Understand advantages of using COBIT Framework and how it can be used for IT Management in addition to a holistic IT Governance Implementation

1. Introduction-BenefitsIntroduction-Benefits
COBIT FrameworkCOBIT Framework
With ExampleWith Example
Sanjiv Arora, CISA, CISM, CGEIT
Principal Consultant
TECHNOLOGICS
& CONTROLS
Protecting the ABCs of your business.

2. AgendaAgenda
 IT Governance
 COBIT framework
 Example - Cost Management Controls in IT Operations using
COBIT
 About Technologics and Controls

3. IT Governance – Need?IT Governance – Need?
What is driving today’s businesses?
Assertive Stakeholders
Aggressive Competition
Emerging Regulations
Recessionary trends direct / indirect
Extremely high IT Dependence
Impacts
Enterprise GovernanceEnterprise Governance

4. IT Governance - AlignmentIT Governance - Alignment
Value Delivery
•Secure
•On Time
•Within Budgets
•Good Quality
•Reduce Expense
•Proven best
practices
Business Benefits
•Customer satisfaction
•Brand Loyalty
•Competitive advantage
•Profitability
Crux - Fill what's empty. Empty what's full. And scratch where
it itches. – Murphy’s law

5. Why COBIT?Why COBIT?
 Better alignment based on business focus
 Demonstrates management viewpoint and expectations
 Clear ownerships and responsibilities based on
processes
 Increasing acceptability with third parties and regulators
 Eases IT Governance communication between
stakeholders and other parties
 Fulfillment of the COSO requirements for IT control
environment

6. Lack of IT Governance makes it....Lack of IT Governance makes it....
 Difficult to make a link to the business requirements
 Complex to measure performance against the
requirements
 Cumbersome to control activities using a generally
accepted process model
 Difficult to identify the resources to be leveraged
 A problem to define management control objectives

7. Use of COBIT – Practical ScenarioUse of COBIT – Practical Scenario
 Uses are
 Implement and Manage IT governance
 Risk Assessment and Management
 Defining KPI and KGI
 Mapping to other standards
 Customize controls
 Provides direction and recommendations for weak
controls
 Aid to implement ERP, BCP, BPR and other IT
projects
 Implement Cost Savings on IT spend (Capex and
Opex)
 Assessment of IT governance maturity
 Demonstrate IT alignment (using Balance Score card)

8. COBIT – It is ImplementableCOBIT – It is Implementable

Based on self assessment

Very comprehensive yet flexible

Does not enforce COMPLETE implementation

Customizable

Easy to understand (Subject Matter Experts are
available)

Implementation maybe fast track, with help of tools

9. COBIT – Importance Vs Other standardsCOBIT – Importance Vs Other standards
 Comprehensive for business requirements
 Business operations completely dependent on IT
 Business applications (ERP), workflows, resource sharing,
communication (chat, email,video conferencing) controls are all
logical controls
 Approval and authorization – financial or non-financial is mostly
handled by logical controls
 Confidentiality is primarily managed within technology
 COBIT encompasses all aspects of IT Governance
 Other standards where COBIT is useful
 ITIL
 SOX compliance
 PCI-DSS
 NIST
 HIPAA
 ISO27001
 Others

10. COBITCOBIT – Other Standards– Other Standards
http://www.isaca.org/AMTemplate.cfm?Section=COBIT_Focus&Template=/ContentManagement/ContentDisplay.cfm&ContentID=31702
Common misunderstanding: We already have xyz standard, so we do
not need COBIT.

11. COBIT FrameworkCOBIT Framework
Source – ITGI presentation materials

12. The following slides explain an example
of COBIT framework implementation.
The slides are prepared using the Meycor COBIT suite software tools.
Actual tool may also be demonstrated as necessary,
time and audience permitting.
Thanks.

