Governance of Enterprise IT based on COBIT®5

Governance of Enterprise IT based on COBIT®5: A Management Guide

GEOFF HARMER
Copyright Date: 2013
Published by: IT Governance Publishing
https://www.jstor.org/stable/j.ctt7zsxfv
  • Cite this Item
  • Book Info
    Governance of Enterprise IT based on COBIT®5
    Book Description:

    Practical guidance on COBIT®5 implementationCOBIT®5 (Control Objectives for Information and related Technology) is the latest release of the popular framework for the governance of enterprise IT. It links controls, technical issues and business risks, enabling managers to manage the risks associated with business goals.

    Covers all key concepts of COBIT®5

    Written for IT service managers, consultants and other practitioners in IT governance, risk and compliance, this practical book discusses all the key concepts of COBIT®5, and explains how to direct the governance of enterprise IT (GEIT) using the COBIT®5 framework. The book also covers the main frameworks and standards supporting GEIT, discusses the ideas of enterprise and governance, and shows the path from corporate governance to the governance of enterprise IT.

    Drawing on more than 30 years of experience in the IT sector, the author explains crucial concepts, including:

    the key elements of COBIT®5, the 5 principles, 7 enablers and the goals cascadethe structure of the 37 COBIT®5 processesthe implementation of GEIT using COBIT®5 and an implementation lifecyclethe COBIT®5 Process Assessment Model (PAM) - the approach to process assessment of COBIT®5 processes based on International Standard ISO/IEC 15504.

    Prepare for the COBIT®5 Foundation exam

    For those studying for the COBIT®5 qualifications,Governance of Enterprise IT based on COBIT®5covers all the material needed for the COBIT®5 Foundation course, making it invaluable to anyone planning to take the exam.

    Read this book and get to grips with COBIT®5 today.

    eISBN: 978-1-84928-519-3
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 2-4)
  2. ABOUT THE AUTHOR
    (pp. 5-6)
  3. ACKNOWLEDGEMENTS
    (pp. 7-9)
  4. Table of Contents
    (pp. 10-12)
  5. INTRODUCTION
    (pp. 13-14)

    This book is a guide to the governance of enterprise IT (GEIT) and how this may be implemented using COBIT®5.

    It covers the key concepts of COBIT 5 in order that IT service management and IT governance, risk and compliance (IT-GRC) practitioners can readily understand COBIT 5 and see how to drive implementation of GEIT using COBIT 5 and how process assessment is conducted.

    The chapters in the book are:

    Chapter 1: Governance — a discussion of the concepts of enterprise and governance and an explanation of the path from corporate governance to the governance of enterprise IT.

    Chapter 2:...

  6. CHAPTER 1: GOVERNANCE
    (pp. 15-22)

    This chapter discusses the development path that has led from the introduction of corporate governance to IT governance to the governance of enterprise IT (GEIT).

    First let’s clarify two terms we are going to use extensively in this book:enterpriseandgovernance.

    Enterprise (n)is the term used to describe a range of different organisations: a commercial business (often called a corporation) that may, or may not, be quoted on a stock exchange; a public sector organisation such as a local or national government department, or a not-for-profit organisation such as a non-governmental organisation (NGO) or a charity. Enterprise is...

  7. CHAPTER 2: KEY FRAMEWORKS AND STANDARDS SUPPORTING GOVERNANCE OF ENTERPRISE IT
    (pp. 23-48)

    In this chapter, under basic headings, many key frameworks and international standards that are the basis for COBIT 5 are briefly discussed and footnote references are provided to sources of further information – mostly readily accessible on the Internet for free.

    Governance of enterprise IT is concerned with both governance and management and requires a broad range of practices to be included. ISACA has always been very good at recognising such practices and has always used well-known frameworks and international standards as the basis for the development of COBIT. For example, COBIT®4.1 was quoted by ISACA as being based on more...

  8. CHAPTER 3: COBIT – FROM IT AUDIT TO GEIT
    (pp. 49-53)

    This brief chapter looks at the history of COBIT.

    Accurate reporting on the early history of COBIT comes from Erik Guldentops, now Executive Professor at the University of Antwerp Management School (UAMS), who is recognised as the ‘grandfather of COBIT’. Guldentops told us⁵⁷ that it was in Paris in 1991 at a meeting of ISACA’s European Regional Council that he was invited to conduct research to devise a European IT audit initiative since IT audit knowledge at that time came only from the US. At that time, Guldentops was Chief Inspector at SWIFT, the international funds transfer body, where he...

