Study Notes - COBIT 5 Foundation Certification
3 likes1,674 views
The document outlines COBIT 5, a framework for enterprise governance, detailing its governance objectives, principles, enablers, and implementation process. Key components include creating value through risk optimization and resource optimization, with a focus on stakeholder needs and a holistic approach. It also describes the eight governance and management domains, product guides, and characteristics essential for a successful COBIT implementation.
![Copyright@Wajahat Iqbal (2015)
This is not an official COBIT publication and is not endorsed, sponsored, or otherwise affiliated with ISACA or ITGI.
16) Enterprise = Organisation = Commercial (Corporate) OR Public Sector OR Not for Profit
17) Information Enabler (Enabler 5)
1) Intrinsic Quality Accuracy,Objectivity,Believability,Reputation
2) Contextual Relevancy, Completeness, Currency, Appropriate amount of
information, Concise representation, Consistent representation
Interpretability, Understandability, Ease of manipulation
3) Security/Accessibility Availability/timeliness, Restricted Access
4) Information Layers Physical World(Carrier/Media)
Empiric(User Interface)
Syntactic (Code/Language)
Semantic (Meaning)
Pragmatic (Use)
Social Use (e.g. Contracts,Law,Culture)
18) Cobit 5 Stakeholders:
- Internal (Board,CFO,CIO,CTO,CEO,Business Executives,Managers,Internal Auditors,Users ..)
- External (Business Partners,Suppliers,Shareholders,Regulators,Govt,External
Users,Customers,Standardisation organizations,External Auditors,Consultants..)
19) Good Policy Effective, Efficient, Non-Intrusive
20) DIKW - [Data – Information-Knowledge-Wisdom (Value)]
21) Information for Business (COBIT 4.1)
1 Quality Effectiveness
Efficiency
2 Security Confidentiality
Integrity
Availability
3 Fiduciary Compliance
Reliability](https://image.slidesharecdn.com/studynotescobit5wajahat-iqbaldraftversion0-160303135857/85/Study-Notes-COBIT-5-Foundation-Certification-4-320.jpg)
Study Notes - COBIT 5 Foundation Certification
- 1. Copyright@Wajahat Iqbal (2015) This is not an official COBIT publication and is not endorsed, sponsored, or otherwise affiliated with ISACA or ITGI. (Study Notes) - COBIT 5 Exam (ISACA Enterprise Governance Framework) 1) Governance Objective: Value Creation from Benefits Realisation + Risk Optimisation+ Resource Optimisation 2) Cobit 5 initially available in 3 Volumes: - The Framework - Process Reference Guides - Implementation Guide 3) Five Principles of Cobit 5: - Meeting the Stakeholders needs - Covering the Enterprise end-to-end - Single integrated Framework - Holistic approach of 7 enterprise enablers - Separating governance from management 4) Stakeholder Needs Enterprise Goals IT-related Goals Enabler Goals 5) Seven Enablers of Cobit 5 (i.e. Governance enablers) - Principles, policies and frameworks - Processes -Organisational structures - Culture, ethics and behaviours - Information - Service infrastructure and applications - People skills and competencies 6) Important Drivers for Cobit 5 - Performance (Business Goals) - Conformance (SOX, HIPAA) - Creating value for Enterprise Stakeholders through efficient use of Technology & Information - Complete Enterprise Governance - Covers all Functions and Processes - Address all Internal & External Services - Address all Internal & External Business Processes - Address End to end Business and IT responsibilities - Enterprise Architecture - Asset and Service management 7) Cobit 5 Triggers - Pains - Risks - Goals Cascade
- 2. Copyright@Wajahat Iqbal (2015) This is not an official COBIT publication and is not endorsed, sponsored, or otherwise affiliated with ISACA or ITGI. 8) Mapping of Governance & Management Domain a) Governance Domain (EDM – Evaluate, Direct & Monitor) b) Management Domain: (APO – Align, Plan & Organise) (BAI – Build, Acquire & Implement) (DSS – Deliver, Service & Support) (MEA – Monitor, Evaluate & Asses) 9) Cobit 5 Product Guides: - Level 1 (Cobit Enabling Processes, Cobit 5 Enabling Information, Other Enabling Guides) - Level 2 (Cobit 5 Implementation, Cobit 5 for Information Security, Cobit 5 for Assurance, Cobit 5 for