Find Resources and Connect with members on topics that interest you.
RE: Any one know the difference between COBIT 5 Process and COBIT 5 for Security Hi, I assume what you mean by COBIT 5 process is the COBIT 5 process reference guide. This document is similar to the COBIT framework of COBIT 4.1. COBIT 5 for security is the view/lens into COBIT 5 from perspective of security. This may be similar to the COBIT Baseline security (based on COBIT 4). Hope this helps. Regards Rafeq Posted by Rafeq
on October 18, 2011 11:26PM
You must sign in to rate content.
(Unrated)
Comments All Comments
Most Recent
Highest Rated
Any one know the difference between COBIT 5 Process and COBIT 5 for Security Any one know the difference between COBIT 5 Process and COBIT 5 for Security Henrynolly
at 10/18/2011 4:01:56 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Toward Better IT Governance with COBIT 5 Join author Alpaslan Menevse as he responds to ISACA member questions beginning 24 October 2011. Add your questions by commenting below.
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
As an advisory and regulatory body, the Basel Committee plays a very important role in structuring the global banking sector. The latest guidance publications from Basel have one common viewpoint: the need for sound governance practices for all banks around the world. Today, from banking to all lines of business, so much is dependent on IT, and it is almost impossible to separate IT governance from enterprise governance. This dependency raises a need for an integrated framework to satisfy the needs of business and fulfill the demands of good governance practices. The upcoming COBIT 5, an exposure draft of which was released earlier this year, with the final document expected in early 2012, strikes with important changes in governance processes, proving that COBIT is not intended for IT audit only, which is a common misconception. One of the most important changes with COBIT 5 is the precise definitions of "governance" and "management" and their respective responsibilities, which help to define clear roles and responsibilities for all stakeholders.Read the rest of the article. Tammie111
at 10/18/2011 4:48:53 PM
You must sign in to rate content.
(Unrated)
How is COBIT 5 different from COBIT 4.1? Dear All, I am pleased to introduce myself as A.Rafeq, member of the COBIT 5 Task Force. I have been a user of COBIT since its first edition released in 1996. As a COBIT user, you are well aware that COBIT has been continuously evolving since its inception. However, I believe there is a major evolution from COBIT 4.1 to 5. I would like to discuss the changes in philosophy, principles, structure and the contents and how to make using COBIT 5 easier and also make a smooth transition. As there are many changes, I am planning to do this in phases. Please do post your concerns, suggestions and priority in which we could discuss this. Regards Rafeq Rafeq
at 10/24/2011 12:09:12 AM
You must sign in to rate content.
(Unrated)
COBIT 5 - APO06 Manage Budget and Costs I'm looking into APO06 Manage Budget and Costs.
Is there anyone who has any experience using COBIT for managing budgets and cost or who is well versed in COBIT and wouldn't mind sharing some high level insight? Phone or email; I appreciate all expertise. Jenna Alia
at 11/15/2011 12:38:36 PM
You must sign in to rate content.
(Unrated)
Exciting New Change - (Re) Set your Email Alerts! for Quick Response. Dear All,
ISACA is pleased to announce the launch of email-enableddiscussions! Once you enable thisfeature, you will be able to participate in Knowledge Center topic discussionsby responding to the discussion alerts that are sent to your emailaddress. This includes: · Setting the alert frequency. Receive instant alerts, daily summaries orweekly summaries. · Respond to discussions byreplying to the immediate discussion email alert. There is no need to log back into the website to participate! · If you currently receivealerts, you MUST re-register in order to continue receiving alerts and toparticipate via email. Choosing immediatealerts allows you to participate in discussions via email. Reply to the emailalert and it will then be posted in the topic. There is no need to signin! Please note that alerts will be sentto email you have on file with ISACA (this can be changed within the My ISACAtab) and ONLY IMMEDIATE alerts are email enabled. If you have any questions please
[email protected] Rafeq Rafeq
at 11/22/2011 12:30:53 AM
You must sign in to rate content.
(Unrated)
COBIT 5 - Cambios de la nueva versión (UPDATE - Spanish) NOTA UPDATE (Abril/2012): Dado que la nueva versión de COBIT 5 oficial publicada por ISACA el 10/Abril, posee algunos cambios en cuanto a cantidad y distribución de procesos respecto a la versión “draft” de Junio 2011, a continuación se actualiza el diagrama de procesos y el mapeo con COBIT 4.1, junto con un resumen a criterio personal de las diferencias principales entre COBIT 5 y la versión de COBIT 4.1, principalmente orientado a la comunidad de habla hispana (desde ya cualquier corrección es bienvenida).
Para comenzar el análisis del Framework de COBIT 5, nada mejor que la “big picture” que nos brinda este mapa mental.
COBIT 5 Mapa Mental por FrancoIT_GRC (click o guardar para ampliar) Una vez apreciada la complejidad de las relaciones entre los distintos elementos que componen el nuevo COBIT 5, voy a pronfundizar en esta entrega exclusivamente en los cambios principales respecto a COBIT 4.1, ampliamente utilizado o inclusive en vías de implementación en organizaciones de diversas características. Para tal fin, vamos a concentrarnos en esta sección del mapa mental:
Mapa COBIT5 por FrancoIT_GRC - Parte 1 vs COBIT 4 La nueva versión de COBIT incluye los siguientes cambios principales respecto a la versión anterior 4.1: Procesos y Dominios: A nivel de la estructura de Procesos y Dominios esto es lo más relevante del comparativo entre ambas versiones: Existe un nuevo Dominio (ahora son 5), que se enfoca en aspectos de Gobierno de TI, denominado “EDM – Evaluar, Dirigir & Monitorear” y que cubre el antiguo proceso ME4 de COBIT 4. La cantidad de procesos se ha incrementado de 34 a 37 (en el draft eran 36, se agregó APO013 “Gestionar Seguridad”). Si bien los objetivos de control que corresponden a cada proceso de COBIT 4, se mantienen mayoritariamente dentro del mismo Dominio, existen excepciones como las siguientes: PO10 – Administrar los proyectos, pasó al Dominio BAI. AI5 – Procurar recursos de IT, pasó al Dominio APO. DS1 – Definir y Administrar los niveles de servicio, pasó al Dominio APO. DS2 – Administrar los servicios de Terceros, pasó al Dominio APO. DS3 – Administrar el desempeño y la capacidad, pasó al Dominio BAI. DS6 – Identificar y asignar costos, pasó al Dominio APO. DS7 – Educar y Entrenar a los usuarios, pasó al Dominio APO. En el dominio APO – Administrar, Planear y Organizar, es donde se observa mayor reorganización interna de los objetivos de control, es decir que un antiguo proceso de COBIT 4, ahora puede estar distribuido como parte de hasta 5 procesos del mismo dominio en COBIT 5. El proceso DS12 – Administrar el Ambiente Físico ahora forma parte del DSS5 – Gestionar los Servicios de Seguridad Existen nuevos procesos cuyo contenido es mayormente producto de COBIT 5, destacándose: EDM1 – Definir el Framework para el Governance APO1 – Definir el Framework para el Management APO4 – Gestionar Innovación APO13 – Gestionar Seguridad (también hay un Proceso DSS05 Gestionar los Servicios de Seguridad) BAI8 – Gestión del Conocimiento A continuación, se expone un cuadro con el mapeo realizado entre los procesos de COBIT 4.1 y su cobertura en COBIT5, destacando que se tomó como fuente el material de ISACA incluido en Anexo de la Guía de Procesos de Referencia, pero dado que estaba desglosado por Objetivo de Control, se lo consolidó a nivel Proceso, destacando como “Primaria” al Proceso de COBIT 5 que mayor cobertura (en %) les brinda a los objetivos de control del antiguo proceso de COBIT 4.1.
Metas de Negocio y Metas de TI: Respecto a la relación habitual entre Metas de Negocio y Metas de TI, COBIT 5 ha mejorado en cuanto a la precisión del grado de relevancia de dicho nexo, dado que ahora se la discrimina en “Primaria” o “Secundaria”, mientras que en COBIT 4 sólo se la marcaba con una tilde genérico.
En COBIT 5 se mantiene la cantidad de Metas de Negocio (17) pero ha cambiado de COBIT 4.1 sus contenidos y la distribución respecto a las Perspectivas del Balanced Scorecard, tal como se detalla a continuación:
Con respecto a las Metas de TI, COBIT 5 ha efectuado dos cambios importantes comparativamente con COBIT 4.1: Disminuyó la cantidad de 28 a 17 Metas. Para cada Meta de TI se indica a cuál Perspectivas del Balanced Scorecard corresponde:
El Pentágono de COBIT 4.1 para el Gobierno de TI: Otro de los cambios significativos es el haber transformado el famoso “Pentágono” del Gobierno de TI de COBIT 4.1 prácticamente en el nuevo dominio denominado “EDM – Evaluar / Dirigir & Monitorear”:
El Cubo de COBIT 4.1 para los Criterios de la Información: El último de los cambios fundamentales que presenta la nueva versión COBIT es el novedoso Modelo de la Información que viene a reemplazar a los 7 Criterios que durante toda la vigencia de COBIT 4.1 dieron forma al célebre “cubo”:
El nuevo Modelo de la Información (IM) será descripto ampliamente en las sucesivas entregas de este análisis sobre el nuevo framework provisto por ISACA: COBIT 5. Modelo de Madurez: COBIT 5 introduce una nueva forma de medir la madurez de los procesos a través del “Process Capability Model”, basado en el estándar internacionalmente reconocido “ISO/IEC 15504 Software Engineering – Process Assessment Standard”, diferente en su diseño y uso al modelo de madurez que incluía COBIT 4.1.
Modelo de Madurez según COBIT 4.1 Sin embargo, el nuevo “Process Capability Model” de COBIT 5, plantea modificaciones, no sólo de nombres de cada nivel, que no se limitan a lo que se aprecia en el gráfico siguiente:
Nuevo Modelo de Madurez "Process Capability Model" de COBIT 5 Este nuevo modelo plantea las siguientes diferencias: Al estar basado en ISO/IEC 15504 es más exigente respecto a lo que debe cumplir cada proceso para ascender de nivel, dado que este estándar plantear que se deben cumplir los 9 atributos definidos para cada proceso, como requisito para acreditar dicho grado de madurez. Una evaluación realizada bajo este nuevo modelo no es comparable y no puede ser mezclada con evaluaciones realizadas bajo el modelo de COBIT 4.1, dado que se distorsionarían los resultados por ser distintas las exigencias. Generalmente, aplicando este modelo de COBIT 5, deberían dar resultados de niveles más bajos de madurez. A continuación, se expone el mapeo oficial de ISACA entre ambos modelos de madurez:
Comparación entre ambos Modelos de Madurez Conclusión del Comparativo: Según indica ISACA en sus papers “COBIT 5, que saldría para los inicios del 2012, es la mayor evolución estratégica de COBIT 4.1, él único framework globalmente aceptado para el IT Governance y brinda a los interesados la guía más completa y actualizada para un mejor gerenciamiento de IT.” Sin embargo, el proceso de migración hacia COBIT 5 puede revestir cierta complejidad para aquellas organizaciones que han implementado oportunamente COBIT 4. En este sentido, es importante destacar que aquellas organizaciones que ya habían alcanzado bajo COBIT 4 un nivel de madurez mínimo de 2 (según el criterio de la ISO 15504), encontrarán el upgrade relativamente fácil, mientras que para el resto puede significar un verdadero desafío que justificará evaluar la conveniencia de directamente comenzar con COBIT 5 “desde cero” como nuevo Framework. Asimismo, cuando una organización ya ha hecho importantes inversiones en implementar COBIT 4.1 y se encuentra a mitad del proyecto, es recomendable que complete dicha iniciativa en lugar de mezclar las 2 versiones. En conclusión, con la salida de COBIT 5 se abre una nueva etapa para el gobierno y el management de TI, que implicará que todos los involucrados, más alla del rol (CEO, CIO, CRO, CISO, CCO, Advisor, Auditor, etc), evolucionemos estratégicamente sincronizados con este nuevo estándar. Fuente y más información: http://francoitgrc.wordpress.com Franco.IT-GRC at 12/27/2011 9:56:27 PM You must sign in to rate content.
(3 ratings)
Combining LeanIT with COBIT Is anyone thinking of combining COBIT with LeanIT? Daniel913
at 1/3/2012 6:08:20 AM
You must sign in to rate content.
(Unrated)
Data Centres Has anyone used COBIT to create the strategy, RACI, processes, etc. for data centers? Daniel913
at 1/3/2012 6:09:29 AM
You must sign in to rate content.
(Unrated)
Excel Version of COBIT COBIT is a great tool, but PDF files, word documents and even being able to browse the framework though a fancy web page (COBIT Online web page) is absolutely worthless (in my opinion). When it comes to practicality of actually using/implementing/comparing/leveraging the framework for any organization you really need an excel version of the framework (tabular format) where you can cross examine, compare, vlookup, your current risk control matrix or business practices against the framework. VOTE FOR PEDRO! And lets get an excel version of this great tool so that we can actually start applying it in the real world. Joseph Najar
at 4/5/2012 1:17:38 PM
You must sign in to rate content.
(9 ratings)
COBIT 5 has officially launched—meet with COBIT experts here! While you’re exploring the new framework, we’re sure questions will arise. So we’ve gathered some of the experts involved with the development of COBIT 5 to lead discussions and answer your questions. Join us—post your queries or comments below and Rafeq, Elisabeth, Derek, and Jimmy will respond ASAP. Kim091
at 4/10/2012 9:04:02 AM
You must sign in to rate content.
(Unrated)
Learning COBIT 5 - How to get started? Dear COBIT 5 users, I hope you have downloaded COBIT 5 documents and you may be overwhelmed by the number of pages you need to read. Based on my experience, here a few simple tips to get started. 1. Take one publication at a time. Ideally, the best order to documents is as follows: i. COBIT 5 Executive Overview - 4 pages. (This provides quick summary of the 5 principles on which COBIT 5 is designed). ii. User of COBIT 4.1 can have a quick walk-through of the presentations of COBIT 4.1 compare with COBIT 5 to quickly understand what is familiar and what has changed. iii. Walk through the other COBIT presentations to get an overview of COBIT 5 concepts. iv. Read COBIT Framework 94 pages. This provides you an overview of the principles and enablers and building blocks of COBIT 5. Read chapters 1 to 8 first and then the annexures. v.Make note of your queries and post on the COBIT 5 of ISACA's knowledge center. Remember COBIT 5 is designed to help you discover the Next Generation of IT Govenance. It has taken many man-years of effort. The concepts may look a little complex but will get simpler with a few readings, interaction and application. So, provide sufficient time to understand, absorb, assimilate and internalise COBIT 5. Will come back again with the next steps later. Enjoy your learning. Regards A.Rafeq COBIT 5 expert Rafeq
at 4/10/2012 9:38:41 AM
You must sign in to rate content.
(1 ratings)
What was the Analyst communities reaction to COBIT 5? After being on several of the Analyst briefing calls with other ISACA and COBIT leaders, my perception was one of acceptance by their community. Subsequent calls I have had with individual analysts reinforced this? Any other perspectives? Robert Robert E Stroud CGEIT
at 4/10/2012 10:52:32 AM
You must sign in to rate content.
(Unrated)
Change in License Policy?! Hello All ! I just read the usage guidelines and encountered a seemingly fundamental change in the usage policy. It states, that to use Cobit 5 in an Enterprise, each Indivdual working on implementing COBIT has to be licensed. Now consider our Environment : We use COBIT 4.0 (which we downloaded for free from ISACA-Website). We have a 2 People process policy group and a bunch of process owners with associated process designers. The policy groups defines general process related policies, design standards and performs assessments of processes. Each process owner is accountable for the design/improvement and execution of one or more of the 34 COBIT4.0-Processes and associated controls. The actual design task is done by the respective process designers. I think we do not have a license problem with COBIT 4.0 - or am I wrong here ? And : Who has to be licensed when we want to use COBIT 5? regards ferdinand Ferdinand Glatzl
at 4/26/2012 6:37:17 AM
You must sign in to rate content.
(Unrated)
Mistakes in COBIT 5 Enabling Processes In COBIT 5 Enabling Processes, there are mistakes. APO09.06, DSS04.09, DSS05.08 & DSS08.02 are refered. But these key management practices are not existing. Urgent cross-check and update should be done. Masatoshi Kajimoto,CISA, CRISC
at 4/29/2012 1:28:33 AM
You must sign in to rate content.
(Unrated)
COBIT 5 Enabling Processes - References to ITIL wrong Did a spot check on the ITIL references at the end of each enabling process. They appear to be wrong. For example, BAI06.01 Manage Changes makes the following reference: "ITIL v3 2011 - 13. Change Management" Change Management is in the Service Transition book, section 4.2.5.2. I've checked all 5 books - there is no Chapter or Section "13" anywhere. An accurate reference would really be helpful for those Audit and IT departments trying to harmonize these two frameworks Dennis422
at 5/9/2012 12:20:22 PM
You must sign in to rate content.
(Unrated)
COBIT and OSS management and governance I read "Using COBIT 4.1 to Guide the Adoption and Implementatioin of Open Source Software," co-authored by Kris Ven, Steven De Haes, Ph.D., Wim Van Grembergen, Ph.D. and Jan Verelst, Ph.D. Full disclosure, I work for an organization that helps companies manage and govern their use of open source software. We do both consulting and provide tools to enable companies to discover what code and components are in use, license issues/conflicts plus additional metadata and we provide approval workflows and a product that helps companies create catalogs of approved components, encouraging standardization and reuse. The question I have is whether companies are using COBIT as a governance and management framework that subsumes an open source governance and management schema? If so, I'd love to talk to you! The paper referenced above primarily addressed using open source applications, and touched the surface in one sentence regarding the use of OSS components as "building blocks for applications developed in-house." Because we're seeing open source components comprising 60 to 80% of applications within enterprises, it's certainly becoming important that companies develop policies to govern its use. How are you doing this? Is it on your radar? Is it an extension of COBIT? Integral part? It would be great to hear from you. Thanks. Philip381
at 5/11/2012 10:54:42 AM
You must sign in to rate content.
(Unrated)
COBIT 5 for Information Security - Where's the download link for members? With COBIT 5 for Informatin Security now released, I'm looking for the member download link. I'm only finding places where it's requiring payment. Where is the member dowload free link? (My apologies if this is not the correct formum for the question. It seemed to be the closest I could find.) Thank You, -Jeff
Jeff Pershing
at 6/26/2012 6:22:05 AM
You must sign in to rate content.
(Unrated)
COBIT 5 Mapping with standars Where I can find the cobit mapping to ISO 20000/27000/22301/31000, PCI DSS 2.0? This will help in minimize the efforts spent on the overlapping controls. Govindaraj_365361
at 7/7/2012 7:59:32 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - Active Software Escrow’s Usefulness for Companies Embracing COBIT 5 Join author Andrew Stekhoven as he responds to ISACA member questions beginning 23 July 2012. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
IT governance is integral to the success of overall enterprise governance because it integrates and institutionalises optimal ways of planning and organising, acquiring and implementing, delivering and supporting, and monitoring and evaluating the IT function and its performance. Read the rest of the article Tammie111
at 7/17/2012 10:34:14 AM
You must sign in to rate content.
(Unrated)
Services in COBIT 5 for Information Security? So I've been going through COBIT 5 for Information Security. In my opinion it is the most comprehensive framework for information security that exists. I am getting hung up on one thing though -- services and processes. Generally speaking services are made up of people, process, and technology. So one might think that all of the services that are listed should be able to at least link to processes. But, I'm having difficulty finding that link in most cases. It is then further confused by DSS05 "Manage Security Services" which appears to be an entirely different set of processes. There is some overlap, but the linkage is not as clear as I would like. Does anyone have advice on a better way to look at this? Thanks. Chris Christopher425
at 7/30/2012 12:55:53 AM
You must sign in to rate content.
(Unrated)
benefits realization i have been looking extensively at COBIT 5 - have i missed something? i can no longer find a reference / processes around benefits relaization FROM A PROJECT Perspective. I can see it from a high level governance perspective (EDM02 - Ensure benefits delivery) but i am speciafically looking at analysing benefits from a project, such as ensuiuring metrics have been created then analyzing the results. thanks michelle MichelleZ
at 7/30/2012 9:13:25 PM
You must sign in to rate content.
(Unrated)
Understanding COBIT metrics and reporting for Service desk and Incident Management Hi I am currently looking for information on how to read and understand COBIT 4.1 reporting for Service desk and Incident Management. Does anyone know of any any good sites or books that are any good that have some examples for me to review. Shaun Shaun191
at 8/16/2012 5:42:58 AM
You must sign in to rate content.
