Enviar búsqueda
Cargar
Cobit presentation
•
Descargar como PPT, PDF
•
1 recomendación
•
4,376 vistas
F
Fran Rodriguez
Seguir
Denunciar
Compartir
Denunciar
Compartir
1 de 35
Descargar ahora
Recomendados
Cobit
Cobit
ifourkhushbooshah
What is Cobit
What is Cobit
Ben Kalland
Cobit 5 - An Overview
Cobit 5 - An Overview
Anurag Purohit
cobit 2019 presentation.pdf
cobit 2019 presentation.pdf
mohammed539963
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019
Gregor Polančič
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
Goutama Bachtiar
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
Christian F. Nissen
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
Recomendados
Cobit
Cobit
ifourkhushbooshah
What is Cobit
What is Cobit
Ben Kalland
Cobit 5 - An Overview
Cobit 5 - An Overview
Anurag Purohit
cobit 2019 presentation.pdf
cobit 2019 presentation.pdf
mohammed539963
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019
Gregor Polančič
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
Goutama Bachtiar
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
Christian F. Nissen
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
IT Governance
IT Governance
Carlos Chalico
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
Mark Constable
It governance
It governance
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
Jena based implementation of a iso 11179 meta data registry
Jena based implementation of a iso 11179 meta data registry
A. Anil Sinaci
ITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT Mapping
Rob Akershoek
COBIT®5 - Assessor
COBIT®5 - Assessor
Mirosław Dąbrowski C-level IT manager, CEO, Agile, ICF Coach, Speaker
IT Governance Made Easy
IT Governance Made Easy
Jerry Bishop
Iso 20000
Iso 20000
Sary Aguirre
ISO 38500 Visão Geral
ISO 38500 Visão Geral
Carlos Teixeira
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introduction
aqel aqel
IT Governance - COBIT Perspective
IT Governance - COBIT Perspective
Sayyed Zakir Ali Rizwe
CObIT
CObIT
Sophia Abigayle
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
Capgemini
Configuration Management Maturity
Configuration Management Maturity
Michaël Danys
IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5
Eryk Budi Pratama
IT4IT™ - Managing the Business of IT
IT4IT™ - Managing the Business of IT
The Open Group SA
Introduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service management
Christian F. Nissen
It governance & cobit 5
It governance & cobit 5
Laddawan Rattanaruang
Itil 4 34 Management Practices
Itil 4 34 Management Practices
Peter Palme 高 彼特
Qap cobit2019-20181111
Qap cobit2019-20181111
Patrick Soenen
CobIT presentation
CobIT presentation
Marc Vael
Cobit 4.1 Highlights
Cobit 4.1 Highlights
geoffharmer
Más contenido relacionado
La actualidad más candente
IT Governance
IT Governance
Carlos Chalico
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
Mark Constable
It governance
It governance
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
Jena based implementation of a iso 11179 meta data registry
Jena based implementation of a iso 11179 meta data registry
A. Anil Sinaci
ITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT Mapping
Rob Akershoek
COBIT®5 - Assessor
COBIT®5 - Assessor
Mirosław Dąbrowski C-level IT manager, CEO, Agile, ICF Coach, Speaker
IT Governance Made Easy
IT Governance Made Easy
Jerry Bishop
Iso 20000
Iso 20000
Sary Aguirre
ISO 38500 Visão Geral
ISO 38500 Visão Geral
Carlos Teixeira
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introduction
aqel aqel
IT Governance - COBIT Perspective
IT Governance - COBIT Perspective
Sayyed Zakir Ali Rizwe
CObIT
CObIT
Sophia Abigayle
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
Capgemini
Configuration Management Maturity
Configuration Management Maturity
