Presentation is loading. Please wait.

Presentation is loading. Please wait.

Page 1 COBIT Introductory Workshop Excerpts from University of Calgary IT Session entitled Introduction to COBIT, its Role in IT Governance and How to.

Similar presentations


Presentation on theme: "Page 1 COBIT Introductory Workshop Excerpts from University of Calgary IT Session entitled Introduction to COBIT, its Role in IT Governance and How to."— Presentation transcript:

1 Page 1 COBIT Introductory Workshop Excerpts from University of Calgary IT Session entitled Introduction to COBIT, its Role in IT Governance and How to Apply it In UCIT From June 5, 2009

2 Page 2 2 Workshop Agenda General Overview and Background of COBIT Rationale for Using COBIT at the UofC COBIT Foundations COBIT vs. Other Frameworks Practical Application of COBIT at the UofC This excerpt covers the 1 st two points COBIT Introductory Workshop Page 1

3 Page 3 General Overview and Background of COBIT COBIT Introductory Workshop Page 2

4 Page 4 First: A Little Bit on Governance COBIT Introductory Workshop Page 3

5 Page 5 Enterprise governance is a set of responsibilities and practices exercised by the board and executive management with the goals of: Providing strategic direction Ensuring that defined objectives are achieved Ensuring that risks are managed appropriately Applying enterprises resources responsibly Effective and efficient Enterprise Governance ©2007 IT Governance Institute COBIT Introductory Workshop Page 5

6 Page 6 Organisations require a structured approach for managing these and other challenges. This will ensure that there are agreed objectives for IT, good management controls in place and effective monitoring of performance to keep on track and avoid unexpected outcomes. Keeping IT Running Security Value/Cost Managing Complexity Aligning IT with Business Regulatory Compliance Organizational Challenges Relating to IT COBIT Introductory Workshop Page 6

7 Page 7 What is IT Governance? Ensuring IT is aligned to and leveraged to help address enterprise needs Decision making that leads to better alignment of IT and the business IT delivering more business value IT resources are used responsibly IT risks are managed appropriately COBIT Introductory Workshop Page 7

8 Page 8 Enterprise governance is about : Conformance Adhering to legislation, internal policies, audit requirements, etc. Performance Improving profitability, efficiency, effectiveness, growth, etc. Governance is About Balance Both Enterprise governance and IT governance require a balance between conformance and performance goals directed by the board. Performance Conformance ©2007 IT Governance Institute COBIT Introductory Workshop Page 8

9 Page 9 IT governance is: The responsibility of the board of directors and executive management An integral part of enterprise governance, consisting of the leadership, organizational structures and processes that ensure that the enterprises IT sustains and extends the organizations strategies and objectives IT Governance, as Defined by IT Governance Institute (ITGI) PERFORMANCE MEASUREMENT RESOURCE MANAGEMENT RISK MANAGEMENT VALUE DELIVERY STRATEGIC ALIGNMENT COBIT Introductory Workshop Page 9

10 Page 10 IT Governance Domains Value delivery Focuses on ensuring the linkage of business and IT plans and on aligning IT operations with enterprise operations IT delivers the promised benefits against the strategy, concentrating on optimizing costs and proving the intrinsic value of IT Is about the optimal investment in, and the proper management of, critical IT resources: applications, information, infrastructure and people Senior managements appetite for risk, compliance requirements, transparency about the significant risks to the organisation Tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery to achieve goals measurable beyond conventional accounting Performance measurement Risk management Resource management Strategic alignment ©2007 IT Governance Institute COBIT Introductory Workshop Page 10

11 Page 11 ©2007 IT Governance Institute IT Governance Stakeholders Business management Set direction for IT, monitor key results and insist on corrective measures Defines business requirements for IT and ensures that value is delivered and risks are managed Delivers and improves IT services as required by the business Provides independent assurance to demonstrate that IT delivers what is needed Measures compliance with related policies and focuses on identification/mitigation of new risks Risk and compliance IT audit IT management Board and executive COBIT Introductory Workshop Page 11

12 Page 12 COBIT is a controls framework that supports IT Governance COBIT stands for Control Objectives for Information and Related Technology. It was created by ISACA (Information Systems Audit and Control Association) in 1996 Initially created to define control objectives for business applications It has evolved in Version 4.1 into a governance framework Now owned by the IT Governance Institute (ITGI) The COBIT framework was created with the main characteristics: Business-focused Process-oriented Controls-based Measurement-driven So what is COBIT? COBIT Introductory Workshop Page 13