(Unrated)
COBIT to GPG13 Mapping Hi, I notice that there are mappings between COBIT & Nist/ISO/PCI etc, however there is nothing mapping it to any of the GPG13 accounting recommentations. Are there plans to produce this or has anyone created their own mapping? Miron Miron du Plessis
at 9/3/2012 9:26:02 AM
You must sign in to rate content.
(Unrated)
Mapping between IT Control Objective for SOX and Cobit 5 Does anyone know if there is a mapping between the IT Control Objective for SOX 2nd edition and Cobit 5? Thanks Luca Ferdinando080
at 9/3/2012 11:46:37 AM
You must sign in to rate content.
(Unrated)
COBIT 5 Processes on a spreadsheet? When implementing COBIT 5, many project teams find it useful to copy elements such as Goals and Activities from the Enabling: Process PDF to a spreadsheet, enabling the detailed elements of the project to be controlled and managed. But, the PDF version of COBIT 5 Enabling: Process is 'copy protected': users cannot simply 'cut and paste' from the PDF into, e.g. Excel. How about ISACA providing a copy of COBIT 5 Enabling: Process (and subsequent Practitioner Guides) in a version that can be more easily used for implementation projects without having to retype every element? I am sure many project teams would be willing to pay for such a facility. For example, a COBIT 5 project in which I have recently been involved have employed a 'temporary typist' to complete this project aid! Derek J. Oliver
at 9/7/2012 8:37:55 AM
You must sign in to rate content.
(Unrated)
Change Standards and Procedures not referenced in COBIT 5 for InfoSec? I'm creating a list of expected controls for Change Management using COBIT 5 for InfoSec but I can't see the control details for Change Standards and Procedures. These are referenced in the Process Description for BAI06 (page 131) but not in the security-specific Process Practices, Inputs/Outputs and Activities. They are detailed in the Change Management Audit/Assurance Program (AI6.1) which I understand is based on COBIT 4. Have the controls just moved for some reason to another section, and if so which, or have they been excluded from the InfoSec document but remain elsewhere in one of the more comprehensive COBIT docs? Perhaps the standards and procedures are no longer considered important? ;-) Isabel630
at 9/20/2012 4:23:04 AM
You must sign in to rate content.
(Unrated)
COBIT Security Baseline 2nd Edition 44 steps in COBIT 5 for Information Security? COBIT Security Baseline 2nd Edition is widely used as the Security Controls within IT Controls. The other option is the ISO/IEC 27000 series. This publication has 44 Steps Toward Security and I am wondering if this in now part of COBIT 5 for Information Security, which is not a free download to members but part of the COBIT 5 Family. Did the 44 steps get absorbed into a new product? BBerry at 10/10/2012 3:39:25 PM You must sign in to rate content.
(Unrated)
COBIT 5 Publications available on eLibrary of ISACA Hi, ISACA has made available the following publications of COBIT 5 on eLibrary section available free for members. 1. COBIT 5 2. COBIT 5: Enabling Process 3. COBIT 5: Implementation This allows members of ISACA all the contents of these publications in soft copy. This is the next best option to those who were looking for COBIT 5 contents in word format. Some of the key tables/graphics are also available in excel format. I am sure this will motivate members to access and use specific contents from COBIT 5 as required. I look forward to hearing user experiences in using this COBIT 5 resource in this new format. Regards A.Rafeq Past Member, COBIT 5 Task Force Rafeq
at 10/31/2012 1:22:36 PM
You must sign in to rate content.
(Unrated)
COBIT 5 Will your company be adopting COBIT 2012? What hurdles will you face? Paul
at 12/23/2012 7:38:24 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - COBIT 5 Uses Balanced Scorecard to Drive and Demonstrate Performance Improvement Join author Myles Suer as he responds to ISACA member questions beginning 25 January 2013. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
COBIT® 5 should be a big deal for all practitioners of IT management. There are moments in IT management when a practitioner may feel like the Scarecrow in The Wizard of Oz who so desperately wants a brain. COBIT 5 is like adding that much-needed brain. Specifically, it adds the level of governance needed to ensure that benefits are delivered, risk is reduced, resources are optimized and, most important, stakeholder transparency is established. Read the rest of the article Subscribe to COBIT Focus at www.isaca.org/cobitnewsletter and view the current issue at www.isaca.org/cfocuscurrentissue Tammie111
at 1/23/2013 2:12:51 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - INTRALOT Introduces COBIT 5 in Its Product Line Join author Christos Dimitriadis as he responds to ISACA member questions beginning 25 January 2013. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
INTRALOT is a leading international supplier of integrated gaming and transaction processing systems, with presence in more than 50 countries on all continents. The diversity of this multinational environment as well as the criticality of integrity, compliance, quality and operational excellence in the lottery sector dictate the implementation and timely adoption of state-of-theart frameworks in governance of enterprise IT (GEIT). Read the rest of the article Subscribe to COBIT Focus at www.isaca.org/cobitnewsletter and view the current issue at www.isaca.org/cfocuscurrentissue Tammie111
at 1/23/2013 2:19:57 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Comparison of Enterprise IT Governance Process Assessments Performed With COBIT 5 and COBIT 4.1 Join authors Diana Santos and Joao Souza Neto as they respond to ISACA member questions beginning 25 January 2013. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Having evaluated both at a Brazilian public sector organization, this article presents a comparison between the maturity level evaluation for the ME4 Provide IT governance process of the COBIT® 4.1 Monitor and Evaluate domain and the process capability assessment for the governance domain of COBIT® 5. Read the rest of the article Subscribe to COBIT Focus at www.isaca.org/cobitnewsletter and view the current issue at www.isaca.org/cfocuscurrentissue Tammie111
at 1/23/2013 2:31:25 PM
You must sign in to rate content.
(Unrated)
Use of COBIT 5 for ISACA Strategy Implementation - COBIT Case Study Hello!
Over the past few months, ISACA has been using COBIT 5 and COBIT 5 Implementation to guide our implementation of Strategy 2022 (S22). Because this is a unique usage of the framework and implementation guidance—being a non-IT application—we thought there might be value in capturing the steps we used, the challenges we addressed, the adjustments we made and the lessons we learned (and are still learning) along the way, in the hope that others might benefit from the information. Of course, our implementation of S22 is not over—S22 has a ten-year horizon—but this seemed an opportune time to conclude the case study, given the stage to which we have progressed. The case study includes an overview of the approach ISACA used to apply COBIT 5 to S22. It also includes the templates that were used for outlining each initiative. If you would like more Information on S22, it can be found here. How are you implementing COBIT 5? Are you using it for an IT application or a non-IT application? Kim Ahmer Senior Knowledge Manager, ISACA Kim091
at 2/21/2013 5:00:53 PM
You must sign in to rate content.
(Unrated)
COBIT 5 PAM - Questions about Process Attribute rating Hello, Please, anyone experienced in auditing or assessments with COBIT 5 PAM (or any model derived from ISO-15.504) ? I need help to answer the two following questions. CONTEXTUALIZING - Our company plans to make a partial Cobit 5 'in house' assessment, but we need evidences, so it wouldn’t be a Self-assessment (more like a class 3 or 2 assessment). - After studying “COBIT Process AssessmentModel (PAM): Using COBIT 5”, “COBIT Assessor Guide: Using COBIT 5” and the Tool-Kit,some doubts remained, mainly on what are the elements to be considered and which are the detailed steps to calculate the percentage/rating for a ProcessAttribute (PA), in particular PA1.1. QUESTIONS Question-1: For PA1.1, the elements to be considered when calculating the percentage that gives the PA rating should always be the'outcomes' of the process? That is, the formula would be: (PA Rating= # PA-OUTCOMES-ACHIEVED / #PA-EXPECTED-OUTCOMES) Or, instead, it would be more correct to calculate a rating for each outcome, considering the number of Base Practices achieved, and then calculate the PA rating as a whole, based on the outcomes ratings? That is, the intermediary formula used, for each outcome, would be: (Outcome rating = # BP-ACHIEVED / #BP-EXPECTED) In that last case, how to calculate the final PA rating? It would be the average of the ratings calculated for the outcomes? Note: this question arose mainly because the template spreadsheet that accompanies the Tool-Kit shows, for the PA1.1 of all processes,specific rows to record ratings for each outcome (it seems it would be calculated with a formula similar to the second one above). As for PA2.1 to PA5.2, the template cells are merged, meaning it’s expected there would be only one rating, for the PA as a whole (it seems it would be calculated with a formula similar to the first one above). Question-2: Which would be the most appropriate way to calculate the rating (for any PA) when there is more than one instance of the same process? In this case, PA ratings would be calculated for each instance and their average would become the final PA rating? Or there is another recommended way to calculate the PA rating in this situation?
Thanks in advance for your comments.
Heindrickson
at 4/20/2013 6:38:45 PM
You must sign in to rate content.
(Unrated)
Board Role in COBIT 5 At the University we are doing a research on the role of the Board in IT Governance. In Cobit 5, the Board is accountable in all key governance practices of all EDM processes. For instance, in key governance practice EDM01.02 - Direct the governance system, the Board is accountable and the CEO, the Business Executives, the Strategy Executive Committee, and the CIO are responsible. According to the Cobit 5 "Enabling Processes" guide, page 25, the Responsible takes "...the main operational stake in fulffilling the activity listed and creating the intended outcome." The same guide states that "...accountability does not indicate that the role has no operational activities, it is very likely that the role gets involved in the task." Therefore, in this particular key governance practice, EDM01.02 (cited here justo as an example), what is the concrete activity executed by the Board? The Responsible stakeholders (the CEO, the Business Executivesthe Strategy Executive Committee, and the CIO) will define the governance system, definitely! And the Board? Just looking around and getting informed at the end? Souza Neto
at 5/8/2013 9:17:57 AM
You must sign in to rate content.
(1 ratings)
COBIT 5 for Assurance I would just like to solicit some feedback from the community re new COBIT 5 for Assurance. I have to say I was very excited about its timing as we are busy with our audit planning, however I was intimitated at the sheer volume of the material and found very little to practically assist in this process. Whenever I am busy preparing methodologies, new approaches from an audit perspective, I find myself use more and more of the IIA's GTAG guides and the previous COBIT versions and related publications. The new material just appears very academic and perhaps in large auditing departments with IT departments on the bleeding edge or where the function is part of core processes it may be useful, I just wonder about its scalability to oneman IT audit teams within companies that have IT as pure support function with limited budgets. I am however, open for convincing and any suggestions for how to look or use the new publication more effectively would be appreciated. Aletta
at 6/3/2013 5:38:39 PM
You must sign in to rate content.
(Unrated)
Beginner Level Hi all, I have been recently introduced to COBIT and enterprise governance in general, where I have been asked to start establishing something in my organization regarding that. I want to approach that on two levels a personal one and a business one. I want to help my organization establish an IT framework, and at the same time I want to be accredited for it, so I'll be following certification tracks at the same time. There are tons of material around, so I don't want to go picking up bits and pieces, like focusing on one process here, and a policy there. Any suggestions on a road map of how I can approach governance in a way that will benefit both me and my organization, and in a way that wouldn't take too long to start showing results. Spark
at 7/4/2013 2:59:40 AM
You must sign in to rate content.
(Unrated)
COBIT 5 manuals, traduction to french Hello everybody, The ISACA Quebec and Montreal chapter did an agreement with ISACA Intl. to traduce the 4 first introduce COBIT 5 manuals. Today, we complete the first step who's the traduction itself by a professionnal firm. Now, we are proceding a call for all bilingual people for the revision part of the traduction. We invite you to contact us (board members www.isaca-quebec.ca) or myself at:
[email protected]. Everybody is welcome. Bonjour à tous, Les chapitre d'ISACA de Québec et Montréal ont signé une entente pour la traduction des 4 premiers manuels introduits de COBIT 5. La firme de traduction professionnelle a complété en début juillet lea traduction du premier volume. Maintenant, nous faisons un appel à tous pour les gens bilingues afin de procéder à l'étape de révision de la traduction. Nous vous invitons à nous contacter (membres du CA www.isaca-quebec.ca) ou à mon adresse
[email protected]. Nous souhaitons la bienvenue àa tous. Gilles Gravel, CISA, CISM Gilles274
at 7/8/2013 8:24:24 PM
You must sign in to rate content.
(Unrated)
COBIT Focus- Evidence Management for the COBIT 5 Assessment Programme Join author Jorge E. Barrera N. as he responds to ISACA member questions beginning 22 July 2013. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
This article presents a proposal based on the COBIT 5 Assessment Programme [i], [ii], [iii], [iv] for a quick and consistent start to the implementation of COBIT® 5 in any IT environment, whether currently based on COBIT® 4.1 or not. Read the rest of the article here Subscribe to COBIT Focus at www.isaca.org/cobitnewsletter and view the current issue at www.isaca.org/cfocuscurrentissue Tammie111
at 7/18/2013 11:18:44 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - Why, When and How to Migrate to COBIT 5 Join author Sudarsan Jayaraman. as he responds to ISACA member questions beginning 22 July 2013. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
With the release of COBIT® 5, a new evolution in the thinking process of managing and governing IT has taken shape. The question to answer is whether organizations that have invested in the implementation of the earlier versions of COBIT have to migrate to COBIT 5. If yes, the question becomes: why, when and how does an organization migrate to the new framework? Read the rest of the article here
Subscribe to COBIT Focus at www.isaca.org/cobitnewsletter and view the current issue at www.isaca.org/cfocuscurrentissue Tammie111
at 7/18/2013 11:35:20 AM
You must sign in to rate content.
(1 ratings)
COBIT Focus - Risk Assessment Management Using COBIT 5 Join author Vince Londini. as he responds to ISACA member questions beginning 22 July 2013. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
As a regional US grocery chain based in a major metropolitan area, FamilyGrocer (name changed) had experienced rapid growth through new store openings and acquisitions. With a focus on supply-chain efficiencies, FamilyGrocer distributes most products to its stores through a warehouse facility that also houses key offices and IT resources. In light of the risk associated with such a consolidated operation, the IT organization received a mandate from its board of directors to formally manage IT-related risk. The mandate specifically called for an initial high-level assessment of IT organizational risk, drawing largely from internal expertise. The board also requested that the IT organization demonstrate an ongoing program to manage risk... Read the article here
Subscribe to COBIT Focus at www.isaca.org/cobitnewsletter and view the current issue at www.isaca.org/cfocuscurrentissue
Tammie111
at 7/18/2013 11:43:44 AM
You must sign in to rate content.
(Unrated)
Cobit Assessor Guide using cobit 5 Hello, I would like to ask your help with a brief review of the book using COBIT Assessor Guide cobit 5, because I'm working on a thesis project in one of the chapters is about the analysis of maturation processes using cobit 5 for this use COBIT Self-assessment Guide: Using COBIT 5 so whats is the diference between both publications and if the assesor guide will more helpfull than the other ....? thanks... Carlos Efrain
at 9/9/2013 9:12:23 AM
You must sign in to rate content.
(Unrated)
Agility IT Maturity Model in a SMART CITY Recent on the earlier 2013, many city try to improve the quality of the Value IT delivery. using COBIT framework is a must to define the needs, etc to minimze the risk, failure of the IT Investment it self. While trying to improve some value delivery in a Non-Profit Organization such as Government Organization, Board had to re-align the Human Resource (HR), Organisation Culture, Organisation behavior that will drive to the organisation improvement. otherwise the IT-investment will useless. How to re-align the HR, in a Non-Profit Oriented Organisation (Government Organisation)? A.S.K
at 10/8/2013 10:46:51 PM
You must sign in to rate content.
(Unrated)
There Will Be if There is Willingness When many people thought of X factors... It wasn't suppose like that while designing/building an IT improvement related to achieve the enterprise goals or mission. What the system need is Commitment, and how the role of rules running strict. While some others persue on IT improvement but there still some opposite site. "Getting aligned together, need an X factor" A.S.K
at 10/16/2013 4:34:32 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - COBIT and the CPA Firm Join author R. Curtis Thompson as he responds to ISACA member questions beginning 21 October 2013. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
With the introduction of COBIT® 5, the framework is moving toward a more global application to the enterprise. But, can a smaller organization still take advantage of COBIT 5 to help direct its IT function? This is an account of one organization’s beginning steps toward implementing COBIT 5. Read the rest of the article here Subscribe to COBIT Focus at www.isaca.org/cobitnewsletter and view the current issue at www.isaca.org/cfocuscurrentissue Tammie111
at 10/17/2013 4:12:44 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - What does COBIT 5 Mean for Your Business? Join author Sagar Anisingaraju as he responds to ISACA member questions beginning 21 October 2013. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
When it comes to enterprise use of IT assets, executives are looking for answers to three things: 1. Is the organization getting IT right? 2. Is the organization is buying or building the right IT capabilities? 3. Are there any gaps in capabilities exposing the business to unwarranted risk? Read the rest of the article here Subscribe to COBIT Focus at www.isaca.org/cobitnewsletter and view the current issue at www.isaca.org/cfocuscurrentissue Tammie111
at 10/17/2013 4:16:06 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Information and Communications Technology Study of Public Health Institutions in Mexico Join authors Carlos Zamora Sotelo and Carlos H. Garcia Orozco as they respond to ISACA member questions beginning 21 October 2013. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Health services are a crucial activity worldwide and reflect the level of awareness and social development of a country. In Mexico, 44 percent of the people perceive the main problem of health services to be poor quality, with the affecting factors being timely care services, quality of diagnosis and treatment. Another crucial issue is the availability of medical records among public health institutions in which information and communication technologies (ICTs) play a key role. According to the Organisation for Economic Co-operation and Development (OECD), Mexico is among the countries with the lowest expenditure on health. However, it has been increasing steadily over the previous decade. Read the rest of the article here
Subscribe to COBIT Focus at www.isaca.org/cobitnewsletter and view the current issue at www.isaca.org/cfocuscurrentissue Tammie111
at 10/17/2013 4:23:54 PM
You must sign in to rate content.
(Unrated)
COBIT 5 Implementation Has anyone implemented COBIT 5 yet in their workplace? If so, please share your experience with it. Paul
at 10/30/2013 10:09:45 AM
You must sign in to rate content.
(Unrated)
COBIT at Non-Profitable Enterprise (Government Organisation) We allready implement COBIT while upgrading the mechanisme system of Planing and Reporting in our government. it was not easy to made an interoperability system between Planning and Reporting to support our Organisastion Boards making Policy Diriven Direction. COBIT help us to improve the mechanisme system, but there were still a problems at Organisation Culture and Behaviour layer, we still need an ISO to set up or change those problems. The Problem is, it would be hard if the Organisation Boards don't have an IT Minded and the policy improvement to speed up and make it smooth hardly to achieve A.S.K
at 10/31/2013 7:54:20 AM
You must sign in to rate content.
(Unrated)
IT Audit Is COBIT on the radar for 2014? Paul
at 11/9/2013 4:37:45 PM
You must sign in to rate content.
(Unrated)
Enabling Principles, Policies and Frameworks Does COBIT provide any direction on the development of the 'Principles, Policies and Frameworks' enabler? We are in the process of introducing COBIT 5 in our organization. I found that many elements of the enterprise enablers are present, but under a unifying framework; people are doing what the work environment necessitates. COBIT provides extensive resources in the 'Processes' space, but not in any other enabler space. Currently we are tackling Principles and Policies and I am wondering if there is are any resources or any advise that people can share. Also it would be great if someone who has already gone through that exercise can share their experience and the challenges that they have gone throughout the exercise. Thanks, Hisham. Hisham775
at 11/12/2013 1:32:39 AM
You must sign in to rate content.
(Unrated)
COBIT 5 Self Assessment for specific COBIT 5 Publications (i.e., Risk, Assurance, InfoSec) Hi! I am currently exploring how to conduct a COBIT 5 self assessment through the tool kit. Browsing through it, I believe the criteria identified in each process is based on COBIT 5 Enabling Process. Now with the release of COBIT 5 for Assurance, Risk, and Information Security, will there be changes in the criteria? These publications provide more specific activities for the area they cover so will there be a need somehow adjust the criteria? If yes, how? Hope you could help me. Thanks! Nikko Nikko Eustaquio
at 11/25/2013 12:54:09 AM
You must sign in to rate content.
(Unrated)
ISACA Blog - Implementing COBIT into business IT strategy Chris Pentago blogged about the significant evolution of COBIT 4.1 to 5 and how it served as a communication aid for Macquarie Telecom. Does IT get the same attention as other parts of your company? Do you think COBIT 5 helps to bridge the divide? Tammie111
at 12/10/2013 3:59:43 PM
You must sign in to rate content.
