Presentation is loading. Please wait.

Presentation is loading. Please wait.

Change Management and COBIT®. ISACA London Chapter Presentation

Published byJakov Subotić Modified over 5 years ago

Similar presentations

Presentation on theme: "Change Management and COBIT®. ISACA London Chapter Presentation"— Presentation transcript:

1 Change Management and COBIT®. ISACA London Chapter Presentation
Thursday, April 25th 2002 Charles Mansour CISA ©Charles Mansour

2 Background Change getting from State A to State A’
We’ve seen what Change Management is Now we’ll Look at a Tool which is freely available to all ISACA members can help to control, secure and audit Change Management Systems can be used for Corporate Governance ©Charles Mansour

3 Objectives To Introduce COBIT® As an Audit and GovernanceTool
To look specifically at what COBIT® has to say about Governance and focus on an Audit of Change Management ©Charles Mansour

4 Audience Audit? Change Managers? Security? Other? ©Charles Mansour

5 Signpost Should last about 45 minutes Handouts Questions
©Charles Mansour

6 Introduction to COBIT®.
What it is Why is it there How to use How to get hold of it IT GOVERNANCE A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes. COBIT®. V3 ©Charles Mansour

7 COBIT®. Key Points . The COBIT Framework.
The Framework starts from a simple and pragmatic premise: Maturity Models for control over IT processes Critical Success Factors Key Performance Indicators Key Goal Indicators provides a tool for the business process owner that facilitates the discharge of this responsi-bility. The Framework starts from a simple and pragmatic premise: COBIT provides Maturity Models for control over IT processes, so that management can map where the organisation is today, where it stands in relation to the best-in- class in its industry and to international standards and where the organisation wants to be; Critical Success Factors, which define the most important management-ori-ented implementation guidelines to achieve control over and within its IT processes; Key Goal Indicators, which define measures that tell management—after the fact—whether an IT process has achieved its business requirements; and Key Performance Indicators, which are lead indicators that define measures of how well the IT process is performing in enabling the goal to be reached. ©Charles Mansour

8 Maturity Model 0 Non Existent 1 Initial / Ad Hoc
. 0 Non Existent 1 Initial / Ad Hoc 2 Repeatable but Intuitive 3 Defined Process 4 Managed and Measurable 5 Optimised provides a tool for the business process owner that facilitates the discharge of this responsi-bility. The Framework starts from a simple and pragmatic premise: COBIT provides Maturity Models for control over IT processes, so that management can map where the organisation is today, where it stands in relation to the best-in- class in its industry and to international standards and where the organisation wants to be; Critical Success Factors, which define the most important management-ori-ented implementation guidelines to achieve control over and within its IT processes; Key Goal Indicators, which define measures that tell management—after the fact—whether an IT process has achieved its business requirements; and Key Performance Indicators, which are lead indicators that define measures of how well the IT process is performing in enabling the goal to be reached. ©Charles Mansour

9 Critical Success Factors KGIs, and KPIs
Critical Success Factors, define the most important management-oriented implementation guidelines to achieve control over and within its IT processes; Key Goal Indicators, define measures that tell management—after the fact—whether an IT process has achieved its business requirements Key Performance Indicators, which are lead indicators that define measures of how well the IT process is performing in enabling the goal to be reached. Key Performance Indicators, which are lead indicators that define measures of how well the IT process is performing in enabling the goal to be reached. ©Charles Mansour

10 COBIT®’s Four Domains PO: Planning and Organisation
AI: Acquisition and Implementation DS: Delivery and Support Subject of Change is referenced in all the above sections M: Monitoring ©Charles Mansour

11 Scope of Change Management Process
Everything Because everything can change! (and probably will!) Biggest Changes - Strategic Direction - Business software application and system hardware vendors sourcing ways of doing things Process and procedure updates And DATA ©Charles Mansour

12 Why do We Need to Manage Change?
Cost Quality Continuity Avoid re-work Insurance Control over third parties / partners ©Charles Mansour

13 Change Management - Where
New Systems Systems Development Life Cycles are big Change Management Processes not part of this presentation Enhancements to Existing Systems Main system costs are in this area (80% of system cost is after implementation) Acquisition of Hardware ©Charles Mansour

14 Responsibilities Business (for any business applications or processes)
data and systems ownership IT Security Audit / Risk /Compliance ©Charles Mansour

