standing of policy and procedure are exits Common approaches to use of tools exits but are based on solutions developed by key individuals Vendor tools may have been acquired, but are probably not applied correctly, and may even shelfware Minimum skill requirements are identified for critical area Training is provided in response to needs, rather than on the basis of agreed plan, and informal training on the job occurs. An individual asssumes his/ her responsibility and is usually held accountable. even if this is not formally agreed There is confusion about responsibilities when problems occur, and a culture of blame tends to exist. Some goals setting occurs; some financial measures are established, but known only by SM. There is inconsistency monitoring in isolated areas. 3 There is understanding of the need to act Usage of good practices emerges A plan has been defined for use and standarization of tools to automate process Skill requirement are defined and docu- mented for all areas Process responsibility and accountability are defined and process owner’ve been identif’ Some effectiveness goal and measure is set, not communicat- ed, and there’s clear link to businessgoal
Level Awareness and Communication Policies, Plan, and Procedures Tools and Automation Skill and Expertise Responsibility and Accountability Goal Setting and Measurement 3 Mgt is more formal and structured in its communication The process, policies, and procedures are defined and documented for all key activities Tools are being used for their purposes, but may not all be in accord-ance w/ agreedplan, and may not be integrated w/ one another. A formal training plan has been developed, but formal training is still based on individual initiatives. The process owner is unlikely to have a full authority to exercise the responsibilities Measurement processes emerge, but not consistently applied. IT BSC idea being adopted, as if intuitive application of rootcause analys 4 There is unders- tanding of the full requirements Mature communi- cation techniques are applied and standard commu- nication tools are in use The process is sound and comple-te; internal best practice are applied. All aspect of proces are documented and repeatable. Policy been approve and signed off on by mgt. Standard for developing and maintaining process and procedure are adopted n followed. Tools r implemented according to standirised plan, and some have been integrated w/ other related tools. Tools are being used in main areas to automate management of the process and monitor critical activities and controls Skill requirements are routinely updat- ed for all areas, proficient is ensured for all critical areas, and certification is encouraged Mature training tech- niques are applied according to training plan and knowledge sharing is encourag- ed. Internal domain experts are involved and effectiveness of training plan is assessed Process responsibility and accoutability are accepted and working in way that enables a process owner to discharge his/her responsibilities. A reward culture is in place that motivates positve actions. Efficiency and effectiveness are measured and communicated, and linked to business goal and IT strategic plan. The IT BCS is implemented in some areas with exceptions noted by mgt and root cause analysis is being standarised. Continuous improvement is emerging.
Level Awareness and Communication Policies, Plan, and Procedures Tools and Automation Skill and Expertise Responsibility and Accountability Goal Setting and Measurement 5 There is advance, forward looking understanding of requirement Proactive communication of issue based on trend exists, mature communication techniques are applied, and integrated communication tools are used External best practices and standards are applied Process documentation is evolved to automated workflows. Processes, policies, and procedures are standarised and integrated to enable end-to-end management and improvement. Standarised tools sets are used accross the enterprise Tools are fully integrated with other related tools to enable end-to-end support of the processes. Tools are being used to support improvement of the process and automatically detect control exceptions The organisation formally encourages continuous improve- ment of skills, based on clearly defined personal and organization goals. Training and education support external best practices and use of leading edge concept n technique Knowledege sharing is an enterprise culture, and know- ledge-based system are being deployed. External expert and industry leaders are used for guidance Process owners are empowered to make decision and take actions. The acceptance of responsibility has been cascaded down throughout the organization in consistent fashion There is integrated performance measurement system linking IT performance to business goals by the global application of the IT balanced scorecard. Exceptions are globally and consistently by management and root cause analysis is applied. Continuous improvement is a way of life.
PERFORMANCE MEASUREMENT Goals and metrics are defined in COBIT at 3 levels: 1. IT goals and metrics: define what business expects from IT and how to measure it. 2. Process goals and metrics: define what the IT process must deliver to support IT’s objectives and how to measure it. 3. Activity goals and metrics: establish what needs to happen inside the process to achieve the required perf and how to measure it
PERFORMANCE MEASUREMENT  Two types of metrics: Outcome measure: indicate whether the goals have been met. These can be measured only after the fact and, therefore, are called ‘lag indicators’. Performance indicators: indicate whether goals are likely to be met. They can be measured before the outcome is clear and, therefore, are called ‘lead indicators’.  Outome measures of lower level become performance indicators for higher level. Outcome measures of IT function are often expressed in term of inf criteria: Availability of information needed to support the business needs Absence of integrity and confidentiality risks Cost-efficiency of processes and operations Confirmation of reliability, effectiveness and compliance  Performance indicators (or performance drivers) define measures that determine how well business, IT function or IT process is performing in enabling the goals to be reached. They often measure the availability of appropriate capabilities, practices and skills, and the outcome of underlying activities.
Maintain enterprise reputation and leadership Ensure that IT services can resist and recover from attacks Detect and resolve unauthorised access to information, applications and infrastructure. Understand security requirements, vulnerabilities and threats Numbers of incidents causing public embarassment Number of actual IT incidents with business impact Number of actual incidents because of unauthorised access Frequency of review of the type of security events to be monitored is measured by is measured by is measured by is measured by Business goals IT goals Process goals Activity goals Define Goals MeasureAchievement Indicate Perfomance Improveandreallign Outcome mesures Business metrics Performance indicators Outcome mesures IT metrics Performance indicators Outcome mesures Process metrics Performance indicators
•Effectiveness •Efficiency •Confidentiality •Integrity •Availability •Compliance •Reliability •Applications •Information •Infrastructure •People PO1 Define a strategic IT plan. PO2 Define the information architecture. PO3 Determine technological direction. PO4 Define the IT processes, org and relationship PO5 Manage the IT investment. PO6 Communicate management aims and direction. PO7 Manage IT human resources. PO8 Manage quality. PO9 Assess and manage IT risks. PO10 Manage projects. ME1 Monitor and evaluate IT performance. ME2 Monitor and evaluate internal control. ME3 Ensure compliance w/ external requirements. ME4 Provide IT governance. DS1 Define and manage service levels. DS2 Manage third-party services. DS3 Manage performance and capacity. DS4 Ensure continuous service. DS5 Ensure systems security. DS6 Identify and allocate costs. DS7 Educate and train AI1 Identify automated solutions. AI2 Acquire and maintain application software. AI3 Acquire and maintain tech infrastructure. AI4 Enable operation and use. AI5 Procure IT resources. BUSINESS OBJECTIVES GOVERNANCE OBJECTIVES INFORMATION CRITERIA PLAN AND ORGANIZE ACQUIRE AND IMPLEMENT DELIVERY AND SUPPORT MONITOR AND EVALUATE IT RESOUCES.
Yulias Caesar Sihombing/BPKP yuliascaesar.bpkp@yahoo.com http://facebook.com/Si.Om.Bing id.linkedin.com/yulias-sihombing-ak-mak-cia