(Unrated)
COBIT Focus -Supporting PCI DSS 3.0 Compliance with COBIT 5 Join author Stefan Beissel as he responds to ISACA member questions beginning 24 January 2014. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
The Payment Card Industry Data Security Standard (PCI DSS) aims to improve the security of cardholder data and is required when cardholder data or authentication data are stored, processed or transmitted. The implementation of enabling processes from COBIT® 5 can support compliance to PCI DSS.1 COBIT 5 assists enterprises in governance and management of enterprise IT (GEIT) in general and, at the same time, supports the need to meet security requirements with enabling processes and management activities. The mapping of COBIT 5 enabling processes to PCI DSS 3.0 security requirements facilitates the simultaneous application of COBIT 5 and PCI DSS 3.0 and helps create synergies within the enterprise... Read the rest of the article here
Subscribe to COBIT Focus at www.isaca.org/cobitnewsletter and view the current issue at www.isaca.org/cfocuscurrentissue
Tammie111
at 1/20/2014 2:55:10 PM
You must sign in to rate content.
(3 ratings)
COBIT Focus - Middle East Bank Improves Information Security Join author Abbas K. as he responds to ISACA member questions beginning 24 January 2014. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
As a result of its initiative to improve information security with the help of COBIT, a Middle East bank realized several benefits, including: Improved integration of information security within the organization Informed risk decisions and risk awareness Improved prevention, detection and recovery Reduced (impact of) information security incidents Enhanced support for innovation and competitiveness Improved management of costs related to the information security function Better understanding of information security Read the rest of the article here
Subscribe to COBIT Focus at www.isaca.org/cobitnewsletter and view the current issue at www.isaca.org/cfocuscurrentissue
Tammie111
at 1/20/2014 3:03:54 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus - Information Security Management at HDFC Bank: Contribution of Seven Enablers Join authors Vishal Salvi and Avinash W. Kadam as they respond to ISACA member questions beginning 24 January 2014. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
HDFC Bank was incorporated in August 1994 and has a nationwide network of 3,062 branches and 10,743 automated teller machines (ATMs) in 1,568 Indian towns and cities. HDFC Bank operates in a highly automated environment in terms of IT and communication systems. All of the bank’s branches have online connectivity, which enables the bank to offer speedy funds transfer facilities to its customers. Multi-branch access is also provided to retail customers through the branch network and ATMs. The bank has prioritised its engagement in technology and the Internet as one of its key goals and has made significant progress in web-enabling its core businesses. In each of its businesses, the bank has succeeded in leveraging its market position, expertise and technology to create a competitive advantage and to build market share. Read the rest of the article here
Subscribe to COBIT Focus at www.isaca.org/cobitnewsletter and view the current issue at www.isaca.org/cfocuscurrentissue Tammie111
at 1/20/2014 3:14:53 PM
You must sign in to rate content.
(Unrated)
Auditor's point of view on COBIT 5.0 Please share your thoughts and views about COBIT 5.0 as an IT auditor or someone who is about to audit and organizations whole IT framework. Anar Tsogbadrakh
at 1/23/2014 3:39:00 AM
You must sign in to rate content.
(Unrated)
Using COBIT 5 for Cyber Defense Hello, I would like to hear about the experience/results of someone using/implementing COBIT 5 for Cyber Defense. Thanks, Oscar Moreno Oscar
at 2/15/2014 3:28:52 PM
You must sign in to rate content.
(Unrated)
COBIT 5 for Assurance Vs Risk-Based Hi All, I have a question regarding the COBIT 5 for Assurance Generic Work Program. I noticed that this approach, although very good and organized, but not it's not considered to be risk-based. usually, following IPPF or similar, we usually determine the objectives of the function, determine the risks influencing these objectives and associated controls. Then, the work program is built over these controls. Now the work program is mainly based on the enablers. so how can we get the benefits of both worlds? Hesham240
at 2/20/2014 2:35:52 AM
You must sign in to rate content.
(Unrated)
COBIT to Supplement Casino IT Regulations I would like to ask for help and advice from anyone who has used COBIT to supplement IT regulations in a casino environment. I find the existing regulations rudimentary, and COBIT could add value to what an IT auditor may be doing. But I would like to hear comments such as (a) your experience in doing so (b) how to get buy-in from management and (c) how to quantify benefits to the organization. Thanks and have a great day. Ralph Villanueva
at 2/24/2014 12:30:14 PM
You must sign in to rate content.
(Unrated)
COBIT 5 Adoption rate / Compliance I am pretty sure there is no real statistic on this - but it would be interesting to see what kind of adoption rates COBIT 5 has been experiencing since its inception about almost 20 months ago. Being a consultant - I have seem several instances where external auditors have said - without hesitation - that companies, (currently very entrenched in COBIT 4) should systematically adopt and migrate to COBIT 5. While I welcome the enthusiastic nature of these recommendations, I believe it is a disservice to tell someone, without doing more research - that they should automatically adopt the new framework -- and write them up for it if they do not. The purpose of the framework should be to help companies evolve to a more enterprise view of IT. But if the organizational culture is not ready, wouldn't this be a premature (and self-serving) recommendation?? Anyway, just would be nice to know if ISACA or anyone else has any type of statistic on adoption rates of COBIT 5 as of now. Also - does anyone know of any "compliance" related requirements. Unlike COSO 2013 - which is becoming a requirement -- is COBIT 5 now a requirement by any compliance regulation? Thanks for your input and discussion. Kpyz01
at 3/19/2014 5:11:02 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - DuPont Drives Continuous Improvement With COBIT 5 Process Assessment Model Join authors James Aliquo and Zhiwei Fu as they respond to ISACA member questions beginning 24 April 2014. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Over time, business has increasingly advanced the application of IT to meet ever-changing business needs and regulatory requirements. A systematic and continuous improvement program is needed now more than ever to help businesses assess IT management capabilities; identify strengths, weaknesses and risk factors with respect to business requirements; and implement process changes to enhance services and operations needed to meet stakeholder and business needs. In essence, continuous improvement helps an organization focus on "doing things right" and continually improving its effectiveness and efficiency. Read the rest of the article here Tammie111
at 4/18/2014 10:37:32 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - Is COBIT 5 Process Implementation a Wicked Problem? Join authors Joao Souza Neto, Carlos Henrique de Luca Ribeiro and Diana Santos as they respond to ISACA member questions beginning 24 April 2014. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
"Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." Extremely complex problems such as environmental degradation, obesity, climate change, indigenous inclusion, terrorism, poverty and religious conflicts are often called wicked problems. The concept of a wicked problem was first introduced by Charles Churchman, but Horst Rittel and Melvin Webber, urban planners at the University of California, Berkeley (USA) first raised the approach of social processes for solving complex problems, as opposed to the cognitive styles of professionals based on a Newtonian mechanistic view. , Not all problems are wicked. Wicked problems have to be differentiated from common problems or tame problems. Unlike a wicked problem, a tame problem is one where the traditional thinking, cognitive studies and current methods of project management indicate that the best way to tackle it is to follow a top-down process—an orderly and linear approach—working from the problem down to the solution.[i] This logic is usually sufficient to achieve a feasible solution in a reasonable period of time by collecting and analyzing data and identifying the requirements to specify the problem. Then, the manager will be able to formulate and implement a solution. Thus, the cascade model (waterfall) is indicated for tame problems because they have a linear solution pattern recognized in project management literature with widespread use by the software industry. Read the rest of the article here
Tammie111
at 4/18/2014 10:50:27 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - Strategic Planning Using COBIT 5 Join author Shahid Ali as he responds to ISACA member questions beginning 24 April 2014. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Strategic planning is an important component of strategic business management. It results in long-term planning for and future direction of an enterprise at a strategic level. If a strategic planning exercise is done for the first time, it results in setting the vision, mission and values for the enterprise. Strategic planning cycles can vary from three to five years and are industrydependent. For a set vision and mission, the goals are normally reviewed and revised from one cycle to another. Every strategy cycle results in new or updated goals to achieve the vision of the enterprise. The strategy implementation phase deals with the delivery of the set strategic goals. The following is a step-by-step approach to the strategic planning activity using COBIT® 5 guidelines. Read the rest of the article here
Tammie111
at 4/18/2014 11:00:24 AM
You must sign in to rate content.
(2 ratings)
NIST CyberSecurity Frameworks Cobit 5 mappings APO13.12 question I am working with the NIST document "Framework for Improving Critical Infrastructure Cybersecurity" http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf. Cobit 5 mappings are included in the document and Cobit APO13.12 is included on page 21. The document maps NIST ID.GV-2 to Cobit APO13.12 which doesn't seem to exist in ISACA's Cobit documents. My guess is that it should map to APO01.02, APO07.06 and APO10.03, but am I missing something? Any ideas? Does APO13.12 In a different document somewhere? -----------------------------------------------------------------------APO13.12 is also referenced in the NIST provide excel spreadsheet. Possible ID.GV-2 to Cobit mapping. APO01.02 Establish roles andresponsibilities. Establish, agree on andcommunicate roles and responsibilities of IT personnel, as well as other stakeholderswith responsibilities for enterprise IT, that clearly reflect overall businessneeds and IT objectives and relevant personnel’s authority, responsibilities andaccountability. APO07.06 Manage contract staff. Ensure that consultants andcontract personnel who support the enterprise with IT skills know and complywith the organisation’s policies and meet agreed-on contractual requirements. APO10.03 Manage supplierrelationships and contracts. Formalise and manage the supplierrelationship for each supplier. Manage, maintain and monitor contracts andservice delivery. Ensure that new or changed contracts conform to enterprisestandards and legal and regulatory requirements. Deal with contractual disputes. ISO mappings for ID.GV-2 - A.6.1.1 Information security roles and responsibilities Control All information security responsibilities shall be defined and allocated. A.7.2.1 Management responsibilities Control Management shall require all employees and contractors to apply information security in accordance with the established policies and procedures of the organization. NIST 800-53 v4 mappings for ID.GV-2 -- PM-1 INFORMATION SECURITY PROGRAMPLAN - Control: Theorganization: PS-7 THIRD-PARTY PERSONNELSECURITY - Control: Theorganization:
Brad810
at 5/9/2014 1:52:49 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - 6 Tips for Implementing IT Governance With COBIT 5 Join author Juan Carlos Morales as he responds to ISACA member questions beginning 21 July 2014. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
IT has become a strategic element to create opportunities, innovation and competitive advantage. However, it entails inherent risk related to confidentiality, integrity and availability of information that requires attention. Delivering value to stakeholders requires good governance and management of IT (GEIT). COBIT® 5 provides a comprehensive framework that helps organizations to achieve their goals and create value through effective GEIT. The following are several tips for implementing IT governance or continuous process improvement using the COBIT 5 framework: Read the rest of the article here Subscribe to COBIT Focus at www.isaca.org/cobitnewsletter and view the current issue at www.isaca.org/cfocuscurrentissue
Tammie111
at 7/17/2014 4:45:03 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. Join author Alberto Leon Lozano as he responds to ISACA member questions beginning 21 July 2014. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
As part of an updated strategy, Ecopetrol S.A., a vertically integrated energy company, began a corporate transformation with the goals of growth and strengthening its internal control system. It knew it needed a clear approach for governance and management of IT services as well as best global reference standards and a framework, so it used the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and COBIT frameworks, which helped consolidate strong IT governance practices that were totally aligned with the corporative internal control initiatives. Read the rest of the article here Subscribe to COBIT Focus at www.isaca.org/cobitnewsletter and view the current issue at www.isaca.org/cfocuscurrentissue Tammie111
at 7/17/2014 4:54:04 PM
You must sign in to rate content.
(Unrated)
Process Capability Model and the ISO / IEC 15004 Rating The ISO/IEC 15504-4identifies process assessment as an activity that can be performed either aspart of a process improvement initiative or as part of a capabilitydetermination approach. What major differences exist between the performanceindicators and capability indicators. Are there challenges associated with either method? SUNMONU911
at 7/24/2014 8:49:42 AM
You must sign in to rate content.
(Unrated)
Call for Papers and Discount Code for ISACA Ireland Conference on 3rd Oct 2014 I would like to let members of this topic know that ISACA Ireland are seeking innovative, practical and / or thought provoking session proposals for our conference on 3rd Oct 2014. For knowledge center members not in our chapter who would like to attend this link includes a 25% discount along with full details of the call for papers: https://www.eventbrite.co.uk/e/isaca-ireland-2014-annual-conference-dublintickets-11611613649?discount=KnowledgeCenter. To submit a proposal please email
[email protected] with the following information: - Session title - Session abstract (50 - 250 words) - Duration (25, 40 or 55 minutes) - Speaker contact details (name, email, phone, twitter, linkedin etc) - Speaker biography (100 words max) - Estimate of any costs if international travel / overnight accommodation etc is required
************************************************ The deadline for submissions is Friday 15th August 2014. Successful applicants will be advised prior to the end of August 2014. This invitation to submit proposals regrettably does not guarantee selection. Sales content is strictly prohibited. ************************************************ Feel free to pass on this call for speakers to any other interested party you feel could make a suitable contribution to the conference, have an interest in attending and / or sponsoring it. Neil_Curran at 8/2/2014 11:59:33 AM You must sign in to rate content.
(Unrated)
Preparation of COBIT Implementation exam Hi All, I am preparing for COBIT implementation exam and looking forward guidance. Regards, Kiran Kiran172
at 9/5/2014 12:49:09 AM
You must sign in to rate content.
(Unrated)
The Failed Vasa: COBIT 5 and the Balanced Scorecard (Part 1) Join authors William C. Brown and Chad E. Hess as they respond to ISACA member questions beginning 15 September 2014. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
On 10 August 1628, the Vasa, among the most expensive ships of the era, sailed on her maiden voyage and, within minutes, sank below the waves in the Stockholm harbor (Sweden).1 This article is the first of a three-part series that illustrates Vasa’s stakeholder drivers, benefits, risk, costs, enterprise goals and, ultimately, enabler goals, which all provide context for the seven COBIT® 5 enablers. Read the rest of the article here Tammie111
at 9/11/2014 3:29:14 PM
You must sign in to rate content.
(2 ratings)
COBIT 5 - Certification Took and passed the COBIT 5 - Foundation Exam last July 2014 based from the e-mail forwarded by ISACA local chapter. When can I receive my certificate? Franz Joseph
at 9/11/2014 8:37:50 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Improving the RFP and Contracts Process With COBIT 5 Join author Przemek Tomczak as he responds to ISACA member questions beginning 22 September 2014. Add your questions by responding to this post! You must be logged in and be a member of this group* to participate. * After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Changing IT service providers is never a simple undertaking. It is even more challenging when the organization making the change is responsible for processing meter reads and supporting the billing of more than four million customers on time-of-use rates. Such complexity necessitated a framework to help guide the search and contract process so the organization, in this case, turned to COBIT® 5 ... Read the rest of the article here Tammie111
at 9/18/2014 3:35:09 PM
You must sign in to rate content.
(Unrated)
COBIT 5 Generic Risk Scenarios translated in French Hi everyone, I'm looking for a french version of the COBIT 5 Generic Risk Scenarios, i guess i'll have to do the translation myself but would like to know if anyone has already done this and could share that with me. Thanks/Remerciements, Lamine Lamine134
at 9/29/2014 3:28:47 AM
You must sign in to rate content.
(Unrated)
The Failed Vasa: COBIT 5, Technology-related Goals and the New Process Model (Part 2) Join author William C. Brown as he responds to ISACA member questions beginning 29 September 2014. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
On 10 August 1628, the Vasa, among the most expensive ships of the era, sailed on her maiden voyage and, within minutes, sank below the waves in the Stockholm (Sweden) harbor.1 The second article of a three-part series that illustrates Vasa’s stakeholder drivers, benefits, risk factors, costs, enterprise goals and, ultimately, enabler goals—all of which provide context for the seven COBIT® 5 enablers—reminds readers that COBIT 5 is context-based and is not one size fits all.
Read the rest of the article here Tammie111
at 9/29/2014 3:48:33 PM
You must sign in to rate content.
(2 ratings)
The Failed Vasa: COBIT 5 Governance and the Seven Enablers (Part 3) Join author William C. Brown as he responds to ISACA member questions beginning 13 October 2014. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
On 10 August 1628, the Vasa, among the most expensive ships of the era, sailed on her maiden voyage and within minutes sank below the waves in the Stockholm (Sweden) harbor. This is the third of a three-part series that illustrates Vasa’s stakeholder drivers, benefits, risk, costs, enterprise goals and, ultimately, enabler failures, all of which provide context for the seven COBIT® 5 enablers. While the failed Vasa is not about a failed IT implementation, its story describes failures of concepts that are embedded within COBIT 5. COBIT 5 embraces an enterprise view, rather than a technology division or technology-in-isolation approach; a holistic approach; and a new process model with distinct roles for governance and management. At a high level, many of the concepts embedded in COBIT 5, such as the balanced scorecard (BSC), reach beyond IT. While the author acknowledges the limitations of using COBIT 5 for shipbuilding, the story of the failed Vasa offers a comparative analogy and valuable insight into COBIT 5 and its broadened scope compared to earlier COBIT releases. This article illustrates significant failures of governance for the doomed Vasa and sets the stage for a discussion on the seven COBIT 5 enablers and their roles related to the failed ship. Read the rest of the article here Tammie111
at 10/13/2014 3:42:53 PM
You must sign in to rate content.
(2 ratings)
COBIT 5 Exam Can someone claim CPE for cobit foundation exam? Omonivie
at 10/14/2014 10:52:24 AM
You must sign in to rate content.
(Unrated)
COBIT Focus -COBIT 5’s Flexibility Key to Success Join author Mark Thomas as he responds to ISACA member questions beginning 20 October 2014. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Nine executives (including the author) were in a conference room, when the vice president of IT operations stated that due to recent issues within the organization, they should be looking at a governance-focused framework called COBIT®. The remaining eight executives stared at him blankly. This managed service provider offered outsourced IT services for the small to mid-sized market nationally. The data center was a multitenant environment that provided outsourced email, infrastructure, applications, development, project management and service desk functions. The structure was typical to this type of organization in the private sector, with administration, finance, sales and marketing, operations, and IT functions. Security, risk and compliance efforts were largely delegated to IT and were typically discussed only when issues arose. There were several frameworks and standards in use, although their adoption was fragmented. The organization was suffering from what stakeholders called “framework exhaustion,” and, thus, COBIT adoption was expected to be a hard sell but surprisingly was not. Read the rest of the article here Tammie111
at 10/21/2014 9:58:15 AM
You must sign in to rate content.
(Unrated)
COBIT 5 Online Has anyone begun to use COBIT 5 Online? If so, how are you using it? Would love to hear successes and frustrations. SRusher
at 10/29/2014 10:34:12 AM
You must sign in to rate content.
(Unrated)
COBIT Assessor Course / Exam Other than itgovernance, what other ISACA licensed training provider have any of you attended ? Not looking for endorsements ... but looking at all ATOs referenced by ISACA, searching for a COBIT 5 Assessor Course and Exam venue took quite a bit of research over the past month. I haven't found any other physical venues to date. Have any of you ? rphdicicco
at 10/29/2014 1:02:42 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Stakeholder Needs in City Planning Join author Avinash Kadam as he responds to ISACA member questions beginning 3 November 2014. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
City planners today have the daunting task of managing ever-expanding cities with burgeoning populations that put heavy demands on infrastructure. Stakeholders are impatient as basic civic facilities rarely meet expectations. How can COBIT® 5, a business framework for governance and management of IT, help to meet the stakeholders’ needs? Read the rest of the article here Tammie111
at 10/30/2014 5:09:06 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - COBIT 5 Advantages for Small Enterprises Join author Luke Milner as he responds to ISACA member questions beginning 17 November 2014. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Taking the first step towards implementing COBIT® 5 in an organisation can be daunting, especially for smaller businesses with few resources. To be fair, it is a large body of work and could well be the first formalised framework with which the organisation engages. Many organisations may view it as an unnecessary exercise, under the belief that a small IT department will not see significant benefits, and that the implementation itself will be costly and time consuming. However, this is an unfair assessment of a powerful tool. Read the rest of the article here Tammie111
at 11/13/2014 12:50:06 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Creating Value With COBIT 5 at a Tokio Marine Group Company Join author Yuichi (Rich) Inaba as he responds to ISACA member questions beginning 24 November 2014. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Tokio Marine & Nichido Systems (TMN Systems) recently implemented a governance, risk and compliance (GRC) system based on COBIT® 5, which enables the organization to create significant value for its stakeholders as well as optimize risk and resources for value creation. The COBIT® evolution to the concept of “governance and management of enterprise IT (GEIT)” made TMN Systems move toward COBIT 5 for guidance. Read the rest of the article here Tammie111
at 11/21/2014 2:54:26 PM
You must sign in to rate content.
