Scribd Logo
Upload

Welcome to Scribd!

  • Framework COBIT: Business-Focused IT Governance

    Uploaded by

    rika
    65 views29 pages
    Cobit (Control Objectives for Information and Related Technology) is a framework for governance and management of IT. It consists of 4 domains - plan and organize, acquire and implement, deliver and support, monitor and evaluate. Cobit is business-focused, process-oriented, and measurement-driven. It defines IT processes and control objectives to ensure IT supports business objectives. Cobit also includes a maturity model to assess process performance and set targets for improvement.

    Original Description:

    framework

    Original Title

    Framework COBIT

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Cobit (Control Objectives for Information and Related Technology) is a framework for governance and management of IT. It consists of 4 domains - plan and organize, acquire and implement, deliver and support, monitor and evaluate. Cobit is business-focused, process-oriented, and measurement-driven. It defines IT processes and control objectives to ensure IT supports business objectives. Cobit also includes a maturity model to assess process performance and set targets for improvement.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    65 views29 pages

    Framework COBIT: Business-Focused IT Governance

    Uploaded by

    rika
    Cobit (Control Objectives for Information and Related Technology) is a framework for governance and management of IT. It consists of 4 domains - plan and organize, acquire and implement, deliver and support, monitor and evaluate. Cobit is business-focused, process-oriented, and measurement-driven. It defines IT processes and control objectives to ensure IT supports business objectives. Cobit also includes a maturity model to assess process performance and set targets for improvement.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 29

    Framework COBIT

    Pertemuan Minggu ke
    -6

    Agenda
    Cobit Context
    Cobit Principle
    Bussiness Focused
    Process Control Oriented
    IT Resources
    Performance Measurement

    Overall Cobit Interrelationship

    Cobit Context
    IT is an important factor in achieving success in the

    information economy and central to an entitys operational


    and financial management.
    enterprise governance and IT governance can no longer be
    considered separate and distinct disciplines
    IT governance :
    the structure that links IT processes, IT resources and
    information to enterprise strategies and objectives.
    integrates and institutionalises optimal ways of planning
    and organising, acquiring and implementing, delivering and
    supporting, and monitoring and evaluating IT performance.
    assuring efficient and effective measurable improvements
    in related enterprise processes.
    enables the enterprise to take full advantage of its
    information, thereby maximising benefits, capitalising on
    Dasar-Dasar Audit SI
    opportunities and gaining competitive advantage.

    Cobit Context

    Dasar-Dasar Audit SI

    IT Governance Lifecycle

    Dasar-Dasar Audit SI

    Cobit Audience
    COBIT is designed to be used by three distinct

    audiences:
    ManagementTo help them balance risk and

    control investment in an often unpredictable IT


    environment
    UsersTo obtain assurance on the security and
    controls of IT services provided by internal or third
    parties
    AuditorsTo provide a framework to assist them to
    come to an opinion on the level of assurance on
    the particular subject matter being audited and/or
    provide advice to management on internal controls
    Dasar-Dasar Audit SI

    Principle
    Cobit Framework Principle:
    Bussiness Focussed
    Process Control Oriented
    IT resources
    Measurement-driven
    To provide the information that the

    enterprise requires to achieve its objectives,


    the enterprise needs to invest in and manage
    and control IT resources using a structured
    set of processes to provide the services that
    deliver the required Cobit
    Dasar-Dasar Audit SI

    Principle

    Dasar-Dasar
    Audit SI
    Basic
    Cobit Principles
    Cobit

    Principle- Bussiness Focus:


    Information Criteria
    To satisfy business objectives, information needs
    to conform to certain control criteria : Quality,
    Fiduciary, Security
    Bussiness Goal & IT Goal
    Basis for establishing business requirements and

    developing the metrics that allow measurement


    against these goals.
    A clear ownership and direction of the
    requirements by the business (the customer) and
    a clear understanding of what needs to be
    delivered, and how, by IT (the provider).
    Dasar-Dasar Audit SI

    Principle- Bussiness Focus:


    Information Criteria :
    Quality :
    Effectiveness.
    Efficiency
    Security
    Confidentiality
    Integrity.
    Availability