Risk, Other Professional Guides) - Level 3 (Cobit 5 Online Collaborative Environment) 10) Key Governance Objective VALUE CREATION 11) Enabler Characteristics - Stakeholders (Internal & External) - Goals (expected outcome of enabler) Intrinsic Quality (work well & provide results) Contextual Quality (Relevance, effectiveness) Accessibility & Security (of enablers + outcomes) - Lifecycle Plan, Design, Build/Acquire/Create/Implement Use/Operate Evaluate/Monitor Update/Dispose - Good Practice Practices Work Products (Inputs & Outputs) 12) Cobit 5 Enterprise 17 Goals (Balanced Score Card 5 Dimensions): - Financial - Customer - Internal - Learning Growth 13) Cobit 5 Implementation Lifecycle
- 3. Copyright@Wajahat Iqbal (2015) This is not an official COBIT publication and is not endorsed, sponsored, or otherwise affiliated with ISACA or ITGI. COBIT 5 IMPLEMENTATION CYCLE Phase 1 2 3 4 5 6 7 What are the Drivers? Where are we Now? Where do we Want to be? What needs to Be done? How do we get there? Did we get There? How do we keep the momentum Going? Programme Management Initiate program Define problems & opportunities Define road map Plan programme Execute plan Realise benefits Review Effectiveness Change Enablement Establish desire to change Form implementation team Communicate outcome Identify role players Operate and use Embed new approaches Sustain Continual Improvement Lifecycle Recognise need to act Assess current state Define target state Build improvements Implement improvements Operate improvements Monitor and evaluate 14) Charteristics of a Good Business Case: - Address Business Benefits - Address Investment needed - Address Constraints & Dependencies - Address Investment Monitoring - Address business changes required - Address ongoing IT Operating Costs - Address Roles, Responsibilities & Accountability 15) Cobit 5 Process Capability Model (PAM) Cobit 5 Process Capability Model (PAM) 0 Incomplete Performance Attribute (PA) 1 Performed PA1.1 Process Performance 2 Managed PA2.1 Performance Management PA2.2 Work Product Management 3 Established PA3.1 Process Definition PA3.2 Process Deployment 4 Predictable PA4.1 Process Measurement PA4.2 Process Control 5 Optimising PA5.1 Process Innovation PA5.2 Process Optimisation Rating Levels: a) F- Fully achieved (>85%) b) P - Partially achieved (15-50%) c) L-Largely achieved (50-85%) d) N- Non achieved (<15%)
- 4. Copyright@Wajahat Iqbal (2015) This is not an official COBIT publication and is not endorsed, sponsored, or otherwise affiliated with ISACA or ITGI. 16) Enterprise = Organisation = Commercial (Corporate) OR Public Sector OR Not for Profit 17) Information Enabler (Enabler 5) 1) Intrinsic Quality Accuracy,Objectivity,Believability,Reputation 2) Contextual Relevancy, Completeness, Currency, Appropriate amount of information, Concise representation, Consistent representation Interpretability, Understandability, Ease of manipulation 3) Security/Accessibility Availability/timeliness, Restricted Access 4) Information Layers Physical World(Carrier/Media) Empiric(User Interface) Syntactic (Code/Language) Semantic (Meaning) Pragmatic (Use) Social Use (e.g. Contracts,Law,Culture) 18) Cobit 5 Stakeholders: - Internal (Board,CFO,CIO,CTO,CEO,Business Executives,Managers,Internal Auditors,Users ..) - External (Business Partners,Suppliers,Shareholders,Regulators,Govt,External Users,Customers,Standardisation organizations,External Auditors,Consultants..) 19) Good Policy Effective, Efficient, Non-Intrusive 20) DIKW - [Data – Information-Knowledge-Wisdom (Value)] 21) Information for Business (COBIT 4.1) 1 Quality Effectiveness Efficiency 2 Security Confidentiality Integrity Availability 3 Fiduciary Compliance Reliability
- 5. Copyright@Wajahat Iqbal (2015) This is not an official COBIT publication and is not endorsed, sponsored, or otherwise affiliated with ISACA or ITGI. 22) PBRM -> Plan, Build, Run, Monitor Levels (Total 37 Processes) Governance EDM (5 Processes) Evaluate, Direct & Monitor Management APO (13 Processes) Align, Plan & Organise BAI (10 Processes) Build, Acquire & Implement DSS (6 Processes) Deliver, Service & Support MEA (3 Processes) Monitor, Evaluate & Asses