WIXLIB

Session 309Monday, October 21, 3:00 PM - 4:00 PMTrack: IT Governance and SecurityCOBIT 5: Managing Risk and Increasing ValueRobert StroudSr. Advisor, Product Management, CA TechnologiesRob.Stroud@ca.comSession DescriptionYour business depends on technology for its very survival. It’s no longer enough to manage your governance,risk, compliance, and governance processes on the fly; they need to be part of your organization’s DNA. That’swhere COBIT 5 comes in.Unlike many IT frameworks, COBIT 5 is a business framework for the governance and management ofenterprise IT. Encompassing the full spectrum of activities, from strategy to execution, COBIT 5 is a top-downframework that is principle-based and enabler-driven, separating governance and management in a guidedimplementation that ensures practitioner derive value from their IT-enabled business investments. In thissession, we will use case studies to explore the critical aspects of COBIT 5 and highlight effective uses of theframework. (Advanced)Speaker BackgroundRobert Stroud, vice president of strategy and innovation at CA Technologies, is an author, speaker, innovator,and strategist in the ITSM, governance, cloud, mobility, and security space. He is dedicated to thedevelopment of industry good practices and he has contributed to many publications and best practice guides,including ISO, ITIL v3 and ITIL 2011, COBIT 4 and COBIT 5, and Basel. Robert has served on many industryboards, including ISACA, itSMF USA, and itSMF International, and he’s currently the chair of the ISACA ISOLiaison subcommittee and a member of the ISACA Strategic Advisory Council.

COBIT 5: MANAGING RISK ANDINCREASING VALUEV ICER OBERT E S TROUD CGEIT CRISC@R OBERTESTROUDP RESIDENT I NNOVATION & S TRATEGY CA T ECHNOLOGIESC HAIR ISACA ISO L IAISON S UB - COMMITTEE& COBIT A CCELERATION TASKFORCEABSTRACTYour business depends on technology for its very survival. It’s nolonger enough to manage your governance, risk, compliance,and governance processes on the fly; they need to be part ofyour organization’s DNA. That’s where COBIT 5 comes in.Unlike many IT frameworks, COBIT 5 is a business frameworkfor the governance and management of enterprise IT.Encompassing the full spectrum of activities, from strategy toexecution, COBIT 5 is a top-down framework that is principlebased and enabler-driven, separating governance andmanagement in a guided implementation that ensurespractitioner derive value from their IT-enabled businessinvestments. In this session, we will use case studies to explorethe critical aspects of COBIT 5 and highlight effective uses of theframework.COBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroud

Robert E Stroud Robert E Stroud CRISC CGEITVP , Strategy & Innovation IT Business ManagementCA Technologies USA––––––––––––Chair ISACA ISO Liaison SubcommitteeChair COBIT Acceleration Task ForceWinner 2013 ISACA Wasserman AwardISACA 2013 Presidents Award for Industry ContributionsISACA 2012 John Kuyers AwardISACA 2012 ISACA Presidents Award (NJ)Past International Vice President ISACA\ITGIContributor COBIT 4, 4.1 & 5 VALIT and RISK ITPast Executive Board itSMF InternationalPast Board Member USA itSMF15 years Banking ExperienceAuthor, Public Speaker & Industry GeeKCOBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroudAgenda Introduction to ISACAImportance of GovernanceCOBIT 5Recommendations– NOTE: Some of the slides reference ISACA COBIT 5.Recommend that you refer to the product(www.isaca.org) or deckCOBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroud

w w w. i s a c a . o r gTr u s t i n , a n d v a l u e f r o m , i n f o r m a t i o n s y s t e m sIntroduction to ISACACOBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroudWhat Is ISACA? Nonprofit association for individual members Founded in 1969, as the EDP Auditors Association(EDPAA) More than 110,000 constituents worldwideMembers include IT auditors, IT securityprofessionals, IT risk and compliance professionals,IT governance professionals, internal auditors, andmore.Nearly all industry categories: financial, publicaccounting, government/public sector, technology,utilities and manufacturingCOBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroud

ISACA Chapters Worldwide1 International Headquarters Office200 Chapters WorldwideChapters provide: Access to affordable local continuingeducation Networking with professional peers Opportunity to make a positive impact onthe local business community and theprofession79/1/13 Information exchangeopportunities throughchapter meetingsLeadership experience onlocal boards andcommitteesCOBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroud Chapter network Certifications IS auditing standards, guidelines,procedures; IS control standards Conferences and education Periodicals Research publications (guidance,frameworks)COBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroud

