The document provides an overview of COBIT 5, which is a framework that helps enterprises create optimal value from IT by balancing benefits realization, risk optimization, and resource optimization. It discusses the key principles of COBIT 5, which include meeting stakeholder needs, covering the enterprise end-to-end, applying a single integrated framework, enabling a holistic approach, and separating governance from management. The document also describes the goals cascade process and different components of the COBIT 5 framework such as processes, organizational structures, culture and information.
The document provides an overview of COBIT 5, which is a framework that helps enterprises create optimal value from IT by balancing benefits realization, risk optimization, and resource optimization. It discusses the key principles of COBIT 5, which include meeting stakeholder needs, covering the enterprise end-to-end, applying a single integrated framework, enabling a holistic approach, and separating governance from management. The document also describes the goals cascade process and different components of the COBIT 5 framework such as processes, organizational structures, culture and information.
The document provides an overview of COBIT 5, which is a framework that helps enterprises create optimal value from IT by balancing benefits realization, risk optimization, and resource optimization. It discusses the key principles of COBIT 5, which include meeting stakeholder needs, covering the enterprise end-to-end, applying a single integrated framework, enabling a holistic approach, and separating governance from management. The document also describes the goals cascade process and different components of the COBIT 5 framework such as processes, organizational structures, culture and information.
Simply stated, it helps enterprises create optimal value from IT by
maintaining a balance between realising benefits and optimising risk levels and resource use. Executive Summary Information is a key resource for all enterprises, and from the time that information is created to the moment that it is destroyed, technology plays a significant role. As a result, today, more than ever, enterprises and their executives strive to: Maintain high-quality information to support business decisions. Generate business value from IT-enabled investments, i.e., achieve strategic goals and realise business benefits through effective and innovative use of IT. Achieve operational excellence through the reliable and efficient application of technology. Maintain IT-related risk at an acceptable level. Optimise the cost of IT services and technology. Comply with ever-increasing relevant laws, regulations, contractual agreements and policies. 2 CoBIT 5 Principals 3 CoBIT 5 Principals 1. Meeting Stakeholder Needs 2. Covering the Enterprise end to end 3. Applying a single integrated framework 4.Enable a Holistic Approach 5. Separating Governance from Management Principle 1: Meeting Stakeholder Needs 4 Stakeholder Needs Drive Governance Objective: Value Creation Benefits Realisation Risk Optimisation Resource Optimisation Value creation means realising benefits at an optimal resource cost while optimising risk. COBIT 5 Goals Cascade 5 Step 1. Stakeholder Drivers Influence Stakeholder Needs Stakeholder needs are influenced by a number of drivers, e.g., strategy changes, a changing business and regulatory environment, and new technologies.
Step 2. Stakeholder Needs Cascade to Enterprise Goals Stakeholder needs can be related to a set of generic enterprise goals. These enterprise goals have been developed using the balanced scorecard (BSC).
Step 3. Enterprise Goals Cascade to IT-related Goals Achievement of enterprise goals requires a number of IT-related outcomes,2 which are represented by the IT- related goals. IT-related stands for information and related technology, and the IT-related goals are structured along the dimensions of the IT balanced scorecard (IT BSC)
Step 4. IT-related Goals Cascade to Enabler Goals Achieving IT-related goals requires the successful application and use of a number of enablers COBIT 5 Goals Cascade 6 Enterprise Goals IT related Goals Enabler Goals CoBIT 7 CoBIT ( What you need to do) I T I L
P R I N C E
2
P I M B O K
T O G A F
I S O
2 0 0 0 1
HOW TO DO IT. Enterprise Balanced Scorecard 8 P = Primary Relationship
S = Secondary Relationship IT-Related Goals Balanced Scorecard 9 Principle 2: Covering the Enterprise End-to-end COBIT 5 Integrates governance of enterprise IT into enterprise governance. That is, the governance system for enterprise IT proposed by COBIT 5 integrates seamlessly in any governance system. Covers all functions and processes required to govern and manage enterprise information and related technologies wherever that information may be processed. COBIT 5 addresses all the relevant internal and external IT services, as well as internal and external business processes.
10 End-to-end Governance Approach 11 Governance Enablers Governance enablers are the organisational resources for governance, such as frameworks, principles, structures, processes and practices, through or towards which action is directed and objectives can be attained. Enablers also include the enterprises resourcese.g., service capabilities (IT infrastructure, applications, etc.), people and information. A lack of resources or enablers may affect the ability of the enterprise to create value.
Governance Scope Governance can be applied to the entire enterprise, an entity, a tangible or intangible asset, etc. That is, it is possible to define different views of the enterprise to which governance is applied, and it is essential to define this scope of the governance system well.