Michaël Danys
IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5
Eryk Budi Pratama
IT4IT™ - Managing the Business of IT
IT4IT™ - Managing the Business of IT
The Open Group SA
Introduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service management
Christian F. Nissen
It governance & cobit 5
It governance & cobit 5
Laddawan Rattanaruang
Itil 4 34 Management Practices
Itil 4 34 Management Practices
Peter Palme 高 彼特
Qap cobit2019-20181111
Qap cobit2019-20181111
Patrick Soenen
La actualidad más candente
(20)
IT Governance
IT Governance
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
It governance
It governance
Jena based implementation of a iso 11179 meta data registry
Jena based implementation of a iso 11179 meta data registry
ITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT Mapping
COBIT®5 - Assessor
COBIT®5 - Assessor
IT Governance Made Easy
IT Governance Made Easy
Iso 20000
Iso 20000
ISO 38500 Visão Geral
ISO 38500 Visão Geral
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introduction
IT Governance - COBIT Perspective
IT Governance - COBIT Perspective
CObIT
CObIT
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
Configuration Management Maturity
Configuration Management Maturity
IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5
IT4IT™ - Managing the Business of IT
IT4IT™ - Managing the Business of IT
Introduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service management
It governance & cobit 5
It governance & cobit 5
Itil 4 34 Management Practices
Itil 4 34 Management Practices
Qap cobit2019-20181111
Qap cobit2019-20181111
Destacado
CobIT presentation
CobIT presentation
Marc Vael
Cobit 4.1 Highlights
Cobit 4.1 Highlights
geoffharmer
Cobit
Cobit
Monica Carrion
Introduccion iso 17799
Introduccion iso 17799
Isaias Rubina Miranda
Iso 17799 checklist
Iso 17799 checklist
logfusion
Iso 17799 (2)
Iso 17799 (2)
Yadi De La Cruz
Cobit
Cobit
moussadiom
Le modèle cobit
Le modèle cobit
Youssef Bensafi
Iso 17799
Iso 17799
rcm_007
EBIOS
EBIOS
Houda Elmoutaoukil
SoutenanceCobIT
SoutenanceCobIT
Anthony Delannoy
Cobit
Cobit
Houda Elmoutaoukil
EFFECTIVE IT GOVERNANCE presentation
EFFECTIVE IT GOVERNANCE presentation
S L
COBIT 5 as an IT Management Best Practices Framework - by Goh Boon Nam
COBIT 5 as an IT Management Best Practices Framework - by Goh Boon Nam
NUS-ISS
La Gouvernance des Services Informatiques
La Gouvernance des Services Informatiques
simeon
norma iso 17799
norma iso 17799
Laura Miranda Dominguez
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
Goutama Bachtiar
Les nouveautés de Cobit 5
Les nouveautés de Cobit 5
Digicomp Academy Suisse Romande SA
Cobit : DS 8 - Gérer le service d’assistance aux clients et les incidents.
Cobit : DS 8 - Gérer le service d’assistance aux clients et les incidents.
Anasse Ej
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)
Sam Mandebvu
Destacado
(20)
CobIT presentation
CobIT presentation
Cobit 4.1 Highlights
Cobit 4.1 Highlights
Cobit
Cobit
Introduccion iso 17799
Introduccion iso 17799
Iso 17799 checklist
Iso 17799 checklist
Iso 17799 (2)
Iso 17799 (2)
Cobit
Cobit
Le modèle cobit
Le modèle cobit
Iso 17799
Iso 17799
EBIOS
EBIOS
SoutenanceCobIT
SoutenanceCobIT
Cobit
Cobit
EFFECTIVE IT GOVERNANCE presentation
EFFECTIVE IT GOVERNANCE presentation
COBIT 5 as an IT Management Best Practices Framework - by Goh Boon Nam
COBIT 5 as an IT Management Best Practices Framework - by Goh Boon Nam
La Gouvernance des Services Informatiques
La Gouvernance des Services Informatiques
norma iso 17799
norma iso 17799
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
Les nouveautés de Cobit 5
Les nouveautés de Cobit 5
Cobit : DS 8 - Gérer le service d’assistance aux clients et les incidents.
Cobit : DS 8 - Gérer le service d’assistance aux clients et les incidents.
