WIXLIB

C****COBITNootdorp1

2

APMG accreditedAPMG accreditedCobit IndependentTrainer3

COBIT5 COBIT5 4

Business ProcesIT services eninfrastructuur5

6

GEIT 7

COBIT beantwoord belangrijkebedrijfsvragen Is mijn informatie technologieorganisatie de juiste dingen aan het doen?Doen we de dingen op de juiste manier?Krijgen we de dingen voor elkaar?Zien we de resultaten wel goed?* Based on the “Four Ares” as described by John Thorp in his bookThe Information Paradox, written jointly with Fujitsu, first publishedin 1998 and revised in 2003

Business ProcesIT services eninfrastructuurLeunen op IT

COBIT Business voordelen COBIT geeft inzicht aan executivemanagement om governance uit te voerenover de IT in het bedrijf Effectievere wegen om de IT de bedrijfsdoelen te latenondersteunen Meer transparantie en voorspelbare IT kosten over dehele life-cycle Meer informatie over IT die betrouwbaar en op tijd is Hogere kwaliteit uit IT services en meer succesvolleprojecten Effectiever management van IT-gerelateerde risico’s

Stakeholder Value Delivering enterprise stakeholder value requiresgood governance and management ofinformation and technology (IT) assets. Enterprise boards, executives and managementhave to embrace IT like any other significant partof the business. External legal, regulatory and contractualcompliance requirements related to enterpriseuse of information and technology are increasing,threatening value if breached. COBIT 5 provides a comprehensive frameworkthat assists enterprises to achieve their goalsand deliver value through effective governanceand management of enterprise IT

12

Overview COBIT5 5 Principles7 EnablersProcess Reference ModelLife Cycle model voor ImplementationProcess Assessment ModelDimensies13

The Evolution of COBIT 514Governance of Enterprise ITIT GovernanceBMISEvolution(2010)ManagementVal IT 2.0(2008)ControlRisk ITAudit(2009)COBIT11996COBIT21998 2012 ISACA. All Rights Reserved.COBIT32000COBIT4.0/4.12005/7COBIT 52012

Meeting Stakeholder NeedsPrinciple 1. Meeting Stakeholder Needs Enterprises exist to create value for theirstakeholders

RegulatorsLawsISOAuditors16

Waar begint COBIT5 ? EERST moet een bedrijf zijn doelen gesteldhebben Hoe bemoeit COBIT zich niet mee SWOT, COSO, BSC, ERM, DMW, JFW Stakeholder analyse ! Doelen En dan Governance, supported by COBIT517

Daar begint COBIT5 ! Uw bedrijf heeft zijn doelen gesteld en wil zegoed in beeld houden Doelen zijn altijd in beweging Regelmatige Stakeholder analyse ! Vertaling van Stakeholder needs naar Doelennaar IT gerelateerde doelen en naar Enablingdoelen en weer terug en dat is Governance,supported by COBIT5 !18

COBIT5 Goals Cascade 2012 ISACA. All Rights Reserved.

COBIT5 Goals Cascade 2012 ISACA. All Rights Reserved.

Start met de BSC categorie in stap 1Balanced earningIT RelatedGoal (ITRG)COBIT ProcessCustomer6. Customer-oriented service culture7. Business service continuity and availability8. Agile responses to a changing business environment9. Information-based strategic decision making10. Optimisation of service delivery costs 2012 ISACA. All rights reserved.

Figure 24—Mapping COBIT 5 Enterprise Goals to Governance and Management QuestionsStap 1Appendix DStakeholderNeeds en BSCdimensies

