Documente Academic
Documente Profesional
Documente Cultură
ISE501
Foundations in IT Management
Eda TOPALOLU
120510001
Emriye COKUN
120510004
Faruk TFTKC
120501004
What is COBIT?
Provide us understanding of IT
We can decide more efficiently about IT
By using it, we can understand and manage IT
investments
Identifies the major IT resources
Defines the management control objectives
Organises IT activities
Better quality IT services
What is COBIT?
What is differences
between the COBIT 4.1
and COBIT 5 ?
stakeholders.
Enterprises have many
stakeholders.
Value creation means
realising benefits at an
optimal resource cost
while optimising risk.
The governance system should consider
be transformed into an
enterprises actionable
strategy.
The COBIT 5 goals cascade
is the mechanism to
translate stakeholder
needs into specific,
actionable and customised
enterprise goals.
framework, because;
it aligns with other latestrelevant standards and
Framework)
APM (Association for Project Management)
etc.
categories of enablers
1.Principles, policies and frameworks
2.Processes
3.Organisational structures
4.Culture, ethics and behaviour
5.Information
6.Services, infrastructure and
applications
7.People, skills and competencies
1.4.2. Processes
Processes describe an organised set of
practices.
Processes describe the activities to achieve
certain objectives and produce a set of
outputs
1.4.3. Organisational
Structures
Organisational structures are the decision
mechanism in an enterprises
1.4.5. Information
Information is pervasive throughout any
1.4.7. Organisational
Structures
People, skills and competencies are
enterprises, management
is the responsibility of the
executive management
under the leadership of
the CEO.
22
Risk IT
IT riskis a part of business risk
Provides an end-to-end, comprehensive view
of all risks
Understand how to manage the risk
Risk can be categorised;
-IT Benefit/Value enabler
-IT Operation and Service Delivery
-IT Programme/Project delivery
Val IT
Is a governance framework that can be used
2. Increased Focus on
Enablers
COBIT 4.1 did not have enablers
Information, infrastructure, applications
3. New Process
Reference Model
COBIT 5 is based on a revised process
3. New Process
Reference Model
5. Practices and
Activities
The COBIT 5 governance or management
8. RACI Charts
COBIT 5 provides RACI charts describing roles
8. RACI Charts
Source:COBIT4.1,page39.2007ITGovernanceInstituteAllrightsreserved.
9. Process Capability
Models and Assessments
9. Process Capability
Models and Assessments
9. Process Capability
Models and Assessments
9. Process Capability
Models and Assessments
COBIT 5 FRAMEWORK
DEFINITION
COBIT 5 is a governance and management
COBIT 5 Framework - 5
Principles
The cobit 5 framework based on 5 principles.
COBIT 5 is an integrator
framework since it:
Brings together existing
ISACA guidance on
governance and
management of enterprise IT
Aligns with the latest relevant
other standards and
frameworks
Provides a simple
architecture for structuring
guidance materials and
producing a consistent
product set
Principle 1: Integrator
Framework
COBIT 5 Architecture
COBIT 5 Architecture
The Governance Objectives
Existing ISACA guidance (COBIT 4.1, Val IT 2, Risk IT,
BMIS, etc.
Other relevant standards and frameworks
Cobit 5 Enablers
Processes, Culture Ethics
Behavior, Organizational Structure
Information
Principles & Policies
Skills & Competencies
Service Capabilities
COBIT 5 Architecture
Cobit 5 Knowledge Base:
Current guidance and content
Structure for future contents
Value criation
Governance
Objectives
Goals Cascade
Governance objectives translate into enterprise goals
Realising enterprise goals requires IT related goals
For IT related goals to be achieved, enablers are required
Goals Cascade
Goals Cascade
IT related goals
Enablers
Enablers are tangible and intangible elements that make
Enabler Capability
Levels
content
Process Reference
MEA
Model
Process Reference
.
Model
management processes
Implementation
ITIL v3
view
STRUCTURAL
COMPARISON
COVERAGE OF IT GOVERNANCE
FOCUS AREAS
DETAILED MAPPING
COBIT TO ITIL
Incident Management
ITIL v3: part of Service Operation
COBIT : part of Deliver & Support
Major tasks:
Problem Management
ITIL v3: part of Service Operation
COBIT : part of Deliver & Support
Major tasks:
Configuration
Management
ITIL v3: part of Service Transition
COBIT : part of Deliver & Support
Major tasks:
Change Management
Capacity Management
ITIL v3: part of Service Delivery
COBIT : part of Deliver & Support
Major tasks:
DS3has5principles.
DS3.1 Performance and Capacity Planning
Establish a planning process for the review of
performance and capacity of IT resources
Leverage appropriate modeling techniques to
produce a model of the current and forecasted
performance, capacity and throughput of the
IT resources.
DS-4
DS4 ENSURE CONTINUOUS SERVICE
Provide continuous IT services requires
developing, maintaining and testing IT
continuity plans
Minimize the probability and impact of a
major IT service interruption on key business
functions and processes.
DS4has10principles.
DS4.1 IT Continuity Framework
Develop a framework for IT continuity to support
enterprise wide business continuity management
using a consistent process.