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)
Similar a Cobit presentation
About IPsoft
About IPsoft
dlongipsoft
Business IT Management - Intro to CobiT & ITIL
Business IT Management - Intro to CobiT & ITIL
Ahmad Hafeezi
Cobi t riskmanagementframework_iac
Cobi t riskmanagementframework_iac
university of sargodha
2005 Presentation - Annual ITAM Conference
2005 Presentation - Annual ITAM Conference
Steve Gerick
Enable Large Scale, High Volume Deployment For Enterprise Applications
Enable Large Scale, High Volume Deployment For Enterprise Applications
Clever Moe
"Lean IT practices, from theory to application" by Mike Orzen
"Lean IT practices, from theory to application" by Mike Orzen
Operae Partners
White Paper 7 14 09
White Paper 7 14 09
Bharat Desai
ICEGOV2009 - Tutorial 2 - part 1 - Architecting the Connected Government: Pra...
ICEGOV2009 - Tutorial 2 - part 1 - Architecting the Connected Government: Pra...
ICEGOV
Stephen Ulanoski - GE
Stephen Ulanoski - GE
Ben Allen
Linked in 4eme table ronde 20120601
Linked in 4eme table ronde 20120601
Dario Mangano
SOC/NOC Convergence by Spire Research
SOC/NOC Convergence by Spire Research
AccelOps
Mobile Device Management: Securing your Mobile Environment.
Mobile Device Management: Securing your Mobile Environment.
[x]cube LABS
Identity Access Management (IAM)
Identity Access Management (IAM)
Prof. Jacques Folon (Ph.D)
Semantics to energize the full Services Spectrum: Ontological approach to be...
Semantics to energize the full Services Spectrum: Ontological approach to be...
Amit Sheth
Architecture Driven IT Modernization & Migration roadmap
Architecture Driven IT Modernization & Migration roadmap
iCMG International
Project risk assessment presentation feb 2013
Project risk assessment presentation feb 2013
CentralOhioAGA2012
SGAIM Dossier de empresa
SGAIM Dossier de empresa
SGAIM
Yorkland lcc 2010-r1
Yorkland lcc 2010-r1
Sustainable Resources Management
Yorkland lcc 2010-r1
Yorkland lcc 2010-r1
Sustainable Resources Management
Swid summit2012-scott lemm
Swid summit2012-scott lemm
slemm
Similar a Cobit presentation
(20)
About IPsoft
About IPsoft
Business IT Management - Intro to CobiT & ITIL
Business IT Management - Intro to CobiT & ITIL
Cobi t riskmanagementframework_iac
Cobi t riskmanagementframework_iac
2005 Presentation - Annual ITAM Conference
2005 Presentation - Annual ITAM Conference
Enable Large Scale, High Volume Deployment For Enterprise Applications
Enable Large Scale, High Volume Deployment For Enterprise Applications
"Lean IT practices, from theory to application" by Mike Orzen
"Lean IT practices, from theory to application" by Mike Orzen
White Paper 7 14 09
White Paper 7 14 09
ICEGOV2009 - Tutorial 2 - part 1 - Architecting the Connected Government: Pra...
ICEGOV2009 - Tutorial 2 - part 1 - Architecting the Connected Government: Pra...
Stephen Ulanoski - GE
Stephen Ulanoski - GE
Linked in 4eme table ronde 20120601
Linked in 4eme table ronde 20120601
SOC/NOC Convergence by Spire Research
SOC/NOC Convergence by Spire Research
Mobile Device Management: Securing your Mobile Environment.
Mobile Device Management: Securing your Mobile Environment.
Identity Access Management (IAM)
Identity Access Management (IAM)
Semantics to energize the full Services Spectrum: Ontological approach to be...
Semantics to energize the full Services Spectrum: Ontological approach to be...
Architecture Driven IT Modernization & Migration roadmap
Architecture Driven IT Modernization & Migration roadmap
Project risk assessment presentation feb 2013
Project risk assessment presentation feb 2013
SGAIM Dossier de empresa
SGAIM Dossier de empresa
Yorkland lcc 2010-r1
Yorkland lcc 2010-r1
Yorkland lcc 2010-r1
Yorkland lcc 2010-r1
Swid summit2012-scott lemm
Swid summit2012-scott lemm
Más de Fran Rodriguez
Mos certification showroom v1.0
Mos certification showroom v1.0
Fran Rodriguez
Trabajo final tejada v_rodriguezf
Trabajo final tejada v_rodriguezf
Fran Rodriguez
Asignacion 6.