Recommandé

It governance
It governanceIt governance
It governanceMahetab Khan
 
02. cobit 41 dan iso 17799
02. cobit 41 dan iso 1779902. cobit 41 dan iso 17799
02. cobit 41 dan iso 17799Mulyadi Yusuf
 
IT Governance - OpenThinking Day
IT Governance - OpenThinking DayIT Governance - OpenThinking Day
IT Governance - OpenThinking DayIyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
It governance
It governanceIt governance
It governanceLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance FrameworkSherri Booher
 
What Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT GovernanceWhat Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT GovernanceBill Lisse
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveSayyed Zakir Ali Rizwe
 
Donna Febriani
Donna FebrianiDonna Febriani
Donna FebrianiDonna Febriani
 

Recommandé

It governance
It governanceIt governance
It governanceMahetab Khan
 
02. cobit 41 dan iso 17799
02. cobit 41 dan iso 1779902. cobit 41 dan iso 17799
02. cobit 41 dan iso 17799Mulyadi Yusuf
 
IT Governance - OpenThinking Day
IT Governance - OpenThinking DayIT Governance - OpenThinking Day
IT Governance - OpenThinking DayIyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
It governance
It governanceIt governance
It governanceLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance FrameworkSherri Booher
 
What Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT GovernanceWhat Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT GovernanceBill Lisse
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveSayyed Zakir Ali Rizwe
 
Donna Febriani
Donna FebrianiDonna Febriani
Donna FebrianiDonna Febriani
 
How to Conduct A Nationally Owned Governance Assessment
How to Conduct A Nationally Owned Governance Assessment How to Conduct A Nationally Owned Governance Assessment
How to Conduct A Nationally Owned Governance Assessment Governance Asssessment Portal
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing worldPECB
 
Understanding co bit 4.1
Understanding co bit 4.1Understanding co bit 4.1
Understanding co bit 4.1n|u - The Open Security Community
 
Audit rizkie hafizzah
Audit rizkie hafizzahAudit rizkie hafizzah
Audit rizkie hafizzahRizkie Hafizzah
 
IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500Ramiro Cid
 
It governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yungIt governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yungnorsaidatul_akmar
 
Iso iec 38500 ict governance workbook
Iso iec 38500 ict governance workbookIso iec 38500 ict governance workbook
Iso iec 38500 ict governance workbookHazel Jennings
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001Burcu Pelin TELLİ
 
Comprehending Information Technology Governance
Comprehending Information Technology GovernanceComprehending Information Technology Governance
Comprehending Information Technology GovernanceGoutama Bachtiar
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Managementjiricejka
 