  9. CHAPTER 4: OVERVIEW OF COBIT 5 – GOVERNANCE OF ENTERPRISE IT
    (pp. 54-78)

    This chapter explains the basic concepts that make up COBIT 5.

    Within a year of COBIT 4.1 being published in May 2007, the international Standard ISO/IEC 38500: 2008 Corporate Governance of IT was published. It was at this point that some ISO/IEC 38500 insiders started to express in public that the COBIT 4.1 framework which incorporated powerful IT governance approaches such as business goals driving IT goals driving IT processes was really only IT management rather than IT governance. This concern was addressed in February 2009 by an article by Gary Hardy, one of the founders of COBIT. His article,...

  10. CHAPTER 5: THE SEVEN ENABLERS OF COBIT 5
    (pp. 79-105)

    The seven COBIT 5 enablers were outlined inChapter 4underPrinciple 4: Enabling a holistic approachwhere it was made clear that enablers need to work together if governance is to be achieved. This chapter discusses each of the seven categories of enablers in depth.

    First of all, each enabler is expressed in terms of two concepts:

    Enabler Dimension

    Enabler Performance Management

    The word ‘dimension’ is used considerably by COBIT 5:

    Process Dimension

    Capability Dimension

    Enabler Dimension

    Dimension is best understood as meaning ‘aspects’ or ‘set of elements’ .

    Process Dimension covers the aspects of every COBIT 5 process...

  11. CHAPTER 6: DOMAINS AND PROCESSES
    (pp. 106-112)

    COBIT 5 has 37 processes in five domains. The governance domain: Evaluate, Direct and Monitor (EDM), has five processes, and the four management domains: Align, Plan and Organise (APO); Build, Acquire and Implement (BAI); Deliver, Service and Support (DSS); and Monitor, Evaluate and Assess (MEA), have the remaining 32 processes.Table 6.1shows how many processes there are in each domain and illustrates the main role of the domain.

    This chapter looks at the structure of processes as described in theCOBIT 5: Enabling Processesguide. Remember what was discussed inChapter 5(Enabler 2: Processes) that the structure of...

  12. CHAPTER 7: IMPLEMENTATION OF GEIT WITH COBIT 5
    (pp. 113-125)

    This chapter looks into the approach to implementation of Governance of Enterprise IT (GEIT) based on COBIT 5.

    It is important to recognise there is not a mandatory approach to the implementation of GEIT – but the COBIT 5 books do provide sound guidance on approaches to consider, as well as discussion of difficulties that may arise and methods of avoiding or overcoming these. The key point to recognise is that governance and management of enterprise IT must be specific to your enterprise and that means analysis must be conducted with stakeholders, a business case must be devised, approval gained from...

  13. CHAPTER 8: COBIT 5 PROCESS ASSESSMENT MODEL (PAM)
    (pp. 126-134)

    This chapter discusses the approach to process assessment. As discussed inChapter 7this is needed in Phase 2 of the implementation lifecycle to implement GEIT but is also regularly used to assess the state of COBIT 5 processes with the goal of recognising process improvements needed or to gain confirmation about the current status of COBIT 5 processes.

    Traditionally, COBIT has used a maturity model based on CMMI®as its technique of assessing processes. However, with the introduction of COBIT 5 this has changed and now the standard COBIT approach to assessment is to use the COBIT 5: Process Assessment...

  14. CHAPTER 9: COBIT 5 RESOURCES
    (pp. 135-140)

    This chapter discusses the official COBIT 5 documentation and the official COBIT 5 training courses and certifications.

    ISACA’s COBIT documentation has a reputation for being state of the art and highly accurate. The COBIT 5 framework was developed by an international team of experts and the draft design (April 2010) and subsequent draft documents (July 2011) were both publicly published as exposure drafts for worldwide public reviews and then revised and peer-reviewed before formal documentation was published in April 2012⁸⁶ and is listed inTable 9.1.

    Apart from the overview document that may be considered a Framework document since that...

  15. APPENDIX A: COBIT 5 PROCESSES AND OTHER FRAMEWORKS AND STANDARDS USED
    (pp. 141-143)
  16. APPENDIX B: COBIT 5: PROCESS REFERENCE MODEL
    (pp. 144-144)
  17. APPENDIX C: COBIT 5 GOALS CASCADE
    (pp. 145-161)
  18. INDEX
    (pp. 162-171)
  19. ITG RESOURCES
    (pp. 172-175)