Module 3: Governance System and Components Flashcards
Which are the 3 Basic Concepts as they related to Governance and Management Objectives
- A governance or management objective always relates to one process and a series of related components of other types to help to achieve the objective
- A governance objective relates to a governance process, A management objective relates to a management process
- Governance processes are typically under the accountability of boards and executive management, management processes are the domain of senior and middle management
Describe the COBIT2019 Core
COBIT2019 Core consists of 40 governance and management objectives, which are organized into five domains - 1 Governance domain and 4 Management domains. Each of the governance and management objectives relates to a process
Name the 5 domains for Governance and Management Objectives
Governance Objective: 1. EDM = Evaluate, Direct and Monitor Management Objective: 2. APO = Align, Plan and Organize 3. BAI = Build, Acquire and Implement 4. DSS = Deliver, Service and Support 5. MEA = Monitor, Evaluate and Assess
What does the Governance and Management domain names represent
The names are verbs, that express the key purpose and areas of activity of the objective
What is addressed in EDM?
EDM - Governance Objective: The governing body evaluates strategic options, directs senior managment on the chosen strategic options and monitors achievement of the strategy
What is addressed in APO?
APO - Management Objective: Addresses overall organizational strategy and supporting activities of IandT
What is addressed in BAI?
BAI- Management Objective: Definition, acquisition and implementation of IandT solutions, and integration into business processes
What is addressed in DSS?
DSS- Management Objective: Operational Delivery and Support of IandT services, including security
What is addressed in MEA?
MEA- Management Objective: Performance Monitoring and conformance of IandT with internal performance targets, control objectives and external requirements.
What is the breakdown of the 40 objectives and their processes
Governance Objective: 1 Domain - EDM - 5 governance objectives Management Objectives: 4 Domains APO: 14 management objectives BAI: 11 management objectives DSS: 6 management objectives MEA: 4 management objectives
What is required to satisfy the Governance and Management Objectives
Each enterprise must establish, tailor and sustain a governance system build from components
What are Governance system Components?
Components are factors that individually and collectively contribute to the good of the operations of the enterprise’s governance system over IandT
Name the 7 Components of a Governance System
- Processes: Describe set of practices and activities to achieve objectives and produce outputs to achieve IandT goals
- Organizational Structures: Key decision making entities within the enterpise
- Information: All information used and produced within the enterpise - COBIT focuses on the information required for effective functioning of the governance system of the enterprise
- People, skills and competencies: Required for decisions, corrective actions and completion of activities
- Culture, ethics and behavior: Factors contributing the the success of the enterprise governance and management activities
- Principles, policies and frameworks: translation into practical activities and processes for guidance for day-to-day management
- Services, infrastructure and applications: All services, technology and infrastructure required to provide the enterprise with governance system for IandT
What are FOCUS areas?
FOCUS areas are specific areas of focus or importance for the enterprise. Focus area is a specific governance topic, domain or issue. Examples - Security, SME, Cloud Computing
What are DESIGN factors?
Design factors can guide the design of an enterprise’s governance system. These are parameters that assist in tailoring the governance system to align with enterprise specific needs.
Examples: Enterprise Strategy, Enterprise goals, Risk profile, threat landscape (PESTLE), Role of IT, IT sourcing model
Name the 11 Design Factors
- Enterprise Strategy
- Enterprise Goals
- Risk Profile
- IandT related Issues
- Threat Landscape
- Compliance Requirements
- Role of IT
- Sourcing Model of IT
- IT implementation methods
- IT Technology Adoption Strategy
- Enterprise Size
Describe Design Factor: Enterprise Strategy
Enterprise strategy can be defined based on a combination of archetypes:
- Growth and acquisition - focus on growth
- Innovation and Differentiation - focus on different/innovative products/services
- Cost Leadership - focus on cost optimization
- Client Service and Stability - focus on client service and stability
Describe Design Factor: Enterprise Goals
Enterprise strategy is realized by achievement of enterprise goals.
