Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Risk Management
Part I – 1 Intro to COBIT 5: Overview
Yüe “Jeff” Zhang, Acct & IS Dept, CSUN
1/18/2020 1
Outline of Part I – 1. Overview
• COBIT 5 Overview
Evolution of COBIT
Benefits of COBIT 5
3
The IT Governance Focus Areas (“Pentagon”)
Understand and
Enterprise Governance of I & T
analyze (3 trends)
COBIT 2019
10
2019
The COBIT 5 Framework Benefits
Generic: 通用的;功能本质(而非品牌决定的)
12
The COBIT Framework
The IT Governance Framework
• Internationally accepted good practices
• Management-oriented
• Supported by tools and
training
• Sharing knowledge and
leveraging expert
volunteers
• Continually evolving
• Maps strongly to all major
related standards
• Is a reference, set of best practices, not an “off-the-
shelf” cure
13
The COBIT Framework - Aligning with the Business
• COBIT framework helps IT deliver the information
that an enterprise requires by helping align IT with
the business.
Req Deliver 14
1/18/2020
Drivers* for Developing a Framework
17
1/18/2020
Enterprise Architecture – Tech Target Network
18
1/18/2020
Enterprise Architecture - Microsoft's Michael Platt
1. Business perspective defines the processes and
standards by which the business operates on a
day-to-day basis.
2. Application perspective defines the interactions
among the processes and standards.
20
1/18/2020
Benefits of Using COBIT 5
24
COBIT Case Studies by Industry
• http://www.isaca.org/Knowledge-
Center/cobit/Pages/COBIT-Case-
Studies.aspx
• COBIT 5, although developed for the whole
organization, can be used for any portion of
a firm/org, or any biz process
• The philosophy/methodology can even be
applied beyond biz, beyond org
Revisit slide #12
25
COBIT5 Scope
• Not simply IT: not only for big business!
• COBIT5 is about governing and managing
information
Whatever medium is used
End to end throughout the enterprise
• Information is equally important to:
Global, multinational business
National and local government
Charities and not for profit enterprise
Small to medium enterprises and
Clubs and associations
26
The COBIT 5 Format & Product Architecture
The COBIT 5 Product Family:
27
COBIT 5 Principles
29
The COBIT Framework
Mapping Goals and Processes
Enabler Goals
30
Principle 1: Meeting Stakeholder Needs
• Stakeholder needs have
to be transformed into
an enterprise’s
actionable strategy.
• The COBIT 5 goals
cascade translates
stakeholder needs into
specific, actionable and
customised goals within
the context of
the enterprise,
IT-related goals and
enabler goals.
31
Principle 2: Covering the Enterprise End-to-End
• COBIT 5 addresses the governance and management of
information and related technology from an enterprise-
wide, end-to-end perspective.
32
Principle 3:
Applying a Single Integrated Framework
• COBIT5:
1. ► Is complete in enterprise coverage
2. ► Provides a basis to integrate effectively
with other frameworks, standards and
practices used
3. ► Aligns with the latest relevant standards
and frameworks (COSO, ITIL, ISO, PMBOK,
NIST etc)
4. ► Integrates all knowledge previously
dispersed over different ISACA frameworks
(Risk IT, Val IT, BMIS)
33
Principle 4:
Enabling a Holistic Approach ***
COBIT5 defines a set of enablers to support the
implementation of a comprehensive governance &
management system for enterprise IT.
• COBIT5 enablers are:
• ► Factors that, individually and collectively,
influence whether something will work
• ► Driven by the goals cascade
• ► Described by the COBIT5 framework in
seven categories
*** Important &
operationable 34
Principle 4: Enabling a Holistic Approach
35
4. Enabling a Holistic Approach (cont.)
1. Principles, policies and frameworks—Are the vehicles to translate the
desired behaviour into practical guidance for day-to-day management
2. Processes—Describe an organised set of practices and activities to achieve
certain objectives and produce a set of outputs in support of achieving
overall IT-related goals 5 domains, 37 processes
3. Organisational structures—Are the key decision-making entities in an
organisation
4. Culture, ethics and behaviour—Of individuals and of the organisation;
very often underestimated as a success factor in governance and
management activities
5. Information—Is pervasive throughout any organisation, i.e., deals with all
information produced and used by the enterprise.
6. Services, infrastructure and applications—Include the infrastructure,
technology and applications that provide the enterprise with information
technology processing and services
7. People, skills and competencies—Are required for successful completion
of all activities and for making correct decisions and taking corrective
actions
36
Principle 5. Separating
Governance From Management
The COBIT 5 framework makes a clear
distinction between governance and
management.
• Governance—In most enterprises, governance
is the responsibility of the board of directors
under the leadership of the chairperson.
• Management—In most enterprises,
management is the responsibility of the
executive management under the leadership of
the CEO.
37
Governance Domain and
Management Domains
38
Governance & Management in COBIT 5
• Governance ensures that enterprise objectives are
achieved by evaluating stakeholder needs, conditions and
options; setting direction through prioritisation and
decision making; and monitoring performance, compliance
and progress against agreed direction and objectives
(EDM).
• Management plans, builds, runs and monitors activities in
alignment with the direction set by the governance body
to achieve the enterprise objectives (PBRM).
• Exercising governance and management effectively in
practice requires appropriately using all enablers. The
COBIT process reference model allows us to focus easily
on the relevant enterprise activities.
Recap: COBIT 5 Principles
41
Incorporates Good Practices
- 5 domains, 37 Processes [Enabler #2]
42
Zhang’s “Distillation” of COBIT Logic
* * Reference:
IT Governance
Institute,
COBIT 5
IT Goals
IT Enabler Goals
© Yue Zhang
2015-2019
R A C I
43
Structure of COBIT components
• 5 Principles
Princ. 1: Meeting stakeholder needs
…
Princ. 4: Holistic approach
7 enablers:
• Enabler #2: Processes
Princ. 5: Separating gov from Mgmt
45
1/18/2020