    Fiduciary
    Compliance
    Reliable

    Dasar-Dasar Audit SI

    Control measures over the


    IT processes will not
    necessarily satisfy all the
    different business
    requirements
    indicated using primary (P),
    secondary (S) or blank
    indicators:

    Principle- Bussiness Focus:

    Dasar-Dasar Audit SI

    Principle Process
    Control Oriented
    Process Oriented :
    COBIT defines IT activities in a generic

    process model within four domains:


    Plan

    and Organise (PO) - Provides direction to


    solution delivery (AI) and service delivery (DS)
    Acquire and Implement (AI) - Provides the
    solutions and passes them to be turned into
    services
    Deliver and Support (DS)Receives the
    solutions and makes them usable for end users
    Monitor and Evaluate (ME)Monitors all
    processes to ensure that the direction provided is
    followed
    Dasar-Dasar Audit SI

    Principle Process
    Control Oriented

    Dasar-Dasar Audit SI

    Principle Process
    Control Oriented
    Raci Chart :
    Responsible
    Those who do the work to achieve the task.

    Accountable
    Those who are ultimately accountable for the correct

    and thorough completion of the deliverable or task.

    Consulted
    Those whose opinions are sought; and with whom there

    is two-way communication.

    Informed
    Those who are kept up-to-date on progress, often only

    on completion of the task or deliverable and with whom


    there is just one-way communication.
    Dasar-Dasar Audit SI

    Principle Process
    Control Oriented

    Dasar-Dasar Audit SI

    Principle IT Resources
    IT Resources :
    To respond to the business requirements for

    IT, the enterprise needs to invest in the


    resources required :
    Applications
    Information
    Infrastructure
    People

    Dasar-Dasar Audit SI

    Principle IT Resources

    Defining IT Goals and Enterprise Architecture


    Dasar-Dasar
    For IT Audit SI

    High Level
    Control Objective

    Cobit Navigation

    Information
    Criteria

    Domain process

    IT Governance
    Component

    Dasar-Dasar Audit SI

    IT Resources

    Principle Measurement
    Driven
    Maturity Model :
    Using the maturity models developed for

    each of Cobit 34 IT processes, management


    can identify:
    The actual performance of the enterpriseWhere

    the enterprise is today


    The current status of the industryThe comparison
    The enterprises target for improvementWhere the
    enterprise wants to be
    The required growth path between as-is and to-be

    Dasar-Dasar Audit SI

    Principle Measurement
    Driven

    Dasar-Dasar Audit SI

    Principle Measurement
    Driven
    Maturity Model :
    are built up starting from the generic

    qualitative model to which principles from


    the following attributes :
    Awareness and communication
    Policies, plans and procedures
    Tools and automation
    Skills and expertise
    Responsibility and accountability
    Goal setting and measurement

    Dasar-Dasar Audit SI

    Principle Measurement
    Driven

    Dasar-Dasar Audit SI

    Principle Measurement
    Driven
    Goals and metrics are defined in COBIT at

    three levels:
    IT goals and metrics : what the business

    expects from IT and how to measure it


    Process goals and metrics : what the IT
    process must deliver to support ITs
    objectives and how to measure it
    Activity goals and metrics : what needs
    to happen inside the process to achieve
    the required performance and how to measure
    it
    Dasar-Dasar Audit SI

    Principle Measurement
    Driven

    Dasar-Dasar Audit SI

    Principle Measurement
    Driven
    Two kind of metric :
    Outcome measure, previously key goal

    indicators (KGIs)
    indicate whether the goals have been met.

    These can be measured only after the fact lag indicators


    Performance indicators
    previously key performance indicators (KPIs),

    indicate whether goals are likely to be met.


    They can be measured before the outcome is
    clear - lead indicators.

    Dasar-Dasar Audit SI

    Principle Measurement
    Driven

    Outcome Measurement - Lag Indicator

    Dasar-Dasar Audit
    SI
    Performance

    Metric - Lead Indicator

    Overall Cobit Principle

    Cobit Cube
    Dasar-Dasar Audit SI

    Overall Cobit Framework

    Dasar-Dasar Audit SI

    Interrelationship Between
    Cobit Component

    Dasar-Dasar Audit SI

    You might also like