COBIT - II - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

COBIT - II

Description:

COBIT - II Processes A series of joined activities with natural control breaks Activities or Tasks Actions needed to achieve a measurable result. – PowerPoint PPT presentation

Number of Views:107
Avg rating:3.0/5.0
Slides: 16
Provided by: Leeds90
Category:

less

Transcript and Presenter's Notes

Title: COBIT - II


1
COBIT - II
2
(No Transcript)
3
Process Orientation
4
Domains
  • COBIT defines IT activities in a generic process
    model within four domains.
  • Plan and Organize
  • Acquire and Implement
  • Deliver and Support
  • Monitor and Evaluate

5
Plan and Organise
  • Description
  • This domain covers strategy and tactics, and
    concerns the identification of how IT can best
    contribute to the achievement of the business
    objectives. Furthermore, the realisation of the
    strategic vision needs to be planned,
    communicated and managed for different
    perspectives. Finally, a proper organisation as
    well as technological infrastructure must be put
    in place.
  • Topics
  • Strategy and tactics
  • Vision planned
  • Organisation and infrastructure
  • Questions
  • Are IT and the business strategy aligned?
  • Is the enterprise achieving optimum use of its
    resources?
  • Does everyone in the organisation understand the
    IT objectives?
  • Are IT risks understood and being managed?
  • Is the quality of IT systems appropriate for
    business needs?

6
Plan and Organise
  • PO1 Define a strategic information
    technology plan
  • PO2 Define the information architecture
  • PO3 Determine the technological direction
  • PO4 Define the IT organisation and
    relationships
  • PO5 Manage the investment in information
    technology
  • PO6 Communicate management aims and direction
  • PO7 Manage human resources
  • PO8 Ensure compliance with external
    requirements
  • PO9 Assess risks
  • PO10 Manage projects
  • PO11 Manage quality

.
7
Acquire and Implement
  • Description
  • To realise the IT strategy, IT solutions need to
    be identified, developed or acquired, as well as
    implemented and integrated into the business
    process. In addition, changes in and maintenance
    of existing systems are covered by this domain to
    make sure that the life cycle is continued for
    these systems.
  • Topics
  • IT solutions
  • Changes and maintenance
  • Questions
  • Are new projects likely to deliver solutions that
    meet business needs?
  • Are new projects likely to deliver on time and
    within budget?
  • Will the new systems work properly when
    implemented?
  • Will changes be made without upsetting current
    business operations?

8
Acquire and Implement
  • AI1 Identify automated solutions
  • AI2 Acquire and maintain application software
  • AI3 Acquire and maintain technology
    infrastructure
  • AI4 Develop and maintain IT procedures
  • AI5 Install and accredit systems
  • AI6 Manage changes

9
Deliver and Support
  • Description
  • This domain is concerned with the actual delivery
    of required services, which range from
    traditional operations over security and
    continuity aspects to training. To deliver
    services, the necessary support processes must be
    set up. This domain includes the actual
    processing of data by application systems, often
    classified under application controls.
  • Topics
  • Delivery of required services
  • Setup of support processes
  • Processing by application systems
  • Questions
  • Are IT services being delivered in line with
    business priorities?
  • Are IT costs optimised?
  • Is the work force able to use the IT systems
    productively and safely?
  • Are adequate security, integrity and availability
    in place?

10
Deliver and Support
  • DS1 Define and manage service levels
  • DS2 Manage third-party services
  • DS3 Manage performance and capacity
  • DS4 Ensure continuous service
  • DS5 Ensure systems security
  • DS6 Identify and allocate costs
  • DS7 Educate and train users
  • DS8 Assist and advise customers
  • DS9 Manage the configuration
  • DS10 Manage problems and incidents
  • DS11 Manage data
  • DS12 Manage facilities
  • DS13 Manage operations

11
Monitor and Evaluate
  • Description
  • All IT processes need to be regularly assessed
    over time for their quality and compliance with
    control requirements. This domain thus addresses
    managements oversight of the organisations
    control process and independent assurance
    provided by internal and external audit or
    obtained from alternative sources.
  • Topics
  • Assessment over time, delivering assurance
  • Managements oversight of the control system
  • Performance measurement
  • Questions
  • Can ITs performance be measured and can problems
    be detected before it is too late?
  • Is independent assurance needed to ensure
    critical areas are operating as intended?

12
Monitor and Evaluate
  • M1 Monitor the process
  • M2 Assess internal control adequacy
  • M3 Obtain independent assurance
  • M4 Provide for independent audit

13
Business Requirements
  • Quality Requirements
  • Quality
  • Delivery
  • Cost
  • Security Requirements
  • Confidentiality
  • Integrity
  • Availability
  • Fiduciary Requirements
  • Effectiveness and efficiency of operations
  • Compliance with laws and regulations
  • Reliability of financial reporting
  • Effectiveness
  • Efficiency
  • Confidentiality
  • Integrity
  • Availability
  • Compliance
  • Reliability of information

Treadway Commission reqs that management must
attest to its organisations effectiveness and
efficiency of operations, reliability of
financial reporting (not financial reports), and
compliance with laws and regulations.
14
What the stakeholders expect from IT
The resources made available toand built up byIT
Business Requirements
IT Resources
IT Processes
  • Data
  • Application systems
  • Technology
  • Facilities
  • People
  • Plan and Organise
  • Aquire and Implement
  • Deliver and Support
  • Monitor and Evaluate
  • Effectiveness
  • Efficiency
  • Confidentiality
  • Integrity
  • Availability
  • Compliance
  • Information reliability

15
DS2 Example - Manage third-party services
Drilling Down the COBIT model
Write a Comment
User Comments (0)
About PowerShow.com