13. COBIT FrameworkCOBIT Framework

14. COBIT – Key Objectives and ControlsCOBIT – Key Objectives and Controls

15. COBIT – Map Business objectives using Funnel ApproachCOBIT – Map Business objectives using Funnel Approach
4 Domains
34 Processes
(select applicable processes)
210 Control Objectives
(select from applicable objectives)
Controls
(Select / add / modify controls to
Suit your IT Governance needs)
* Equals =
4 Domains
22 processes
145 controls objectives
N Controls
* An example

16. COBIT – Processes and Controls – Tangible Cost ManagementCOBIT – Processes and Controls – Tangible Cost Management
Source - http://www.isaca.org/AMTemplate.cfm?Section=COBIT_Focus&Template=/ContentManagement/ContentDisplay.cfm&ContentID=47399
Cost Management Controls = Selected 10 processes

17. COBIT – Processes and Controls – Excess Labour ManagementCOBIT – Processes and Controls – Excess Labour Management
Too many cooks….!

18. COBIT – Assessment and gaps – Tangible Cost ManagementCOBIT – Assessment and gaps – Tangible Cost Management

19. COBIT – Tangible Cost Management – Concerns / SavingCOBIT – Tangible Cost Management – Concerns / Saving
Cont’d

20. COBIT – Tangible Cost Management – Concerns / SavingCOBIT – Tangible Cost Management – Concerns / Saving

21. COBIT – Tangible Cost Management – Recommendation – DS2COBIT – Tangible Cost Management – Recommendation – DS2
Customize recommendations
according to business objectives.

22. COBIT – Tangible Cost Management–Tasks/linked RecommendationCOBIT – Tangible Cost Management–Tasks/linked Recommendation

23. COBIT – Tangible Cost Management–Tasks Manage / ComplyCOBIT – Tangible Cost Management–Tasks Manage / Comply
Verify and validate to ensure
compliance and success.

24. COBIT – Tangible Cost Management– Communicate ResultsCOBIT – Tangible Cost Management– Communicate Results
 Proactive IT initiatives and operational improvements
 Enhance credibility of the IT organization
 Benefits
 Tangibles
 Current period vs previous period
 % saving from alternate options
 Forecast reduction in expense / ROI
 Intangibles
 Efficiency of operations
 Reduced incidents
 High uptime
 Link to business objectives
 Faster product launch
 Timely service delivery
 Increase in customers / revenue

25. COBIT – Map Business objectives using Funnel ApproachCOBIT – Map Business objectives using Funnel Approach
4 Domains
34 Processes
(select applicable processes)
210 Control Objectives
(select from applicable objectives)
Controls
(Select / add / modify controls to
Suit your IT Governance needs)
* Equals =
4 Domains
22 processes
145 controls objectives
N Controls
* An example
The funnel model can be used for
implementation of ERP, Other IT Projects,
Project Monitoring and controls,
Compliance checklists

26. Introduction : Technologics & ControlsIntroduction : Technologics & Controls
 Founded in 2001
 Based in New Delhi, India
 Services: IT Audits, Risk Management consulting, Information
security assessment and management, IT Governance services,
compliance and related services.
 Products: Sole reseller in India of DataSec S.R.L providing software
solutions based on COBIT / ISO27001 / COSO and other standards

27. COBIT – BenefitsCOBIT – Benefits
We offer our rich experience to meet your Business Requirements and Objectives in the IT
Audits, IT Governance, Risk, Security Awareness, CISA, CISM Training and IT Strategy
consulting areas.
Our specializations includes reviews of ERP, CBS, Information Architecture, IT Efficiency
and Effectiveness to deliver value amongst other things.
We have worked with Al Rajhi Takaful in KSA, Qatar Steel, WFP, WHO, UNOPS, Govt of
India and many other reputed companies across the world.
We shall be happy to discuss your requirements,
Look forward.
Sanjiv Arora
Contact us on +91 98102 93733 or email sa@tech-controls.com
www.tech-controls.com