Roles, Activities and Relationships A last element is governance roles, activities and relationships. It defines who is involved in governance, how they are involved, what they do and how they interact, within the scope of any governance system. End-to-end Governance Approach 12 Governance Enablers Governance Scope Roles, Activities and Relationships Owners and Stakeholders Management Governing Body Operations And Execution Delegate Accountable Monitor Set Direction Report Instruct & Align Principle 3: Applying a Single Integrated Framework COBIT 5 is a single and integrated framework because: 1. It aligns with other latest relevant standards and frameworks, and thus allows the enterprise to use COBIT 5 as the overarching governance and management framework integrator. 2. It is complete in enterprise coverage, providing a basis to integrate effectively other frameworks, standards and practices used. 3. A single overarching framework serves as a consistent and integrated source of guidance in a nontechnical, technology-agnostic common language. 4. It provides a simple architecture for structuring guidance materials and producing a consistent product set. 5. It integrates all knowledge previously dispersed over different ISACA frameworks. 13 Principle 4: Enabling a Holistic Approach 14 Principles, policies and frameworks are the vehicle to translate the desired behaviour into practical guidance for day-to-day management. Processes describe an organised set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals. Organisational structures are the key decision-making entities in an enterprise. Culture, ethics and behaviour of individuals and of the enterprise are very often underestimated as a success factor in governance and management activities. Information is pervasive throughout any organisation and includes all information produced and used by the enterprise. Information is required for keeping the organisation running and well governed. Services, infrastructure and applications include the infrastructure, technology and applications that provide the enterprise with information technology processing and services. People, skills and competencies are linked to people and are required for successful completion of all activities and for making correct decisions and taking corrective actions. (7 Enablers) MetadataInformation Cycle 15 (Information Enabler) IT Process Business Process Data Information Knowledge Value Drive Transform Create Transform Generate & Process Principles, Policies And Frameworks Principles The organisations core values Frameworks Provide a structure to define consistence guidance. Policies Detailed guidance, putting principles into practice. 16 Principles, policies and frameworks are the vehicle to translate the desired behaviour into practical guidance for day-to-day management. Principle 5: Separating Governance From Management
Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritisation and decision making; and monitoring performance and compliance against agreed-on direction and objectives.
Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives. 17 VS (E.D.M: Evaluate , Direct, Monitor) (P.B.R.M: Plan, Build, Run & Monitor) Principle 5: Separating Governance From Management 18 (E.D.M: Evaluate , Direct, Monitor) (P.B.R.M: Plan, Build, Run & Monitor) Enabler Common Dimensions Model 19 Enabler Common Dimensions Model 20 Enabler Stakeholders Gaols Life Cycle Good Practices Processes Staff Management Business partners Customers Consistently control the conversion of org inputs (which can be other processes) into desired outputs with the influence of enterprise policies and procedures Based on the Goals Cascade 1. Defined 2. Created 3. Operated 4. Monitored 5. Adjusted / Updated 6. Retired Org. Structures Staff Management
1. Defined 2. Created 3. Operated 4. Monitored 5. Adjusted / Updated 6. Retired Escalation procedures Delegation of authority Span of control Level of authority Culture, Ethics & Behaviour Staff Management Business partners Customers Guide individual and enterprise behaviour to archive maximum value creation. Learn from mistakes 1. Defined 2. Created 3. Operated 4. Monitored 5. Adjusted / Updated 6. Retired Communication Enforcement Incentives and rewards Rules and Norms Champions Information Staff Management Business partners Customers Volunteers Regulators Shareholders Effectiveness Efficiency Integrity Availability Confidentiality Compliance 1. Business IT Processes generate & Process Data into Information. 2. Information is transformed into Knowledge. 3. Knowledge creates value. 4. Value drives Business IT processes(see No.1) Physical (Carrier, Media) Empirical (User Interface) Syntactic (Language, Format) Semantic (Meaning), Type, Currency, Level Pragmatic (Use), Includes Retention, Status, Contingency, Novelty Social (Context) Principles Policies and Frameworks Staff Management Regulators Customers Board Members Support enterprise gaols Frameworks create consistent view of policies and offer a structure for policy maintenance. 1. Create 2. Review 3. Amend 4. Dispose
People, Skill and Competencies Staff Management Business partners Customers Shareholders Elevate educational qualifications and tech. skills level of staff Retain Industry Knowledge 1. Defined 2. Created 3. Operated 4. Monitored 5. Adjusted / Updated 6. Retired Define skills requirements Refine skills categories into levels (trainee, Expert, etc) Maintain skills description Services, Infrastructure And Applications Staff Management Business partners Customers Shareholders Applications Infrastructure Technology Service levels 1. Defined 2. Created 3. Operated 4. Monitored 5. Adjusted / Updated 6. Retired Define architecture principles Define architecture viewpoints Target transition Baselines THE END Contact: Samuel Mandebvu +27 72 924 4238 sam@zimeletechnologies.com