Module 1: Framework Introduction Flashcards
What is COBIT
COBIT is a framework for the Enterprise Governance and Management of Information and Technology that supports Enterprise Goal achievement.
Framework for EGIT
What is EGIT
Enterpise Governance of Information and Technology
What are the 4 major considerations for EGIT
- EGIT is integral part of corporate governance
- EGIT is exercised by the board, board oversees the definition, implementation of processes, structures and relational mechanisms
- EGIT enables both business and IT people to execute their responsibilities in support of business/IT alignment
- EGIT enables creation of business value from Information and Technology enabled business investments
What is the role of the board re. EGIT
The board:
- Oversees the definition and implementation of
- Processes, structures and relational mechanisms
What has research shown regarding poorly adopted approaches to EGIT
Such organizations performs worse regarding business and IandT alignment - as a results their realized business value from digital investments are not achieved.
What does the Context regarding EGIT include
- Enterprise Governance of IT - governing information and technology should not be left to the IT department alone and should be governed on enterprise level
- Business and IT alignment - ensuring that goals, strategies and priorities are balanced between stakeholders and enterprise needs and Information and Technology
- Value Creation - ensuring benefits delivery, risk optimization, and resource optimization
1–>2–>3
With what is EGIT fundamentally concerned with?
EGIT is fundamentally concerned with:
Value delivery from digital transformation and the mitigation of business risk that results from digital transformation.
What are the three main outcomes that can be expected from a successful EGIT implementation?
- Benefits Realization
- Risk Optimization
- Resource Optimization
What does Benefits Realizations consist of?
Benefits realization:
- Enterprise value creation through IandT
- Maintaining and increasing the value created through IandT
- The value from IandT must be measured in a manner that relates to the impact and contributions of IandT investments on the Enterprise value creation
What does Risk Optimization consist of?
- Business risk associated with use/ownership/operation and adoption of IandT
- IandT related business risk relates to risks that can impact business
- Value delivery focuses on creation of value
- Risk management focuses on creation preservation
IandT related risk must be incorporated into Enterprise risk management to ensure a focus on IandT by the enterprise.
IandT related risk management should be measure to show the impact and contributions of optimizing IandT related business risk on preserving value
What does Resource Optimization consist of?
Resource optimization ensures appropriate capabilities are in place to execute the strategic plan, and sufficient, appropriate and effective resources are provided to support business strategy.
Resource optimization ensures an integrated, economical IT infrastructure is provided, new technology is introduced as required, obsolete systems and risks removed and replaced - Hardware, Software, Technology and People (training, promotion, retention and competence of IT personnel)
What are some benefits from EGIT
- Lower IT related continuity costs
- Increased IT enabled innovation capability
- Increased business and IT alignment, alignment between digital spending /investments and business goals and strategy
- Increase trust between business and IT
- Shift toward a value rather than a cost mindset
Name some audience members of COBIT
Boards, Executive management, Business Management, IT Managers, Risk Managers
External Stakeholders:
Regulators, Business and vendor partners, IT Vendors
What does Governance Ensure
Stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives
- Direction is set through prioritization and decision making
- Performance and compliance is monitored against agreed on direction and objectives
- Overall Governance is the responsibility of the board
What are Managements responsibilities in EGIT
Plan, build, run and monitors activities, in alignment with the direction set by governance body to achieve enterprise objectives
Explain Governance vs. Management
Governance:
Governance ensures stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives
Direction is set through prioritization and decision making
Performance and compliance are monitored against agreed on direction and objectives
Overall governance is responsibility of the board under leadership of chairperson
Specific governance responsibilities might be delegated to specific structures within the organization
VS
Management:
Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (Executive management under the CEO)
What is COBIT NOT
COBIT defines all the components that is used to describe which decisions should be taken and how and by whom they should be taken
IS NOT:
Not a Full description of IT environment - it focuses on areas contribution to enterprise success
Not a framework organizing all business processes - focuses on IandT processes supporting business processes
Not a technical framework to manage technology
Not describe or make IT decisions
Not used for IT strategy design
Which are the 6 components of the COBIT Product architecture
- Inputs INTO COBIT
- COBIT Core / Reference model
- COBIT Core Publications
- Design Factors
- Focus areas
- Tailored Enterprise Governance System for IandT
Describe COBIT Product Architecture / INPUTS
- COBIT 5
- Other industry frameworks
- Regulations
- Bodies of Knowledge
- Community
Describe COBIT Product Architecture / Reference Model
CORE - 40 governance and management objectives.
Organized into 5 domains - 1 Governance Domain and 4 Management Domains.
Each of these 5 domains relates to a specific process
Describe COBIT Product Architecture / Publications
CORE publications - COBIT framework, Introduction and Methodology and the Governance and Management Objectives, Design Guide, Implementation Guide
Describe COBIT Product Architecture / Design Factors
Design Factors - used to tailor the governance system specific to the enterprise. (Enterprise strategy, Enterprise goals, Enterprise Size, Role of IT, IT sourcing model, compliance requirements etc.)
Describe COBIT Product Architecture / Focus Areas
Focus areas describes a specific Governance Topic, domain or issue that can be addressed by a combination/collection of more detailed and targeted governance and management objectives and their components. (SME, Security, Risk, DevOps etc)
Describe COBIT Product Architecture / Tailored EGIT
Tailored Governance system for IandT based on the specific enterprise, their goals, area of focus (tailored by using Core, design factors, focus areas and performance management areas
Describe COBIT and other Standards
COBIT umbrella framework - uses, points and references other frameworks
Name the benefit of COBIT For: Internal - Board Executive Management Business Managers IT Managers Assurance Providers Risk Management External - Regulators Business Partners IT Vendors
Board - Insights on how to get value from IandT and defines board responsibilities
Executive Management - Guidance on how to organize and monitor performance of IandT
Business Managers - Helps to understand how to obtain IandT solutions that enterprise require
IT Managers - Guidance how best to build and structure IT department, manage performance and run effective and efficient IT department and operation
Assurance Providers - help manage dependency on external service providers, get assurance of IT - effective and efficient system of control
Risk Management - helps to ensure identification and management of all IT related risk
Regulators - help assures compliance
Business Partners - helps assures compliance by business partners, their operations are secure and reliable
IT Vendors - helps ensures vendor operations are compliant, secure, reliable