WLS Services Brochure March 2013
WLS Services Brochure March 2013WLS Services Brochure March 2013
WLS Services Brochure March 2013Mike Wright
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB
 
IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1Richard Willis
 
CObIT
CObITCObIT
CObITSophia Abigayle
 
Cobit Training course
Cobit Training courseCobit Training course
Cobit Training courseIman Baradari
 
Proposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise ITProposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise ITMehran Misaghi
 
Executive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and GovernanceExecutive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and GovernanceKuda Musundire CA (Z), RPA
 
Research Paper on "Project Management and IT Governance"
Research Paper on "Project Management and IT Governance"Research Paper on "Project Management and IT Governance"
Research Paper on "Project Management and IT Governance"guest1c7740
 
Qaip yulias c sihombing
Qaip yulias c sihombingQaip yulias c sihombing
Qaip yulias c sihombingYulias Sihombing, Ak, MAk, CIA
 
Ifrs fin accounting quick review
Ifrs fin accounting quick reviewIfrs fin accounting quick review
Ifrs fin accounting quick reviewYulias Sihombing, Ak, MAk, CIA
 
Information technology risks
Information technology risksInformation technology risks
Information technology riskssalman butt
 
Iso 31000 summary 2
Iso 31000 summary 2Iso 31000 summary 2
Iso 31000 summary 2Yulias Sihombing, Ak, MAk, CIA
 

Contenu connexe

Tendances

How to Conduct A Nationally Owned Governance Assessment
How to Conduct A Nationally Owned Governance Assessment How to Conduct A Nationally Owned Governance Assessment
How to Conduct A Nationally Owned Governance Assessment Governance Asssessment Portal
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing worldPECB
 
IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500Ramiro Cid
 
It governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yungIt governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yungnorsaidatul_akmar
 
Iso iec 38500 ict governance workbook
Iso iec 38500 ict governance workbookIso iec 38500 ict governance workbook
Iso iec 38500 ict governance workbookHazel Jennings
 
Comprehending Information Technology Governance
Comprehending Information Technology GovernanceComprehending Information Technology Governance
Comprehending Information Technology GovernanceGoutama Bachtiar
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Managementjiricejka
 
WLS Services Brochure March 2013
WLS Services Brochure March 2013WLS Services Brochure March 2013
WLS Services Brochure March 2013Mike Wright
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB
 
IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1Richard Willis
 
Cobit Training course
Cobit Training courseCobit Training course
Cobit Training courseIman Baradari
 
Proposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise ITProposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise ITMehran Misaghi
 
Executive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and GovernanceExecutive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and GovernanceKuda Musundire CA (Z), RPA
 
Research Paper on "Project Management and IT Governance"
Research Paper on "Project Management and IT Governance"Research Paper on "Project Management and IT Governance"
Research Paper on "Project Management and IT Governance"guest1c7740
 

Tendances (18)

How to Conduct A Nationally Owned Governance Assessment
How to Conduct A Nationally Owned Governance Assessment How to Conduct A Nationally Owned Governance Assessment
How to Conduct A Nationally Owned Governance Assessment
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world
 
Understanding co bit 4.1
Understanding co bit 4.1Understanding co bit 4.1
Understanding co bit 4.1
 
Audit rizkie hafizzah
Audit rizkie hafizzahAudit rizkie hafizzah
Audit rizkie hafizzah
 
IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500
 
It governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yungIt governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yung
 
Iso iec 38500 ict governance workbook
Iso iec 38500 ict governance workbookIso iec 38500 ict governance workbook
Iso iec 38500 ict governance workbook
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001
 
Comprehending Information Technology Governance
Comprehending Information Technology GovernanceComprehending Information Technology Governance
Comprehending Information Technology Governance
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Management
 
WLS Services Brochure March 2013
WLS Services Brochure March 2013WLS Services Brochure March 2013
WLS Services Brochure March 2013
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
 
IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1
 
CObIT
CObITCObIT
CObIT
 
Cobit Training course
Cobit Training courseCobit Training course
Cobit Training course
 
Proposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise ITProposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise IT
 
Executive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and GovernanceExecutive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and Governance
 
Research Paper on "Project Management and IT Governance"
Research Paper on "Project Management and IT Governance"Research Paper on "Project Management and IT Governance"
Research Paper on "Project Management and IT Governance"
 

En vedette

Information technology risks
Information technology risksInformation technology risks
Information technology riskssalman butt
 
2016 Stackies Awards: 41 Marketing Technology Stacks
2016 Stackies Awards: 41 Marketing Technology Stacks2016 Stackies Awards: 41 Marketing Technology Stacks
2016 Stackies Awards: 41 Marketing Technology StacksScott Brinker
 

En vedette (8)