Asignacion 6.
Fran Rodriguez
E learning ppt
E learning ppt
Fran Rodriguez
Asignacion 4
Asignacion 4
Fran Rodriguez
Asignacion 4
Asignacion 4
Fran Rodriguez
Outsourcing
Outsourcing
Fran Rodriguez
Diagnostico preliminar
Diagnostico preliminar
Fran Rodriguez
competencias organizacioinal
competencias organizacioinal
Fran Rodriguez
Más de Fran Rodriguez
(9)
Mos certification showroom v1.0
Mos certification showroom v1.0
Trabajo final tejada v_rodriguezf
Trabajo final tejada v_rodriguezf
Asignacion 6.
Asignacion 6.
E learning ppt
E learning ppt
Asignacion 4
Asignacion 4
Asignacion 4
Asignacion 4
Outsourcing
Outsourcing
Diagnostico preliminar
Diagnostico preliminar
competencias organizacioinal
competencias organizacioinal
Cobit presentation
1.
The explanation of
the COBIT® framework in this PowerPoint presentation is designed for use by professors whose classes cover topics such as: •Information systems management •Information security management •Auditing •Information systems auditing •Accounting information systems IT Governance Using C OBI T ® and Val IT™: Presentation, 2 nd Edition © 2007 IT Governance Institute. All rights reserved. www.itgi.org 1
2.
Disclaimer
The IT Governance InstituteTM (ITGITM) and the author of IT Governance Using COBIT® and Val IT TM: Presentation, 2nd Edition, have designed the publication primarily as an educational resource for educators. ITGI, ISACA® and the authors make no claim that use of this product will assure a successful outcome. The publication should not be considered inclusive of all proper procedures and tests or exclusive of other procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific procedure or test, controls professionals should apply their own professional judgement to the specific control circumstances presented by the particular systems or IT environment. Note this publication is an update of COBIT in Academia: COBIT Presentation Package. © 2007 IT Governance Institute. All rights reserved. www.itgi.org 2
3.
Disclosure
© 2007 IT Governance Institute. All rights reserved. This publication is intended solely for academic use and shall not be used in any other manner (including for any commercial purpose). Reproductions of selections of this publication are permitted solely for the use described above and must include the following copyright notice and acknowledgement: ‘Copyright © 2007 IT Governance Institute. All rights reserved. Reprinted by permission.’ IT Governance Using COBIT® and Val IT™: Presentation, 2nd Edition, may not otherwise be used, copied or reproduced, in any form by any means (electronic, mechanical, photocopying, recording or otherwise), without the prior written permission of ITGI. Any modification, distribution, performance, display, transmission or storage, in any form by any means (electronic, mechanical, photocopying, recording or otherwise) of IT Governance Using COBIT® and Val IT™: Presentation, 2nd Edition, is strictly prohibited. No other right or permission is granted with respect to this work. IT Governance Using COBIT® and Val IT™: Presentation, 2nd Edition ISBN 978-1-60420-029-4 © 2007 IT Governance Institute. All rights reserved. www.itgi.org 3
4.
Acknowledgements
Researcher – Ed O’Donnell, University of Kansas, USA Contributors – Roger Stephen Debreceny, Ph.D., FCPA, University of Hawaii, USA – Steven DeHaes, University of Antwerp Management School, Belgium – Erik Guldentops, CISA, CISM, University of Antwerp Management School, Belgium – Robert Parker, CISA, CA, CMC, FCA, Canada – V. Sambamurthy, Ph.D., Michigan State University, USA – Scott Lee Summers, Ph.D., Brigham Young University, USA – John Thorp, The Thorp Network, Canada – Wim Van Grembergen, Ph.D., University of Antwerp Management School, Belgium – Ramesh Venkataraman, Ph.D., Indiana University, USA © 2007 IT Governance Institute. All rights reserved. www.itgi.org 4
5.
