introducing cobit 5-may2012_v1.0
DESCRIPTION
I had the honor of presenting an Introduction to COBIT 5 at the Rocky Mountain Information Security Conference on May 18, 2012 in Denver, Colorado. This is the deck I used.TRANSCRIPT
![Page 1: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/1.jpg)
Slide HeadingIntroducing COBIT® 5
Bob Frelinger, CGEITMay 18, 2012
![Page 2: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/2.jpg)
Learning Objectives
Appreciate the Background Behind COBIT® 5
Understand the Five COBIT® 5 Principles
Understand the Seven COBIT® 5 Enablers
Know How to Navigate the “COBIT® 5” framework document
Know How to Navigate “COBIT® 5: Enabling Processes”
![Page 3: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/3.jpg)
What’s Behind COBIT® 5
Some History…
![Page 4: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/4.jpg)
What’s Behind COBIT® 5
References and Influencers…
Existing ISACA/ITGI Material:COBIT 4.1
Val ITRisk ITBMIS
IT Assurance FrameworkBoard Briefing on IT Governance
ISO Standards:IT Service Management
Quality ManagementRisk Management
Information Security Risk ManagementCorporate Governance of Information Technology
Process AssessmentBritish Standards:
Business Continuity Management
COBIT 5 Product Family
APM Introduction to Programme Management (UK)
Federal Enterprise Architecture (FEA) (USA)
The [European] Commission Enterprise IT Architecture
Framework (CEAF) (Belgium)
TOGAF® 9PMBOK2®
OGC (UK) Best Management Practice PortfolioManaging Successful Programmes (MSP)PRINCE2®
Information Technology Infrastructure Library (ITIL®),
Leading Change by John Kotter
King Code of Governance Principles (King III) (South Africa)
OECD Principles of Corporate Governance
(France)
Combined Code on Corporate Governance’ (UK)
BABOK® Guide
Balanced Scorecard
COSO
![Page 5: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/5.jpg)
What’s Behind COBIT® 5
Global Expertise and Collaboration…
• Overseen by the ISACA/ITGI Framework Committee (FC)
• Research results were quality-controlled throughout the development process.
• Preliminary research involved several COBIT development groups based around the world.
• Before being issued, the draft documents were distributed to more than 100 subject matter experts around the world to obtain their professional review comments.
• Once ready, draft versions of COBIT 5 and COBIT 5: Enabling Processes were made available to the general public. Thousands of comments were received.
![Page 6: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/6.jpg)
Source: Global Status Report on the Governance of Enterprise IT (GEIT) – 2011. Rolling Meadows, IL: ISACA & ITGI, 2011.
Importance of IT to the Delivery
of Business Strategy and Vision
Importance of IT
![Page 7: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/7.jpg)
Why & What is COBIT® 5
Enterprises, large and small, commercial, not-for-profit or public sector, must create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use.
Information and related technology needs to:• Be governed and managed in a holistic manner for the entire
enterprise, • Take in the full end-to-end business and IT functional areas of
responsibility, • Consider the IT-related interests of internal and external
stakeholders
The Business Case…
A BUSINESS FRAMEWORK FOR THE GOVERNANCE AND MANAGEMENT OF ENTERPRISE IT
![Page 8: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/8.jpg)
IT-Related Issues
Source: Global Status Report on the Governance of Enterprise IT (GEIT) – 2011. Rolling Meadows, IL: ISACA & ITGI, 2011.
![Page 9: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/9.jpg)
Drivers for GEIT Activities
Source: Global Status Report on the Governance of Enterprise IT (GEIT) – 2011. Rolling Meadows, IL: ISACA & ITGI, 2011.
![Page 10: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/10.jpg)
Enterprise Readiness for GEIT
Source: Global Status Report on the Governance of Enterprise IT (GEIT) – 2011. Rolling Meadows, IL: ISACA & ITGI, 2011.
![Page 11: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/11.jpg)
What is COBIT® 5
The Product Family…
Source: COBIT® 5, figure 1. © 2012 ISACA® All rights reserved.
![Page 12: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/12.jpg)
Making It Real – Just Try It
• Integrate best, good and common industry practices • Cascade goals and objectives• Measure both performance toward, and achievement of,
goals• Take the holistic approach; end-to-end view• Link inputs and outputs of key management practices• Enable success through integration and alignment of
seemingly disconnected governance and management activities
Embrace the Concepts Embedded in COBIT 5…
![Page 13: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/13.jpg)
COBIT® 5 Principles
Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.
