IT Governance - Capability Assessment using COBIT 5
6 likes3,621 views
This document discusses an IT governance capability assessment using COBIT 5's Process Assessment Model (PAM). It provides an overview of COBIT 5 and its framework, domains, product family, and how it covers other standards. It then explains PAM and the process for a self-assessment using PAM. This includes scoping the assessment, performing the self-assessment, and the methodology for an IT governance engagement, which involves process mapping, workshops, determining IT capabilities and operational effectiveness.
IT Governance - Capability Assessment using COBIT 5
- 1. IT Governance Capability Assessment using COBIT 5 PAM Eryk Budi Pratama Presented for Information System Faculty– Universitas Bakrie
- 2. Objectives IT Governance Governance of Enterprise IT Domain, Product Family, Coverage COBIT 5 Framework PAM using COBIT 5 Process Assessment Model (PAM) Self Assessment Guide using COBIT 5 Self Assessment Methodology for IT Governance Engagement Engagement Delivery Approach
- 3. IT Governance Governance of Enterprise IT
- 4. IT Governance Old Way COBIT 4.1 Val ITRisk IT
- 5. Corporate Governance of IT Based on ISO 38500 Source: http://www.qaiglobalservices.com/wp-content/uploads/2016/05/Fig-4.jpg
- 6. Governance of Enterprise IT COBIT 5 - Principles and Area Risk Management Focus Area
- 8. COBIT 5 Domain ❑ Evaluate, Direct, Monitor (EDM) ❑ Align, Plan, Organize (APO) ❑ Build, Acquire, Implement (BAI) ❑ Deliver, Service, Support (DSS) A Business Framework for the Governance and Management of Enterprise IT
- 9. COBIT 5 COBIT 5 Product Family
- 10. COBIT 5 COBIT 5 Coverage of Other Standards and Frameworks Standard Description ISO 38500 Governance of IT for the organization ISO 31000 Enterprise Risk Management ISO 27000 Information Security Management ISO 20000 IT Service Management Framework Description TOGAF Enterprise Architecture by OpenGroup PMBOK Project Management by PMI PRINCE2 Project Management by APMG ITIL IT Service Management by AXELOS CMMI Capability Maturity Model Integration
- 12. COBIT 5 PAM COBIT Process Assessment Model (PAM) Workflow Source: This figure is reproduced from ISO/IEC 15504-2, with the permission of ISO/IEC at www.iso.org. Copyright remains with ISO/IEC.
- 13. COBIT 5 PAM COBIT Process Assessment Model (PAM) Workflow
- 14. COBIT 5 PAM Process Capability Level and Attributes Rating Levels Levels and Necessary Ratings
- 15. COBIT 5 PAM Assessment Process
- 16. Self Assessment
- 17. Self Assessment Step 1 – Scoping (Process Step) Identify relevant business drivers for the assessment of IT processes •On the basis of these business drivers, define the objective of the assessment. •The prioritisation and selection of one or more COBIT 5 processes for inclusion in the process assessment should be based on the business drivers for the assessment. Identify and prioritise the enterprise’s IT processes that should be included within the scope of the assessment •Utilise the business drivers and assessment objectives identified previously, along with, as appropriate, the COBIT 5 process mappings contained in the scoping tool kit. •For example, if the objective of the assessment is to assist IT management in identifying and prioritising improvement initiatives related to one or more specified goals identified, the COBIT process mappings may be useful to identify the processes most closely related to those IT goals. Perform a preliminary scoping selection of target processes for inclusion in the assessment, based on the previous prioritisation •Ensure that they will satisfy the identified business drivers and meet the objectives of the assessment. Confirm the preliminary selection of target COBIT 5 processes with the project sponsor and key stakeholders of the process assessment Finalise the COBIT 5 processes to be included in the assessment
- 18. Self Assessment Step 1 – Scoping (Process Step) Enterprise Goal Hierarchy IT-related Goals Hierarchy Self-Diagnostic Mapping of COBIT 5 Processes to IT Goals to Business Goals to IT Balanced Scorecard Mapping COBIT 5 Processes to IT Goals (subset of information contained in item above) Self-diagnostic Tool
- 19. Self Assessment Step 2 – Perform Self Assessment
- 20. Self Assessment Step 2 – Perform Self Assessment
- 22. Engagement Delivery Approach General Delivery Approach Process mapping of current IT process to COBIT 5 Working Group & Discussion Report Assessment IT Capabilities Operational Effectiveness & Workshop IT Goals, IT Framework risk IT Issues, and Remediation Roadmap based on COBIT 5 Maturity Level based on COBIT 5 Strategy and recommendation report for IT process improvement Output
- 23. Engagement Delivery Approach General Delivery Approach Working Group & Discussion Report Assessment IT Capabilities Operational Effectiveness & Workshop ▪ Determine the organizational structure and the members involved in the project as well as the duties and responsibiliti es of each party ▪ Create detailed work plans and activities to be performed ▪ Determine communication methods and information paths ▪ Defines a list of required infor mation ▪ Conducting a Kick-Off meeting with all related parties to assign key business process owner over 37 sub-areas of COBIT 5 ▪ Determining the target and the schedule of the interview ▪ Collect data / documents and information on current state of existing IT processes based on 37 major sub-areas in COBIT 5 ▪ Review relevant documents and information ▪ Discuss with key parties in the IT process ▪ Determine the level of IT capabilities with COBIT 5 tools ▪ Determine the level of IT capability for 37 major sub areas of COBIT 5 in the client ▪ Discussions with client’s mana gement are related to IT capability level reports that have been assessed by consultant ▪ Provide monitoring tools related to improvements that will be done by the client ▪ Organize workshop schedules to report the result of IT governance capability level assessments ▪ Describes the review methodology used ▪ Displays observations regarding existing IT processes and gaps based on COBIT 5 ▪ Exposure to the results of Operational Effectiveness i mplementation ▪ Presentation of recommendations for improvement of client’s IT process
- 24. Thank you