(Unrated)
COBIT Focus Hi, I am considering to understand and know more about COBIT. Is it value to study? Please advise and comment.... Thanks, Stephen
at 11/28/2014 6:18:36 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - 4 Steps to Integrate IT and Corporate Governance Join authors Rodrigo de Grazia Bacha Estevam and Joao Souza Neto as they respond to ISACA member questions beginning 2 December 2014. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
In October 2012, the Brazilian Court of Audit (TCU) conducted a survey involving 337 public institutions, and found that in most of the organizations, corporate governance did not include IT governance under its jurisdiction, granting a worrisome autonomy to the IT department. To deal with this omission, a governance model has been proposed involving the integration of corporate governance with IT governance. The integrated model aims to ensure not only the optimization of internal controls to achieve compliance, transparency and accountability, but also the proper use of investments in IT aligned with corporate strategic objectives. The integrated model is based on the relationship between King III and COBIT® 5. The explicit relationship between these governance models is based on the principles of the fifth element of King III, IT governance, and in four of the five processes of the Evaluate, Direct and Monitor (EDM) domain of COBIT 5, in which the board of directors is accountable, per the Responsible, Accountable, Consulted and Informed (RACI) matrices. The implementation of the integrated model may be undertaken in four phases, which are ordered from strategy to IT operation, and are in line with the traditional logical sequencing of the implementation of a governance model. Read the rest of the article here Tammie111
at 12/1/2014 3:43:32 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Seven Tips for the Successful Improvement of GEIT Join author Alain Bonneaud as he responds to ISACA member questions beginning 8 December 2014. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Improving governance of enterprise IT (GEIT) is key to the success of the enterprise. Creating value is the objective and is based on adapting the seven enablers described in COBIT® 5. In most cases, any change in the organisation will have to combat a strong resistance to change. Here are seven tips for change enablement based on lessons learned during previous, successful implementations of GEIT using COBIT 5:... Read the rest of the article here Tammie111
at 12/4/2014 10:17:58 AM
You must sign in to rate content.
(4 ratings)
COBIT 5 and ISO/ANSI Does anyone know if COBIT 5 processes map to ISO Standards, preferably in diagram format? Also, is anyone aware if ISACA offers a discount on the purchase of ISO standards to its members? Jwillia
at 12/12/2014 12:58:17 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Bridging the Governance Gap in Japan With COBIT 5 Join authors Katsumi Sakagawa and Hiroyuki Yonekawa as they respond to ISACA member questions beginning 29 December 2014. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Since the evolution of COBIT®5 in 2012 and its resultant widespread use, many companies across the globehave adopted it as the primary business framework for the governance andmanagement of enterprise IT (GEIT). In Japan, there is a fundamentalconcern over the deliberation to agree upon and adopt corporate governance standards.Though world-renowned for the origination of Kaizen [i]and for its fine qualitymanagement technologies, Japan struggles with theaspect of evolution, adopting a conservative approach that borders on theextreme to avoid change. However, there are discussions underway to revise theregulatory environment and to improve the governance style of enterprises,including the methods by which governance is performed. These discussions areprimarily focusing on both an application and a cultural shift. In order todefine how governance should be, it is indispensable to decide what frameworkshould be adopted. And, when improving governance style, the highlight must beon improving the governance process rather than increasing the power of aninternal control organization or individual candidate to perform the governancerole. The use of continuous improvement approaches such as Kaizen inconjunction with Total Quality Management (TQM)[ii]standards, such as ISO 9000, to identify the gap between the goal and the status quo, provides a foundation forthe COBIT 5 holistic framework and associated enabler dimensions. Read the rest of the article starting here Tammie111
at 12/29/2014 2:56:41 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus- COBIT 5 Applied to the Argentine Digital Accounting System Join author Graciela Braga as she responds to ISACA member questions beginning 5 January 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
In Argentina, the Code of Commerce establishes common obligations for businesses: All businesses are obliged to keep accounts and a description of their transactions. Satisfying the current regulatory requirements created a need to identify an IT management and governance framework such as COBIT 5. Businesses must keep a Diario, a book in which all transactions are kept on a daily basis in the order in which they are executed. According to Law 19550 on Commercial Companies, businesses may substitute this book with a digital accounting system if the control authority or Public Commercial Registry authorizes it. For this authorization, companies must present a technical demonstration that the records made through the proposed digital accounting system cannot be altered. Read the rest of the article here Tammie111
at 1/5/2015 1:32:16 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus - Using COBIT 5 to Deliver Information and Data Governance Join authors Myles Suer and Roger Nolan as they respond to ISACA member questions beginning 12 January 2015. Add your questions by responding to this post! You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
COBIT® 5 provides guidance for IT practitioners and business leaders regarding the governance and management of data and information. COBIT 5 starts by providing an overarching set of business recommendations. For example, COBIT 5 suggests that business leaders include in their balanced scorecard the following topics: compliance, financial transparency and information-based strategic decision making. COBIT also establishes an information life cycle function where data are enriched to become information and information is enriched with context to become knowledge that has enterprise value. Read the rest of the article here Tammie111
at 1/7/2015 8:01:21 PM
You must sign in to rate content.
(1 ratings)
Business-IT Collaboration I would be particularly interested to hear how your organizations are driving the types of business-IT collaboration described here within the context of COBIT 5. Do you see COBIT 5 as helping to clarify the relationship between business and IT? Is this helping you to bridge the gap between business and IT ,and speed up the delivery of business value? It would be very interesting to hear your perspectives on this topic. Roger778
at 1/15/2015 5:17:03 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Adopting COBIT 5 in a Government Entity Join authors Sean Atkinson and Roger F. Aucoin as they respond to ISACA member questions beginning 19 January 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Imagine being on the ground floor of a new government agency in the United States, first conceived in 1994 and implemented in 2012, with the initial responsibility of developing an information system that would eventually process well over US $1 billion in payments monthly, produce enterprisewide reporting, be implemented as Software as a Service (SaaS) to more than 85,000 users in 72 external agencies and by more than 100,000 vendors. Further, imagine that your responsibility included ensuring that the fledgling enterprise accomplished this mission while following its documented processes and procedures. Where to begin? How would one know whether existing processes were sufficient? Read the rest of the article here Tammie111
at 1/16/2015 4:03:03 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus- Tips for Implementing and Sustaining Effective GEIT Join author Okanlawon Zachy Olorunojowon as he responds to ISACA member questions beginning 2 February 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
For most organizations, the reality is setting in that alignment of IT and corporate strategies is no longer sufficient. Across various industries, banking, retail, energy, health care and other sectors, organizations are adopting and adapting IT governance frameworks, in particular COBIT® 5. Their goals include pursuing the integration of the governance and management of enterprise IT (GEIT) with the overarching enterprise governance to drive value. The Bank of England indicated that such endeavors will enable IT function to more clearly demonstrate value to business across the bank. Here are some tips to implement effective GEIT initiatives in a sustainable manner: Read the rest of the article here. Tammie111
at 1/29/2015 5:00:42 PM
You must sign in to rate content.
(Unrated)
COBIT 5 vs ITIL - Process and Release Management Governance Open request for feedback. I would like to establish a COBIT 5 foothold where no framework for IT Governance or ITSM has been adopted formally or informally. Context and the actual question follow. Context: Management consideration of adopting specific ITIL framework elements to govern specific risk areas such as application process governance and release management, as it pertains to connecting a new enterprise business app and new help desk app. The goal is to establish process control standards for workforce reporting of incidents, problems, change management and release management of the new enterprise app, using the new help desk app. I've seen COBIT 5 to ITIL mapping, and I understand that COBIT 5 in general is designed to provide more governance guidance than ITSM and service lifecycle governance-focused frameworks like ITIL (which is excellent for those areas). However, my personal preference would be to recommend limited adoption of COBIT 5 instead of ITIL, because COBIT is better suited for later expansion into other governance and information/cyber security management realms. That said, it would be great if any framework principles are adopted. Question: What are some good examples and approaches beyond the dry framework comparisons that I could use to make a more compelling recommendation to management? James Kidwell, J.D., CISA
at 2/4/2015 12:04:50 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus - COBIT 5 Supports Cloud Computing Migration in the Brazilian Public Sector Join authors Wellington Evangelista and Joao Souza Neto as they responds to ISACA member questions beginning 9 February 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Cloud computing has been seen by industry experts as able to revolutionize information technology, because it significantly changes the way IT is consumed and provided. Cloud computing transforms the landscape in which organizations manage the IT environment to one where all IT is consumed as a service. In this new scenario, IT services are provided and consumed in a similar way to what happens with other common resources/utilities, such as water, electricity and telephone services. Thus, cloud computing enables end users to make use of computing resources without knowledge of their location or how the resources are delivered and to charge only for the resources actually consumed. Thus, this new IT paradigm can provide reduced costs, increased flexibility and business agility. Read the rest of the article here Tammie111
at 2/9/2015 11:34:06 AM
You must sign in to rate content.
(2 ratings)
Cobit 5 for Risk
I was goingthrough the COBIT 5 for risk guide. In the guide COBIT are referring to the 4-eye principle. Does anyoneknow what the 4-eye principle is and what it means. Emile623
at 2/17/2015 12:22:51 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - COBIT and the CPA Firm, Part 2 Join author R. Curtis Thompson as he responds to ISACA member questions beginning 23 February 2015 Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Last year, part 1 of this article outlined how CPA firm Yount, Hyde & Barbour was using COBIT® to help build processes to allow its IT department to better serve the enterprise’s needs. While progress has been slow, the firm has seen improvements due to its implementation efforts. A mid-sized regional accounting firm with 18 shareholders and 140 employees, the enterprise has 6 locations—1 recently relocated and a 7th location planned for inclusion in first quarter 2015. The staff is to be very mobile with at least 20 people working remotely or at a client’s location at any given time. Given these conditions, there is a complexity to the IT function that is greater than the size of the organization would suggest. The firm looked to use COBIT to organize the IT function using a framework to create efficiency and meet the needs and expectations of stakeholders. Using the 7 phases outlined in ISACA’s COBIT® 5 Implementation, the firm began by identifying the drivers. The 3 major drivers identified were: A general disconnect existed between IT and the needs of the professionals. IT spending, while within budget, did not align with firm needs. IT expectations and demands among the firm’s shareholders varied. Read the rest of the article here Tammie111
at 2/20/2015 10:51:31 AM
You must sign in to rate content.
(Unrated)
COBIT Process Assessment Hi everyone, I have just completed a COBIT5 Process Assessment using the PAM and toolkit. I must say that it was much more complex than anticipated. I had previously performed a COBIT4 Maturity Assessment and it was much simpler and easier to explain to the recipient. I would like to have available through COBIT5, a benchmarking of COBIT5 processes, as was available in COBIT4. Does anyone know of any benchmarking of COBIT5 processes? The capability assessment toolkit was not clear and very difficult to determine what I should have been looking for to assess the capability level of each of the 37 processes. Have others found the same? Diana384
at 2/21/2015 6:45:47 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5 Join author Opeyemi Onifade as he responds to ISACA member questions beginning 2 March 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
The Central Bank of Nigeria issued a compliance document titled “Nigeria Financial Services IT Standards Blueprint” in May 2013.1 The blueprint, which includes time lines, is the main driver for the implementation of IT-related standards such as COBIT® 5, ISO/IEC 27001:2013, ISO/IEC 20000:2011 and ISO/IEC 22301:2012 in banks and IT service provider organizations in Nigeria today. The blueprint was developed by Accenture for the regulatory body prior to the publication of COBIT 5. The revised edition, which is in the works, will reference COBIT 5 specifically. The implementation of these good practices is expected to result in improved operational effectiveness, uptime and availability, service quality, enterprise control and management, risk management and assurance, regulatory reporting, and business continuity. Read the rest of the article here Tammie111
at 2/27/2015 12:21:13 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Nine Steps to Assess GEIT Processes Join author Leela Ravi Shankar Dhulipalla, as he responds to ISACA member questions beginning 9 March 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
The purpose of the COBIT® Assessment Programme is to support the evaluation of IT process capability in an understandable, logical, repeatable, reliable and robust way (based on international standard ISO/IEC 15504). The assessment results provide a determination of process capability and can be used for process improvement, delivering value to the business, measuring the achievement of current or projected business goals, benchmarking, consistent reporting, and organizational compliance. Read the rest of the article here Tammie111
at 3/6/2015 2:47:03 PM
You must sign in to rate content.
(1 ratings)
Using COBIT 5 for Windows Active Directory Audit Has anyone used COBIT 5 yet for auditing Windows Active Directory? If so, did you use audit software or come up with a mapped process from COBIT 4.1 to COBIT 5? I'm looking for mapping of internal controls from COBIT 4.1 to COBIT 5, specific to Windows Active Directory audit and have found none. Example: COBIT 4.1 Control PO3.2 "Technical Infrastructure Plan," maps to COBIT 5 APO02.03-05; APO04.03-05. For Active Directory, it appears that no one has gotten that far yet unless they manually map all 35 pages of COBIT 4.1. Is this correct, or could you send me the resources you used? Many thanks! tfobrien
at 3/9/2015 9:48:21 AM
You must sign in to rate content.
(Unrated)
COBIT Focus- Establishing a Governance and Management Structure for E-commerce Using COBIT 5 Join author Chidi Henry Emeribe, as he responds to ISACA member questions beginning 16 March 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
A company based in Lagos, Nigeria, is in the business of sales and distribution of its brand of shoes through physical outlets in the Lagos area. In a bid to expand its operations to areas outside of its physical outlets and to also have a better competitive showing in the Nigerian marketplace, the enterprise’s decision makers decided to use the Internet as the platform of choice to achieve this need. Read the rest of the article here Tammie111
at 3/12/2015 12:11:22 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus - Governance of Enterprise IT Missing In Action Join author Troy DuMoulin, as he responds to ISACA member questions beginning 23 March 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
For a team to win games and claim championships, it needs to be more than a group of individual star players with unique sets of specialty skills. Winning teams operate under a common vision, mission and share a playbook established by strong leaders who understand how the various members of the team are best organized to achieve team goals. Following this analogy, business and IT leaders across an enterprise should share a common vision, portfolio priorities and agree on how they collectively best leverage technology resources and data to achieve business objectives. To achieve this goal, it is safe to assume that the organization would need to have an effective governance structure and framework to bring the diverse internal and external players into an alignment and shared purpose. To carry the sports analogy a bit further, what is needed is an informed and skilled senior coaching staff who understand that their primary responsibility is to take a team of very diverse players and optimize their performance as a collective whole versus focusing on one or two star players.... Read the rest of the article starting here Tammie111
at 3/20/2015 1:11:31 PM
You must sign in to rate content.
(Unrated)
COBIT Focus -Navigating I/O Flows/Networks to Enhance the Governance Management Cycle Join author Makoto Miyazaki, as he responds to ISACA member questions beginning 30 March 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
What constitutes true adoption of COBIT® 5? Is it a minimum condition that at least one principle of COBIT 5 is adopted for true adoption of COBIT 5? To answer this question, one must look at COBIT 5’s principles, in other words, its raison d'être. The five principles of COBIT 5 are Meeting Stakeholder Needs, Covering the Enterprise End-to-End, Applying a Single Integrated Framework, Enabling a Holistic Approach, and Separating Governance From Management. This article focuses on the Covering the Enterprise End-to-end and the Separating Governance From Management principles, or more specifically, how to enhance alignment of business and IT embodying the concept described by figures 1, 2 and 3 to address the questions stated previously: Is it a true adoption of COBIT 5 to simply change the processes of COBIT® 4 into those of COBIT 5 as the basis of controls? Read the rest of the article here Tammie111
at 3/27/2015 10:25:08 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - COBIT Helps Organizations Meet Performance and Compliance Requirements Join author Sreechith Radhakrishnan, as he responds to ISACA member questions beginning 6 April 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Many organizations need help meeting performance and compliance requirements. A consulting company in the United Arab Emirates worked with three different organizations to help each organization meet its governance, risk and compliance (GRC) requirements. The organizations included a government organization (5,000-plus employees with 170-plus IT staff members), a large financial institution (8,000-plus employees, operating in 3 countries with 250-plus IT staff members) and a large conglomerate (25,000-plus employees, operating in 10 countries with 200-plus IT staff members). Read the rest of the article here Tammie111
at 4/2/2015 2:22:06 PM
You must sign in to rate content.
(2 ratings)
COBIT Focus -The Core COBIT Publications: A Quick Glance Join author Mark Thomas, as he responds to ISACA member questions beginning 13 April 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
When ISACA® announced it was replacing COBIT® 4.1 with a new version of the framework, some experts were skeptical. COBIT 4.1 was easy. The content was very familiar. If additional information not covered in COBIT® was needed, another document like Val IT or Risk IT could provide more details. But it turns out, there was a much more organized approach to the framework, and COBIT® 5 did just that. Not only did it incorporate several other ISACA documents (e.g., Val IT or Risk IT) into this one overarching framework, it also incorporated some additional major frameworks and standards from the industry. Read the rest of the article here Tammie111
at 4/9/2015 1:25:47 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - COBIT 5 Principles and Enablers Applied to Strategic Planning Join author David Mondragon Tapia, as he responds to ISACA member questions beginning 20 April 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Can COBIT® 5 principles and enablers be applied to support strategic planning exercises? Two years ago in Mexico City, work was underway at an organization that offers managed print services and document solutions. This organization decided to start an effort to reinforce its governance and management model, starting with strategic planning. For this organization, planning and strategic alignment, among their many different aspects, were something relatively new and out of practice, but necessary in order to continue organizational growth (which was greater than 10-12 percent annually during the preceding 5 years). Read the rest of the article here Tammie111
at 4/16/2015 1:36:34 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus - Applying COBIT in a Government Organization Join author João Luiz Marciano, as he responds to ISACA member questions beginning 27 April 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Brazilian private, government and public organizations have been familiar with the COBIT® framework since its inception in the 1990s. However, the acceptance and use of the model reached a wider audience with COBIT® 4.1, which was released in 2007. And, with the launch of COBIT® 5 in 2012, a new opportunity was posed to managers and auditors with a profound and complete model for IT management and governance. Read the rest of the article here Tammie111
at 4/24/2015 2:16:36 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Leveraging COBIT to Implement Information Security Join author John Frisken, as he responds to ISACA member questions beginning 4 May 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
In delivering IT security consulting services to large enterprises in Australia, particularly in the health care, utility and large government sectors, Information Systems Group has used the International Organization for Standardization (ISO) standards extensively, for example ISO 27001 for security and ISO 20000 for IT service management. In advising clients on the best way to apply the standards, the question that has consistently arisen is, “How far does the application of these standards need to be taken?” Read the rest of the article here Tammie111
at 4/30/2015 11:57:24 AM
You must sign in to rate content.
(Unrated)
Process Security using COBIT
Research by several bodies including SANS had found that security implementations that are NOT integrated with the Configutation Management process is the most common factor that critical infrastructure organisations who experienced major security breaches had in common. The method outlined in this article addresses how to design and implement a security framework that achieved this integration with the Configuration Mansgement System using COBIT, ISO27001, and ITIL. What do others think? As the author I of this article I would be happy to answer or expand. John072
at 5/4/2015 6:59:18 PM
You must sign in to rate content.
(Unrated)
COBIT 5- Quick Start Pub? Hello, 4.1 has a "Quick Start" in Knowledge-Center, is there an equivalent updated version for COBIT 5 in publications directory, besides the COBIT 5 Implementation PUB? I think I see how to 'map' over, just curious if some other artifact exists. thanks a bunch! kind regards, w WillisR
at 5/5/2015 8:44:13 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - 5 Common Mistakes in Adopting COBIT 5 Join author Sreechith Radhakrishnan , as he responds to ISACA member questions beginning 11 May 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
There are a number of key benefits to be gained from effective governance of enterprise IT (GEIT). Among those benefits are IT-business alignment, the realization of the benefits of IT investments, reduced costs, reduced IT-related business risk, and the ability to meet regulatory and compliance requirements. Many organizations across different industries, including retail, banking, oil and gas, telecommunications and government sectors, are implementing or improving GEIT using the COBIT® 5 framework. Implementing an effective GEIT framework requires management commitment, a focused approach and resources. The 5 most common mistakes people make during a GEIT implementation are: Read the rest of the article here Tammie111
at 5/7/2015 2:06:43 PM
You must sign in to rate content.