This presentation
includes... Driving forces for IT governance and Control Objectives for Information and related Technology (COBIT®) An introduction to: • The COBIT framework • COBIT supporting materials An explanation of where COBIT fits with other frameworks and standards © 2007 IT Governance Institute. All rights reserved. www.itgi.org 5
6.
The Governance Environment ©
2007 IT Governance Institute. All rights reserved. www.itgi.org 6
7.
Forces Driving
IT Governance Business/IT Compliance Alignment ROI Project Execution Security © 2007 IT Governance Institute. All rights reserved. www.itgi.org 7
8.
IT Governance Needs
a Management Framework V gic t D alu t e en eli e Driving Forces a m tr n S ig ve ry Al Map Onto the IT Governance Perf ureme Perf ureme ent IT Governance Mea Mea Dom ains agem Man isk orm orm s s Domains R ance t ance t Resource n n Management © 2007 IT Governance Institute. All rights reserved. www.itgi.org 8
9.
C OBI T
4.1—The IT Governance Framework Internationally accepted good CobiT C OBI T practices Management-oriented best practices Supported by tools and repository for training Freely available at IT Processes www.itgi.org IT Management Processes Sharing knowledge and IT Governance Processes leveraging expert volunteers Continually evolving The only IT management Maintained by reputable not- and control framework for-profit organisation that covers the end-to-end Maps 100 percent to COSO IT life cycle Maps strongly to all major related standards © 2007 IT Governance Institute. All rights reserved. www.itgi.org 9
10.
C OBI T
4.1—The IT Governance Framework Is a reference, set of best practices, not an ‘off-the-shelf’ cure Enterprises still to need to analyse their control requirements and customise based on: Value drivers CobiT C OBI T Risk profile IT infrastructure, organisation best practices and project portfolio repository for IT Processes IT Management Processes IT Governance Processes © 2007 IT Governance Institute. All rights reserved. www.itgi.org 10
11.
Key Driving Forces
for C OBI T How IT is What the The resources The resources How IT is What the made available to— organised to organised to stakeholders stakeholders made available to— respond to the Business expect from IT and built up by—IT and built up by—IT respond to the Requirements expect from IT requirements IT requirements Processes IT Resources IT Business IT Resources Requirements Processes Data Plan and Effectiveness Organise Application Efficiency systems Aquire and Confidentiality Implement Technology Integrity Deliver and Facilities Support Availability Compliance People Monitor and Evaluate Information reliability © 2007 IT Governance Institute. All rights reserved. www.itgi.org 11
12.
How Does C
OBI T Link to IT Governance? Direction and Requirements Resourcing Control Goals Responsibilities Objectives Business IT Governance Information the Information business needs to executives and board achieve its objectives need to exercise their responsibilities IT Governance © 2007 IT Governance Institute. All rights reserved. www.itgi.org 12
13.
An Overview of
C OBI T © 2007 IT Governance Institute. All rights reserved. www.itgi.org 13
14.
Process Orientation
Business Requirements IT Processes IT Resources Natural grouping of processes, often matching an organisational Domains domain of responsibility A series of joined activities with natural control breaks Processes Actions needed to achieve a measurable result—activities have a life cycle, whereas tasks are Activities discrete or Tasks © 2007 IT Governance Institute. All rights reserved. www.itgi.org 14
15.
Process Orientation
Business Requirements IT Domains IT Processes • Plan and IT Resources Organise IT Processes • Acquire and • IT strategy Implement • Computer operations • Deliver and • Incident handling Activities Support • Acceptance testing • Record new problem. • Monitor and • Change management • Analyse. Evaluate • Contingency planning • Propose solution. Natural grouping of • Problem management • Monitor solution. processes, often matching • Record known problem. A series of joined activities an organisational domain of with natural (control) breaks • Etc. … responsibility Actions needed to achieve a measurable result—activities have a life cycle, whereas tasks are discrete © 2007 IT Governance Institute. All rights reserved. www.itgi.org 15
16.
