Scribd Logo
Upload

Welcome to Scribd!

  • Barry Lewis - Using Not Implementing COBIT 5

    Uploaded by

    Anonymous 9d1jFv
    55 views21 pages
    cobit

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    cobit

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    55 views21 pages

    Barry Lewis - Using Not Implementing COBIT 5

    Uploaded by

    Anonymous 9d1jFv
    cobit

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    Using, Not Implementing,

    COBIT 5

    Barry D. Lewis, CISSP, CISM, CRISC, CGEIT


    lewisb@Cerberus-isc.com
    Why Use and Not Implement?
    Difficulty obtaining senior management buy-
    in:
    Budget
    Staffing
    Timing
    Benefits
    Reluctance to undergo a large project
    Inability to define benefits
    (C) Cerberus ISC Inc. 2015 3
    Why Use and Not Implement?

    Implementing COBIT requires a sound business


    case with:
    Effective sponsorship
    Proper scope
    Involvement of key stakeholders
    Defined business benefits
    Understandable costs
    Defined risks

    (C) Cerberus ISC Inc. 2015 4


    Why Use and Not Implement?

    Using COBIT requires:


    Copy of the product
    Desire to improve governance
    Understanding of ways to get benefits quickly
    Desire to improve:
    Understanding
    Audit techniques
    Areas of weakness
    Overall governance

    (C) Cerberus ISC Inc. 2015 5


    COBIT Helps

    Courtesy: http://www.isaca.org/COBIT/Pages/COBIT5Newsroom.aspx

    (C) Cerberus ISC Inc. 2015 6


    COBIT Helps
    Reduced costs
    IT-business alignment
    The benefits realization of IT investments
    The ability to meet regulatory and
    compliance requirements
    Reduced IT-related business risk

    (C) Cerberus ISC Inc. 2015 7


    COBIT Helps
    Recognised around the world
    The Federal Government of Nigeria
    South African Government
    Government of Alberta Canada
    The U.S. Postal Service
    Government of Kerala, India
    National Audit Office of the Lithuanian Republic
    European Union
    Superintendencia Financiera de Colombia
    Regulator
    (C) Cerberus ISC Inc. 2015 8
    Using COBIT for gap analysis
    The COBIT Processes are an ideal high level
    objective for a governance gap analysis
    Create a list of the processes with their descriptions
    and goals
    Use a workshop format
    Have appropriate representation of business, IT and
    senior management
    Obtain a general understanding of the enterprises
    compliance with each governance process
    Determine priorities to close out gaps

    (C) Cerberus ISC Inc. 2015 9


    Using COBIT for gap analysis
    Create a list of the processes with their
    descriptions and goals

    (C) Cerberus ISC Inc. 2015 10


    Using COBIT for gap analysis
    The COBIT Practices offer more detailed
    objectives for gap analysis
    Create a list of the 210 practices with their
    descriptions
    Use a workshop format
    Have appropriate representation of business, IT and
    senior management
    Obtain a general understanding of the enterprises
    compliance with each practice area
    Determine priorities to close out gaps

    (C) Cerberus ISC Inc. 2015 11


    Using COBIT for gap analysis
    The COBIT Activities offer very detailed
    objectives for gap analysis
    Create a list of the 1,111 activities
    Use a workshop format
    Have appropriate representation of business and IT
    Obtain a general understanding of the enterprises
    compliance with each activity
    Determine priorities to close out gaps

    (C) Cerberus ISC Inc. 2015 12


    Using COBIT for more breadth
    The COBIT Enablers offer a more holistic approach to
    ensuring governance is in place
    Ensures coverage of all aspects, not just processes
    Principles, Policies and Frameworks
    Organizational Structures
    Culture, Ethics and Behavior
    Information
    Services, Infrastructure and Applications
    People, Skills and Competencies

    (C) Cerberus ISC Inc. 2015 13


    Using COBIT for better results
    COBIT Enablers
    Use enablers during projects
    Are you considering key aspects of Policies and Frameworks?
    Are the right processes in place?
    Will your organizational structures (key decision makers) help or
    hinder?
    Are you ensuring that your businesss culture, ethics and
    behaviour are considered?
    Does everyone have the right information?
    Can your services, infrastructure and Applications support your
    project adequately?
    Are you updating the people, skills and competencies necessary
    to ensure success?

    (C) Cerberus ISC Inc. 2015 14


    Using COBIT for translation
    Enable better communication between Business and IT
    Manage the language of IT and the very different language of
    business
    Use parts of the COBIT Goals Cascade
    The Enterprise Goals
    The IT Goals
    The enterprise goals cascade down to the IT goals which then
    cascade into COBIT
    Obtain business and IT approval of the lists
    Understand how an enterprise goal relies on an IT goal (or two or three)
    When talking to the business relate your IT goal to a specific enterprise goal
    so they understand in their terms
    Do vice-versa when trying to relate business goals to IT staff

    (C) Cerberus ISC Inc. 2015 15


    Using COBIT for translation

    (C) Cerberus ISC Inc. 2015 16


    Using COBIT for solving needs
    By listening to
    stakeholder complaints,
    one can learn their key
    issues.
    Focus on the key COBIT
    processes that will help
    reduce or eliminate
    those needs

    (C) Cerberus ISC Inc. 2015 17


    Using COBIT for solving needs
    Stakeholder Need -
    Am I running an efficient and resilient operation?
    Maps to Enterprise Goal(s)
    5 Financial Transparency
    7 Business service continuity and availability
    Maps to IT Goal(s)
    6 - Transparency of IT costs, benefits and risk
    4 - Managed IT-related business risk
    10 - Security of information, processing infrastructure and applications
    EG7
    14 - Availability of reliable and useful information for decision making

    These then map to COBIT Processes


    EDM02,3,5 APO06,12,13 etc

    (C) Cerberus ISC Inc. 2015 18


    Using COBIT
    This session showed you multiple ways to use COBIT without
    implementing
    You can pick and choose as your needs dictate
    Not necessary to do business case or sell to senior management
    A tool to use

    Do a detailed audit or gap analysis


    Get better results from your projects
    Translate business talk to IT talk (or vice-versa)
    Solve stakeholder needs

    (C) Cerberus ISC Inc. 2015 19


    Thank You!
    Please complete evaluation forms

    For More Information..


    Contact:
    lewisb@cerberus-isc.com
    www.cerberus-isc.com

    20

    You might also like