Enterprise goals are structured along the Balanced Scorecard (BSC) dimentions
Name the 4 Enterprise Goals Dimensions on the BSC
- Financial
- Customer
- Internal
- Growth
Describe Design Factor: Risk Profile
Risk profile identifies the IandT related risks to which the enterprise is currently exposed, Also indicates to which areas the enterprise is currently exposed, and exceeding the risk appetite.
Name 5 Risk Profile Examples
- IT cost and Oversight
- Unauthorized Actions
- Hardware Incidents
- Noncompliance
- Data and information management
Describe Design Factor: IandT related Issues
Method for an IandT risk assessment for the enterprise to consider to which they are exposed, face or risks that has materialized.
Name 2 IandT related Issues Examples
- Significant IandT related incidents, e.g. outages, data loss
- Failure to meeting IandT related regulations and contractual requirements
Describe Design Factor: Threat Landscape
Threat landscape under which the enterprise is operating - Normal and High (geopolitical, industry sector changes)
Describe Design Factor: Compliance Requirements
Compliance requirements applicable to the enterprise. Levels of Low level of compliance requirements, Normal level of compliance requirements and High level of compliance requirements
Describe Design Factor: Role of IT
What is the role of IT in the organisation:
- Support role - IT only supportive, not needed crucial in the running of business processes
- Factory role - immediate impact on the day-to-day running of business processes
- Turnaround role - IT seen as a driver of innovation and improvement of business processes, not critical dependency on the current running of processes
- Strategic role: IT is critical in running and innovation for the processes and services
Describe Design Factor: Sourcing Model of IT
Sourcing model of IT adopted by the enterprise:
- Outsourcing
- Cloud
- Insourcing
- Hybrid
Describe Design Factor: IT implementation methods
How does IT operate - Agile, DevOps, Traditional, Hybrid, Bimodal IT
Describe Design Factor: IT Technology Adoption Strategy
First Mover - Early as possible / first movers
Follower - Adoption once mainstream
Slow Adopter - Later in adoption curve of new technologies
Describe Design Factor: Enterprise Size
Large Enterprise - > 250 full time employees
Small and medium Enterprise 50 - 250 full time employees
Micro - 50 or less staff
Describe the Goals Cascade
Stakeholder needs must be translated into an Enterprise’s actionable strategy.
Goals Cascade supports Enterprise Goals.
Goals Cascade supports Prioritization of management objectives based on Enterprise Goals
Goals Cascade support translation of enterprise goals into priorities for alignment goals
Stakeholder Drivers and Needs –> Enterprise Goals –> Alignment Goals –> Governance and Management Objectives.
Starting at Stakeholder Drivers and needs, cascades down into Governance and Management Objectives
Name the 4 Financial Category Enterprise Goals (Business Goals) on the BSC
- Portfolio and Competitive Services
- Managed Business Risk
- Compliance with external laws and regulations
- Quality of Financial Information
Name the 3 Customer Category Enterprise Goals on the BSC
- Customer oriented Service
- Business service continuity and available
- Quality of management information
Name the 4 Internal Category Enterprise Goals on the BSC
- Optimization of internal business process functionality
- Optimization of business process costs
- Staff skills, motivation, and productivity
- Compliance with internal policies
Name the 2 Growth Category Enterprise Goals on the BSC
- Managed digital transformation programs
2. Product and business innovation
Name the 4 Dimensions on the BSC for Alignment Goals (IT Goals)
- Financial
- Customer
- Internal
- Learning and Growth
Name 4 goals for Financial Dimension of Alignment Goals
- IT compliance and support for business compliance with external laws and regulations
- Managed information and technology related risk
- Realized benefit from information and technology enabled investment and services portfolio
- Quality of technology related financial information
Name 2 goals for Customer Dimension of Alignment Goals
- Delivery of IandT services in line with business requirements
- Agility to turn business requirements into operational solutions
Name 5 goals for Internal Dimension of Alignment Goals
- Security of Information. infrastructure, applications and privacy
- Enablement of business support and processes
- Delivery of programs on time and within budget and meeting quality requirements
- Quality of IT management information
- IT compliance with internal policies
Name 2 goals for Learning and Growth Dimension of Alignment Goals
- Competent and motivated staff
2. Knowledge, expertise and initiatives for business innovation