Qaip yulias c sihombing
Qaip yulias c sihombingQaip yulias c sihombing
Qaip yulias c sihombing
 
Ifrs fin accounting quick review
Ifrs fin accounting quick reviewIfrs fin accounting quick review
Ifrs fin accounting quick review
 
Information technology risks
Information technology risksInformation technology risks
Information technology risks
 
Iso 31000 summary 2
Iso 31000 summary 2Iso 31000 summary 2
Iso 31000 summary 2
 
Gtag 1 information risk and control
Gtag 1 information risk and controlGtag 1 information risk and control
Gtag 1 information risk and control
 
Overview ippf
Overview ippfOverview ippf
Overview ippf
 
153084837 makalah-cobit
153084837 makalah-cobit153084837 makalah-cobit
153084837 makalah-cobit
 
2016 Stackies Awards: 41 Marketing Technology Stacks
2016 Stackies Awards: 41 Marketing Technology Stacks2016 Stackies Awards: 41 Marketing Technology Stacks
2016 Stackies Awards: 41 Marketing Technology Stacks
 

Similaire à Cobit 41 framework

Ea As A Strategy M Veeraragaloo Approach
Ea As A Strategy M Veeraragaloo ApproachEa As A Strategy M Veeraragaloo Approach
Ea As A Strategy M Veeraragaloo ApproachMaganathin Veeraragaloo
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.pptKhalilIdhman
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
rethinking marketing
rethinking marketingrethinking marketing
rethinking marketingNavneet Singh
 
Principal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachPrincipal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachMohammad Reda Katby
 
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)Sam Mandebvu
 
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...GrapesTech Solutions
 
MAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCEMAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCERudy Shoushany
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITShivamSharma909
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 
ISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTGaffri Johnson
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...TRANANHQUAN4
 

Similaire à Cobit 41 framework (20)

Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007
 
Ea As A Strategy M Veeraragaloo Approach
Ea As A Strategy M Veeraragaloo ApproachEa As A Strategy M Veeraragaloo Approach
Ea As A Strategy M Veeraragaloo Approach
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
CISSPills #3.02
CISSPills #3.02CISSPills #3.02
CISSPills #3.02
 
rethinking marketing
rethinking marketingrethinking marketing
rethinking marketing
 
Principal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachPrincipal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic Approach
 
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)
 
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
 
It Governance Methodology Cox
It Governance Methodology CoxIt Governance Methodology Cox
It Governance Methodology Cox
 
MAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCEMAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCE
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of IT
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
01 intro-cobit
01 intro-cobit01 intro-cobit
01 intro-cobit
 
COBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKCOBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORK
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5
 
ISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENT
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
An IT Governance program
An IT Governance programAn IT Governance program
An IT Governance program
 
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
 

Dernier

Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionMintel Group
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchirictsugar
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 
IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024Matteo Carbone
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxMarkAnthonyAurellano
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 

Dernier (20)

Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted Version
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchir
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 

