For COBIT 5 Foundation ExamGovernance of Enterprise IT(GEIT) Governance Objective: Value Creation from Benefits Realisation + Risk Optimisation + Resource Optimisation Goals Cascade: Stakeholder Drivers (Environment, Technology Evolution, …) -> Stakeholder Needs ->Enterprise Goals -> -> IT-related Goals -> Enabler Goals COBIT 5 Enterprise Goals: BSC Dimension (Financial, Customer, Internal, Learning and Growth) Internal Stakeholders: External Stakeholders: Business Partners, Suppliers, Shareholders, Board, Cxx, Business executives, Managers, Internal audit, users, … Regulators/Government, External users, Customers, Standardisation organisations, External auditors, Consultants, … 5 Principles of COBIT5 1. 2. 3. 4. Meeting stakeholder needs Covering the Enterprise end-to-end Applying a Single Integrated Framework Enabling a Holistic Approach (7 Enablers) 5. Separating governance from management DIKW Data – Information - Knowledge –- Wisdom (Value) Information Enabler Intrinsic quality: Accuracy, Objectivity, Believability, Reputation Contextual and representational quality Relevancy, Completeness, Currency, Appropriate amount of information, Concise representation, Consistent representation Interpretability, Understandability, Ease of manipulate Security/accessibility quality Availability/timeliness, Restricted access Information layers: Physical world (carrier/media), Empiric (user interface), Syntactic (code/language), Semantic (meaning), Pragmatic (use), Social world (e.g. contracts, law, culture) 7 Enablers of COBIT5 Enabler Dimensions 1. Principles, policies and frameworks 2. Processes 3. Organisational structures 4. Culture, ethics and behaviours 5. Information 6. Service, infrastructure and applications 7. People skills and competencies Stakeholders Internal / External Goals (Expected outcome of enabler; Application or operation of the enabler itself): Intrinsic Quality - Enablers work accurately, Enabler Performance Management Metrics for Achievement of Goals (Lag indicator) Are stakeholders needs addressed? Are enabler goals achieved? Metrics for Application of Practice (Lead Indicators): Is life cycle managed? Are good practices applied? Process Reference Model Monitor, Evaluate & Assess (MEA) – 3pr. Plan – Build – Run - Monitor Accessibility& Security (of enablers + outcomes) Life Cycle Plan Design Build/Acquire/Create/Implement Use/Operate Evaluate/Monitor Update/Dispose Good Practices Practices Work Products (Inputs/Outputs) Information for Business (COBIT 4.1) Good Policy Effective, Efficient, Non-intrusive 5 Domains: 37 Processes Governance Evaluate, Direct & Monitor (EDM) – 5pr. Management Align, Plan & Organise (APO) – strategic – 13pr. Build, Acquire & Implement (BAI) – tactical – 10pr. Deliver, Service & Support (DSS)operational – 6pr. objectively and provide accurate, objective and reputable results Contextual Quality (Relevant, complete, current, appropriate, consistent, understandable and easy to use) 1.Effectiveness 2.Efficiency 3.Confidentiality 4.Integrity COBIT 4.1 Maturity Model COBIT 5 Process Capability Model 5 Optimising 4 Predictable 3 Established 2 Managed PA5.1 PA5.2 PA4.1 PA4.2 PA3.1 PA3.2 PA2.1 PA2.2 PA1.1 - 1 Performed 0 Incomplete Rating Levels: Process Innovation Process Optimisation Process Management Process Control Process Definition Process Deployment Performance Management Work Product Management Process Performance (Goals) - (Performance Attribute (PA)) F - Fully achieved (>85%) L - Largely achieved (50-85%) 5.Availability 6.Compliance 7.Reliability 5 Optimised 4 Managed and measurable 3 Defined process 2 Repeatable but intuitive 1 0 Initial/Ad hoc Non-existent P – Partially achieved (15-50%) N – Non achieved (<15%) COBIT5 Implementation Life Cycle Phase 1 2 ? What are the drivers? Where are we now? Programme Management Initiate program Change Enablement Establish desire to change Define problems and opportunities Form implementation team Continual Improvement Lifecycle Recognise need to act Assess current state 3 4 5 6 7 Where do we want to be? What needs to be done? How do we get there? Did we get there? How do we keep the momentum going? Define road map Plan programme Execute plan Realise benefits Review Effectiveness Communicate outcome Identify role players Operate and use Embed new approaches Sustain Define target state Build improvements Implement improvements Operate improvements Monitor and evaluate COBIT 5 Foundation Exam by Andrey Prozorov (80na20.blogspot.com) v.1.1