Based on five key principles for governance
and management of enterprise IT
![Page 14: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/14.jpg)
COBIT® 5 – Principle 1
Principle 1. Meeting Stakeholder Needs
Source: COBIT® 5, figure 3. © 2012 ISACA® All rights reserved.
Enterprises exist to create value for
their stakeholders.
![Page 15: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/15.jpg)
COBIT® 5 – Principle 1
The COBIT 5 goals cascade translates stakeholder needs into specific, actionable and customized goals within the context of the:
• Enterprise goals,
• IT-related goals and
• Enabler goals.
Source: COBIT® 5, figure 4. © 2012 ISACA® All rights reserved.
Principle 1. Meeting Stakeholder Needs
![Page 16: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/16.jpg)
COBIT® 5 – Goals Cascade
Generic Model – Based on Sound Global Research
Mapping Stakeholder Needs to COBIT 5 Enterprise Goals
Mapping COBIT 5 Enterprise Goals to IT-related Goals
Mapping COBIT 5 IT-related Goals to Processes
Appendix B
Appendix D
Appendix C
Process Goals and Suggested MetricsCOBIT 5: Enabling Processes
![Page 17: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/17.jpg)
COBIT® 5 – Principle 2
Principle 2. Covering the Enterprise End-to-end
Source: COBIT® 5, figure 8 & 9 combined. © 2012 ISACA® All rights reserved.
• Enterprisewide, end-to-end perspective
• Information and related technology wherever that information is being processed
• NOT just the IT function
Governance System
Key Components
![Page 18: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/18.jpg)
COBIT® 5 – Principle 3
Principle 3. Applying a Single Integrated Framework
• Aligns with other standards and frameworks
• Complete in enterprise coverage
• Simple architecture for: • structuring guidance
materials• producing a consistent
product set
• Integrates all knowledge previously dispersed over different ISACA/ITGI frameworks
Source: COBIT® 5, figure 10. © 2012 ISACA® All rights reserved.
![Page 19: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/19.jpg)
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
• Driven by the goals cascade – goals define what enablers should achieve
• To achieve enterprise objectives consider an interconnected set of enablers
• Some enablers are the enterprise resources
Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
![Page 20: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/20.jpg)
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
1. The vehicles to translate the desired behavior into practical guidance for day-to-day management
Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
![Page 21: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/21.jpg)
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
2. Describe an organized set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals
Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
![Page 22: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/22.jpg)
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
3. Are the key decision-making entities in an enterprise. They can be the traditional vertical structures or horizontal (or lateral structures).
Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
![Page 23: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/23.jpg)
Organizational Structure
Formal org structure supported by cross-org structures
![Page 24: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/24.jpg)
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
4. Applies to both individuals and of the enterprise; very often underestimated as a success factor in governance and management activities
Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
![Page 25: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/25.jpg)
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
5. Pervasive throughout any organization and includes all the information produced and used by the enterprise.
Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
![Page 26: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/26.jpg)
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
6. The infrastructure, technology and applications that provide the enterprise with information technology processing and services
Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
![Page 27: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/27.jpg)
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
7. People, and their skills and competencies, are required for:
• successful completion of all activities and
• for making correct decisions and
• taking corrective actions
Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
![Page 28: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/28.jpg)
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
Enabler Dimensions
This common set of dimensions:
• Provides a common, simple and structured way to deal with enablers
• Allows an entity to manage its complex interactions
• Facilitates successful outcomes of the enablers
Source: COBIT® 5, figure 13. © 2012 ISACA® All rights reserved.
All enablers have a set of
common dimensions.
![Page 29: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/29.jpg)
COBIT® 5 – Principle 4
Principle 4. Enabling a Holistic Approach
Source: COBIT® 5, figure 13. © 2012 ISACA® All rights reserved.
Enabler Performance Management
Actual Outcomes Actual Functioning
![Page 30: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/30.jpg)
COBIT® 5 – Principle 5
Principle 5. Separating Governance from Management
• Different activities and different responsibilities
• Interactions between them are facilitated through the Enablers
Source: COBIT® 5, figure 15. © 2012 ISACA® All rights reserved.
(EDM)
(PBRM)
![Page 31: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/31.jpg)
Implementation Guidance
Source: COBIT® 5, figure 17. © 2012 ISACA® All rights reserved.
![Page 32: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/32.jpg)
Process Capability Model
Source: COBIT® 5, figure 19. © 2012 ISACA® All rights reserved.