13 Page 13 Is freely downloadable Has internationally accepted good practices Is management-oriented Is supported by tools and training Allows the knowledge of expert volunteers to be shared and leveraged Continually evolves and is maintained by a reputable not-for-profit organisation Maps strongly to all major, related standards and audit practices However: Is a reference, not an off-the-shelf cure Enterprises still need to analyse control requirements and customise C OBI T based on their: Value drivers Risk profile IT infrastructure, organisation and project portfolio Key Characteristics of COBIT COBIT Introductory Workshop Page 14

14 Page 14 History of COBIT Governance C OBI T C OBI T 3 Management 2000 C OBI T 2 Control 1998 C OBI T 1 Audit 1996 Evolution Page 14 COBIT Introductory Workshop Page 15

15 Page 15 An organisation depends on reliable and timely data and information. COBIT components provide a comprehensive framework for delivering value while managing risk and control over data and information. Business Strategy Information Criteria IT Resources IT Processes Links to Business Strategy COBIT Introductory Workshop Page 16

16 Page 16 COBIT Framework The COBIT Cube Information Criteria IT Resources IT Processes COBIT Introductory Workshop Page 17

17 Page 17 The COBIT framework is based on the premise that IT needs to deliver the information that an enterprise requires to achieve its objectives. i IT Resources and Processes Information Business Processes Business Objectives provide to for achieving The COBIT framework helps align IT with the business by focusing on business information requirements and organising IT resources. COBIT provides the framework and guidance to implement IT governance. Basic Concepts COBIT Introductory Workshop Page 18

18 Page 18 C OBI T: It provides tools that both support effectiveness and enable audit Starts from business requirements Is process-oriented, organising IT activities into a generally accepted process model Identifies the major IT resources to be leveraged Defines the management control objectives to be considered Maps all the way to measurements – performance, audit, maturity Incorporates major standards and has become the de facto standard for overall control of IT COBIT helps bridge the gaps between business risks, control needs and technical issues. It provides good practices across a domain and process framework and presents activities in a manageable and logical structure. IT resources need to be managed by a set of naturally grouped processes. COBIT provides a framework that achieves this objective. What Does it do? COBIT Introductory Workshop Page 19

19 Page 19 Organisations will consider and use a variety of IT models, standards and best practices. These must be understood in order to consider how they can be used together, with C OBI T acting as the consolidator (umbrella). C OBI T ISO 9000 ISO 27001/002 ITIL COSO WHAT HOW SCOPE OF COVERAGE COBIT vs Other Frameworks COSO – Committee of Sponsoring Agencies of the Treadway Commission – Internal Control Integrated Framework – focused on business controls ISO 27001/002 – Information Security Policy ISO 9000 – Family of standards for Quality Management COBIT Introductory Workshop Page 20 Others

20 Page 20 PERFORMANCE: Business Goals CONFORMANCE Basel II, Sarbanes- Oxley Act, etc. Enterprise Governance IT Governance ISO 9001:2000 ISO 27001/002 ISO Best Practice Standards Lean Six Sigma Processes and Procedures Drivers C OBI T COSO Security Principles ITSM Balanced Scorecard ITDDM PMBOK TOGAF, others Others Another View COBIT Introductory Workshop Page 21 ITDDM stands for IT Definition and Delivery Method – used at the UofC as a standard methodology for project initiatives

21 Page 21 Rationale for Using COBIT at the UofC COBIT Introductory Workshop Page 22

22 Page 22 How do most research universities govern the large and rapidly evolving set of information technology initiatives that take place on their campuses? ANSWER: Inefficiently, ineffectively and not as well as they should. ~ Source: Educause – IT Governance in Higher Education 2006 ~ Were Not Alone COBIT Introductory Workshop Page 23

23 Page 23 Some of the advantages of adopting COBIT are: COBIT is aligned with and can be used with other standards and good practices COBITs framework and supporting best practices provide a well-managed and flexible IT environment in an organisation. COBIT provides a control environment that is responsive to business needs and serves management and audit functions in terms of their control responsibilities. COBIT provides tools to help manage and measure IT activities. COBIT is used by the Provincial Auditors in their annual audit review COBIT has been selected by Alberta Advanced Education & Technology as a target control framework for Post Secondary Institutions Target maturity level defined as 3 within 3 years Why COBIT? COBIT Introductory Workshop Page 24

