Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 26 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
26
Dung lượng
3,89 MB
Nội dung
ENTERPRISE IT GOVERNANCE USING COBIT5 Trainer: John Doan E-mail: dedoan@gmail.com Cell phone: (+84) 938-491-888 Source from ISACA dedoan@gmail.com A BUSINESS FRAMEWORK FOR THE GOVERNANCE AND MANAGEMENT OF ENTERPRISE IT APEX Learning Content Development Team Information! v Information is a key resource for all enterprises v Information is created, used, retained, disclosed and destroyed v Technology plays a key role in these actions v Technology is becoming pervasive in all aspects of business and personal life What benefits information and technology bring to enterprises? dedoan@gmail.com APEX Learning Content Development Team Enterprise Benefits Enterprises and their executives strive to: v Maintain quality information to support business decisions v Generate business value from IT-enabled investments, i.e., achieve strategic goals and realise business benefits through effective and innovative use of IT v Achieve operational excellence through reliable and efficient application of technology v Maintain IT-related risk at an acceptable level v Optimise the cost of IT services and technology How can these benefits be realised to create enterprise stakeholder value? dedoan@gmail.com APEX Learning Content Development Team What is COBIT? Control Objectives for Information and Related Technology Evolution of scope Governance of Enterprise IT IT Governance Val IT 2.0 Management (2008) Control Risk IT (2009) Audit COBIT1 1996 COBIT2 1998 COBIT3 2000 COBIT4.0/4.1 2005/7 COBIT 5 2012 A BUSINESS FRAMEWORK FOR THE GOVERNANCE AND MANAGEMENT OF ENTERPRISE IT dedoan@gmail.com APEX Learning Content Development Team COBIT Product Family dedoan@gmail.com APEX Learning Content Development Team Meeting Stakeholder needs Separating Governance from Management COBIT 5 Covering the Enterprise End-to-end Principles Enabling a Holistic Approach dedoan@gmail.com Applying a Single Integrated Framework APEX Learning Content Development Team Meeting Stakeholder Needs dedoan@gmail.com APEX Learning Content Development Team Benefits Realisation Stakeholder value of business investments FINANCIAL CUSTOMER INTERNAL Customeroriented service culture Optimisation of business process functionality LEARNING AND GROWTH dedoan@gmail.com Risk Realisation Portfolio of competitive products and services Managed business risk (safeguarding of assets) Business service continuity and availability Agile responses to a changing business environment Optimisation of business process costs Resource Realisation Compliance with external laws and regulations Financial transparency Informationbased strategic decision making Optimisation of service delivery costs Operational and staff productivity Compliance with internal policies Managed business change programmes Skilled and motivated people Product and business innovation culture APEX Learning Content Development Team BUSINESS VALUE FINANCIAL Alignment of IT and business strategy Commitment of executive management for making IT-related decisions IT compliance and support for business compliance with external laws and regulations CUSTOMER INTERNAL LEARNING AND GROWTH dedoan@gmail.com Delivery of IT services in line with business requirements v IT agility v Security of information, processing infrastructure and applications v Optimisation of IT assets, resources and capabilities v IT compliance with internal policies Competent and motivated business and IT personnel Managed ITrelated business risk Transparency of IT costs, benefits and risk Realised benefits from IT-enabled investments and services portfolio Adequate use of applications, information and technology solutions v Delivery of programmes delivering benefits, on time, on budget, and meeting requirements and quality standards v Enablement and support of business processes by integrating applications and technology into business processess Knowledge, expertise and initiatives for business innovation APEX Learning Content Development Team 10 IT-Related Goals Commitment of executive management for making ITrelated decisions Alignment of IT and business P strategy P Realised benefits from ITenabled investments and services portfolio P Transparency of IT costs, benefits and risk dedoan@gmail.com S Portfolio of competitive products and services Managed business risk (safeguarding of assets) Compliance with external laws and regulations Financial transparency Customer-oriented service culture Business service continuity and availability Agile responses to a changing business environment Information-based strategic decision making Optimisation of service delivery costs Optimisation of business process functionality Optimisation of business process costs Managed business change programmes Operational and staff productivity Compliance with internal policies Skilled and motivated people Product and business innovation culture Stakeholder value of business investments Enterprise Goals P IT compliance and support for business compliance with external laws and regulations S Managed IT-related business risk S S P S P S P S APEX Learning Content Development Team P S S P P S P S S S S P S S P P S S S P P P P P P S S S S S S S S S 12 IT-Related Goals dedoan@gmail.com Stakeholder value of business investments Portfolio of competitive products and services Managed business risk (safeguarding of assets) Compliance with external laws and regulations Financial transparency