Cascade stap 1 Figure5: BSC dimensies enEnterprise Goals plotten op BRR

Stap 2 – Selecteer Enterprise Goal, IT related Goals enProcessenCustomer6. Customer-oriented service culture7. Business service continuity and availabilityITRG 07 Delivery of IT services in line with business requirementsITRG 08 Adequate use of applications, information and technology solutionsITRG 01 Alignment of IT and business strategyITRG 04 Managed IT-related business riskITRG 10 Security of information, processing infrastructure and applicationsITRG 14 Availability of reliable and useful information for decision makingPROCESSESAPO09 Manage Service AgreementsAPO13 Manage SecurityBAI04 Manage Availability and CapacityBAI08 Manage KnowledgeBAI10 Manage ConfigurationDSS03 Manage ProblemsDSS04 Manage Continuity 2012 ISACA. All rights reserved.PRIMARY IMPORTANCE ORIMPACTPPPPPPP

Enterprise Goals To IT Related GoalsThere are also 17 generic IT related goals as shown in Figure 6 (shown below) that are alsocategorised into the Balanced Score Card (BSC) categories. The relationship of enterprise goals to ITrelated Goals are shown in Appendix B Figure 22 page 50

Figure 22—Mapping COBIT 5 Enterprise Goals to IT-related GoalsStap 2Appendix BEnterpriseGoals naarIT RelatedGoalsin BSCdimensies

Stap 2 – het laatste deel: de processenCustomer6. Customer-oriented service culture7. Business service continuity and availabilityITRG 07 Delivery of IT services in line with business requirementsITRG 08 Adequate use of applications, information and technology solutionsITRG 01 Alignment of IT and business strategyITRG 04 Managed IT-related business riskITRG 10 Security of information, processing infrastructure and applicationsITRG 14 Availability of reliable and useful information for decision makingPROCESSESAPO09 Manage Service AgreementsAPO13 Manage SecurityBAI04 Manage Availability and CapacityBAI08 Manage KnowledgeBAI10 Manage ConfigurationDSS03 Manage ProblemsDSS04 Manage Continuity 2012 ISACA. All rights reserved.PRIMARY IMPORTANCE ORIMPACTPPPPPPP

Figure 23—Mapping COBIT 5 IT-related Goals to Processes (cont.)Stap 2Appendix CIT RelatedGoalsnaarprocessen

Step .3Example APO09 – Examine MetricsProcess IDProcess NameAPO09Manage Service AgreementsProcessDescriptionAlign IT-enabled services and service levels with enterprise needs and expectations, including identification, specification, design, publishing, agreement, and monitoring ofIT services, service levels and performance indicators.Process PurposeEnsure that IT services and service levels meet current and future enterprise needs.Outcomes ED METRICSThe number of business processes with unidentified serviceIT services are identified, defined and catalogued according to enterprise needs.agreements% of live IT services covered by service AgreementsService agreements reflect enterprise needs and the capabilities of IT.% of Customers satisfied that service delivery meets agreed-onlevelsIT services perform as stipulated in service agreements.Number & severity of service breaches% of services being monitored to service levels% of service targets being met 2012 ISACA. All rights reserved.

Concepts – CSF to MeasurementVan Visienaar meten Crown copyright 2011. Reproduced under license from Axelos.Figure 4.1 Continual Service Improvement, page 5030

Een voorbeeld van Governance en doelen31

Heeft u vragen(tot zover) overhet omzettenvan uwbedrijfsdoelennaar .processen ? 2012 ISACA. All Rights Reserved.32

COBIT 5 Principles 2012 ISACA All rights reserved.

COBIT 5 Mapping Summary 2012 ISACA. All rights reserved.

Key components of a governance system 2012 ISACA. All Rights Reserved.35

Governing Body36

control is important especiallywhen you don’t have it!37

COBIT 5 Process Reference Model 2012 ISACA. All Rights Reserved.

The COBIT5 Enterprise Enablers 2012 ISACA. All Rights Reserved.

COBIT 5 Implementation Life Cycle 2012 ISACA. All Rights Reserved.

My view on GovernanceOf Enterprise IT with COBIT5 Manage before you can GovernControls are neededStakeholders must be involvedIT helps the enterpriseOrganizations are helped to find out what theyreally want41

42

afterthought“All Models are wrong,but some are useful”George BoxThank you !Erik van Eeden43

COBIT Business voordelen COBIT geeft inzicht aan executive management om governance uit te