ISACA Certifications provide assurance byconducting audits andassessments ofinformation systems oversee, direct andmanage informationsecurity activities CISA CISMCGEIT CRISC define, establish,maintain and manage aframework ofgovernance over IT identify, evaluate andmanage risk through thedevelopment, implementationand maintenance of informationsystems controls COBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroudCOBIT COBIT 5 www.isaca.org/cobitCOBIT 5 for Information SecurityCOBIT 5 for AssuranceCOBIT 5 ImplementationCOBIT 5: Processes EnablerCOBIT Assessment ProgrammeComing soon: COBIT 5 for Risk,COBIT 5: Information EnablerCOBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroud

COBIT Adoption EU adopts COBIT for agricultural paying agenciesCOBIT adopted by Paraguayan Superintendency of BanksCOBIT adopted in Argentina and UruguayUS FFIEC lists COBITLebanese banks endorse COBITAuditor General of Quebec adopts COBITUS National Institute of Standards and Technology referencesCOBITUS House of Representatives adopts COBIT/Office ofInspector General implements and uses COBITAustralian National Audit Office uses COBIT in IT auditsPhilippine Commission on Audit (COA) adopts COBITUS Department of Defense, Office of Inspector General,adopts COBITCOBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroudImportance of GovernanceCOBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroud

COBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroudInnovation is mandatoryBUSINESS DEMAND FORINNOVATIONAre youmoving forIT Capabilities willfill thisgrowing gap!IT CAPACITY FOR INNOVATIONCOBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroud

39% of corporate executivesbelieve IT can deliver newservices on time and onbudget“To what extent does the following statement describeyour firm’s IT organization’s processes and capabilities –‘Has the ability to regularly deliver projects on time and on budget’?”*Executives and corporate strategySales and marketingR&D and product engineeringBack OfficeManufacturing and supply chain39%31%30%29%25%Base: North American and European business decision-makers in firms with 1,000 employees*Source: “Forrsights: Business Execs Increase Direct IT Spend to Support Systems of Engagement”,Forrester Research, Inc., May 16, 2012COBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroudGovernance, Risk andControl (GRC) Is key tosolving IT Problems! Organizations are sacrificingmoney, productivity andcompetitive advantageby not implementing effectiveGRC Executives need a method to:––––Direct IT for optimal advantageManage IT-related risksMeasure the value provided by ITDrive business innovation leveragingtechnology COBIT 5 is the vehicle that willallow you to DRIVE InnovationCOBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroud

COBIT 5COBIT 5 COBIT 5 is the business framework for thegovernance and management of enterprise IT Provides globally accepted principles, practices,analytical tools and models to help increase the trustin, and value from, information systems Expands on COBIT 4.1 by integrating other majorframeworks, standards and resources, includingISACA’s Val IT and Risk IT, Information TechnologyInfrastructure Library (ITIL ) and related standardsfrom the International Organization for Standardization(ISO)COBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroud

COBIT 5 is aProduct FamilySource: COBIT 5, figure 11. 2012 ISACA All rights reserved.COBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroudCOBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroud

COBIT 5 PrinciplesSource: COBIT 5, figure 2. 2012 ISACA All rights reserved.COBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroudStakeholder Value andBusiness ObjectivesSource: COBIT 5, figure 5. 2012 ISACA All rights reserved.COBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroud

COBIT 5 EnablersSource: COBIT 5, figure 12. 2012 ISACA All rights reserved.COBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroudGovernance andManagement arenot the sameSource: COBIT 5, figure 15. 2012 ISACA All rights reserved.COBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroud

Separating Governanceand Management Governance ensures stakeholders needs,conditions and options are evaluated to determinebalanced, agreed-on enterprise objectives areachieved; setting direction through prioritisation,decision making; and monitoring performance andcompliance against agreed-on direction andobjectives (EDM). Management plans, builds, runs and monitorsactivities in alignment with the direction set by thegovernance body to achieve the enterpriseobjectives (PBRM).COBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroudSource: COBIT 5, figure 16. 2012 ISACA All rights reserved.COBIT 5: Enabling Processes (cont.)2626

COBIT, ITIL, PmBok,ISO 27000 deliveringvalue in a large global bank Rapidly growing globallyfocused on growthemerging markets Technology central to thesolution and growth Changing demographicsmobility Framework for measuringvalue and assuring valueto the marketCOBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroudDSS02 Manage ServiceRequests and IncidentsCOBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroud

RACI ChartCOBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroudDSS02 Process PracticesCOBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroud

DSS02 Process PracticesCOBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroudDSS02 Related GuidanceCOBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroud

Recommendations and Next StepsCOBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroudRecommendationsCOBIT 5: MANAGING RISK AND INCREASING VALUE Robert.Stroud@ca.com @RobertEStroud