(2 ratings)
COBIT Focus - Bahrain Government Embraces COBIT 5 Governance and IT Management Join authors Harikrishnan Sugumaran, Khalid Al-Mutawah, and Zakareya Ahmed Al-Khaja as they respond to ISACA member questions beginning 18 May 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
The Kingdom of Bahrain’s eGovernment Authority is focused on ensuring the effective delivery of government services to citizens, residents, businesses and visitors (collectively, the customers). The aim is to improve the lives of a nation’s citizens by doing much more than simply implementing technology. This involves a broad range of responsibilities and activities owned and performed by multifunctional and multidisciplinary teams across the country, along with the strong leadership needed to implement them. In addition, it involves addressing many challenges—both internal and external. These include dealing with legislative, regulatory and budgetary barriers; evolving common technical frameworks and infrastructure; ensuring a common vision; providing leadership at many levels; strengthening coordination; improving collaboration; clarifying public-private partnerships; and monitoring and evaluating progress and results on an ongoing basis. Read the rest of the article here Tammie111
at 5/13/2015 4:33:56 PM
You must sign in to rate content.
(Unrated)
COBIT 5 and Cyber Security The importance of implementing Cybersecurity is being increasingly recognised by all the stakeholders and especially regulators. In implementing cybersecurity, it is important to adapt a governance approach using COBIT 5 rather than a tool or box oriented approach. I invite your views on how COBIT 5 could be used for implementing cybersecurity. A.Rafeq Past Member, COBIT 5 Task Force Rafeq
at 5/18/2015 11:42:29 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - COBIT 5 and ITIL Adaptation at a Saudi Municipality Join author Govind Kulkarni, as he responds to ISACA member questions beginning 25 May 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
The Municipality of Eastern Region (MER) based in Dammam, Saudi Arabia, is a government-owned institution that has been in existence for 50 years. Its main purpose is to serve citizens within the scope of its region. Some of the most prominent services rendered to citizens are health care, sanitation, water, electricity, roads and schools, among others. These services are provided to 7 million residents. All of the information related to these 7 million citizens is managed by the municipality’s IT department. Some of the IT services in the municipality are consumed within the municipality (e.g., enterprise resource planning [ERP]) and some are open to the public (e.g., health care, schools, police services). Providing good service to citizens is the main aim of the municipality, and information plays a crucial role. The information may be related to a citizen’s name, age, gender, education, health, housing, sanitation, complaint, personal likes and dislikes, etc. A massive amount of information is created by the municipality, and managing this information correctly, consistently and efficiently is a challenge. Moreover, language poses one more dimension as some citizens want information in Arabic only and some want the same information presented in English as well. Read the rest of the article here Tammie111
at 5/22/2015 1:26:43 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus - Critical Success Factors for Continually Monitoring, Evaluating and Assessing Management of Enterprise IT Join authors Zhiwei Fu and Eric H. Mittnight, as they responds to ISACA member questions beginning 8 June 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
To achieve their objectives and sustain their competitive edge, it has become increasingly necessary for contemporary businesses to bring more effective and efficient enterprise IT management capabilities to bear across their enterprises. It has also become increasingly evident that a systematic and continuous IT management process monitoring, evaluation and assessment (MEA) program is critical to continually improving IT management capabilities. Such a program is necessary to ensure that organizations maintain a focus on doing things right in an effective and efficient manner. Read the rest of the article here. Tammie111
at 6/5/2015 3:00:43 PM
You must sign in to rate content.
(1 ratings)
ISACA Ireland Needs YOU! Hope you don't mind me posting in this groupabout this year's ISACA Ireland conference, which is focusing on placingbusiness first. Wewould like this conference to be as successful as last year's, which was trulyinternational with 24 speakers from 12 countries who shared their warstories. Thisyear's conference will be at Croke Park Conference Centre, Dublin, Ireland on 23rd October. Iam hoping that members in this group can help us source knowledgeable andpassionate speakers on any of the following topics: -Information Systems Audit & Assurance - Cybersecurity - Risk Management - Privacy - Compliance / Governance - DevOps / AppSec Ifyou know anyone who fits this bill, please ask them to submit a speakerproposal via https://goo.gl/i7nfwv. Closing date for submissions is 30thJune 2015. Kindregards, Neil PresidentISACA Ireland Chapter Neil_Curran at 6/17/2015 3:53:58 AM You must sign in to rate content.
(Unrated)
COBIT Focus - Using Versus Implementing COBIT 5 Join author Barry D. Lewis, as he responds to ISACA member questions beginning 22 June 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Enterprises are being encouraged to implement COBIT® to improve their governance of enterprise IT (GEIT) and this is good advice. However, many enterprises are understandably reluctant to undergo such a massive project, or have difficulty obtaining senior management buy-in due to budget, staffing or indecision over benefits. A couple of countries are pursuing COBIT® 5 through legislation or government initiatives, such as Turkey (in financial institutions) and, more recently, Bahrain. These are undoubtedly useful methods, but what can all the remaining governments and businesses do to improve their GEIT when faced with the above difficulties? There are numerous benefits to COBIT 5, including: Reduced costs IT-business alignment The benefits realization of IT investments The ability to meet regulatory and compliance requirements Reduced IT-related business risk COBIT 5, therefore, offers enterprises obvious benefits for bringing its processes, practices and activities into day-to-day governance. In North America, the number of enterprises implementing COBIT is quite low, yet arguably, the need for such governance has never been higher. In my COBIT 5 Foundation classes, I typically exhort the attendees to focus on using COBIT, not implementing it. Why is this an important distinction? Read the rest of the article here Tammie111
at 6/19/2015 11:04:25 AM
You must sign in to rate content.
(2 ratings)
Auditoria, COBIT 5 y sistemas contables Comparto con la comunidad hispanoparlante mi exposicion en el Encuentro organizado por el Instituto de Auditores Internos de la Argentina sobre auditoría, gobierno y gestion de TI y sistemas contables http://tinyurl.com/qhjglgb Graciela Braga
at 6/22/2015 8:18:42 PM
You must sign in to rate content.
(Unrated)
COBIT 5 Process Assessment Toolkit outdated? Using 4.1 Processes? Hi All, I recently downloaded the COBIT Assessor Guide Toolkit from; http://www.isaca.org/COBIT/Documents/PAM-Using-COBIT-5-ToolKit_tkt_eng_0114.zip Looking at the self assessment templates I can only find references to the 4.1 processes. Example. The EDM01 tab references the following processes; EDM01-O1 Strategic decision-making model for IT is effective and aligned with the enterprise's internal and external environment and stakeholder requirements. EDM01-O2 The governance system for IT is embedded in the enterprise. EDM01-O2 Assurance is obtained that the governance system for IT is operating effectively. Am I missing something? Cheers, Andrew Andrew115
at 6/29/2015 6:17:08 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Are You a COBIT 5 Expert, Champion or Consultant? Be Aware! Join author Paras Kesharichand Shah, as he responds to ISACA member questions beginning 13 July 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
The COBIT® 5 Implementation guide1 is one of the most valuable jewels in the COBIT® 5 crown. Any practitioner who has used any of the COBIT 5 practices and guidance might have come across the implementation guidance at some point in time. Often, practitioners and consultants who are new to the COBIT 5 family of products consider implementation of the COBIT 5 process reference model as the implementation of COBIT 5. This is called the “COBIT 5 Implementation Myth.” Read the rest of the article here Tammie111
at 7/9/2015 5:19:11 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Leveraging COBIT to Implement Information Security (Part 2) Join author John Frisken, as he responds to ISACA member questions beginning 27 July 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
This article is a continuation of the article published 4 May 2015 called “Leveraging COBIT to Implement Information Security (Part 1).” Studies by many organisations have highlighted that companies that are remaining secure are focusing on implementing security controls as an integral part of their IT service management (ITSM) systems, not as stand-alone management systems. Companies that practice configuration management and maintain careful inventories of their hardware and software are staying secure. Those that do not have significantly higher risk, as borne out by security incident studies. Many of the items managed within infrastructure management are significant for information security for 2 main reasons: Loss of configuration information related to any piece of infrastructure represents a significant threat to the ongoing availability of information stored on or managed by that device. Incorrect configuration of devices such as routers, firewalls and servers represents critical threats that can expose the enterprise to significant loss or corruption of data. Read the rest of the article here Tammie111
at 7/23/2015 4:21:19 PM
You must sign in to rate content.
(Unrated)
Integrated ISMS Design - What are your thoughts The basis for the Part II article on Implementing Information Security using COBIT was commissioned by a large government agency who wanted to combine the benefits of COBIT and ISO27001. We found after researching the area that an ISMS integrated with the organisations ITSM processes was far superior, a fact supported by security research. Yet many security organisations are still attempting to manage using stand alone systems without any workflow support. I would be happy to hear your thoughts and experiences. John072
at 7/28/2015 11:50:17 PM
You must sign in to rate content.
(1 ratings)
Tools to Map COBIT5 Hello everyone. I'm looking for help and/or guidance. I'll admit, I have not used CoBIT5 very much, but I would like to change that. As an auditor in the past, I would have used tools to get all of the CoBIT4.1 items, and map them to risks and controls to identify potential control and risk gaps within projects that I worked on. With the large amount of CoBIT5.0 data out there, I have had a hard time finding the type of tools I used in the past. Do we have any basic tools/spreadsheets which I can easily see the domains and control areas across CoBIT5 to assist with this type of high level mapping? Thanks for your assistance! SArndt
at 8/6/2015 9:30:44 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - How COBIT 5 Helped Al Rajhi Bank to Meet Compliance and Regulatory Requirements Join authors Ibrahim Al-Rashid, Vaseem Nasiruddeen, and Sreechith Radhakrishnan , as they responds to ISACA member questions beginning 10 August 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Founded in 1957, Al Rajhi Bank is one of the largest Islamic banks in the world with total assets of SR 288 billion (US $76.8 billion), a paid up capital of US $4.3 billion and an employee base of more than 8,400 associates. With more than 50 years of experience in banking and trading activities, the various individual establishments under the Al Rajhi name were merged into the umbrella Al Rajhi Trading and Exchange Corporation in 1978. In 1988, the bank was established as a Saudi shareholding company. With an established base in Riyadh, Saudi Arabia, Al Rajhi Bank has a vast network of more than 500 branches, over 100 dedicated ladies’ branches, more than 4,030 automated teller machines (ATMs), 36,000 point-of-sale (POS) terminals installed with merchants and the largest customer base of any bank in the kingdom, in addition to 130 remittance centers across the kingdom. The IT governance function of the bank was newly established in 2014, and the bank needed to comply with regulatory compliance requirements established by the Central Bank of Saudi Arabia. Additionally, audit findings indicated the need for an improved IT risk management framework and internal controls. The bank was using multiple frameworks and standards including ITIL, Project Management Office (PMO) and ISO/IEC 27001 to govern and manage IT. Read the rest of the article here Tammie111
at 8/7/2015 12:36:34 PM
You must sign in to rate content.
(Unrated)
Staff establishment How many IT staff should a company employ to service 1000 employees? Is there a publication regarding the amount of IT staff per number of employees? What is the best practice regarding this? Has anyone noticed any information regarding this within COBIT? Sonja078
at 8/18/2015 4:34:46 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - Benchmarking of COBIT 5 PAM Assessments Performed in Brazilian Public Sector Banking Organizations Join authors Joao Souza Neto, Geraldo Loureiro, and Diana Santos, as they respond to ISACA member questions beginning 24 August 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
This article presents the process capability assessments of the governance domain of COBIT® 5 for 3 Brazilian public sector banking organizations. The goal was to put the new assessment ruler (Process Assessment Model [PAM], based on the ISO/IEC 15504 approach) into practice and verify how the organizations would perform while employing criteria that are different from the ones used in the COBIT® 4.1 Capability Maturity Model (CMM) approach. Read the rest of the article here Tammie111
at 8/21/2015 8:04:56 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus - Leveraging COBIT to Implement Information Security (Part 3) Join author John Frisken, as he responds to ISACA member questions beginning 31 August 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
This article is a continuation of the article originally published 4 May 2015 called ‘Leveraging COBIT to Implement Information Security’.Part 1 covered how COBIT® 5 can be used to establish the overall framework for the collaboration of technical standards such as the IT Infrastructure Library (ITIL), ISO/IEC 27001 and SANS Critical Security Controls. Part 2 focussed on using COBIT® to implement information security process controls within an ITIL system to provide protection envisaged by SANS Critical Security Controls. Part 3 looks at how to implement an information security management system (ISMS) governance framework and enable tools to manage the security program. Read the rest of the article here Tammie111
at 8/27/2015 3:29:42 PM
You must sign in to rate content.
(Unrated)
Are you using COBIT for sustainability and Green IT? Do you know any enterprise that uses COBIT5 in that way? Thanks! Graciela Braga
at 9/4/2015 12:32:53 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - COBIT 5 and Independent IT Services Suppliers Join author Vincent Pearce, as he responds to ISACA member questions beginning 14 September 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
I focus on delivering IT managed service outsource transitions and implementations, working with organisations that are outsourcing IT services or transitioning between suppliers. As an IT managed service specialist, I have extensive experience with ITIL; however, when bearing in mind the end-to-end requirements to be considered and addressed, ITIL may be excellent for core infrastructure services and operational management, but it leaves gaps when developing a comprehensive IT managed service linking a supplier’s service, retained IT responsibilities and business need. Read the rest of the article here Tammie111
at 9/11/2015 1:38:00 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus - Implementation of Service Integration in a Multiprovider Environment Using COBIT 5 Join author Martin Andenmatten, as he responds to ISACA member questions beginning 28 September 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
We are living in a constantly changing world. While technology is getting smarter and easier to handle for users, governance and management of enterprise IT (GEIT) is becoming overly complex. Increasingly, cloud services are replacing traditional in-house solutions, and the risk associated with this new IT business model is difficult to manage. The role of the internal IT department is being questioned because its value is often not recognized at the board level. Because businesses can access IT services relatively easily via a cloud broker portal, long lasting program and project management is no longer needed for delivering equal services at unknown cost, time and risk. Well, we are not there yet, but the pathway is clear. Read the rest of the article here Tammie111
at 9/25/2015 5:28:51 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus - Leveraging COBIT to Implement Information Security (Part 4) Join author John Frisken, as he responds to ISACA member questions beginning 5 October 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
This article is the final article of a 4-part “Leveraging COBIT to Implement Information Security” series. Part 1 covered how COBIT® 5 can be used to establish the overall framework for the collaboration of technical standards such as the IT Infrastructure Library (ITIL), ISO/IEC 27001 and SANS Critical Security Controls (SANS Top 20). Part 2 focused on using COBIT® to implement information security process controls within an ITIL system to provide protection envisaged by SANS Top 20. Part 3 outlined how to implement the Information Security Management System (ISMS) governance framework and enabling tools to manage the security programme. This article shows how the requirements for certification of the ISMS framework can be satisfied by using the approaches outlined in this 4-part series. Read the rest of the article here Tammie111
at 10/1/2015 2:30:16 PM
You must sign in to rate content.
(Unrated)
COBIT 5 - Local Government Authorities Hello, my students are working on how to apply information technology (IT) to bridge the gap between local government authorities and citizens based on COBIT 5. I am looking for a mentor to guide the students. If you are interested, please let me know. regards rasika dayarathna Rasika235
at 10/4/2015 12:51:52 PM
You must sign in to rate content.
(Unrated)
IT self assessment Good Morning, I am looking for a very basic xls or self assessment tool that I can use for IT. Does anyone have something like that or know of one? V Vicky810
at 10/7/2015 11:20:51 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - Towards Building a Privacy Programme: A Personal Journey Join author Russell Raizenberg, as he responds to ISACA member questions beginning 12 October 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
During November 2013, South Africa enacted legislation that seeks to regulate the processing of personal information. It is known as the Protection of Personal Information Act of 2013 (POPIA). Given its infancy and the number of entities seeking compliance, it is understandable that existing resources are limited, constrained and, very likely, expensive. Once fully promulgated, entities processing personal information will have 12 months to demonstrate compliance. What follows is a glimpse into a personal journey towards building a privacy programme and how COBIT® 5 has assisted in structuring the approach, consolidating research, thinking beyond IT, and providing detailed guidance in most areas of enablement and implementation. Read the rest of the article here Tammie111
at 10/9/2015 5:54:46 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Aligning Universities and Enterprises Using COBIT 5 Join authors Bruno Horta Soares and Miguel Mira da Silva, as they respond to ISACA member questions beginning 19 October 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
The alignment of academic knowledge with professional skills is now one of the main challenges faced by universities around the world, particularly in the field of information systems management and governance, where the evolution of concepts and their application are constantly changing. The Academic Advocate Program and Student Membership from ISACA® are fundamental instruments for professors and students to access the same best practices used by professionals around the world, giving an important opportunity for today's students to become the competent and motivated professionals of tomorrow. Read the rest of the article here Tammie111
at 10/15/2015 7:20:51 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus - Addressing Sustainability and Social Responsibility in COBIT 5 IT Governance Processes Join author Graciela Braga, as she responds to ISACA member questions beginning 26 October 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Sustainability, sustainable development and social responsibility are related terms. Social responsibility includes an organization’s responsibility for the impact of its decisions and activities on society, the environment and economy, and, therefore, its contribution to sustainable development and sustainability. A recent ISACA Journal article,“The Time for Sustainable Business Is Now: Leveraging COBIT 5 in Sustainable Businesses,” presents what COBIT® 5 can do for sustainability, including: Improve governance. COBIT® 5 ensures that all stakeholders are identified and their needs are evaluated in order to determine the enterprise’s sustainability goals and its associated IT-related goals. Improve measurement, monitoring and evaluation systems. COBIT 5 uses indicators and can adopt the existing sustainable development indicators as management tools at various levels and in various sectors in order to improve environmental monitoring and information systems at different scales. Assess the roles of public and private actors. COBIT 5 recognizes different stakeholders with different needs and obligations. Increase the resilience of human and natural systems. COBIT 5 suggests stakeholder needs related to sustainability and, thus, allows the use of its goals cascade to ensure the identification of enterprise goals and the evaluation of possible risk that can hurt their achievement. So, the implemented IT process will be capable of delivering outcomes even if the risk factors materialize and the conditions are not the best. This article focuses on the COBIT 5 processes for governance of enterprise IT (GEIT) and proposes how governance practices and activities can be adapted to balance IT with environmental, social and economic aspects. Read the rest of the article here Tammie111
at 10/21/2015 8:59:54 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus - COBIT 5 Adoption: Understand and Be Understood Join author Oliver Crespo, as he responds to ISACA member questions beginning 2 November 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
One of the most important discoveries for the human age was the Rosetta Stone. This piece of granite was the key element to decoding and understanding Egyptian hieroglyphs. Using this stone,it became possible to understand what the Egyptians wrote in their papyrus and allowed us to understand how the ancient Egyptians lived and thought. We understood. Today, auditors sometimes face this (mis)understanding problem within their audit activities. Though not on par with the Rosetta Stone discovery, at times, a key to enabling different business units to understand each other is needed. Within the corporate world, there are different approaches and views of the same elements. This is probably one of the most complicated situations that an IT auditor can face. Sometimes it is difficult to explain to non-IT people the risk, findings and recommendations that an IT auditor discovers. Read the rest of the article here Tammie111
at 10/30/2015 10:03:06 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - Does a COBIT 5 Self-assessment Help the Business to Get Control of a Shared Service Center? Join author Jörg Schorning, as he responds to ISACA member questions beginning 9 November 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
In the summer of 2014, the chief information officer (CIO) of a shared service center (SSC) owned by 3 different, culturally diverse types of companies asked the author to perform an assessment based on COBIT® 5. The most pressing question the CIO needed to answer for his organization’s board of directors (BoD) was, “Are we in control of IT?” One year later, the consultant’s goal is to evaluate whether the CIO and the managers of the SSC are making progress in answering the board’s question with, “Yes, we are in control of IT because of ….” This article describes the work that had to be done (using combined knowledge of ISO/IEC 38500, COBIT® 4.1 and COBIT 5) to make COBIT 5 more applicable and support the one-year-later assessment at the SSC. Read the rest of the article here Tammie111
at 11/5/2015 4:58:07 PM
You must sign in to rate content.