24 Page 24 COBIT brings the following advantages to an IT governance implementation effort: Enables mapping of IT goals to business goals and vice versa Better alignment, based on a business focus A view of what IT does that is understandable to management Clear ownership and responsibilities based on process orientation General acceptability with third parties and regulators Shared understanding amongst all stakeholders, based on a common language Fulfilment of the COSO requirements for the IT control environment Performance Conformance How it Supports IT Governance? COBIT Introductory Workshop Page 25

25 Page 25 COBIT focuses on improving IT governance in organisations. COBIT provides a framework to manage and control IT activities and supports five requirements for a control framework. Exploring the Key Benefits Has general acceptability amongst organisations Helps meet regulatory requirements Control Framework Defines a common language Ensures process orientation Provides sharper business focus COBIT Introductory Workshop Page 26

26 Page 26 C OBI T achieves sharper business focus by aligning IT with business objectives. The measurement of IT performance should focus on ITs contribution to enabling and extending the business strategy. C OBI T, supported by appropriate business-focused metrics, can ensure that the primary focus is value delivery and not technical excellence as an end in itself. Has general acceptability amongst organisations Defines a common language Ensures process orientation Helps meet regulatory requirements Control Framework Sharper Business Focus Provides sharper business focus COBIT Introductory Workshop Page 27

27 Page 27 When organisations implement COBIT, their focus is more process- oriented. Incidents and problems no longer divert attention from processes. Exceptions can be clearly defined as part of standard processes. With process ownership defined, assigned and accepted, the organisation is better able to maintain control through periods of rapid change or organisational crisis. Has general acceptability amongst organisations Defines a common language Helps meet regulatory requirements Ensures process orientation Control Framework Process Orientation Provides sharper business focus COBIT Introductory Workshop Page 28

28 Page 28 COBIT is a proven and globally accepted standard for increasing the contribution of IT to organisational success. Coming soon to a campus near us The framework continues to improve and develop to keep pace with good practices. IT professionals from all over the world contribute their ideas and time to regular review meetings. Has general acceptability amongst organisations Defines a common language Helps meet regulatory requirements Provides sharper business Ensures process orientation Control Framework focus General Acceptability COBIT Introductory Workshop Page 29

29 Page 29 Recent corporate scandals have increased regulatory pressures on boards of directors to report their status and ensure that internal controls are appropriate. This pressure covers IT controls as well. Organisations constantly need to improve IT performance and demonstrate adequate controls over their IT activities. Many IT managers, advisors and auditors are turning to COBIT as the de facto response to regulatory IT requirements. Has general acceptability amongst organisations Defines a common language Provides sharper business Ensures process orientation Helps meet regulatory requirements Control Framework focus Regulatory Requirements COBIT Introductory Workshop Page 30

30 Page 30 In the Auditor General's April 2008 public report, he recommended: "...that the Department of Advanced Education and Technology give guidance to public post-secondary Institutions on using an IT control framework to develop control processes that are well-designed, efficient, and effective" The following excerpt was taken from the OAGs audit plan for AET: 8.3 IT Controls framework for post-secondary institutions We understand the Department is working, through the Alberta Associations of Higher Education Information Technology, with Institutions to develop an IT Control Framework for Institutions. We support this initiative and will work with the Department to determine the progress made. This will also allow us to determine the extent and timing of work to perform at individual Institutions. Working with PSIs, the Provincial PSI ITM Control Framework will provide a holistic functional perspective built on guidance and requirements of: CoBIT 4.1 as published by the IT Governance Institute (Level 3 maturity targeted) General Computer Controls Review (GCCR) as published by the OAG Legislation / Regulation (FOIP, etc.) Other International Standards (ITIL, ISO27002, etc.) Specific institutional needs and interdependencies Existing principles and governance Regulatory Requirements (cont.) COBIT Introductory Workshop Page 31

31 Page 31 A framework helps get everybody on the same page by defining critical terms and providing a glossary. Co-ordination within and across project teams and organisations can play a key role in the success of any project. Common language helps build confidence and trust. Has general acceptability amongst organisations Provides sharper business Ensures process orientation Defines a common language Helps meet regulatory requirements Control Framework focus Common Language COBIT Introductory Workshop Page 32

32 Page 32 References/Sources IT Governance Institute - ISACA - COBIT Introductory Workshop Page 3


Download ppt "Page 1 COBIT Introductory Workshop Excerpts from University of Calgary IT Session entitled Introduction to COBIT, its Role in IT Governance and How to."

Similar presentations


Ads by Google