Cobit 41 framework

  • 2.
  • 3. IT governance: merupakan tanggung jawab eksekutif dan BoD. Terdiri dari kepemimpinan, struktur organisasi dan proses yang menjamin bahwa enterprise’s IT mendukung dan mengembangkan tujuan dan strategi organisasi. COBIT supports IT governance by providing a framework to ensure that: IT is aligned with the business IT enables the business and maximises benefits IT resources are used responsibly IT risks are managed appropriately IT transparency is achieved through performance measurement.
  • 4. Strategic alignment: ensuring linkage of business and IT plan; defining, maintaining and validating IT value proposition; and aligning IT operations with enterprise operations. Value delivery: executing value proposition throughout delivery cycle, ensuring that IT deliver the promised benefit against strategy, concentrating on optimising costs and proving the intrinsic value of IT. Resource management: optimal investment in, and proper mgt of critical IT resource: applications, inf, infrastructure and people. Key issue relate to optimisation of knowledge and infrastructure. Risk management: risk awareness by senior officers, clear understanding of appetite for risk, understanding of compliance requirements, transparency about the sig. risk to enterprise and embedding of RM responsibilities into org. Perf measurement: track and monitor strategy implement, project completion, resource usage, process perf and service delivery, using, ex: BSC that translate strategy into action to achieve goals measurable beyond conventional accounting.
  • 5.
  • 6. Business goals IT goals IT Processes Key Activities requirements information Control Outcomes Test Control Objectives Responsibilities and Accountibilities Chart Performance Indicators Outcomes Measures Control Design Test Control Practices based on Maturity Models derived from
  • 7.
  • 8. A control framework for IT governance defines the reasons IT governance is needed, the stakeholders and what it needs to accomplish. Why In particular, management needs to know if inf is being managed, so that it is:  Likely to achieve its objectives  Resilient enough to learn and adapt  Judiciously managing the risks it faces  Appropriately recognising opportunities and acting upon them Enterprise cannot deliver effectively against business and governance requirement w/o adopting and implementing a governance and control FW for IT to:  Make a link to the business requirements  Make performance against these requirements transparent  Organise its activities into a generally accepted process model  Identify the major resources to be leveraged  Define the management control objectives to be considered.
  • 9. Who A gov and control FW needs to serve a variety of internal and external stakeholders, each of whom has specific needs:  Stakeholders within enterprise who have interest in generating value fr IT invest:  Internal and external stakeholders who provide IT services:  Internal and external stakeholders who have a control/risk responsibility: What To meet the requirement listed in previous section, a FW for IT gov and control should:  Provide a business focus to enable alignment between business and IT objectives  Establish process orientation to define scope and extent of coverage, w/ defined structure enabling easy navigation of content.  Be generally acceptable by being consistent w/ accepted IT good practices and standard and independent of specific technologies.  Supply a common language w/ a set of terms and definitions that are generally understandable by all stakeholders.  Help meet regulatory req by being consistent with generally accepted corporate gov standard (e.g., COSO) and IT control expected by regulator and external auditor.
  • 10. In response to the needs, the COBIT FW was created w/ main characteristics of being: business-focused, process-oriented, controls-based, and measurement-driven. Sumber: IT Governance Institute, COBIT 4.1, 2007
  • 11. Business orientation is the main theme of COBIT, designed to: (1) be employed by IT service providers, users, and auditors, and (2) to provide comprehensive guidance for mgt and business process owners. COBIT’S INFORMATION CRITERIA To satisfy business obj, inf needs to conform to certain control criteria, which refers to as business requirement for inf. Inf criterias are defined as follows: 1. Effectiveness: inf being relevant and pertinent to business process as well as being delivered in a timely, correct, consistent, and usable manner. 2. Efficiency: provision of inf through optimal (productive and eco) use of resource. 3. Confidentiality: the protection of sensitive inf from unauthorised disclosure. 4. Integrity: accuracy and completeness of inf as well as to its validity. 5. Availability: inf being available when required by business process now and in future. 6. Compliance: complying with law, regulation and contractual arrangement. 7. Reliability: provision of appropriate inf for mgt to operate entity and exercise its fiduciary and governance responsibilities.
  • 12. BUSINESS GOALS AND IT GOALS  Defining set of business goal and IT goal provides a business-related and refined basis for establishing business req and developing measurement. See Appendix I.  Defining IT Goals and Enterprise Architecture for IT
  • 13. IT RESOURCES  IT resources (people, infrastructure, applications, information) together with the processes, constitute an enterprise architecture for IT.  Enterprise needs to invest in resource to create technical capability (e.g., ERP), to support a capability (e.g., implementing a supply chain), resulting in the desired outcome (increase sales and fin benefit).  The IT resources: Applications: automated system and manual procedure that process inf. Information: data, input, processed and output by IS, used by business. Infrastructur: tech and facilities (HW, OS, DMS, network, multimedia). People: required to plan, organise, acquire, implement, deliver, support, monitor and evaluate IS and services.
  • 14. An operational model is initial step toward good gov, and also provide FW for measuring and monitoring IT perf, communicating w/ service providers and integrating best mgt practices. Within the COBIT framework, generic process model are within four domains: Plan and Organise (PO)—Provides direction to solution delivery (AI) and service delivery (DS) Acquire and Implement (AI)—Provides solutions and passes them to be turned into services. Deliver and Support (DS)—Receives solutions and makes them usable for end user. Monitor and Evaluate (ME)—Monitors all processes to ensure that the direction provided is followed