(Unrated)
COBIT Focus -Using COBIT 5 to Measure the Relationship Between Business and IT Join author Mark T. Edmead, as he responds to ISACA member questions beginning 16 November 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
An enterprise is much more than just information technology. The common infrastructure is that there are manyfunctional areas including human resources (HR), IT, manufacturing, operations, finance and so on. The challenge isto get all of these functional departments to work cohesively and with the same goal in mind. The nature of anenterprise is that they are divided into these functional areas, and in many instances, there is little or no horizontalalignment between them. The business relationship manager (BRM) role is a relatively new role in many organizations. The BRM is a liaisonbetween corporate technology services and the business. The BRM is responsible for understanding the business,assisting in the prioritization of projects and ensuring that projects align with technology standards. Ideally, the BRMhas significant knowledge in subject matters pertaining to corporate service and the business. Therefore, the BRMcan help direct corporate services in support of the overall business strategy. Read the rest of the article here Tammie111
at 11/12/2015 11:08:53 AM
You must sign in to rate content.
(1 ratings)
5th ITU Green Standards and a well governed and managed ICT
The International Telecommunication Union (ITU) hasinvited me as a speaker at The 10th ITU Symposium on ICTs,Environment & Climate Change - From the New Climate Agreement to the NewUrban Agenda, jointly organized with UN-Habitat. ThankITU and of course COBIT 5 for this opportunity. http://www.itu.int/en/ITU-T/Workshops-and-Seminars/gsw/201512/Pages/programme-20151214.aspx
"Howa well Governed and Managed ICT can Help to Address Environmental Challengesand Sustainability" ICTshould and must be an enabler to address environmental challenges and promotesustainable development. Its contribution will depend on how well it is governedand managed in a context of sustainability as a strategic priority. Forthis, stakeholders have to manage benefits and risk factors; comply withexternal regulations and internal standards; be agile to respond in a timelyand efficient manner to a changing environment; focus innovation on long-termsustainability aspects; plan, build, run and monitor existing and new IT; andinvest in training. COBIT 5, the latest ISACA’s guidance on the enterprisegovernance and management of IT, can assist in achieving this goal. Which COBIT's strength would you recommend for this topic? Graciela Braga
at 11/25/2015 11:29:29 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - Driving Enterprise IT Strategy Alignment and Creating Value Using the COBIT 5 Goals Cascade Join author Tichaona Zororo, as he responds to ISACA member questions beginning 30 November 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
The goals cascade is the nerve center of COBIT ® 5. It supports the identification of stakeholder needs and enterprise goals through the achievement of technical outcomes which, in turn, support the successful use of enabling processes and organizational structures. COBIT 5, through the goals cascade and enabling processes for the governance and management of enterprise goals, recognizes that it is key for enterprise leaders to understand their business requirements for information systems. COBIT 5 emphasizes aligning IT initiatives with business (enterprise) requirements first before planning, organising and building a system that is being considered for acquisition. Aligning IT initiatives means that IT long- and short-term plans are focused on enabling achievement of business strategic and performance plans and creating enterprise sustainable competitive advantage. To build a system, enterprise leaders must have a clear understanding of the business drivers and outline specific enterprise user requirements for IT. Read the rest of the article here Tammie111
at 11/25/2015 12:49:22 PM
You must sign in to rate content.
(2 ratings)
COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT Join author Arturo Umana, as he responds to ISACA member questions beginning 7 December 2015. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
It is a well-known fact that one of themajor improvements in COBIT® 5 was the integrationof both Val IT and Risk IT into the framework. This follows the logical development line of COBIT® along its different versions and reflects better the needs of appropriate governance of enterprise IT (GEIT) for modern enterprises. For those using combinations of previous versions of these 3 frameworks, or parts of them, moving into a single, unified framework is definitely a promising perspective. Read the rest of the article here Tammie111
at 12/4/2015 3:21:15 PM
You must sign in to rate content.
(1 ratings)
Unclear expression in Process Assessment Program I found a unclear expression in Process Assessment Program. Assessor Guide:Using COBIT5(page 25) has the description "The second consideration concerns the additional consequences of the effective and efficient operation of the processes at the various capability levels, as shown in figure 16 from ISO/IEC 15504-4". However, the described items of Figure 16 are "Process Attribute Where Gap Occurs" and "Potential Consequence".Moreover, the title of ISO/IEC 15504-4 equivalent is "Potential consequence of process attribute gaps". I think it's better to describe it as "The second consideration concerns the potential consequences of the process attribute gaps of the processes at the various capability levels, as shown in figure 16 from ISO/IEC 15504-4".Am I correct? There is a same expression in Selfassessment Guide: Using COBIT5(page 14). kazu_nrt
at 12/30/2015 5:18:37 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Importance of CMMI-DEV in COBIT-based IT Governance Join author Kiran Chaudhari, as he responds to ISACA member questions beginning 4 January 2016. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
The Capability Maturity Model Integration (CMMI) is a world-class performance improvement framework for competitive organizations that want to achieve high-performance operations.Today, CMMI has become the de facto standard for information and communications technology (ICT) companies to improve operational efficiencies. CMMI for Development(CMMI-DEV) consists of best practices that address development activities applied to products and services. It addresses practices that cover the product’s life cycle from conception through delivery and maintenance.Organizations from many industries, including aerospace, banking, computer hardware, software, defense, automobile manufacturing and telecommunications,use CMMIDEV. The CMMI framework is frequently used in ICT companies for process improvement initiatives. However, it is not often used in IT-enabled services companies, especially financial organizations. With increasing dependence on IT, many financial organizations are facing challenges in translating business vision and alignment strategies into multi-year IT investments and operating plans, as well as challenges with the impact of IT on the enterprise’s performance measurement. COBIT® provides an end-to-end business view of the governance and management of enterprise IT(GEIT) and reflects the central roles of information and technology in creating value for enterprises. Read the rest of the article here Tammie111
at 1/1/2016 2:38:14 PM
You must sign in to rate content.
(1 ratings)
We Already Get There but "They" don't see it'was hard to implement 7 phases of Life Cycle-COBIT5 into BMIS, in my point of view talking about Organization specially Government Institution related with BMIS makes 7 phases cannot completed easily, why.. because the biggest "human factor" was not bettween people and technology actually, this can be learn fast "if they (employee on Government Institution) want to. I'll still trying to find... does "The Biggest Human Factor" better locate between "organization to technology", a brief disscuss for this is about an Organization with 70% employee uncommon with IT and facilities but the Top Leader impose to implement a kind of apllication which is skipping "What Needs to be Done". because in my point of view "The Application" will make big impact to the employee whom not accustomed to the IT, please anyone, share me your experience.. thank you A.S.K
at 1/13/2016 8:32:14 AM
You must sign in to rate content.
(Unrated)
How COBIT 5 Improves the Work Process Capability of Auditors, Assurance Professionals and Assessors http://www.isaca.org/Journal/archives/2016/Volume-1/Pages/how-cobit-5-improves-the-work-process-capability-of-auditors.aspx Thanks in advance for your comments Best, Graciela Graciela Braga
at 1/14/2016 2:17:55 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus - Dubai Customs COBIT 5 Implementation Join authors Vishal Vyas, Juma Al Ghaith, Ahmad Al Yaqoobi, and Syed Junaid Hasan as they respond to ISACA member questions beginning 18 January 2016. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Dubai Customs is a complex and dynamic organization. The management at Dubai Customs endeavors to be on the leading edge of the latest management principles and frameworks and it utilizes many global best practices to manage activities in all business processes. The organization recognized the need for a single integrated framework, like COBIT® 5, that encompasses all of these best practices and standards. Dubai Customs was established more than100 ago. The department is responsible for facilitating trade and helps secure the integrity of Dubai’s borders against smuggling attempts. Collecting customs revenues and administering trade measures are other major duties of DubaiCustoms, which supports fair trade practices and ensures that international conventions and agreements are strictly followed by the trade community. Customs Development Division (CDD), a division of Dubai Customs, ensures the continuous development and modernization of Dubai Customs’ initiatives as well as the procedures and services it provides to its customers. To achieve excellence and maintain growth, CDD combines strong management with a pool of highly qualified and skilled personnel. It focuses on development in project management, leading-edge technologies, new computing environments and optimization of methodologies. Rapid growth in technology has resulted in the need for enterprises to increase productivity and integrate all available information.CDD has met these challenges by effectively utilizing disparate approaches and resources. Read the rest of the article here Tammie111
at 1/15/2016 2:36:20 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus - Tips for Understanding the COBIT 5 Enabler of Process Join author Lisa Young, as she responds to ISACA member questions beginning 9 February 2016. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
The concept of process improvement has been around for centuries. Some of the earliest efforts to improve the efficiency of work began during the Industrial Revolution in the US and Europe. Eli Whitney observed how much work was needed to remove cotton seeds from the boll by hand and invented a machine to automate the process in 1793. Fast forward to 1911 when Fredrick Taylor published The Principles of Scientific Management, in which he proposed that optimizing and simplifying jobs would yield greater productivity. In 1987, the first version of the International Organization for Standardization (ISO) ISO 9000 standard for quality management was introduced. Read the rest of the article here Tammie111
at 2/9/2016 8:40:59 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - Initiating GEIT Using COBIT 5 at the Oman Ministry of Manpower Join authors Rohit Banerjee, Redha Ahmed Al-Lawati, and Maqbool Mohammed Al-Balushi, as they respond to ISACA member questions beginning 22 February 2016. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
While attending one of the ISACA® continuous professional education (CPE) sessions related to optimizingIT spending using COBIT® 5 practices, it was surprising to realize that many IT audit and assurance professionals who attended the session confided having difficulty in initiating governance of enterprise IT (GEIT) and wished they had more insight on where to begin when implementing GEIT in their respective organization. This article describes the experience of initiating GEIT at the Ministry of Manpower (MoMP), Sultanate of Oman. Read the rest of the article here Tammie111
at 2/19/2016 11:14:42 AM
You must sign in to rate content.
(1 ratings)
Clarification on measurement framework in COBIT process description In COBIT 5, measurement framework of a process cannot be described within it beyond level 1. In this case how can we measure performance of the process from Level 2 onwards? Also how organization justify its implementation for CL4 and CL5? Please suggest. Kiran172
at 3/14/2016 4:17:47 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - A Governance and Management Model for the Public Sector Shared Services Center Based on COBIT 5 Join authors Edson Cezar Mello Jr. and Joao Souza Neto, as they respond to ISACA member questions beginning 28 March 2016. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of thistopic you can now view this and other discussions from the topic homepage.
Shared services is an environment in which a company can absorb activities that support the principle processes of each of the company’s other business units, consolidating these activities into a principal operating unit. Through this strategy, multiple existing business functions are concentrated into a new and semiautonomous business unit with a management structure geared toward the promotion of efficiency, creation of value, reduction of costs and the overall improvement of services for internal company customers, as if it was a business unit competing on the open market. Shared service centers (SSCs) are increasingly utilized in public administrations with the principle objective of increasing the efficiency of public spending. To increase efficiency, however, there needs to be an improved amount of agility, economy and service delivery quality. The SSC must, therefore, become reliant on governance requirements that enable it to operate efficiently and effectively. Read the rest of the article here Tammie111
at 3/24/2016 4:10:48 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Implementing COBIT 5 at ENTSO-E Join authors Greet Volders and Kees de Jong, as they respond to ISACA member questions beginning 11 April 2016. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate. *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
The IT director of the European Network of Transmission System Operators for Electricity (ENTSO-E) undertook a pragmatic approach toward implementing COBIT® 5 at the organisation beginning in 2014. Now, 2 years later, it is time to share this successful collaboration between the internal IT department, the business organisation and the external consultants and to share how the results were achieved. Taking a practical approach towards implementing a programme for governance of enterprise IT (GEIT) based on COBIT 5, ENTSO-E focused on prioritising the processes, the development of these processes and—most important—the practical issues to overcome during the implementation of a new way of working. Read the rest of the article here Tammie111
at 4/7/2016 5:00:53 PM
You must sign in to rate content.
(1 ratings)
Community Notification Hello COBIT Use It Effectively community members, Please welcome members from the COBIT 4.1 community! You may notice some changes to the title of this topic and description. To provide a more robust community we’ve combined the COBIT communities. Therefore, all participation pertaining to COBIT, both COBIT 5 and 4.1 will be discussed in this community. Thank you, Tammie Josifovic ISACA Online Communities Coordinator Tammie111
at 4/13/2016 6:49:00 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Unearthing and Enhancing Intelligence and Wisdom Within the COBIT 5 Governance of Information Model Join author Ahmet Efe, as he responds to ISACA member questions beginning 18 April 2016. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate *After logging in click Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Data, information, knowledge and wisdom (DIKW) are the best known, sequential, theoretical and conceptual stations of understanding of things for taking proper action to save more in assets while losing less in resources in the course of life, both for individuals and legal entities. They are also the most difficult issues that can be differentiated within a certain context by practitioners without studying and referring to pertinent academic researches. Even in the COBIT® 5 framework, it is not easy to distinguish these items. Despite the fact that the Data Management Body of Knowledge (DMBOK) focuses on data, COBIT 5 seems to focus more on the information layer, rather than data and knowledge, by emphasizing the transition of data into information on the road linking to knowledge. Though information is emphasized as one of the 7 enablers of COBIT 5, knowledge management is considered under the Build, Acquire and Implement (BAI) domain as BAI08 Manage knowledge, a management process. It is possible to argue that the challenges of big data that raise the importance of converting an overwhelmingly huge, sophisticated, doubtful, changeable and intertwined volume of numbers, signs and semiotic reflections into meaningful context. This seems to be very reasonable for the purpose of filling gaps at the diverging paths between data management and knowledge management. Read the rest of the article here Tammie111
at 4/15/2016 2:57:46 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus - Are Your IT and Strategic Business Goals Aligned? Join author Alexander Zapata, as he responds to ISACA member questions beginning 9 May 2016. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Developing and using models to help represent relationships between business strategy and IT is an effective method to show the strategic effect of IT within the enterprise. As more and more business commerce becomes automated, the growing impact of IT on business strategy, such as the development of a sustained competitive advantage in a highly connected world, becomes increasingly evident. Alignment of IT and business strategies is paramount for achieving and maintaining a leadership position. Today, the elements that differentiate one successful organization from another are difficult to observe and measure as the power of imitation levels the playing field, making a business-driven, information-centric and technology-supported strategy imperative. Read the rest of the article here. Tammie111
at 5/5/2016 12:55:45 PM
You must sign in to rate content.
(Unrated)
Level of importance of the IT and Strategic Business Goals Alignment Do you think this is a critical success factor of a good IT Governance and Management? This is an important issue for Financial, Government, Telecommunication, Services, Manufacturing, Health or other kind of organizations? Alexander Zapata
at 5/10/2016 7:22:41 PM
You must sign in to rate content.
(Unrated)
Board Involvement with IT Governance. What's your opinion? Dear Reader, Please allow me to invite you to complete this short questionnaire regarding the effects of Board involvement and COBIT 5 usage. The questionnaire is targeted at anybody with involvement in IT Governance issues and will take just 5 minutes to complete. The questionnaire is part of my master thesis project at the University of Groningen in the Netherlands. By participating in this questionnaire you really help to advance our knowledge of IT Governance and COBIT 5. In the questionnaire, you can indicate if you wish to receive a copy of the results which are expected in August 2016. Thank you for your time! . Best regards, Corné Schipper Link to questionnaire: http://rug.eu.qualtrics.com/SE/?SID=SV_a3H3gpaPb2wsxV3 PS: Sharing this link to other people in your network would mean a lot to me! Cornelis
at 5/18/2016 1:06:25 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus - Creating Value with an Enterprise IT Governance Implementation Model Using COBIT 5 Join author Yuichi (Rich) Inaba , as he responds to ISACA member questions beginning 23 May 2016. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
After the subprime mortgage crisis and the Lehman Brothers collapse in the US, the Financial Services Agency of Japan (FSA) strengthened financial regulations. The FSA regulations introduced an IT governance perspective, which detailed the rules for information security enhancement and IT risk minimization. In response to this, the management of financial institutions have been struggling with a kind of “defensive” IT governance, or a risk minimization and compliance approach. On the other hand, the Japan Revitalization Strategy was approved by the Abe Cabinet of Japan in 2013 and the FSA applied the Corporate Governance Code in 2015, in which listed companies are urged to achieve sustainable growth and increase corporate value over the mid- to long term. Under these circumstances, financial institutions are seeking aggressive or proactive IT governance aiming at value creation for stakeholders rather than defensive or reactive risk minimization and compliance. Read the rest of the article here Tammie111
at 5/20/2016 1:08:31 PM
You must sign in to rate content.
(1 ratings)
The Pervasiveness of COBIT http://www.isaca.org/Knowledge-Center/Blog/Lists/Posts/Post.aspx?ID=637 Graciela Braga
at 6/23/2016 3:15:58 PM
You must sign in to rate content.
(Unrated)
ISACA Journal as a reference of Sustainability issue ISACA Journal and my Journal article The Time for Sustainable Business Is Now: Leveraging COBIT 5 in Sustainable Businesses are included in Research for June 2016 prepared by the prestigious Network for Business Sustainability. Journals they draw from include the Financial Times Top 45 list as well as sustainability-focused publications. http://nbs.net/research/ Graciela Braga
at 6/23/2016 4:01:20 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Transforming Risk Culture Through Organizational Culture Leveraging COBIT 5 for Risk Join authors Ganapathy Kannan and Vinoth Sivasubramanian, as they respond to ISACA member questions beginning 5 July 2016. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
The point has been made again and again and, as per the Forcepoint 2016 Global Threat Report, humans are still the weakest link in security. It is, therefore, essential that information security professionals acknowledge and address this problem. Resolving problems within the human workforce is complex, challenging and daunting, but it is definitely not an insurmountable task. Addressing modern workplace and workforce challenges, coupled with the growing threat landscape, requires dynamic, out-of-the-box approaches. Traditional approaches such as deploying learning management solutions or conducting a one-day workshop on information security no longer solve the problem. To effectively create and implement a culture that clearly understands the risk and is open to managing risk factors, the people in an organization and the environment in which they are operating must effectively support information security strategies and objectives. This article discusses how to develop and implement a behavioral competency model that enables achievement of information security objectives and describes how COBIT 5 can be leveraged to build and model information security behaviors. Read the rest of the article here Tammie111
at 7/5/2016 9:10:39 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - An Appropriate Approach for Program and Project Management Join author My Hanh Nguyen, as she responds to ISACA member questions beginning 25 July 2016. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate *After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
One of the challenges of IT management is how to manage and deliver transformation projects on time, on budget, in compliance with the quality standards, while achieving the business’s requirements. BAI01 Manage Programs and Projects is good guidance to ensure that IT management has overall project management knowledge. In accordance with ISACA’s definition, “program” is defined as a structured grouping of interdependent projects that are both necessary and sufficient to achieve a desired business outcome and create value. These projects could include, but are not limited to, changes in the nature of the business, business processes and the work performed by people, the competencies required to carry out the work, the required technology, and the organizational structure. “Project” is defined as a structured set of activities concerned with delivering a defined capability (that is necessary, but not sufficient to achieve a required business outcome) to the enterprise based on an agreed-on schedule and budget. In other words, the program is a master plan that includes a number of projects. BAI01 defines the following management practices: Read the rest of the article here Tammie111
at 7/22/2016 9:53:37 AM
You must sign in to rate content.
(Unrated)
Hello, I am the new Topic Leader and I want to say thank you! Dear colleagues, my name is Graciela and I amso proud for this opportunity! How can we improve this topic? All suggestionsare welcome! Best regards, Graciela Graciela Braga
at 8/4/2016 1:20:19 PM
You must sign in to rate content.
(Unrated)
COBIT and End User Computing Hello, I am an IT Consultant with Info-Tech Research Group. I'm working on a research publication that will help IT departments create a roadmap for end user computing initiatives (e.g. Windows 10, upgrading System Center, procuring an EMM solution, etc.). I was wondering what parts of COBIT will be helpful in structuring the roadmapping process. I found APO03 Enterprise Architecture to be helpful so far. It makes sense to me to frame this process as an exercise of architecting the different services that IT will provide to end users. Any thoughts on this topic? Thank you! Ken KenWeston
at 8/18/2016 9:40:42 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - Ambiguities in Translation of Information and Knowledge Concepts in COBIT 5 Join author Ahmet Efe, as he responds to ISACA member questions beginning 12 September 2016. Add your questions by responding to this post!
You must be logged in and be a member of this group* to participate *After logging in click Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
Data, information, knowledge, business intelligence and wisdom (DIKIW) are sequential, theoretical and conceptual stations of understanding. Some researchers assert that business intelligence (or intelligence) is different than knowledge and wisdom. Each concept of DIKIW has its place in guiding individuals and legal entities to take proper action to save more in assets while losing less in resources. They are also the most difficult issues for practitioners to differentiate within a certain context without study of and reference to pertinent academic research. Even in the COBIT 5 framework, it is not easy to distinguish these concepts. Read the rest of the article here Tammie111
at 9/12/2016 3:58:46 PM
You must sign in to rate content.
