lewisb@Cerberus-isc.com Why Use and Not Implement? Difficulty obtaining senior management buy- in: Budget Staffing Timing Benefits Reluctance to undergo a large project Inability to define benefits (C) Cerberus ISC Inc. 2015 3 Why Use and Not Implement?
Implementing COBIT requires a sound business
case with: Effective sponsorship Proper scope Involvement of key stakeholders Defined business benefits Understandable costs Defined risks
(C) Cerberus ISC Inc. 2015 4
Why Use and Not Implement?
Using COBIT requires:
Copy of the product Desire to improve governance Understanding of ways to get benefits quickly Desire to improve: Understanding Audit techniques Areas of weakness Overall governance
COBIT Helps Reduced costs IT-business alignment The benefits realization of IT investments The ability to meet regulatory and compliance requirements Reduced IT-related business risk
(C) Cerberus ISC Inc. 2015 7
COBIT Helps Recognised around the world The Federal Government of Nigeria South African Government Government of Alberta Canada The U.S. Postal Service Government of Kerala, India National Audit Office of the Lithuanian Republic European Union Superintendencia Financiera de Colombia Regulator (C) Cerberus ISC Inc. 2015 8 Using COBIT for gap analysis The COBIT Processes are an ideal high level objective for a governance gap analysis Create a list of the processes with their descriptions and goals Use a workshop format Have appropriate representation of business, IT and senior management Obtain a general understanding of the enterprises compliance with each governance process Determine priorities to close out gaps
(C) Cerberus ISC Inc. 2015 9
Using COBIT for gap analysis Create a list of the processes with their descriptions and goals
(C) Cerberus ISC Inc. 2015 10
Using COBIT for gap analysis The COBIT Practices offer more detailed objectives for gap analysis Create a list of the 210 practices with their descriptions Use a workshop format Have appropriate representation of business, IT and senior management Obtain a general understanding of the enterprises compliance with each practice area Determine priorities to close out gaps
(C) Cerberus ISC Inc. 2015 11
Using COBIT for gap analysis The COBIT Activities offer very detailed objectives for gap analysis Create a list of the 1,111 activities Use a workshop format Have appropriate representation of business and IT Obtain a general understanding of the enterprises compliance with each activity Determine priorities to close out gaps
(C) Cerberus ISC Inc. 2015 12
Using COBIT for more breadth The COBIT Enablers offer a more holistic approach to ensuring governance is in place Ensures coverage of all aspects, not just processes Principles, Policies and Frameworks Organizational Structures Culture, Ethics and Behavior Information Services, Infrastructure and Applications People, Skills and Competencies
(C) Cerberus ISC Inc. 2015 13
Using COBIT for better results COBIT Enablers Use enablers during projects Are you considering key aspects of Policies and Frameworks? Are the right processes in place? Will your organizational structures (key decision makers) help or hinder? Are you ensuring that your businesss culture, ethics and behaviour are considered? Does everyone have the right information? Can your services, infrastructure and Applications support your project adequately? Are you updating the people, skills and competencies necessary to ensure success?
(C) Cerberus ISC Inc. 2015 14
Using COBIT for translation Enable better communication between Business and IT Manage the language of IT and the very different language of business Use parts of the COBIT Goals Cascade The Enterprise Goals The IT Goals The enterprise goals cascade down to the IT goals which then cascade into COBIT Obtain business and IT approval of the lists Understand how an enterprise goal relies on an IT goal (or two or three) When talking to the business relate your IT goal to a specific enterprise goal so they understand in their terms Do vice-versa when trying to relate business goals to IT staff
(C) Cerberus ISC Inc. 2015 15
Using COBIT for translation
(C) Cerberus ISC Inc. 2015 16
Using COBIT for solving needs By listening to stakeholder complaints, one can learn their key issues. Focus on the key COBIT processes that will help reduce or eliminate those needs
(C) Cerberus ISC Inc. 2015 17
Using COBIT for solving needs Stakeholder Need - Am I running an efficient and resilient operation? Maps to Enterprise Goal(s) 5 Financial Transparency 7 Business service continuity and availability Maps to IT Goal(s) 6 - Transparency of IT costs, benefits and risk 4 - Managed IT-related business risk 10 - Security of information, processing infrastructure and applications EG7 14 - Availability of reliable and useful information for decision making
These then map to COBIT Processes
EDM02,3,5 APO06,12,13 etc
(C) Cerberus ISC Inc. 2015 18
Using COBIT This session showed you multiple ways to use COBIT without implementing You can pick and choose as your needs dictate Not necessary to do business case or sell to senior management A tool to use
Do a detailed audit or gap analysis
Get better results from your projects Translate business talk to IT talk (or vice-versa) Solve stakeholder needs