Part 1 of the whole presentation on Business IT Management. This slide touches on the CobiT Framework.
This framework is mainly used as a framework for IT Governance and as a Control Methodology on an organization's IT. But, for those who have never heard of CobiT, it can be a great reference material for understanding what aspects of IT should we know about when it comes to managing IT.
CobiT is a public and highly customizable framework. Business owners do not need to follow everything that has been spelled out in the framework. They can pick and choose the processes that are relevant to them and even customize the bits and parts to suit their needs.
2. Self Introduction
Partner Owner of Mirae Kaze Consulting
Specializes in Business IT Management, Open
Source Solutions & Systems Development
Based in Tanjung Aru Plaza, Kota Kinabalu
3. Short Background
Microsoft .Net Developer for Tricubes Suria Sdn
Bhd since 2005
IT Internal Auditor for Suria Capital Holdings Bhd in
2009
Attained Graduate Diploma in Business Information
Systems from Auckland University of Technology in
2010
7. Business' Priorities
Getting from Point A to Point B
Most economical
Storage Space for carrying Goods
Passenger Space for carrying Staff
8. Mathematical Formula for
Perceived Value of Technology
Formula used by Business
B=(T-30D, Q@80% & $-50%)
Formula used by IT
IT=(T+30D, Q@120% & $=120%)
By Dean Compton, ANZ Bank, New Zealand – IT Department
9. “Virtually everything in business today is an
undifferentiated commodity, except how a
company manages its information. How you
manage your information determines whether
you win or lose. How you use information may
be the one factor that determines its failure or
success – or runaway success”
Bill Gates (2000)
10. Business' Long Term Goals
Increasing the value of shareholder's investment
Increase Profit
Growing the Business
Increase Revenue Streams (Penetrating into New
Markets)
Survival
11. Business' Problems in Managing
IT
What is IT?
Which IT should I use?
What value will I gain from my IT?
What parts of IT should I manage?
How do I manage my IT?
How do I ensure that IT delivers the value it promised?
12. IT Management Frameworks –
CobiT & ITIL
Public Management Framework
Guidelines that explains the “What” and the “How” in
managing IT
Collection of Good Practices
Derived from Industry Standards
Adopted World Wide
16. What is Control?
CobiT defines Control as;
“The policies, procedures, practices and
organizational structures, designed to provide
reasonable assurance that business objectives
will be achieved and that undesired events will
be prevented or detected and corrected.”
17. IT Governance
Provide the information that the Enterprise needs
to meet its objectives, IT resources need to be
managed by a set of naturally grouped processes
Integrates and institutionalizes good practices to
ensure that the enterprise's IT supports the
business objectives
18. IT Governance
IT Governance is the responsibility of executives
and the board of directors and consists of the
leadership, organizational structures and
processes that ensure that the enterprise's IT
sustains and extends the organization's
strategies and objectives.
19. CobiT
Control Objectives for Information & Related
Technologies
Created by ISACA as a framework for IT
Management and IT Governance
First released in 1996
Complies with Sarbanes-Oxly Act (SOX) 2002
20. CobiT
Bridge gaps between business risk, control
needs and technical issues
Starts from business requirements
Is process-oriented, organising IT activities into
a generally accepted process model.
Identifies the major IT resources to be leveraged
21. CobiT
Defines the management control objectives to
be considered
Incorporates major international standards
Became the de facto standard for overall control
of IT
22. CobiT as a framework
As an IT framework for control & governance,
CobiT focuses on 2 key areas;
◦ Providing the information required to support
business objectives and requirements
◦ Treating information as the result of the
combined application of IT-related resources
that need to be managed by IT processes
23. CobiT as a framework
Focused on 4 main characteristics
◦ Business - Focused
◦ Process - Oriented
◦ Controls - Based
◦ Measurement – Driven
24. IT Processes
Ef
fe
ct
Activities
iv e
ne
Domains (4)
Ef ss
fic
Processes (34)
ie
Co nc
nf y
id
en
tia
In lit y
te
The CobiT Cube
gr
ity
Av
ai
la
bi
li t y
Re
lia
bi
lit y
Co
m
Business Requirements
Applications pl
ia
IT Information nc
Re e
so Infrastructure
ur
ce People
s
25. CobiT Cube – IT Processes
Describes the IT life cycle with the help of 4 domains
◦ Plan and Organize
◦ Acquire and Implement
◦ Deliver and Support
◦ Monitor and Evaluate
There are 34 processes across the 4 domain. The processes
specify what the business needs to achieve its objectives.
26. IT Domain – Plan & Organize
(PO)
Objectives
◦ Formulating Strategy & Tactics
◦ Identifying how IT can best contribute to
achieving business objectives
◦ Planning, Communication and managing the
realization of the strategic vision.
27. IT Domain – Plan & Organize
(PO)
The IT Processes
◦ PO1 Define a strategic IT plan
◦ PO2 Define the information architecture
◦ PO3 Determine technological direction
◦ PO4 Define the IT processes, organizations and relationships
◦ PO5 Manage the IT investment
◦ PO6 Communicate management aims and directions
◦ PO7 Manage IT human resources
◦ PO8 Manage Quality
◦ PO9 Assess and manage IT risks
◦ PO10 Manage Projects
28. IT Domain – Acquire &
Implement (AI)
Objectives
◦ Identifying, developing or acquiring,
implementing and integrating IT solutions
◦ Changes in and maintenance of existing
systems
29. IT Domain – Acquire &
Implement (AI)
The IT Processes
◦ AI1 Identify automated solutions
◦ AI2 Acquire and maintain application software
◦ AI3 Acquire and maintain technology
infrastructure
◦ AI4 Enable operation and use
◦ AI5 Procure IT resources
◦ AI6 Manage Changes
◦ AI7 Install and accredit solutions and
changes
30. IT Domain – Delivery & Support
(DS)
Objectives
◦ The actual delivery of required services,
including service delivery.
◦ The management of security, continuity, data
and operational facilities.
◦ Service support for users
31. IT Domain – Delivery & Support
(DS)
The IT Processes
◦ DS1 Define and manage service levels
◦ DS2 Manage third-party services
◦ DS3 Manage performance and capacity
◦ DS4 Ensure continuous service
◦ DS5 Ensure systems security
◦ DS6 Identify and allocate costs
◦ DS7 Educate and train users
◦ DS8 Manage service desk and incidents
◦ DS9 Manage the configuration
◦ DS10 Manage Problems
◦ DS11 Manage Data
◦ DS12 Manage the physical environment
◦ DS13 Manage Operations
32. IT Domain – Monitor & Evaluate
(ME)
Objectives
◦ Performance management
◦ Monitoring of internal control
◦ Regulatory compliance
◦ Governance
33. IT Domain – Monitor & Evaluate
(ME)
The IT Processes
◦ ME1 Monitor and evaluate IT performance
◦ ME2 Monitor and evaluate internal control
◦ ME3 Ensure compliance with external
requirements
◦ ME4 Provide IT governance