(Unrated)
How a well Governed and Managed ICT can Help to Adopt a New Urban Agenda
I wantto share with you my vision about How a well Governed and Managed ICT canHelp to Adopt a New Urban Agenda. Of course, I used COBIT5. I am soproud and thankful for the opportunity to be a speaker at the Green Standards Week. (http://www.itu.int/en/ITU-T/Workshops-andSeminars/gsw/201609/Pages/programme-20160909.aspx) This year, the GreenStandards Week was dedicated to the theme of “Shaping Smart Sustainable Cities: TowardsHabitat III”, and was kindly hosted by the Municipality ofMontevideo, Uruguay.
Habitat III offers a unique opportunity to discuss the importantchallenge of how cities, towns, and villages are planned and managed in orderto fulfill their role as drivers of sustainable development, and hence shapethe implementation of new global development and climate change goals. And IThas a great and important rol. Here ismy presentation:http://www.itu.int/en/ITU-T/Workshops-and-Seminars/gsw/201609/Documents/Presentations/9-September-2016/S1-Pres2GBraga_6th%20ITU%20Green%20Standards%20Week%20%282%29.pptx
Doyou agree with my conclusion? Do you select others IT processes? I think thisis COBIT - Use It effectively too! Thanks Graciela Graciela Braga
at 9/15/2016 1:58:36 PM
You must sign in to rate content.
(Unrated)
IT alighment with business please elaborate on what is meant by IT should align with business strategy, how this has to be done, achieved note:- business submits signed requirement and IT implement's it, we are already aligned, what else needs to be aligned from IT dept side, does this means business needs to ensure desired outcome of the project achieved, Feroz349
at 9/17/2016 1:53:37 AM
You must sign in to rate content.
(Unrated)
CMM what is meant by predictable software development process, ?? what factors can be predicted by following CMM Feroz349
at 9/17/2016 2:25:13 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - Using COBIT 5: Enabling Information to Perform an Information Quality Assessment Information is considered a main resource for any organization as the evolution of information technology in recent decades has reached almost all organizations. No matter their size—small, medium or large —organizations use computer systems to perform the most critical processes and provide them competitive advantage. Companies currently use the power of data analytics to decide where to open a branch, how to increase investments or when to launch a product in accordance with their target customers. Read the rest of the article here. Carly555
at 9/29/2016 2:10:42 PM
You must sign in to rate content.
(1 ratings)
Information Security Function Hi All, What is the best practice for the Information Security Function in a banking institution to report to?Meaning that what is the best reporting line for this function? Keeping in mind that the information security personnel is reviewing and monitoring the IT Department. I once read that its best for the Information Security Personnel to be independent from IT Department in this case. Please provide me with references stating the best practice for the Information Security function reporting line, such as ISO, COBIT, PCI, ITIL etc. Faisal
at 10/12/2016 10:58:58 AM
You must sign in to rate content.
(Unrated)
PBX, Skype for Business, Slack -- Role of COBIT in assessing and implementing communications and collaboration infrastructure Hello COBIT 5 and ISACA community, I am a junior research analyst at a mid-sized IT research and advisory firm in Canada. We provide management consulting services to our clients in order to systematically improve their IT departments. I'm currently refreshing our research on how to approach the task of modernizing communication and collaboration infrastructure. Since I'm still fairly new to the ISACA community and the COBIT 5 framework, I wanted to make sure that I'm applying it properly to this project. Do you have any advice on components from COBIT 5 that I should incorporate into this project? One of our core insights that I'm looking at incorporating into the publication is as follows: you need stakeholders involved in this project. Stakeholders can help drive end user adoption of new collaboration infrastructure (such as Yammer or SharePoint) The choice between an OpEx or a CapEx model isn't for IT to make alone; there are different benefits, costs, and risks of both models, and your CEO and CFO need to be involved in the decision Thank you for any thoughts you have. Ken Weston Senior Consulting Analyst Info-Tech Research Group KenWeston
at 10/15/2016 9:14:48 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - A Partial Transition to COBIT 5 Demonstrates Value to IT Several years ago, the IT department of the largest bakery factory in the world, with a presence in the United States, Mexico, Central America, South America, Asia, Europe, Canada and the United Kingdom, conducted a COBIT® 4 assessment and implementation of a enterprise governance. Recently, it was determined that the assessment and governance process needed to be updated to determine the next steps required to align it with the new business vision. Read the full article here. The author, Victor Antonio Jimenez, will be responding to questions pertaining to his article today. Ask your question in the comments section of this post. Carly555
at 10/24/2016 3:57:46 PM
You must sign in to rate content.
(5 ratings)
COBIT Focus - Ensuring Value From IT-enabled Investments Ensuring that value is realized from ITinvestments is an essential component of enterprise governance. IT governancein practice ensures that IT investments deliver the promised benefits againstthe strategy at an agreed risk exposure. It also concentrates on optimizingresources throughout the economic life cycle—including the initial investmentand the resulting IT services and other IT assets... Read the rest of this article here. Carly555
at 10/28/2016 10:56:19 AM
You must sign in to rate content.
(2 ratings)
COBIT Focus - Taking IT Governance and Management to the Next Level A Big 4 professional services firm in the Middle East region was selected by a leading retail bank in the region to assist in finding solutions to pressing problems related to IT governance and IT management. The bank was and continues to be heavily dependent on IT infrastructure and IT application systems to deliver an efficient and effective banking experience to its customers. Such dependence is expected to grow as the bank plans to further introduce innovative products supported by technology to a very young customer base.
Read the rest of this article here. The author will also be in this community at that time to answer questions. Carly555
at 11/8/2016 3:47:37 PM
You must sign in to rate content.
(4 ratings)
COBIT Focus - Creating Buy-in and Empowering Teams to Change It is an inescapable fact that IT ischanging the way organizations do business. There is a global emphasis on “digitaltransformation,” which means that IT is increasingly becoming a criticalenabler to realizing business value. At the same time, IT represents asignificant risk if not governed effectively. However, as the latest Draft King IV Reporton IT Governance for South Africa 2016 concluded, thereis a need to focus on outcomes, not just a tick in the box when it comes to governance.Another significant finding in the report was that people are the biggest risk to achieving effective governance.
Read the rest of this article here. The authors, Paul Wilkinson and Gary Hardy, will also be here to discuss it. Carly555
at 11/23/2016 7:55:15 AM
You must sign in to rate content.
(2 ratings)
COBIT 5 Implementation starts with GAP Analysis COBIT 5 framework implantation is the new target for a lot of institutions all around the world. We are not just talking about IT companies (IT service providers) we are talking about financial institutions, banks, Governmental sector..ETC. To be able to start implementing this framework, you need to start Gap analysis exercise. I will focus on the Gap Analysis Exercise as the first step when deciding implementing COBIT 5 Frame Work. GAP analysis is a very simple practice,but you feel frustrated when you start thinking how to start this big exercise same as I did when starting this exercise. But I will share my experience results to save time and efforts and help the much I can. 1. You need to build a matrix having the following and all should be mapped together - COBIT 5 processes - COBIT 5 principles - COBIT 5 Controls ( here you need to add all activities related to each control by a result you will have 1111 Activity) - Add accountability based on COBIT 5 Enablers guide as well you can add responsibilities as well based on COBIT 5 Enables RACI. 2. You need to split this sheet based on Accountability column filtering. 3. Provide the related activities to related parties to provide their feedback about these activities – as a result controls. 4. Related parties(Accountable end users ) 5. By a quick look the accountable user should be able to provide the feedback. 6. Based on results from all end users (committee) should be able to prepare a report about the final status. 7. Based on Committee report, priorities should be defined form decision makers(committee with Board) 8. Based on defined priorities a workshop should be designed to plan the implementation phase. COBIT 5 Gap analysis Matrix - ready to be used: https://drive.google.com/drive/folders/0B_ctgcsN_yybUnFlV21WSW80enc
Best Regards, Lara Abu Al-Wafa Head of IT Audit Lara Abu Al-Wafa
at 11/27/2016 1:35:13 AM
You must sign in to rate content.
(1 ratings)
Creating Buy-in Too many organizations send staff to COBIT training to get a certificate. What then happens is that people struggle to translate theory into practice exercise and there is insufficient buy-in to COBIT. As stated in the case 'Organizational chan management' is key. This simulation exercise is one example of an intervention that helped create buy-in and apply COBIT. What other interventions do practitioners use to create buy-in and address organizational change management issues? Paul502
at 11/29/2016 3:27:57 AM
You must sign in to rate content.
(1 ratings)
COBIT Focus - COBIT 5 Mapping Exercise for Establishing Enterprise IT Strategy
In recent years, (as demonstrated in myprevious article titled “ISO/IEC 27001 Process Mapping to COBIT 4.1 to Derive aBalanced Scorecard for IT Governance”),[i] the balanced scorecard (BSC)[ii] ,[iii] ,[iv] has been applied to enterprise IT and the first real-life IT securitygovernance application has been developed based on mapping the controlobjectives from the International Organization for Standardization (ISO)/InternationalElectrotechnical Commission’s (IEC) ISO/IEC 27001:2013 standard to COBIT® 4.1 process and ITgovernance focus areas.[v] Asa further exercise, the relationships and similarities between ISO/IEC27001:2013, COBIT 4.1 and COBIT® 5 can be explored toprovide data values, insights and results that will help in strategicmanagement discussions. What is driving the need for this mapping exercise? · The need to integrate ITgovernance with overall business governance · The need for effectivedeployment, governance and management of enterprise IT · The exercise will help inestablishing enterprise IT strategy through control objective linkages · Key performance indicators(KPIs) can be derived for individuals or business unit This article explains how an exercisein instituting controls can be used to establish IT strategy, which is shown inthe resultant enterprise and IT goals BSC values and outcomes applied in COBIT 5. In so doing, it showcases the IT/business governance and alignmentprocesses as derived from mapping ISO/IEC 27001 and COBIT 4.1 controls and processes further to COBIT 5 governance and management processes...
Read this article in its entirety here. The author will also be available to answer questions. Carly555
at 11/30/2016 9:40:23 AM
You must sign in to rate content.
(1 ratings)
Does CIO require financial management skillset? One of the focus area of IT Governance is Benefits Realisation (maintaining and increasing value derived from existing IT investments; and generating the financial and non-financial benefits that were intended). If CIO is responsible for benefits realization and most of the time the person is coming from technical background, does the job description of the CIO require financial management skillset? How CIO's are delivering this responsibility? AamirJamil
at 12/6/2016 4:50:07 AM
You must sign in to rate content.
(1 ratings)
Frameworks I've used a previous spreadsheet for obviously too long a time. I was looking for a spreadsheet that I could download with the control objectives for 4.1. I looked at 5.0 and that appears to have been a major over haul and I don't think that is what we want. Can someone point me to the COBIT 4.1 framework in a spreadsheet form? Thank you Chris W
at 12/6/2016 12:06:34 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Using COBIT for IT Organizational Design The organizational structure of an IT department is usually the result of a series of changes, trials, experiments and political manipulations. It is often adjusted to suit or accommodate individuals. As a result, the organization is sometimes cumbersome and the cause of problems, inefficiency and excess cost. The process described herein has been developed from experience gained by participating in numerous efforts to redesign and transform IT organizations... ___________________________________ Read the rest of this article here. The author will also be here to discuss and questions and/or comments you have.
Carly555
at 12/12/2016 2:55:11 PM
You must sign in to rate content.
(2 ratings)
COBIT 4.1 Hi, I am new to IT Audit and we use the COBIT 4.1 framework. I was looking for training and information on how to use it for audit. Anyone know any good material that has practical application. Thanks Michael A MICHAEL023
at 12/20/2016 11:49:16 AM
You must sign in to rate content.
(Unrated)
Val IT Framework alignment with COBIT 5 Dear GRC professionals, We've COBIT 5 in place in our IT Department and we're planning to introduce Val IT Framework to align with COBIT 5. I have the framework copy, I have read the framework BUT I am looking for a starting point. Can you guys please share your experience, any case study, any business case as to how to bring Val IT into the picture and align it with our existing COBIT 5 processes. Thoughts and ideas required! HAFIZ SHEIKH ADNAN AHMED
at 12/24/2016 10:50:15 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Setting the Record Straight Setting the Record Straight: Convincing Management of COBIT’s Value in Risk Management By Julian Marquez, CISA, CRISC, COBIT Foundation, ISO 27001 LA, ITIL Foundation Although COBIT® remains an extremely valuable tool for IT risk management, many Latin American companies still find themselves slightly confused when trying to understand what it takes to carryout a complete or partial COBIT implementation. In fact, organizations still struggle with how to achieve long-term business and IT goals through proper use of the framework's tools, and advice from experienced or well-informed practitioners is not sought because top management often considers any external consultancy as an expenditure with little or no return on investment. In addition, due to multiple mergers and acquisitions currently taking place, there is a growing interest in the region in implementing COBIT as an IT risk management framework and even as a way to comply with globally accepted regulations, particularly the US Sarbanes-Oxley Act 2002(SOX).
Read the full article here. The author is also available to discuss this article. Comment below. Carly555
at 1/3/2017 3:48:46 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Developing Business Capabilities Using COBIT 5 Developing Business Capabilities Using COBIT5 By Oluwaseyi Ojo, CEng, CRISC, CISM, CGEIT, COBIT 5 Certified Assessor, CISSP, TOGAF 9 To execute your strategy, you need to build business capabilities. In order to ensure a business will be successful in the future, an organization must understand how it defines success and must know if it has the capability today to do better or to do more to achieve this success. What Is Business Capability? A business capability (or, simply,capabilities) describes a unique, collective ability that can be applied to achieve a specific outcome. A capability model describes the complete set of capabilities an organization requires to execute its business model or fulfill its mission. An easy way to grasp the concept is to think about capabilities as organization-level skills embedded in people, process and/or technology. Business capability defines an organization’s capability to successfully perform a unique business activity. Business capability is used for managing units of strategic business change and providing the mandate for programs and project portfolios. Capabilities typically: Form the building blocks of the business but do not have an independent purpose of their own Represent stable business functions Are unique and independent from each other Are abstracted from the organizational model and can be defined for any organizational unit Capture the business’s best interests _____________ Read the rest of the article here. The author will also be able to answer questions. Comment below. Carly555
at 1/11/2017 8:41:38 AM
You must sign in to rate content.
(1 ratings)
How to identify priority processes using existing IT priorities Hi Everyone I'm tasked to identify priority IT processes as our team is a dedicated IT process governance team within IT department. My approach to this challenge is to utilise the COBIT5 goals cascade method. This requires a few interconnected steps. 1. Identify priority IT-related goals by applying a mapping between current IT priorities of my organisation and COBIT5 IT-related goals. 2. Utilise COBIT5 "Mapping COBIT5 IT-related Goals to Processes" by only applying the identified priority IT-related goals from step 1. However the results are not what I have been hoping for. I was hoping to have more Service Management and Security processes identified. The question is that if this approach is logical and adds value. Can someone please shed some lights if you have experiences in this topic. Thank you very much. Wenbin Wenbin
at 1/20/2017 12:18:20 AM
You must sign in to rate content.
(Unrated)
Extending COBIT 5 Data Security and Governance Guidance COBIT® 5 contains highly relevant guidance for IT practitioners and business leaders regarding governing and protecting data and information. However, the question of whether COBIT 5 is enough should be asked. This article explores what COBIT 5 provides and does not provide, then suggests a series of appropriate additions. COBIT 5 does correctly start with an overarching set of business recommendations. For example, COBIT 5 suggests that business leaders include compliance with external laws and regulations, management of business risk, and compliance with internal enterprise policies in their balanced scorecard (BSC). For each of these, relevant metrics exist, including: · The use and application of risk assessments · The cost of regulatory noncompliance · The measurement of noncompliance incidents · The percentage of stakeholders who understand policies · The percentage of policies supported by effective standards and working practices
You can read the rest of this article here. The author will also be available to answer questions and discuss. Carly555
at 1/30/2017 5:09:07 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus: A Model Proposal for Organizational Prudence and Wisdom Within Governance of Business and Enterprise IT The intimidatingly rapid growth of big data in the ever-changing, innovative information technology environment has created challenges for enterprises, such as the optimization of risk, costs and resources to best respond to the requirements of the ecosystem and the needs of stakeholders. Day after day, a new concept, tool, technique, requirement or a paradigm comes into being as a result of new data, information, knowledge and wisdom that are being produced in the global order. Particularly, paradigms such as artificial intelligence (AI), Bitcoin, blockchain, virtual reality,climate change, greenhouse gas emission, immigration, disease, cold war,stakeholder needs, cyber threats, ransomware, the Internet of Things (IoT), industry 4.0, smart specialization and smart cities are some of the main triggers that motivate organizations to take their own stance to best position themselves in a business environment that is highly competitive, innovative and ever-changing.Government agencies are also part of the equation because they are in a definitive role that provides regulations and services to meet needs of citizens, private bodies and nongovernmental organizations (NGOs). Therefore,all organizations face competition resulting from innovative products,techniques and services that require holistic and integrated business intelligence and wisdom-manufacturing management systems and frameworks. __________ To read the rest, click here. The author will also be answering questions.
Carly555
at 3/1/2017 9:48:24 AM
You must sign in to rate content.
(Unrated)
COBIT Focus: Using Visual Models for Adopting IT Governance Practices
IT governance (ITG) can be adoptedusing a mixture of various structures, processes and relational mechanisms[i] that encourage behaviors consistent with the organization’s mission, strategy,values, norms and culture.[ii] Examples of process mechanisms are ITG frameworks, best practices and InternationalOrganization for Standardization (ISO) standards such as COBIT® 5, ITIL 2011 and ISO/IEC 27001. Theterm “ITG practices” is used throughout this article to refer to both standardsand frameworks. To continue reading, see the latest COBIT Focus article next week. Carly555
at 3/16/2017 7:50:42 PM
You must sign in to rate content.
(Unrated)
Como utilizar Cobit para Transformar un area de TI buen dia. Soy nuevo en this comunidad. Me Encuentro en la búsqueda e Interés de Transformar el área de TI,: Por ello desde el alineamiento con El Negocio Hasta Estrategias Donde TI permita brindar v El Valor a mi Institución, Una Institución del Gobierno, CONSEGUIR El Valor y culturales con Ello las respuestas Positivas en El Negocio un través de ti. Gracias Por Sus comentarios. Saludos. Marco083
at 3/22/2017 10:46:25 PM
You must sign in to rate content.
(Unrated)
COBIT Focus: How COBIT 5 Can Help Reduce the Likelihood and Impact of the Top 5 Cyberthreats 2017 is here with cyberbreaches increasing, with their impacts rippling ever further into business and personal life. Are these threats too big to manage? Is cyberthreat management the ‘elephant in the room’? Cyberresilience needs to be on the board agenda, but still too many boardrooms prefer to manage the risk with the Ostrich Control—hoping it will go away—exacerbated by the fact that security budgets continue to grow whilst answers to how much and what to target remain aloof. _________________________________ To read the rest of this article, click here. The author will also be here to answer questions. Alexandra295
at 3/28/2017 8:57:26 AM
You must sign in to rate content.