Customer-oriented service culture Business service continuity and availability Agile responses to a changing business environment Information-based strategic decision making Optimisation of service delivery costs Optimisation of business process functionality Optimisation of business process costs Managed business change programmes Operational and staff productivity Compliance with internal policies Skilled and motivated people Product and business innovation culture Enterprise Goals Delivery of programmes delivering benefits, on time, P on budget, and meeting requirements and quality standards S S Availability of reliable and useful information for decision making S S S S S S IT compliance with internal policies Competent and motivated business and IT personnel S S Knowledge, expertise and initiatives for business innovation S P P S S P P S S S P S S S APEX Learning Content Development Team P S P P S P S S P 13 An enterprise has defined for itself a number of strategic goals, of which improving customer satisfaction is the most important From there, it wants to know where it needs to improve in all things related to IT dedoan@gmail.com APEX Learning Content Development Team Enterprise Goals 14 The enterprise decides that setting customer satisfaction as a key priority is equivalent to raising the priority of the following enterprise goals: v Customer –oriented service culture v Business service continuity and availability v Agile responses to a changing business environment dedoan@gmail.com APEX Learning Content Development Team IT-related Goals 15 The enterprise now takes the next step in the goals cascade: analysing which IT-related goals correspond to these enterprise goals A suggested mapping between them is listed in appendix B v Alignment of IT and business strategy v Managed IT-related business risk v Delivery of IT services in line with business requirements v IT agility v Security of information, processing infrastructure and applications v Availability of reliable and useful information for decision making v Knowledge, expertise and initiatives for business innovating dedoan@gmail.com APEX Learning Content Development Team Covering the Enterprise End-to-end 16 Source: COBIT® 5, figure â 2012 ISACAđ All rights reserved Source: COBITđ 5, figure â 2012 ISACAđ All rights reserved dedoan@gmail.com APEX Learning Content Development Team Applying a Single Integrated Framework 17 COBIT aligns with the latest relevant other standards and frameworks used by enterprises: Enterprise: COSO, COSO ERM, ISO/IEC 9000, ISO/IEC 31000 IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, PMBOK/PRINCE2, CMMI dedoan@gmail.com APEX Learning Content Development Team Enabling a Holistic Approach 18 Processes Organization Culture, Ethics and Behaviour Principles, Policies and Frameworks Information Services, Infrastructure and Applications People, Skills and Competencies Resources dedoan@gmail.com APEX Learning Content Development Team Separating Governance From Management 19 dedoan@gmail.com APEX Learning Content Development Team COBIT Process Reference Models 20 37 Processes dedoan@gmail.com APEX Learning Content Development Team 21 dedoan@gmail.com COBIT IMPLEMENTATION APEX Learning Content Development Team COBIT Coverage of Other Standards and Frameworks 22 Evaluate, Direct and Monitor ISO/IEC 38500 Align, Plan, Organize TOGAF ISO/IEC 31000 ISO/IEC 27000 PRINCE2/PMBOK CMMI Build, Acquire and Implement ITIL 2011 and ISO/IEC 20000 dedoan@gmail.com Monitor, Evaluate Deliver, Service and Support and Assess APEX Learning Content Development Team Assessment Overview 23 Process Assessment Model Assessment Process dedoan@gmail.com APEX Learning Content Development Team Process Capability Levels 24 Level Optimizing process Optimizing The process is continuously improved to meet relevant current and projected business goals Predictable The process is enacted consistently within defined limits Established A defined process is used based on a standard process Level 2 PA 2.1 PA 2.2 PA 5.1 PA 5.2 Level 4 PA 4.1 PA 4.2 Level 3 PA 3.1 PA 3.2 Process measurement attribute Process control attribute Process definition attribute Process deployment attribute Managed process Performance management attribute Work product management attribute Process performance attribute Level Incomplete process dedoan@gmail.com Predictable process Established process Level Performed process PA 1.1 Process innovation attribute Process optimization attribute Managed The process is managed and work products are established, controlled and maintained Performed The process is implemented and achieves its process purpose Incomplete The process is not implemented or fails to achieve its purpose APEX Learning Content Development Team Capability Maturity Assessment 25 dedoan@gmail.com APEX Learning Content Development Team 26 Q&A dedoan@gmail.com APEX Learning Content Development Team ... 1996 COBIT2 1998 COBIT3 2000 COBIT4 .0/4.1 20 05/ 7 COBIT 5 2012 A BUSINESS FRAMEWORK FOR THE GOVERNANCE AND MANAGEMENT OF ENTERPRISE IT dedoan@gmail.com APEX Learning Content Development Team COBIT. .. is COBIT? Control Objectives for Information and Related Technology Evolution of scope Governance of Enterprise IT IT Governance Val IT 2.0 Management (2008) Control Risk IT (2009) Audit COBIT1 ... Delivery of IT services in line with business requirements v IT agility v Security of information, processing infrastructure and applications v Optimisation of IT assets, resources and capabilities v IT compliance with internal policies