Process Orientation
Plan and Organise Description This domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. The realisation of the strategic vision needs to be planned, communicated and managed for different perspectives. Proper organisation and technological infrastructure must be put in place. Topics Business s n a mo D Strategy and tactics Requirements IT Vision planned Processes IT Organisation and infrastructure Resources Questions Are IT and the business strategy aligned? i Is the enterprise achieving optimum use of its resources? Does everyone in the organisation understand the IT objectives? Are IT risks understood and being managed? Is the quality of IT systems appropriate for business needs? © 2007 IT Governance Institute. All rights reserved. www.itgi.org 16
17.
Waterfall Model
The control of IT Processes that satisfy Business Requirements is enabled by Control Statements considering Control Practices 4 Domains - 34 Processes - 210 Control Objectives © 2007 IT Governance Institute. All rights reserved. www.itgi.org 17
18.
C OBI T
Business Objectives Criteria Framework • • • Effectiveness Efficiency Confidentiality • Integrity • Availability • Compliance • Reliability IT Resources • Data • Application systems • Technology Monitor and • Facilities • People Evaluate Plan and IT Life Organise Deliver and Cycle Support Acquire and Implement © 2007 IT Governance Institute. All rights reserved. www.itgi.org 18
19.
C OBI T
Processes PO1 Define an IT strategic plan. PO2 Define the information architecture. PO3 Determine technological direction. PO4 Define the IT processes, organisation and relationships. Plan and PO5 Manage the IT investment. Organise PO6 Communicate management aims and direction. PO7 Manage IT human resources. PO8 Manage quality. PO9 Assess and manage IT risks. PO10 Manage projects. AI1 Identify automated solutions. AI2 Acquire and maintain application software. AI3 Acquire and maintain technology infrastructure. Acquire and AI4 Enable operation and use. Implement AI5 Procure IT resources. AI6 Manage changes. AI7 Install and accredit solutions and changes. © 2007 IT Governance Institute. All rights reserved. www.itgi.org 19
20.
C OBI T
Processes DS1 Define and manage service levels. DS2 Manage third-party services. DS3 Manage performance and capacity. DS4 Ensure continuous service. DS5 Ensure systems security. DS6 Identify and allocate costs. Deliver and DS7 Educate and train users. Support DS8 Manage service desk and incidents. DS9 Manage the configuration. DS10 Manage problems. DS11 Manage data. DS12 Manage the physical environment. DS13 Manage operations. ME1 Monitor and evaluate IT performance. Monitor and ME2 Monitor and evaluate internal control. Evaluate ME3 Ensure compliance with external requirements. ME4 Provide IT governance. © 2007 IT Governance Institute. All rights reserved. www.itgi.org 20
21.
Processes in the
Student Book The following processes are included in the Student Book, 2nd Edition: DS2 Manage third-party services. PO9 Assess and manage IT risks. AI2 Acquire and maintain application software. DS5 Ensure systems security. ME2 Monitor and evaluate internal control. DS2 is used as an example in the Student Book, 2nd Edition, and the following slides use DS2 to illustrate the related COBIT information for a process. © 2007 IT Governance Institute. All rights reserved. www.itgi.org 21
22.
Navigating in C
OBI T DS2 Process Level Information Criteria Waterfall IT Governance IT Resources © 2007 IT Governance Institute. All rights reserved. www.itgi.org 22
23.
DS2 Waterfall © 2007
IT Governance Institute. All rights reserved. www.itgi.org 23
24.
DS2 Management Guidelines © 2007
IT Governance Institute. All rights reserved. www.itgi.org 24
25.
DS2 Management Guidelines cont. ©
2007 IT Governance Institute. All rights reserved. www.itgi.org 25
26.
