22. COBIT 5 Flashcards
COBIT 5
Principle 1:
Meeting Stakeholder Needs
Ensure buy in from board of directors and Senior Leadership
- Enterprises have multiple stakeholders
- “creating value” means different, often conflicting, things to each stakeholder
- Governance - should consider all stakeholders when making benefit, resource and risk assessment decisions
- Decisions should ask;
- Who receives the benefits
- Who bears the risk
- What resources are required
- Needs have to be transformed into practical strategy
COBIT 5
Principle 2:
Covering Enterprise End-to-end
Governance and management of information and related technology
- Integrate governance of enterprise IT into enterprise governance
- All functions and processes within the enterprise
- COBIT 5 does not focus on “IT Function”
- COBIT 5 treats information and related techology as assets
COBIT 5
Principle 3:
Applying Single Integrated Framework
COBIT 5 aligns with latest relevant standards
Use COBIT 5 as overarching governance
- Enterprise: COSO, COSO ERM, ISO/IEC 9000, ISO/IEC 31000
- IT Related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, PMBOK/PRINCE2, CMMI
COBIT 5
Principle 4:
Enabling Holsitic Approach
COBIT 5 enablers;
7 categories
- Factors that influence wheather something will work
- Goals cascade i.e. higher level IT related goals define what different enablers should achieve
- Holistic approach has 7 categories
COBIT 5
Principle 5:
Separating Governance from Management
- Governance
- Management
- Governance - typically responsibility of the board
- Management - Reponsibility of the executive management under CEO leadership
- Both serve different purposes
COBIT 5
Enabling holistic approach
7 categories
- Principles, policies and frameworks
- Processes
- Org structures
- Culture, ethics, behaviour
- Information
- Services, infrastructure and applications
- People, skills, compentencies
COBIT 5
Principles, Policies, and Frameworks
COBIT 5 - Principle 4: Enabling holistic approach - 7 categories
Translate desired behaviour into practical guidance for day to day management
- everything else builds on top of this
COBIT 5
Processes
COBIT 5 - Principle 4: Enabling holistic approach - 7 categories
Organised set of practices and activities
Used to achieve certain objectives (IT related goals)
- Map out your work flow
- Do this, and do that
COBIT 5
Organisational Structures
COBIT 5 - Principle 4: Enabling holistic approach - 7 categories
Key decision making entities in the organisation
COBIT 5
Culture, Ethics and Behaviour
COBIT 5 - Principle 4: Enabling holistic approach - 7 categories
Of individuals and of the organisation
- Taylor a solution that works in our environment
COBIT 5
Information
COBIT 5 - Principle 4: Enabling holistic approach - 7 categories
All information produced and used by the enterprise
COBIT 5
Services, infrastructure and applications
COBIT 5 - Principle 4: Enabling holistic approach - 7 categories
Infrastructure, Technology, and Applications
- Infrastructure, technology and applications that provide the enterprise with information technology processing and services
- Enables the business to do what it needs i.e. routers, switches, firewalls, computers
COBIT 5
People, Skills and Competencies
COBIT 5 - Principle 4: Enabling holistic approach - 7 categories
People required for successful completion of all activities
Correct decision making
- people need the right skills and capabilities
COBIT 5
Governance
Principle 5: Separating Governance from Management
Stakeholder needs, conditions and options are evaluated
- Set direction through prioritisation and decision making
- Monitoring performance and coimpliance against agreed on direction and objectives
COBIT 5
Management
Principle 5: Separating Governance from Management
Plans, builds, runs and monitors
- All activities in alignment with the direction set by the governance body
- Goal to achieve enterprise objectives