15 Change Management - COBIT®
What does COBIT® say It’s mainly in Domain AI (Acquisition and Implementation) Section 6: Manage Changes, High Level Sections cover The Business Process The Business Requirements (High Level Control Objectives) How control is achieved Control considerations

16 Contd. What does COBIT® say? At the detailed Audit Level
Detailed Control Objectives How to obtain an understanding of the process How to evaluate controls

17 Contd. What does COBIT® say? At the detailed Audit Level
How to assess compliance with controls

18 Contd. What does COBIT® say? At the detailed Audit Level
How to assess compliance with controls How to substantiate the risk of control objectives not being met

19 Practical Auditing Using COBIT®
Audit Engagement High Level Control Objective High Level Process definition ©Charles Mansour

20 Practical Auditing Using COBIT®
Audit Planning Memorandum Considerations (Audit Scope)

21 Practical Auditing Using COBIT®
Audit Planning Memorandum Detailed Control Objectives ©Charles Mansour

22 Practical Auditing Using COBIT®
Determination ©Charles Mansour

23 Practical Auditing Using COBIT®
Determination - Control Evaluation ©Charles Mansour

24 Practical Auditing Using COBIT®
Compliance Test Plan

25 Practical Auditing Using COBIT®
Substantive Test Plan

26 What’s Changed? E-Business Many Components
Many outside systems or staff Increasing use of outsourcing difficult to implement one change management process focus on synchronising change bottlenecks ©Charles Mansour

27 What’s Changed? Globalisation ISACA IT Control Practice Statements
Systems need to be available 365/24 Timing of change is critical ISACA IT Control Practice Statements Why do it? Control Practices for each control consderation area ©Charles Mansour

28 Reprise We’ve looked at; the role of COBIT®
COBIT® and Corporate Governance structure of the Audit Guidelines how you can use COBIT® in the course of a Change Management Audit What’s changed in Change Management ©Charles Mansour

29 Conclusion Change Management is getting more complex
Auditing Change Management is more challenging Few organisations have single sources of change Basic principles still apply COBIT® provides a sound basis for IT Governance and Control of Change Audit of Change Management Processes Challenge is to sell COBIT® as a Governance tool to our organisation’s IT Executive ©Charles Mansour

30 Useful Websites ISACA Website (for free download of COBIT®)
Survival Guide Website detailedchangeproc.htm#TopLevelContents Change Management Resource Library Audit net Change Management Programme ©Charles Mansour

31 Questions???? ©Charles Mansour

32 Thank you! ©Charles Mansour

Download ppt "Change Management and COBIT®. ISACA London Chapter Presentation"

Similar presentations

A Joint Code of Practice Objectives and Summary Presentation

A Joint Code of Practice Objectives and Summary Presentation
COBIT® 5 for Assurance Introduction

COBIT® 5 for Assurance Introduction
Alignment of Enterprise Governance and IT Governance

Alignment of Enterprise Governance and IT Governance
Strategy 2022: A Holistic View Tony Hayes International President ISACA 2013-2014 © 2012, ISACA. All rights reserved.

Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
COBIT - II.

COBIT - II.
IT Governance Capability Maturity within Government

IT Governance Capability Maturity within Government
Www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.

COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
Safety Management Simon Roberts SMS Programme Manager UK CAA.

Safety Management Simon Roberts SMS Programme Manager UK CAA.
1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.

1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.
Enterprise Architecture

Enterprise Architecture
Welcome ISO9001:2000 Foundation Workshop.

Welcome ISO9001:2000 Foundation Workshop.
COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.

COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.
Chapter Nine Conducting the IT Audit. Audit Standards AICPA — Statements of Auditing Standards (SASs) AICPA — Statements of Auditing Standards (SASs)

Chapter Nine Conducting the IT Audit. Audit Standards AICPA — Statements of Auditing Standards (SASs) AICPA — Statements of Auditing Standards (SASs)
Introduction to IT Auditing

Introduction to IT Auditing
1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, 12-13 October 2009 Introduction to IT audits PART II IT.

1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, October 2009 Introduction to IT audits PART II IT.
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.

Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
IT GOVERNANCE FRAMEWORK

IT GOVERNANCE FRAMEWORK

Similar presentations

Ads by Google