  • 15. PLAN AND ORGANISE (PO) PO covers strategy and tactics, and concerns identf of the way IT can best contribute to achievement of business obj, which addresses following mgt questions: Are IT and the business strategy aligned? Is the enterprise achieving optimum use of its resources? Does everyone in the organisation understand the IT objectives? Are IT risks understood and being managed? Is the quality of IT systems appropriate for business needs? ACQUIRE AND IMPLEMENT (AI) IT solutions need to be identified, developed or acquired, implemented and integrated into the business process. In addition, changes in and maintenance of existing systems are covered. This domain typically addresses the following mgt questions: Are new projects likely to deliver solutions that meet business needs? Are new projects likely to be delivered on time and within budget? Will the new systems work properly when implemented? Will changes be made without upsetting current business operations?
  • 16. DELIVER AND SUPPORT (DS) DS is concerned w/ actual delivery of services, includes mgt of security and continuity, service support, and mgt of data and facilities. It addresses following mgt questions: Are IT services being delivered in line with business priorities? Are IT costs optimised? Is the workforce able to use the IT systems productively and safely? Are adequate confidentiality, integrity and availability in place for inf security? MONITOR AND EVALUATE (ME) ME addresses performance mgt, monitoring of IC, regulatory compliance and governance. It addresses the following mgt questions: Is IT’s performance measured to detect problems before it is too late? Does mgt ensure that IC are effective and efficient? Can IT performance be linked back to business goals? Are adequate confidentiality, integrity and availability control in place for inf security? Across these four domains, COBIT has identified 34 IT processes that are generally used (refer to figure 22 for the complete list).
  • 17. PROCESSES NEED CONTROLS IT control obj provide a complete set of high-level requirements to be considered by mgt for effective control of each IT process, they:  Are statements of managerial actions to increase value or reduce risk.  Consist of policies, procedures, practices and organisational structures  Provide reasonable assurance that business obj will be achieved. Mgt needs to make choices relative to these control objectives by:  Selecting those that are applicable;  Deciding upon those will be implemented;  Choosing how to implement them (frequency, span, automation, etc.);  Accepting the risk of not implementing. Standard control has analogy: When room temperature (standard) for heating system (process) is set, system will check (compare) ambient room temp (control inf) and will signal (act) system to provide more or less heat.
  • 18. PROCESSES NEED CONTROLS To achieve effective gov, controls need to be implemented by operational managers within a defined control FW for all IT processes. The control obj are identified by a 2-character domain reference (PO, AI, DS and ME) + a process no. and a control obj no. In addition to control obj, each process has generic control requirements that are identified by PCn (process control no.).  PC1 Process Goals and Objectives Define and communicate specific, measurable, actionable, realistic, results- oriented and timely (SMARRT) process goals and objectives. Ensure that they are linked to the business goals and supported by suitable metrics.  PC2 Process Ownership Assign owner for each IT process, and clearly define roles and responsibilities of the process owner. Include, for example, responsibility for process design, interaction, accountability, measurement, and identification of improvement.
  • 19. PROCESSES NEED CONTROLS  PC3 Process Repeatability Design and establish each key IT process such that it is repeatable and consistently produces the expected results.  PC4 Roles and Responsibilities Define the key activities and end deliverables of the process. Assign and communicate unambiguous roles and responsibilities for effective and efficient execution of key activities and their documentation as well as accountability.  PC5 Policy, Plans and Procedures Define and communicate how all policies, plans and procedures that drive an IT process are documented, reviewed, maintained, approved, stored, communicated and used for training.  PC6 Process Performance Improvement Identify a set of metrics that provides insight into outcomes and performance of the process. Establish targets that reflect on the process goals and performance indicators that enable the achievement of process goals.
  • 20. BUSINESS AND IT CONTROLS The enterprise’s system of IC impacts IT at 3 levels: 1. At the executive mgt level: The overall approach to governance and control is established by the board and communicated throughout the enterprise. IT control environment is directed by top- level set of objectives and policies. 2. At the business process level: Most business processes are automated and integrated w/ IT application system, resulting in many of controls at this level being automated. Known as application control. However, some controls within business process remain as manual procedures, such as authorisation for trans, separation of duties. 3. To support the business processes: IT provides IT services, in a shared service to many business processes, and much of the IT infrastructure is provided as a common service (e.g., networks, databases, OS and storage). The controls applied to all IT service actv are known as IT general controls. Poor change mgt could jeopardise reliability of automated integrity check.
  • 21. IT GENERAL CONTROLS AND APPLICATION CONTROLS General control: controls embedded in IT processes and services, include:  Systems development, Change management, Security, and Computer operation. Application control: control embedded in business process application, include:  Completeness, Accuracy, Validity, Authorisation, and Segregation of duties Design and implementation of automated AC is responsibility of IT, covered in AI domain, based on COBIT’s information criteria, shown in figure 10. The operational mgt and control responsibility for AC is not w/ IT, but w/ the business process owner. Hence, the responsibility for AC is an end-to-end joint responsibility between business and IT, but the nature of the responsibilities changes as follows: The business is responsible to properly: – Define functional and control requirements – Use automated services IT is responsible to: – Automate and implement business functional and control requirements – Establish controls to maintain the integrity of applications controls.
