Posted inUncategorized

effective enterprise governance

© 2018 ISACA. All rights reserved.
INTRODUCING
OVERVIEW
November 2018
© 2018 ISACA. All rights reserved.
COBIT® 2019
The globally recognized COBIT Framework, which helps ensure effective
enterprise governance of information and technology, has been updated with new
information and guidance, facilitating easier, tailored implementation—
strengthening COBIT’s continuing role as an important driver of innovation and
business transformation. This document sets the scene for the upcoming release
of COBIT® 2019 guidance.
© 2018 ISACA. All rights reserved.
Remembering John Lainhart
• In dedication to John Lainhart, who was
there from COBIT day -1 in 1995 until his
passing in September 2018.
• John was the relentless support behind
many COBIT related projects, including
COBIT 2019 .
• ISACA is extremely grateful for John and
his vision, and COBIT 2019 (and its
progeny) are his legacy.
Picture provided courtesy of Dirk Steuperaert
© 2018 ISACA. All rights reserved.
OVERVIEW
PRODUCT FAMILY ARCHITECHTURE
© 2018 ISACA. All rights reserved.
OVERVIEW
PRODUCT FAMILY
The COBIT 2019 product family is open-ended. The following publications will
be available in Q4 2018.
© 2018 ISACA. All rights reserved.
COBIT OVERVIEW
COBIT 2019 PRODUCT ARCHITECTURE
© 2018 ISACA. All rights reserved.
OVERVIEW
INTERNAL STAKEHOLDERS
Internal
Stakeholders
Boards
Executive
management
Business
Managers
IT Managers
Assurance
Providers
Risk
Management
Helps to ensure the identification
and management of all IT-related
risk
Helps manage dependencies on
external service providers, provides
assurance over IT, and ensures the
existence of an effective and efficient
system of internal controls
Provides guidance on how best to build and structure
the IT department, manage performance of IT, run an
efficient and effective IT operation, control IT costs,
align IT strategy to business priorities, etc.
Provides insights on how to get value from the
use of I&T and explains relevant board
responsibilities
Provides guidance on how to organize
and monitor performance of I&T across
the enterprise
Helps to understand how to obtain the
I&T solutions enterprises require and
how best to exploit new technology for
strategic opportunities
© 2018 ISACA. All rights reserved.
OVERVIEW
EXTERNAL STAKEHOLDERS
External
Stakeholders
Regulators
Business
IT Vendors Partners
IT vendor’s operations must establish
that they are secure, reliable and
compliant with applicable rules and
regulations
Determines whether the enterprise is compliant with
applicable rules and regulations and advises that
the enterprise has the right governance system in
place to manage and sustain compliance
Confirm that a business partner’s
operations are secure, reliable and
compliant with applicable rules and
regulations
© 2018 ISACA. All rights reserved.
KEY CONCEPTS
KEY CONCEPTS & CONCEPTUAL MODEL
© 2018 ISACA. All rights reserved.
KEY CONCEPTS
OVERVIEW
COBIT 2019
CONCEPTS
PRINCIPLES
GOVERNANCE
AND
MANAGEMENT
OBJECTIVES
GOALS
CASCADE
COMPONENTS
OF A
GOVERNANCE
SYSTEM
FOCUS
AREAS
DESIGN
FACTORS
© 2018 ISACA. All rights reserved.
KEY CONCEPTS
PRINCIPLES
PRINCIPLES
Governance System
PRINCIPLES
Governance Framework
© 2018 ISACA. All rights reserved.
KEY CONCEPTS
GOVERNANCE SYSTEM PRINCIPLES
The six (6) principles are the core requirements for
a governance system for enterprise information and
technology.
1. Each enterprise needs a governance system to satisfy
stakeholder needs and to generate value from the use of
I&T.
2. A governance system for enterprise I&T is built from a
number of components that can be of different types and
that work together in a holistic way.
3. A governance system should be dynamic. This means that
each time one or more of the design factors are changed
the impact of these changes on the EGIT system must be
considered.
4. A governance system should clearly distinguish between
governance and management activities and structures.
5. A governance system should be tailored to the enterprise’s
needs, using a set of design factors as parameters to
customize and prioritize the governance system
components.
6. A governance system should cover the enterprise end to
end, focusing not only on the IT function but on all
technology and information processing the enterprise puts
in place to achieve its goals.
Reference: COBIT® 2019 Framework: Introduction and Methodology, Chapter
3 COBIT Principles, Figure 3.1
© 2018 ISACA. All rights reserved.
KEY CONCEPTS