![Page 33: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/33.jpg)
A Business Framework for the Governance and Management of Enterprise IT
• Executive Summary• Overview of COBIT 5• A chapter on each of the five principles• Implementation Guidance• The COBIT 5 Process Capability Model• Appendices:
– References– Goals Maps– Stakeholder Needs and Enterprise Goals– Mapping with the Most Relevant Related Standards and Frameworks– COBIT 5 Information Model and COBIT 4.1 Information Criteria– Detailed Description of seven COBIT 5 Enablers– Glossary
What is COBIT® 5 – TOC
The Framework document…breaking it down
2 pages
2 pages
17 pages; 2 to 6 pages each
5 pages – intro to the Guide
5 pages – intro to the Model
1 page
5 pages2 pages
5 pages
1 page
23 pages; 2 to 6 pages each5 pages
![Page 34: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/34.jpg)
A detailed reference guide to the processes that are defined in the COBIT 5 process reference model.
• Introduction• Goals Cascade and Metrics• Process Model• Process Reference Model• Process Reference Guide Contents
– Detailed process-related content structure – Inputs and Outputs– Generic Guidance for Processes– Detailed process content for each process
• Appendices:– Mapping COBIT 5 with legacy ISACA Frameworks – Goals Maps
COBIT® 5: Enabling Processes
Enabling Processes Enabler Guide…breaking it down
![Page 35: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/35.jpg)
A detailed reference guide to the processes that are defined in the COBIT 5 process reference model.
• Introduction• Goals Cascade and Metrics• Process Model• Process Reference Model• Process Reference Guide Contents
– Detailed process-related content structure – Inputs and Outputs– Generic Guidance for Processes– Detailed process content for each process
• Appendices:– Mapping COBIT 5 with legacy ISACA Frameworks – Goals Maps
What is COBIT® 5
Enabling Processes Enabler Guide…breaking it down
1 page
6 pages
3 pages2 pages
3 pages
8 pages
one link to the Process Capability Model
See slide 36 for structure
repeats & extends framework
Broad or universal inputs and outputs
5 pages; repeat of maps in the framework
186 pages; 3- 9 pages each
![Page 36: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/36.jpg)
Enabling Processes
Enabler Dimensions – Processes
Source: COBIT® 5: Enabling Processes, figure 8. © 2012 ISACA® All rights reserved.
Goals driven by goals cascade
Each process is defined, created, operated, and adjusted / updated or retired.
Process Reference ModelRACI charts
Process Capability
Model
Process Capability
Assessments
Limited number of example metrics
![Page 37: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/37.jpg)
Process Reference Model
![Page 38: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/38.jpg)
• Process Identification• Process Description• Process Purpose Statement• Goal Cascade Information• Process Goals and Metrics• RACI Chart• Detailed Description of Process Practices
– Practice title and description– Practice inputs and outputs w/indication of origin & destination– Process activities further detailing the practices
• Related Guidance
Process Content
Enabling Processes: Content Structure for All Processes
but remember the broad or universal inputs
![Page 39: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/39.jpg)
Process Identification, Process Description, Process Purpose Statement
An Example Process
APO05 – Manage Portfolio
![Page 40: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/40.jpg)
Goal Cascade Information
An Example Process
APO05 – Manage Portfolio
![Page 41: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/41.jpg)
Process Goals and Metrics
An Example Process
APO05 – Manage Portfolio
![Page 42: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/42.jpg)
An Example Process
![Page 43: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/43.jpg)
An Example Process
Detailed Description of Process PracticesAPO05 – Manage Portfolio
![Page 44: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/44.jpg)
An Example Process
Detailed Description of Process PracticesAPO05 – Manage Portfolio
![Page 45: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/45.jpg)
An Example Process
Related Guidance
APO05 – Manage Portfolio
![Page 46: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/46.jpg)
Learning Objectives
Appreciate the Background Behind COBIT® 5
Understand the Five COBIT® 5 Principles
Understand the Seven COBIT® 5 Enablers
Know How to Navigate the “COBIT® 5” framework document
Know How to Navigate “COBIT® 5: Enabling Processes”
![Page 47: Introducing cobit 5-may2012_v1.0](https://reader036.vdocuments.mx/reader036/viewer/2022081413/54845003b4af9ff46c8b4722/html5/thumbnails/47.jpg)
Implementation Challenges
Source: Global Status Report on the Governance of Enterprise IT (GEIT) – 2011. Rolling Meadows, IL: ISACA & ITGI, 2011.