DS2 Maturity Model
DS2 Manage Third-party Services Management of the process Manage third-party services that satisfies the business requirement for IT of providing satisfactory third-party services whilst being transparent about benefits, costs and risks is: 0 Non-existent when Responsibilities and accountabilities are not defined. There are no formal policies and procedures regarding contracting with third parties. Third-party services are neither approved nor reviewed by management. There are no measurement activities and no reporting by third parties. In the absence of a contractual obligation for reporting, senior management is not aware of the quality of the service delivered. 1 Initial/Ad Hoc when Management is aware of the need to have documented policies and procedures for third-party management, including signed contracts. There are no standard terms of agreement with service providers. Measurement of the services provided is informal and reactive. Practices are dependent on the experience (e.g., on demand) of the individual and the supplier. 2 Repeatable but Intuitive when The process for overseeing third-party service providers, associated risks and the delivery of services is informal. A signed, pro forma contract is used with standard vendor terms and conditions (e.g., the description of services to be provided). Reports on the services provided are available, but do not support business objectives. © 2007 IT Governance Institute. All rights reserved. www.itgi.org 26
27.
DS2 Maturity Model cont.
3 Defined when Well-documented procedures are in place to govern third-party services, with clear processes for vetting and negotiating with vendors. When an agreement for the provision of services is made, the relationship with the third party is purely a contractual one. The nature of the services to be provided is detailed in the contract and includes legal, operational and control requirements. The responsibility for oversight of third-party services is assigned. Contractual terms are based on standardised templates. The business risk associated with the third-party services is assessed and reported. 4 Managed and Measurable when Formal and standardised criteria are established for defining the terms of engagement, including scope of work, services/deliverables to be provided, assumptions, schedule, costs, billing arrangements and responsibilities. Responsibilities for contract and vendor management are assigned. Vendor qualifications, risks and capabilities are verified on a continual basis. Service requirements are defined and linked to business objectives. A process exists to review service performance against contractual terms, providing input to assess current and future third-party services. Transfer pricing models are used in the procurement process. All parties involved are aware of service, cost and milestone expectations. Agreed-upon goals and metrics for the oversight of service providers exist. 5 Optimised when Contracts signed with third parties are reviewed periodically at predefined intervals. The responsibility for managing suppliers and the quality of the services provided is assigned. Evidence of contract compliance to operational, legal and control provisions is monitored, and corrective action is enforced. The third party is subject to independent periodic review, and feedback on performance is provided and used to improve service delivery. Measurements vary in response to changing business conditions. Measures support early detection of potential problems with third-party services. Comprehensive, defined reporting of service level achievement is linked to the third-party compensation. Management adjusts the process of third-party service acquisition and monitoring based on the measurers. © 2007 IT Governance Institute. All rights reserved. www.itgi.org 27
28.
Control Practices
COBIT Control Practices, 2nd Edition Detailed guidance on each of the control objectives Management-oriented From three to 12 control practices per control objective © 2007 IT Governance Institute. All rights reserved. www.itgi.org 28
29.
DS2 Control Practices ©
2007 IT Governance Institute. All rights reserved. www.itgi.org 29
30.
DS2 Control Practices
cont. © 2007 IT Governance Institute. All rights reserved. www.itgi.org 30
31.
IT Assurance Guide
IT Assurance Guide: Using COBIT Detailed guidance to support assurance practitioners in: • Financial statement audit • Internal audit • Value for money • Operational improvement Guidance on: • How to leverage COBIT for assurance • Detailed assurance testing steps © 2007 IT Governance Institute. All rights reserved. www.itgi.org 31
32.
DS2 Assurance Steps ©
2007 IT Governance Institute. All rights reserved. www.itgi.org 32
33.
DS2 Assurance Steps
cont. © 2007 IT Governance Institute. All rights reserved. www.itgi.org 33
34.
Implementation Guide, 2
nd Edition IT Governance Implementation Guide, 2nd Edition Detailed, structured guidance to the implementation of IT governance Generic IT governance implementation guidance, not just COBIT © 2007 IT Governance Institute. All rights reserved. www.itgi.org 34
35.
Where C OBI
T Typically Sits Governance COS King Management Governance Layer OOBI T C Layer ITIL IT 17799 CMM TickIT Layer IT © 2007 IT Governance Institute. All rights reserved. www.itgi.org 35
Notas del editor
Return on Investment (ROI)
Descargar ahora