Implementing & Migrating to COBIT 5 in the Governance of Enterprise IT

COBIT®, originally published as "Control Objectives for Information and Related Technologies" in 1995, is the most globally recognized IT control and governance framework. COBIT 5 is generic and useful for organizations of all sizes, whether commercial, not-for-profit or in the public sector. We will explore the improvements offered by COBIT 5 and how to migrate from COBIT 4.1 and other implementation to a COBIT 5.

COBIT 5 provides a comprehensive framework that helps organizations achieve their objectives for the governance and management of enterprise IT. It helps create optimal IT value by maintaining a balance between realizing benefits and optimizing risk levels and use of resources.

COBIT 5 is based on 5 Principles and 7 Enablers; each of these will be examined in detail with discussion of how each relates to "real life" as well as how it integrates with other, established, International documents such as the IT Infrastructure Library (ITIL) and ISO27000 series of Security Standards.

Apart from addressing the new "5 Principles" and "7 Enablers", COBIT 5 is a far better, organization-based product. Other implementations, we have found, tend to address "Management" rather than "Governance." COBIT 5 specifically differentiates between the two.

All currently available documents in the COBIT 5 series will be discussed to indicate how each links to the 'parent' Framework but can be used to address specific Business needs: Assurance, Security and Risk management. Finally, we will discuss the use of the COBIT 5 Process Assessment Model, based on ISO15504, to analyse and report comprehensively on process capability. And how to use COBIT 5 to measure the success of a previous ITG implementation.

Through a combination of lectures, open discussions and consideration of an actual IT Governance implementation using COBIT, you will learn how to use COBIT 5 to:

• Analyse and address enterprise stakeholders and their drivers
• Identify information governance challenges, root causes and success factors
• Assess and address the Organisation's needs for Information Governance
• Scope and plan improvements then use COBIT 5 to implement them
• Understand and avoid potential implementation pitfalls
• Determine and assess current process capability

Introduction and agenda

• Review of agenda as well as course expectations
• Opportunity for Delegates to raise any specific issues

What Governance, why is it important and why are organisations failing to address it?

• Delegates share their own experience
• Discuss various attitudes toward Governance and the reasons why organisations have not implemented it
• The difference between Governance and Management

What is IT Governance and how does it relate to Corporate Governance?

• What is GEIT? What could go wrong if we ignore the concept?
• Who should be involved in the implementation of GEIT?
• Advantages of involvement: and the position of Information Security Management

What is COBIT 5 and where did it come from?

• The origin and history of COBIT 5
• Using the "Lens Concept"
• Identifying the COBIT 5 Family as it stands today
• The Structure of COBIT 5 amd its Principles and Enablers

What are the COBIT 5 Principles?

• Meeting Stakeholder Needs
• Covering the Enterprise End-to-end
• The Single Integrated Framework
• Adopting the Holistic Approach
• Separating Governance from Management

What are the COBIT 5 Enablers?

• Principles, Policies & Frameworks
• Processes
• Organisational Structures
• Culture, Ethics and Behaviours
• Information
• Services, Infrastructure and Applications
• People, Skills and Competencies

How are the Principles used?

• Stakeholder Needs and the Goals Cascade
• The End-to-end Governance approach
• The single framework Integrator
• Stepping back to look at the "whole"
• Interactions between Governance and management

How are the Enablers used?

• Everything starts with Policies
• The COBIT 5 Process Reference Model
• The People Issues
• The Technical Issues
• The true nature of Information

What is so special about Information?

• Introducing COBIT 5 Enabling: Information
• The complex nature of Information

How does COBIT 5 relate to other Frameworks?

• No, you haven't wasted your time implementing CobiT 4.1!
• Relating COBIT 5 to earlier versions of CobiT
• Relating COBIT 5 to ITIL
• Relating COBIT 5 to ISO/IEC38500
• Relating COBIT 5 to ISO/IEC27000 Series

COBIT 5 is BIG! How can we implement it?

• Introducing the COBIT 5 Products:
  • Implementation Guide
  • Enabling: Processes
  • Enabling: Information
• Simplifying the Implementation Project
• Considering Migration from earlier versions of CobiT

How can COBIT 5 meet the specific needs of my Organisation?

• Using Enabling: Processes to remove elements that are not needed
• Developing your own "COBIT 5"
• How it was done at a big, international organisation!

How do I approach Implementation or Migration?

• Using the COBIT 5 Implementation Guide
• Using the Implementation Toolkit
• Start at the top! Getting Executive support

What are the steps in Implementation?

• Creating the Environment
• Applying a Life Cycle approach
• Recognizing Pain and Trigger points
• Stakeholder roles & requirements

What are Challenges and Success Factors?

• Identifying the Drivers
• Where are we now and where do we want ro be?
• What needs to be done?
• Did we get there?
• How do we keep it going?

How can we create a Change Environment?

• Establishing the desire for change
• Forming an effective team
• Communication!
• Empowerment and the value of Quick Wins
• Enabling operation and embedding new approaches

What are the Tasks, Roles & Responsibilities?

• Specific Tasks in each Phase
• Identifying who should do what in each Phase

What about Migration, is it different?

• Transition from CobiT 4.1, ValIT and Risk IT
• Realignment from Control Objectives to Business Goals

What else is involved in Governance?

• Information Security Governance
• Assurance
• Analysing & Managing Risk
• Assessing and evaluating performance
• Communication with Business management

How can COBIT 5 for Information Security help?

• The first of the COBIT 5 "Practitioner Guides"
• How it expands upon Enabling: Processes
• The additional dimensions of Security
• How it supports rather than competes with ISO27000

How will COBIT 5 for Assurance help me?

• Assurance Drivers
• The Assurance Process using COBIT 5
• Addressing the Processes

So, how about COBIT 5 for Risk?

• Drivers for Risk Management
• The Governance Objective: Value Creation
• Perspectives on Risk With COBIT 5
• Applying the COBIT 5 Principles to Managing Risk

How are our Processes performing?

• Using Maturity Modelling: the basis of Cobit 4.1 (CMM)
• Is CMM dead?
• Introducing ISO15504 and the COBIT 5 Process Assessment Model

How can we enable assessments to support process improvement?

• Capability Levels and Process Attributes
• Assessment Indicators and the Rating Scale
• Process Dimensions and Performance Indicators

How can we enable assessments to support process improvement?

• Performing a Process Assessment
• Reaching and reporting conclusions
• The place for CMM in the assessment process

What specific issues does COBIT 5 address today?

• Configuration Management using COBIT 5
• Controls and Assurance in the Cloud
• Transforming Cyber security using COBIT 5
• What next? A bit of speculation!

Call : +6 (082) 363686

E-mail : kevin@cia-global.com

• Advanced Information System Auditing
• Risk-Based Auditing
• IT Disaster Recovery
• Certified Information Security Manager (CISM)
• ITIL® Foundation Certification Training
• More Information Technology Training Courses