Adress the organizational structure for continuity
management, covering the roles, tasks and
responsibilities of internal and external service
providers, their management and their customers,
and the planning processes
DS-8
DS8 MANAGE SERVICE DESK AND INCIDENTS
Timely and effective response to IT user queries
and problems requires a well-designed and wellexecuted service desk and incident
management process
Include setting up a service desk function with
registration, incident escalation, trend and root
cause analysis, and resolution
Include increased productivity through quick
resolution of user queries
DS8has5principles.
DS8.1 Service Desk
Establish a service desk function
Include monitoring and escalation procedures
based on agreed-upon service levels
DS8.2 Registration of Customer Queries
Establish a function and system to allow logging
and tracking of calls, incidents, service requests
and information needs
Work such processes as incident management,
problem management, change management,
capacity management and availability
management.
DS-9
DS9 MANAGE THE CONFIGURATION
DS9has3principles.
DS9.1 Configuration Repository and
Baseline
Establish a supporting tool and a central
repository to contain all relevant information
on configuration items
Monitor and record all assets and changes to
assets.
Maintain a baseline of configuration items for
every system and service as a checkpoint to
which to return after changes
DS-10
DS10 MANAGE PROBLEMS
Require the identification and classification of
problems, root cause analysis and resolution of
problems
Include the formulation of recommendations for
improvement, maintenance of problem records
and review of the status of corrective actions
Maximize system availability, improves service
levels, reduces costs, and improves customer
convenience and satisfaction
DS10has4principles.
DS10.1 Identification and Classification of
Problems
DS-11
DS11 MANAGE DATA
Require identifying data requirements
Include the establishment of effective
procedures to manage the media library,
backup and recovery of data, and proper
disposal of media
Helps ensure the quality, timeliness and
availability of business data
DS10has6principles.
DS11.1 Business Requirements for Data
Management
Verify that all data expected for processing are
received and processed completely
Support restart and reprocessing needs
DS11.2 Storage and Retention
Arrangements
Define and implement procedures for effective
and efficient data storage, retention and
archiving to meet business objectives, the
organizations security policy and regulatory
requirements
DS-13
DS13 MANAGE OPERATIONS
Complete and accurate processing of data
requires effective management of data
processing procedures and diligent
maintenance of hardware.
Includes defining operating policies and
procedures for effective management
Helps maintain data integrity and reduces
business delays and IT operating costs.
ME-1
ME1 MONITOR AND EVALUATE IT
PERFORMANCE
Effective IT performance management
requires a monitoring process
Include defining relevant performance
indicators, systematic and timely reporting of
performance, and prompt acting upon
deviations
ME1has6principles.
ME1.1 Monitoring Approach
Establish a general monitoring framework and
approach to define the scope, methodology
and process
Integrate the framework with the corporate
performance management system
AI-6
AI6- MANAGE CHANGES
All changes, including emergency
maintenance and patches, relating to
infrastructure and applications within the
production environment are formally managed
in a controlled manner
Provide mitigation of the risks of negatively
impacting the stability or integrity of the
production environment.
A16has5principles.
AI6.1 Change Standards and Procedures
Set up formal change management procedures to
handle in a standardized manner all requests
AI6.2 Impact Assessment, Prioritization and
Authorization
Assess all requests for change in a structured way
to determine the impact on the operational
system and its functionality
References
http://www.isaca.org/Knowledge-Center/cobit/Documents/COBIT4.pdf
http://www.isaca.org/Knowledge-Center/cobit/Documents/CobiT-4.1-
Brochure.pdf
http://en.wikipedia.org/wiki/COBIT
http://www.google.com.tr/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&sqi=2&ved=0CCIQFj
AA&url=http%3A%2F%2Fwww.isaca.org%2FCOBIT%2FDocuments
%2FCOBIT5-Compare-With4.1.ppt&ei=Ta17UKyeKYrCswaN74HoBg&usg=AFQjCNEf4XzkLoXZxfFYQLKO
HICaXSlESg&sig2=i1HTIOC97nMm4k1kMmk1jQ
http://www.bpmwatch.com/columns/changing-role-of-governance-in-
outsourcing-contract/
References
COBIT5-Framework-ED-27JUNE2011.pdf
Miha.ef.uni-lj.si/_dokumenti3plus2/192073/ITIL-COBIT_nov.pdf
COBIT%20Mapping%202nd%20Edition[1].pdf
Scillani%20Article%20Combining%20ITIL%20with%20Cobit%20and
%2017799[1].pdf
COBIT%20Mapping%202nd%20Edition[1].pdf
itgovernance.co.uk/files/ITIL-COBiT-ISO17799JointFramework.pdf
www.financialexecutives.org/COBIT5-Update-Research-.pptx
http://www.qualified-auditpartners.be/user_files/QECB_IIA_COBIT5_EN_Overview_201111.pdf
http://www.slideshare.net/Billy82/microsoft-powerpoint-marrying-cobit-and-itil-foreffective#btnNext
http://www.mitsm.de/itil-wiki/process-descriptions-english/incident-management
http://www.slideshare.net/hafeezi/business-it-management-intro-to-cobit-itil9568869#btnNext
http://www.isaca.org/Education/Conferences/Documents/EuroCACSPresentations/323.pdf