GOVERNANCE FRAMEWORK PRINCIPLES
The three (3) principles identify the underlying
principles for a governance framework that can be
used to build a governance system for the
enterprise.
1. A governance framework should be based on a
conceptual model, identifying the key components and
relationships among components, to maximize
consistency and allow automation.
2. A governance framework should be open and flexible. It
should allow the addition of new content and the ability to
address new issues in the most flexible way, while
maintaining integrity and consistency.
3. A governance framework should align to relevant major
related standards, frameworks and regulations
Reference: COBIT® 2019 Framework: Introduction and Methodology,
Chapter 3 COBIT Principles, Figure 3.2
© 2018 ISACA. All rights reserved.
KEY CONCEPTS
GOVERNANCE AND MANAGEMENT OBJECTIVES
For information and technology to contribute to enterprise goals, a
number of governance and management objectives should be
achieved.
• A governance or management objective always relates to one process
and a series of related components of other types to help achieve the
objective
• A governance objective relates to a governance process, while a
management objective relates to a management process.
© 2018 ISACA. All rights reserved.
KEY CONCEPTS
GOVERNANCE AND MANAGEMENT OBJECTIVES
Similar to COBIT 5, The governance and management objectives in COBIT® 2019 are grouped
into five domains. The domains have names that express the key purpose and areas of activity of
the objectives contained in them.
EDM
Evaluate, Direct
and Monitor
APO
Align, Plan and
Organize
BAI
Build, Acquire and
Implement
DSS
Deliver, Service and
Support
MEA
Monitor, Evaluate
and Assess
Governance
objectives Management objectives
Known as the
Process Reference
Model, or PRM in
COBIT 5, COBIT®
2019 identifies this
as the COBIT Core
Model.
Reference: COBIT® 2019 Framework: Introduction and Methodology, Chapter 4 Basic Concepts: Governance Systems and Component Reference: COBIT® 2019 Framework: Introduction and Methodology, Chapter 4 Basic Concepts: Governance Systems and Component s,s, Figure 4.2 Figure 4.2
© 2018 ISACA. All rights reserved.
KEY CONCEPTS
GOVERNANCE AND MANAGEMENT OBJECTIVES
HIGH LEVEL INFORMATION
• Domain name
• Focus area
• Governance or
management objective
name
• Description
• Purpose statement
GOALS CASCADE
• Applicable Alignment goals
• Applicable Enterprise goals
• Example metrics
RELATED COMPONENTS
• Processes, practices and
activities
• Organizational structures
• Information flows and items
• People, skills and
competencies
• Policies and frameworks
• Culture, ethics and
behavior
• Services, infrastructure and
applications
RELATED GUIDANCE
• Where applicable links
and cross references are
provided to other
standards and
frameworks for each of
the governance
components within each
governance and
management objective
© 2018 ISACA. All rights reserved.
KEY CONCEPTS
GOALS CASCADE
• Enterprise goals have been consolidated,
reduced, updated and clarified.
• Alignment goals emphasize the alignment of
all IT efforts with business objectives
These were IT-related goals in COBIT 5
The update seeks to avoid the frequent
misunderstanding that these goals indicate purely
internal objectives of the IT department within an
enterprise
Alignment goals have also been consolidated,
reduced, updated and clarified where necessary
Reference: COBIT® 2019 Framework: Introduction and Methodology, Chapter 4
Basic Concepts: Governance Systems and Components, Figure 4.16
© 2018 ISACA. All rights reserved.
KEY CONCEPTS
COMPONENTS OF A GOVERNANCE SYSTEM
• Each enterprise’s governance system is
built from a number of components
• Components can be of different types
• Components interact with each other,
resulting in a holistic governance system for
I&T
• These were known as enablers in COBIT 5
Reference: COBIT® 2019 Framework: Basic Concepts: Governance Systems and
Components, Figure 4.3
© 2018 ISACA. All rights reserved.
KEY CONCEPTS
COMPONENTS OF A GOVERNANCE SYSTEM
Components can be generic or variants of
generic components:
Generic components are described in the
COBIT core model
Apply in principle to any situation
However, they are generic in nature and
generally need customization before being
practically implemented
Variants are based on generic components
but
Tailored for a specific purpose or context
within a focus area (e.g., for information
security, DevOps, a particular regulation)
GENERIC
COMPONENTS
VARIANT
COMPONENTS
© 2018 ISACA. All rights reserved.