  • 22.
  • 23. The following list provides a recommended set of AC objectives:  AC1 Source Data Preparation and Authorisation Ensure that source doc are prepared by authorised and qualified personnel following established procedures, taking into account adequate segregation of duties.  AC2 Source Data Collection and Entry Establish that data input is performed in timely manner by authorised n qualified staff.  AC3 Accuracy, Completeness and Authenticity Checks Ensure that transc are accurate, complete, and valid.  AC4 Processing Integrity and Validity Maintain the integrity and validity of data throughout the processing cycle. Detection of erroneous transactions does not disrupt the processing of valid transactions.  AC5 Output Review, Reconciliation and Error Handling Establish procedures and responsibilities, delivered to appr recipient, and protected during transmission; that verification, detection and correction of accuracy of output.  AC6 Transaction Authentication and Integrity Before passing transc data b/w internal applications and business/opr functions, check it for proper addressing, authenticity of origin and integrity of content.
  • 24. Enterprises need to measure where they are and where improvement is required, and implement a management tool kit to monitor this improvement. COBIT deals with these issues by providing:  Maturity model to enable benchmark and identify necessary capability improvement.  Perf goals and metric for IT processes, demonstrating how processes meet business and IT goal and are used for measuring internal process perf based on BSC principle.  Activity goals for enabling effective process performanc MATURITY MODELS IT mgt is constantly on lookout for benchmarking and self-assessment tool in response to the need to know what to do in an efficient manner. This responds to 3 needs: 1. A relative measure of where the enterprise is 2. A manner to efficiently decide where to go 3. A tool for measuring progress against the goal. Maturity model for mgt and control over IT processes is based on a method of evaluating organisation, so it can be rated fr a maturity level of non-existent (0) to optimised (5).
  • 25. MATURITY MODELS  The purpose is to identify where issues are and how to set priorities for improvements, not to assess the level of adherence to the control objectives.  They are not designed for use as a threshold model, where one cannot move to the next higher level without having fulfilled all conditions of the lower level.
  • 26.  Using MM developed for each of COBIT’s 34 IT processes, mgt can identify: The actual performance of the enterprise—Where the enterprise is today The current status of the industry—The comparison The enterprise’s target for improvement—Where the enterprise wants to be The required growth path between ‘as-is’ and ‘to-be’.
  • 27.  Capability, coverage and control are all dimensions of process maturity:  Coverage, depth of control, and how the capability is used and deployed are cost-benefit decisions. For example, a high level of security mgt may have to be focused only on most critical enterprise systems. Another example would be choice b/w a weekly manual review and a continuous automated control.
  • 28. Level Awareness and Communication Policies, Plan, and Procedures Tools and Automation Skill and Expertise Responsibility and Accountability Goal Setting and Measurement 1 Recognition of need for the process is emerging There is sporadic communication of the issues Recognition of the need for to process and practices The process and policies are undefined Some tools may exits; usage is based on standard desktop tools There is no planned approach to tool usage Skills required for the process are not identified A training plan does not exist and no formal training occurs There is no definition of accountability and responsibility. People take ownership of issue based on their own initiative on a reactive basis Goals are not clear and no measurement take place 2 There is awareness of the need to act Mgt communicate the overall issues Similar and common processes emerge, but are largely intuitive because of individual expertise Some aspect of pro- cess are repeatable because of individual expertise, and some docu-mentation and informal under- standing of policy and procedure are exits Common approaches to use of tools exits but are based on solutions developed by key individuals Vendor tools may have been acquired, but are probably not applied correctly, and may even shelfware Minimum skill requirements are identified for critical area Training is provided in response to needs, rather than on the basis of agreed plan, and informal training on the job occurs. An individual asssumes his/ her responsibility and is usually held accountable. even if this is not formally agreed There is confusion about responsibilities when problems occur, and a culture of blame tends to exist. Some goals setting occurs; some financial measures are established, but known only by SM. There is inconsistency monitoring in isolated areas. 3 There is understanding of the need to act Usage of good practices emerges A plan has been defined for use and standarization of tools to automate process Skill requirement are defined and docu- mented for all areas Process responsibility and accountability are defined and process owner’ve been identif’ Some effectiveness goal and measure is set, not communicat- ed, and there’s clear link to businessgoal