KEY CONCEPTS
FOCUS AREAS
• A Focus Area describes a certain governance topic,
domain or issue that can be addressed by a collection of
governance and management objectives and their
components.
• Focus Areas can contain a combination of generic
governance components and variants
• The number of focus areas is virtually unlimited. That is
what makes COBIT open-ended. New focus areas can be
added as required or as subject matter experts and
practitioners contribute.
EXAMPLES OF FOCUS AREAS
• Small and medium
enterprises
• Information Security
• Risk
• DevOps
© 2018 ISACA. All rights reserved.
KEY CONCEPTS
DESIGN FACTORS
Design factors are factors that:
• Influence the design of an enterprise’s
governance system
• Position it for success in the use of I&T
• More information and detailed guidance on
how to use the design factors for designing a
governance system can be found in the
COBIT Design Guide publication
Reference: COBIT® 2019 Framework: Basic Concepts: Design Factors, Figure 4.4
COBIT 2019 Design Factors
© 2018 ISACA. All rights reserved.
KEY CONCEPTS
DESIGN FACTORS: EXAMPLES
Enterprise
Strategy
• Growth / Acquisition
• Innovation / Differentiation
• Cost Leadership
• Client Service / Stability
Threat
Landscape
• Normal
• High
Role of IT
• Support
• Factory
• Turnaround
• Strategic
© 2018 ISACA. All rights reserved.
DESIGNING AND
IMPLEMENTING A TAILORED
GOVERNANCE SYSTEM
USING COBIT 2019
© 2018 ISACA. All rights reserved.
DESIGNING A TAILORED GOVERNANCE SYSTEM
IMPACT OF DESIGN FACTORS
Design factors influence in different ways the
tailoring of the governance system of an
enterprise.
Design
Factor
Impact
Management
Objective
Priority &
Target
Capability
Levels
Component
Variations
Specific
Focus Areas
Reference: COBIT® 2019 Framework: Introduction and Methodology, Chapter 7 Designing
a Tailored Governance System, Figure 7.1
© 2018 ISACA. All rights reserved.
DESIGNING A TAILORED GOVERNANCE SYSTEM
IMPACT OF DESIGN FACTORS
Management Objective Priority and Target Capability
Levels
• Design factor influence can make some governance
and management objectives more important than
others, sometimes to the extent that they become
negligible
• In practice, this higher importance translates into
setting higher target capability levels
Design
Factor
Impact
Management
Objective
Priority &
Target
Capability
Levels
Component
Variations
Specific
Focus Areas
Reference: COBIT® 2019 Framework: Introduction and Methodology, Chapter 7 Designing
a Tailored Governance System, Figure 7.1
© 2018 ISACA. All rights reserved.
DESIGNING A TAILORED GOVERNANCE SYSTEM
IMPACT OF DESIGN FACTORS
Component Variations
• Components are required to achieve governance
and management objectives. Some design factors
can influence the importance of one or more
components or can require specific variations Design
Factor
Impact
Management
Objective
Priority &
Target
Capability
Levels
Component
Variations
Specific
Focus Areas
Reference: COBIT® 2019 Framework: Introduction and Methodology, Chapter 7 Designing
a Tailored Governance System, Figure 7.1
© 2018 ISACA. All rights reserved.
DESIGNING A TAILORED GOVERNANCE SYSTEM
IMPACT OF DESIGN FACTORS
Specific Focus Areas
• Some design factors, such as threat landscape,
specific risk, target development methods and
infrastructure set-up, will drive the need for
variation of the core COBIT model content to a
specific context
Design
Factor
Impact
Management
Objective
Priority &
Target
Capability
Levels
Component
Variations
Specific
Focus Areas
Reference: COBIT® 2019 Framework: Introduction and Methodology, Chapter 7 Designing
a Tailored Governance System, Figure 7.1
© 2018 ISACA. All rights reserved.
DESIGNING A TAILORED GOVERNANCE SYSTEM
GOVERNANCE SYSTEM DESIGN WORKFLOW
The different stages and steps
in the design process will
result in recommendations for
prioritizing governance and
management objectives or
related governance system
components, for target
capability levels, or for
adopting specific variants of a
governance system
component.
Reference: COBIT® 2019 Framework: Introduction and Methodology, Chapter 7 Designing a
Tailored Governance System, Figure 7.2
© 2018 ISACA. All rights reserved.
IMPLEMENTING A TAILORED GOVERNANCE SYSTEM
The implementation approach is based on empowering business and IT stakeholders
and role players to take ownership of IT-related governance and management
decisions and activities by facilitating and enabling change.
• Implementation guide is a phased approach with three perspectives


Continual Improvement

Program Management

Change Enablement

© 2018 ISACA. All rights reserved.
IMPLEMENTING A TAILORED GOVERNANCE SYSTEM
IMPLEMENTATION
The COBIT® 2019 Implementation Guide
emphasizes an enterprise-wide view of
governance of I&T.
It recognizes that I&T are pervasive in
enterprises and that it is neither possible
nor good practice to separate business
and IT-related activities.
Reference: COBIT® 2019 Framework: Introduction and Methodology, Chapter 8 Implementing
Enterprise Governance of IT, Figure 8.1
© 2018 ISACA. All rights reserved.
PERFORMANCE
MANAGEMENT
CAPABILITY & MATURITY
© 2018 ISACA. All rights reserved.
PERFORMANCE MANAGEMENT
OVERVIEW
COBIT Performance Management (CPM) refers to how well the
governance and management system and all the components of an
enterprise work, and how they can be improved up to the required
level. It includes concepts and methods such as capability levels
and maturity levels.
COBIT 2019 is based on the following principles:
• Simple to understand and use
• Consistent with, and support the COBIT conceptual model
• Provide reliable, repeatable and relevant results
• Must be flexible
• Should support different types of assessments
The term “COBIT
Performance
Management” (CPM) is
used to describe these
activities, and the
concept is an integral
part of the COBIT
framework.
© 2018 ISACA. All rights reserved.
PERFORMANCE MANAGEMENT
CAPABILITY AND MATURITY
• COBIT 2019 supports a CMMI-based process
capability scheme
• The process within each governance and
management objective can operate at capability
levels, between 0 to 5
• The capability level is a measure for how well a
process is implemented and performing
• Each process activity is associated with a capability
level
Reference: COBIT® 2019 Framework: Introduction and Methodology, Chapter 6 Performance
Management in COBIT, Figure 6.2
© 2018 ISACA. All rights reserved.
PERFORMANCE MANAGEMENT
CAPABILITY AND MATURITY
• Each process activity is associated with a capability level
Helps users implement processes at a foundational
level
Identifies future activities to achieve a higher capability
level
© 2018 ISACA. All rights reserved.
PERFORMANCE MANAGEMENT
CAPABILITY AND MATURITY
• Sometimes a more high-level for expressing
performance is required, less granular than individual
process capability ratings: Maturity Levels
• We define maturity levels in COBIT 2019 update as a
performance measure at the Focus Area level
Reference: COBIT® 2019 Framework: Introduction and Methodology, Chapter 6 Performance
Management in COBIT, Figure 6.3
© 2018 ISACA. All rights reserved.
APPENDIX
© 2018 ISACA. All rights reserved.
ABOUT ISACA
Nearing its 50th year, ISACA® (isaca.org) is a global association helping individuals
and enterprises achieve the positive potential of technology. Today’s world is
powered by technology, and ISACA equips professionals with the knowledge,
credentials, education and community to advance their careers and transform their
organizations.
ISACA leverages the expertise of its 450,000 engaged professionals in information
and cyber security, governance, assurance, risk and innovation, as well as its
enterprise performance subsidiary, CMMI® Institute, to help advance innovation
through technology. ISACA has a presence in 188 countries, including 217 chapters
worldwide and offices in both the United States and China.

Related posts:

  1. Business Economics
  2. Which one of the text mining scenarios is more of a challenge to business?
  3. one-page (single-spaced) summary of the article. Be sure to include a few backgr
  4. MSN 6103 Assessment 3 Develop Your Own Nurse Educator Philosophy Statement
Last updated on