  • 29. Level Awareness and Communication Policies, Plan, and Procedures Tools and Automation Skill and Expertise Responsibility and Accountability Goal Setting and Measurement 3 Mgt is more formal and structured in its communication The process, policies, and procedures are defined and documented for all key activities Tools are being used for their purposes, but may not all be in accord-ance w/ agreedplan, and may not be integrated w/ one another. A formal training plan has been developed, but formal training is still based on individual initiatives. The process owner is unlikely to have a full authority to exercise the responsibilities Measurement processes emerge, but not consistently applied. IT BSC idea being adopted, as if intuitive application of rootcause analys 4 There is unders- tanding of the full requirements Mature communi- cation techniques are applied and standard commu- nication tools are in use The process is sound and comple-te; internal best practice are applied. All aspect of proces are documented and repeatable. Policy been approve and signed off on by mgt. Standard for developing and maintaining process and procedure are adopted n followed. Tools r implemented according to standirised plan, and some have been integrated w/ other related tools. Tools are being used in main areas to automate management of the process and monitor critical activities and controls Skill requirements are routinely updat- ed for all areas, proficient is ensured for all critical areas, and certification is encouraged Mature training tech- niques are applied according to training plan and knowledge sharing is encourag- ed. Internal domain experts are involved and effectiveness of training plan is assessed Process responsibility and accoutability are accepted and working in way that enables a process owner to discharge his/her responsibilities. A reward culture is in place that motivates positve actions. Efficiency and effectiveness are measured and communicated, and linked to business goal and IT strategic plan. The IT BCS is implemented in some areas with exceptions noted by mgt and root cause analysis is being standarised. Continuous improvement is emerging.
  • 30. Level Awareness and Communication Policies, Plan, and Procedures Tools and Automation Skill and Expertise Responsibility and Accountability Goal Setting and Measurement 5 There is advance, forward looking understanding of requirement Proactive communication of issue based on trend exists, mature communication techniques are applied, and integrated communication tools are used External best practices and standards are applied Process documentation is evolved to automated workflows. Processes, policies, and procedures are standarised and integrated to enable end-to-end management and improvement. Standarised tools sets are used accross the enterprise Tools are fully integrated with other related tools to enable end-to-end support of the processes. Tools are being used to support improvement of the process and automatically detect control exceptions The organisation formally encourages continuous improve- ment of skills, based on clearly defined personal and organization goals. Training and education support external best practices and use of leading edge concept n technique Knowledege sharing is an enterprise culture, and know- ledge-based system are being deployed. External expert and industry leaders are used for guidance Process owners are empowered to make decision and take actions. The acceptance of responsibility has been cascaded down throughout the organization in consistent fashion There is integrated performance measurement system linking IT performance to business goals by the global application of the IT balanced scorecard. Exceptions are globally and consistently by management and root cause analysis is applied. Continuous improvement is a way of life.
  • 31. PERFORMANCE MEASUREMENT Goals and metrics are defined in COBIT at 3 levels: 1. IT goals and metrics: define what business expects from IT and how to measure it. 2. Process goals and metrics: define what the IT process must deliver to support IT’s objectives and how to measure it. 3. Activity goals and metrics: establish what needs to happen inside the process to achieve the required perf and how to measure it
  • 32. PERFORMANCE MEASUREMENT  Two types of metrics: Outcome measure: indicate whether the goals have been met. These can be measured only after the fact and, therefore, are called ‘lag indicators’. Performance indicators: indicate whether goals are likely to be met. They can be measured before the outcome is clear and, therefore, are called ‘lead indicators’.  Outome measures of lower level become performance indicators for higher level. Outcome measures of IT function are often expressed in term of inf criteria: Availability of information needed to support the business needs Absence of integrity and confidentiality risks Cost-efficiency of processes and operations Confirmation of reliability, effectiveness and compliance  Performance indicators (or performance drivers) define measures that determine how well business, IT function or IT process is performing in enabling the goals to be reached. They often measure the availability of appropriate capabilities, practices and skills, and the outcome of underlying activities.
  • 33. Maintain enterprise reputation and leadership Ensure that IT services can resist and recover from attacks Detect and resolve unauthorised access to information, applications and infrastructure. Understand security requirements, vulnerabilities and threats Numbers of incidents causing public embarassment Number of actual IT incidents with business impact Number of actual incidents because of unauthorised access Frequency of review of the type of security events to be monitored is measured by is measured by is measured by is measured by Business goals IT goals Process goals Activity goals Define Goals MeasureAchievement Indicate Perfomance Improveandreallign Outcome mesures Business metrics Performance indicators Outcome mesures IT metrics Performance indicators Outcome mesures Process metrics Performance indicators
  • 34. •Effectiveness •Efficiency •Confidentiality •Integrity •Availability •Compliance •Reliability •Applications •Information •Infrastructure •People PO1 Define a strategic IT plan. PO2 Define the information architecture. PO3 Determine technological direction. PO4 Define the IT processes, org and relationship PO5 Manage the IT investment. PO6 Communicate management aims and direction. PO7 Manage IT human resources. PO8 Manage quality. PO9 Assess and manage IT risks. PO10 Manage projects. ME1 Monitor and evaluate IT performance. ME2 Monitor and evaluate internal control. ME3 Ensure compliance w/ external requirements. ME4 Provide IT governance. DS1 Define and manage service levels. DS2 Manage third-party services. DS3 Manage performance and capacity. DS4 Ensure continuous service. DS5 Ensure systems security. DS6 Identify and allocate costs. DS7 Educate and train AI1 Identify automated solutions. AI2 Acquire and maintain application software. AI3 Acquire and maintain tech infrastructure. AI4 Enable operation and use. AI5 Procure IT resources. BUSINESS OBJECTIVES GOVERNANCE OBJECTIVES INFORMATION CRITERIA PLAN AND ORGANIZE ACQUIRE AND IMPLEMENT DELIVERY AND SUPPORT MONITOR AND EVALUATE IT RESOUCES.
  • 35.