(2 ratings)
COBIT Focus - Applying the Goals Cascade to the COBIT 5 Principle Meeting Stakeholder Needs COBIT® 5 is a renowned best practice framework for governing and managing enterprise information technology. This framework covers the entire enterprise from end to end in terms of processes, organization structures, policies, skills and talent,information, and other enablers, and top to bottom from the board of directors to incident management specialists working in operations. Before an enterprise thinks about implementing COBIT 5, it is necessary to understand the principles that are defined in the framework. During COBIT 5 implementation, the 5 principles act as a guiding light and provide adequate details of what should be done. If an organization wants a successful COBIT 5 implementation, it must first learn and understand the COBIT 5 principles. This article elaborates on the first principle, Meeting Stakeholder Needs, and illustrates it with real-world examples. Meeting Stakeholder Needs—Principle 1 Let us take up the principle from the framework guide and take a close look from top to bottom, as indicated in figure 1. This is the COBIT 5 Goals Cascade,which shows how stakeholder drivers create stakeholder needs, and those needs define the enterprise’s goals. The enterprise goals, in turn, generate IT-related goals, which define the enabler goals. These various components of the cascade must be addressed in order to carry out a successful implementation. __________________________________ To read the rest of the article here: http://www.isaca.org/COBIT/focus/Pages/applying-the-goals-cascade-to-the-cobit-5-principle-meeting-stakeholder-needs.aspx Carly555
at 4/19/2017 2:36:39 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus - COBIT 5 and the GDPR
With just a year left until theEuropean Union’s (EU’s) General Data Protection Regulation (GDPR)[i] takes effect, it istime for any organization with European customers to get started with theimplementation of its requirements. Most supervisory authorities in EUcountries have published guidelines on how to get ready. However, when it comesto information technologies involved, it would be convenient to find additionalinspiration in a well-known governance of enterprise IT (GEIT) framework. And,yes, that framework is COBIT®. It is useful to refer to anintroductory document such as The GDPRand You,[ii] developed by the Officeof the Data Protection Commissioner (DPC) of Ireland, to help organizationsprepare for the GDPR. In
order to provide clear guidance and a practicalstarting point, the DPC compiled a checklist to assist in moving toward 2018and full compliance. By applying the COBIT® 5enablers to the DPC road map, it is possible to determine the basic scope whereCOBIT can help. _________________ See the rest of this article on 29 May here: http://bit.ly/2rxmWwA Carly555
at 5/23/2017 4:44:30 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - COBIT 5 for Risk: Making Sense of IT Risk Management A leading Big 4 professional services firm in the Middle East was selected by a large retail bank in the region to assist in enabling IT risk management practices to deliver value to the enterprise in a costeffective manner. The bank was facing and continues to face a growing and ever-changing IT risk landscape. Given the bank is heavily dependent on IT infrastructure and IT application systems to deliver efficient and effective banking experiences to its customers, the risk committee (RC) of the board of directors (BoD) decided that IT risk management practices of the highest order must be implemented at the bank. The Fundamental Problems Faced The chief risk officer (CRO) and the RC of the BoD agreed that improvement in IT risk management wasrequired. The following areas required specific attention: · Fragmented IT risk management efforts—Over the years, sections within the organization (e.g., information security function, business continuity function, IT governance function, project management office) developed their own IT risk management frameworks and their own IT risk registers. Furthermore, the enterprise risk management (ERM)function also had an enterprise wide ERM framework and facilitated enterprise wide risk self-assessment exercises that included the IT division.Needless to say, this resulted in inefficient and ineffective IT risk management. On many occasions, the variety of risk management frameworks and IT risk registers resulted in the same risk being identified, owned and monitored in different ways at the same time. The IT division employees felt overwhelmed with the number of IT risk management activities being driven by divergent functions and, ultimately, not reaching any conclusive actions or remediation plans to implement. · Absence of consolidated reporting—The different risk registers at the bank could not be consolidated into one. Their structures and risk rating methodologies were completely different.Furthermore, a number of risk factors would be repeated. Consolidating all IT risk together into a single IT risk register would be extremely difficult and time-consuming to perform. As a result, the overall impression of the RC and the CRO was that IT risk management activities were unreliable and ineffective. · Risk culture—The IT division and the bank as a whole did not have a risk culture. The bank was driven by a culture that encouraged and emphasized service delivery and deploying new and innovative solutions in the shortest amount of time.
To read the rest of the article, click here: http://bit.ly/2reyGjZ Carly555
at 6/13/2017 12:33:09 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus - Screws Have to Tighten? When most organizations undertake an important process improvement effort (e.g., compliance, cyber security,governance), they typically refer to different standards and prepare a complex process to implement the improvement. From this author’s point of view, the main issue with that approach is that it refers to only one standard for the process and follows it strictly from the 1 st page to the last. These kinds of projects are usually long in duration, expensive, require the engagement of several experts, and may require the purchase of hardware and software. These things are not cheap. To easily integrate this kind of project into the organization, the project leader should take into account those processes that provide important value as quickly as possible for the organization(quick wins). By focusing on the quick wins, it will be less likely for stakeholders to withhold support from or question the project, and the project leader can quickly obtain support from the project sponsors.
__________________________ To read the rest of this article click here: http://www.isaca.org/COBIT/focus/Pages/which-screws-have-to-tighten.aspx Carly555
at 6/26/2017 8:58:29 AM
You must sign in to rate content.
(2 ratings)
COBIT Focus - COBIT 5 for Risk—A Powerful Tool for Risk Management Today, as we continue to adapt to a highly volatile environment, businesses are becoming more proactive about risk management. Nowadays, risk management is on everyone’s corporate agenda, whethera private or public organization. Special attention to risk management is paid by governments, semi governments, stock exchanges, shareholders and regulators. After all, risk is everywhere, but, perhaps surprisingly, it is notall bad. Let us not forget that when it comes to risk, there are both threats (risk with negative consequences) and opportunities (risk with positive effects). And it is for good reason that optimizing risk is a far more valuable objective than simply striving to eliminate risk altogether. Risk assessment and risk management are integral parts of IT security at any organization, or at least they should be. One would think that, IT being critical to an organization’s operations, the risk related to IT and IT security would be covered by many different risk management frameworks, including the Committee of Sponsoring Organizations of the Treadway Commission (COSO) for enterprise risk management (ERM),the Risk Management Society’s RIMS Risk Maturity Model (RMM), Project Management Institute’s (PMI) Project Risk Management, International Organization for Standardization(ISO)/International Electrotechnical Commission(IEC) 27005 Information technology—Security techniques—Information security risk management and the ISO 31000 family. However, this was not the case until recently. When it comes to risk management in the IT domain and specifically the governance and management of enterprise IT, arguably, there is only one leading globally accepted and in-use business framework to employ: COBIT® 5. __________________________ To read this article in its entirety and discuss, click here: http://www.isaca.org/COBIT/focus/Pages/cobit-5-for-risk-a-powerful-tool-for-risk-management.aspx. Carly555
at 7/5/2017 10:45:03 AM
You must sign in to rate content.
(2 ratings)
COBIT 5 Guidelines - Policies, Processes Aloha. I have been searching COBIT 5 Online to find out if there are guidelines related to how often an organization should review and update policies, processes & procedures documentation, but haven't found anything that speaks to a specific period, e.g., annually. Is it implicitly stated and I have just overlooked it? I would appreciate any feedback this group has to offer. RobinP
at 7/11/2017 1:41:13 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - COBIT 5 Aids Transition to Smart and Sustainable Cities A new edition of The Green Standards Week has finished, but the journey for cities has just begun. The International Telecommunication Union (ITU), together with several organizations, including the United Nations Human Settlements Programme (UN-Habitat) and the Inter-American Association of Telecommunication Enterprises (ASIET), have organized the 7 th edition of the Green Standards Week from 3 to 5 April 2017 in Manizales, Colombia.[i] The week was attended by more than 900 smart-city stakeholders,including mayors, policy makers, nongovernmental organizations (NGOs), academia and industries from 27 countries. One of the significant outcomes of the event was the Manizales Manifesto (the Manifesto), which covers circular economy and smart sustainable cities and communities.[ii] Two important facts about the Green Standards Week are: · Forty percent of participants at the event were women. This is not just a random statistic. The data indicate that women are actively concerned about cities and communities. According to the Manifesto,“Information and communications technologies (ICTs), the concept of circular economy, and the environment for development and entrepreneurship, can help facilitate the sustainable use of resources, while promoting gender equity and fostering socioeconomic development through standardization.”[iii] · Information technology is the core of smart sustainable cities (SSC). This is based on its international definition: - “A smart sustainable city is an innovative city that uses ICTs and other means to improve quality of life,efficiency of urban operation and services, and competitiveness, while ensuring that it meets the needs of present and future generations with respect to economic, social, environmental as well as cultural aspects.”[iv] The Manifesto outlines 10 actions that must be taken by relevant stakeholders across the globe to help realize the Manifesto’s principles and developments.[v]
To read the rest of the article, http://www.isaca.org/COBIT/focus/Pages/cobit-5-aids-transition-to-smart-and-sustainable-cities.aspx
Carly555
at 7/20/2017 7:39:28 AM
You must sign in to rate content.
(Unrated)
Proces Goals, Work Product Inputs and Outputs in Machine-readable Format The Cobit5 website has an Excel with Domains, Processes, Practices and Activities. Is there additonal imformation available in Excel, especially the imformation listed in the PAM documentation:- Process outcomes- Work Product inputs and outputs (PAM had a list of the Work Products at the end but lacks inputs and outputs)Thanks for your help. HK at 7/25/2017 3:40:16 AM You must sign in to rate content.
(Unrated)
Classification of Network Zones Hello all, Is there any specific document which provides insights into best practice for network zone classification with a clear distinction, say, between the Enterprise and Intranet zone, i.e. what makes these two zones different and why is it important to create a distinction between the two? One may argue that the Intranet is considered to be an extension of the Enterprise zone, so might as well combine the two zones into one. Which set of standards do you think best addresses this area of IT Security? Robert271
at 7/27/2017 3:09:05 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - A Group IT Governance System Model With a Pair of Wheels The financial industry in Japan has seen a growing number of organizing financial groups or conglomerates since the Japanese antitrust law was revised in the late 1990s to make it easy to establish a holding company and formulate a company group Now, as emerging technologies evolve globally, IT has been contributing to more and more effective and efficient company operations, enabling not only digital transformation, but also new business model creation by using innovative technologies. Under these circumstances, holding companies of financial groups in Japan are seeking opportunities to create value for stakeholders through business integration with innovative start-up companies and providing their group companies with centralized and shared IT services so all can enjoy the benefits of their group synergy. _______ Read the rest of this article here and discuss below with the author and your peers. Carly555
at 7/31/2017 4:03:03 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Portfolio, Program and Project Management Using COBIT 5 Many organizations attribute their success to being able to execute their strategic goals and objectives. Execution will be successful if it is measured and if corrective actions are taken at appropriate times when there are deviations. Thus, there has to be a plan that should enable measurement, help track progress and enable corrective action to be taken at the right time to keep the execution on track. One such tool that enables the organization to track its execution is a portfolio/program/project management tool. A program is group of projects that are working toward achieving one goal. Among the skills that every organization requires, program and project management skills are important and find pride of place. Successful project management requires adoption of a structured approach to deal with projects, programs and portfolios. Hence, it is important for the organization to establish the practice of portfolio/program/project management and provide it with top management support. Establishment of a portfolio/program/project practice will enable the organization to reduce, if not eliminate, unsuccessful projects that cost organizations dearly in terms of time, expense and quality of deliverables meeting stakeholders’ expectations. Organizations can learn from the experiences of other organizations in different industries, so it would be useful for organizations to adopt globally accepted best practices in the form of a defined organizational framework for program and project management. An ideal framework would be one based on the Project Management Institute’s (PMI) A Guide to the Project Management Body of Knowledge (PMBOK Guide) or Projects in Controlled Environments (PRINCE2) version 2. _________________ To read the rest of this article, click here. Carly555
at 9/5/2017 11:49:29 AM
You must sign in to rate content.
(1 ratings)
Responsibilities by Role Enabling Processes does a great job of listing out the responsibilities associated with each process (and sub-process). I was wondering if there is anywhere that these process responsibilities are listed out by role.
For instance, DSS01 Manage Operations has this RACI chart:
In this chart, the "Head IT Operations" has responsibilities listed out for each subprocess. Where can I find the responsibilities of the role "Head IT Operations" for all processes (and subprocesses)? KenWeston
at 9/6/2017 9:55:06 AM
You must sign in to rate content.
(1 ratings)
Checklist or template for performing consisten design effectiveness assessments for technology controls Hello, Does anyone have a template or checklist that they use to perform consistent control design effectiveness assessments for technology controls from a COBIT5/SOX 404 perspective? If you could share it or point me to a resource, that'd be great. I apologize if this request has been previously asked, I tried searching to see if something was available but didn't see anything ;-) Thanks in advance! Tim Tim692
at 9/7/2017 11:21:00 AM
You must sign in to rate content.
(Unrated)
COBIT 5 for Portfolio, program and project management COBIT 5 refers only to PMBOK while mapping project management in process BAI01. However PMI has more publications that also gets mapped with COBIT 5. For Mapping PMI standards ith COBIT 5, one approach is to start from COBIT 5 and refer to PMI standards as the case may be. Another is start from PMI standards and check if COBIT 5 covers related activities. Any thoughts on this? Sunil Bakshi
at 9/11/2017 7:20:26 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Focus on COBIT Adoption Rather Than Implementation Organizational change management (OCM) focuses on helping people adapt to change. Research shows that by acknowledging the importance of OCM and taking steps to address the people side of change, organizations will be 4 times more likely to be successful.[i] There are several change management methodologies that can be used to help guide stakeholders when planning the steps to help people adapt to changes. The COBIT® 5 materials mention John Kotter’s 8-step process,[ii] and the change enablement ring of the COBIT® implementation life cycle is aligned to John Kotter’s work. _____________________ To read the rest of this artcle, come back on 25 September. Carly555
at 9/20/2017 6:53:45 PM
You must sign in to rate content.
(2 ratings)
COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities The internal audit team of one of the biggest gaming operators in Europe implemented a cloud-based governance, risk and compliance (GRC) platform to improve the quality of its audit work papers and the productivity and collaboration with the other assurance teams (i.e., compliance, risk, security) of the company. MetricStream1 was selected as partner for this implementation. The platform provided the functionality to quickly evaluate the effectiveness and efficiency of processes, risk and controls. For assessing the capability of IT processes and the related controls’ design and operational effectiveness, the COBIT® 5 process model was selected and uploaded to the GRC software platform processes universe. The COBIT® process model could be easily mapped to the International Organization for Standardization/International Electrotechnical Commission’s (ISO/IEC’s) ISO/IEC 27001: 2013 information security standard, which is incorporated within the WLA Security Control Standard (WLA-SCS:2016),2 a standard widely adopted by lottery companies. Therefore, using both an automated audit management system and a standardized control framework, consistent and repeatable evaluation of the organization’s IT processes’ efficiency, effectiveness, maturity and compliance readiness with the worldwide lottery industry standards could be easily achieved.
To read the rest of this article, click here. Carly555
at 10/9/2017 5:36:33 PM
You must sign in to rate content.
(1 ratings)
COBIT Focus: Using COBIT in Government Departments The government of India is focused on ensuring the effective delivery of government services to its customers who consist of citizens, businesses, tourists or anyone who may require interaction with government departments at different levels for their day-to-day activities. The government of India’s aim is to improve the lives of the nation’s citizens by doing much more than simply implementing technology. The prime minister is addressing challenges such as sanitation, health care and urbanization through a mission approach. For example, financial inclusion, the delivery of financial services at affordable costs to vast sections of disadvantaged and low-income groups, has several missions, as illustrated in figure 1.
Figure 1—Government Schemes to Achieve Financial Inclusion Mission
Objective
Target
Jan Dhan Yojana
A financial inclusion mission to provide access to financial services to all sections of Indian society
To ensure that all Indian households have at least 1 bank account
Pradhan Mantri Suraksha Bima Yojana
To create a universal social security system for the poor and the underprivileged who do not have any insurance coverage
To provide an accidental death-cumdisability coverage of INR 2 lakh in the age group of 18-70 years
Pradhan Mantri Jeevan Jyoti Bima Yojana
Creating a universal social security system, targeted especially at the poor and the underprivileged who do not have any insurance coverage
To provide life insurance coverage of INR 2 lakh to Indian citizens in the age group of 18-50 years
Atal Pension Yojana
To address old-age security needs
To provide people in the age group 1840 years a fixed monthly payment after attaining the age of 60 years
Mudra
To provide capital to small/micro units to encourage entrepreneurship
To provide easy funding to 57 million small businesses
Pradhan Mantri Awas Yojana
To address the housing requirements of urban poor
To enable 20 million urban poor to own houses by the year 2022
Source: www.narendramodi.in. Reprinted with permission. To achieve their objectives, various departments are using IT to create systems for implementing various activities, then monitoring performance to track progress and reporting back to top management who are responsible for these missions. This clearly shows that IT is playing a big role at all levels to enable officials to deliver and fulfil the objectives of these missions. The departments have domain experts with little or no IT knowledge and have to depend largely on external consultants (IT companies) to meet their IT needs. Hence, a gap is being created between the business and IT, which results in the creation of IT assets that create little to no value for the stakeholders. The result is dissatisfied users.
____________________________________________________ To read the rest of this article, click here. Carly555
at 10/25/2017 12:58:31 PM
You must sign in to rate content.
(2 ratings)
Cities and COBIT5 The United nations General Asembly has designated the 31st of October as Wordl Cities Day. COBIT5 can help to meet opportunities enable by TI. Would you please read and share this article? http://www.isaca.org/Knowledge-Center/Research/Documents/COBIT-Focus-COBIT-5-Aids-Transition-to-Smart-and-Sustainable-Citiest_nlt_Eng_0717.pdf What about your city? Is it smart? Sustainable? Is COBIT5 a helpful framework for that? Best, Graciela Graciela Braga
at 10/31/2017 11:02:22 AM
You must sign in to rate content.
(Unrated)
COBIT Focus - Delivering Disruptive Innovation Using the COBIT 5 Framework In today’s competitive and dynamic business environment, it is mandatory to have disruptive innovation capability or capabilities both for growing a business and protecting existing markets. Yet delivering disruptive innovation needs new mindsets and behaviors for organization leaders and the organizations they lead. This article describes how to use the COBIT® 5 framework to deliver disruptive innovation. What Is Disruptive Innovation? Disruptive innovation [i] describes a process whereby a smaller organization (entrant) with fewer resources is able to successfully challenge an established, successful competitor (incumbent) (figure 1). Specifically, as the large organization focuses on improving its products/services for its most demanding (and, usually,most profitable) customers, it exceeds the needs of some segments and ignores the needs of others. The entrant begins by successfully targeting those overlooked segments, gaining a foothold by delivering more suitable functionality, frequently at a lower price. For example, with Google Apps, Google challenged conventional word processing, calendaring and spreadsheet programs. By focusing on simplicity, effectiveness, collaboration and the cloud,it has created an industry for online integrated document sharing. ________________ To read the rest of this article, Click here.
Carly555
at 11/30/2017 2:52:04 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Drive Transparent and Measurable Value With COBIT 5 Process Metrics “If you cannot measure it, you cannot manage it” is a saying that applies to governance of enterprise IT (GEIT) just as much as it does to the entire organization. Not only would one fail the test of effective governance and management without metrics, but improvement would lag and proof of value would be, at best, unfounded. The Corporate Executive Board indicated that 2 of the attributes of a world-class IT organization include measuring IT strategic impact and creating a business value framework.[i] Proactive and business-driven metrics are critical to delivering transparent IT value in any organization. The metrics in COBIT 5 can be adapted by an organization of any size in any industry to manage, improve and deliver transparent measurable business impact.
The COBIT 5 goals cascade, which translates stakeholder (including internal and external customers) needs into specific actionable goals at various levels within the enterprise, facilitates alignment and integration of business and IT strategy. COBIT 5 combines the goals cascade and the balanced scorecard (BSC) perspectives (financial,customer, internal, and learning and growth) to ensure that metrics at all levels(enterprise and IT-related) track the achievement of overall objectives and priorities of the organization. Since goals can only be achieved through effective practices and processes, COBIT 5 further provides enabling processes and activities required for goal attainment. Because they are the critical underpinning, processes also must have associated metrics to support the enterprise and IT-related metrics developed. _____________________________________ To see the rest of this article and to discuss below, click here. Carly555
at 12/12/2017 1:33:53 PM
You must sign in to rate content.
(Unrated)
COBIT Focus - Portfolio, Program and Project Management Using COBIT 5, Part 2 This is a continuation of a previousarticle [i] published in COBIT Focus in September2017. The first article discussed the approach for mapping COBIT® 5 with the Project Management Institute (PMI)standards and TheStandard for Program Management–Fourth Edition.[ii] This article covers the mapping of the processes in the PMI standards with those of COBIT 5. PMI’s standards have been adopted by many organizations. Each of the publications listed in figure 1 focuses on, identifies and defines processes for implementing these standards. Each standard has a different number of processes, as shown in the third column in figure 1. ___________________ To read the rest, click here Daniel362
at 12/26/2017 1:10:59 PM
You must sign in to rate content.
(Unrated)
Money/Finance as an enabler Greetings to all, I was wondering why isn't finance/money considered as an enabler just like other resources (5-information, 6-Services, Infrastructure and Applications, 7-People, Skills and Competencies) ijomaa
.
at 1/9/2018 9:01:07 PM
You must sign in to rate content.
(Unrated)
Cobit 5 framework mapping with ISO 27001 and ITIL I looked around ISACA and many other associations, websites and i could find out direct mapping of Cobit 5 and ISO27001 and possibly with ITIL . I found many discussions, guides and highlevel mapping to COBIT 4but never COBIT 5. Any help would be appreciated Rudy487
at 1/22/2018 10:16:47 AM
You must sign in to rate content.
(1 ratings)
Focus: Portfolio, Program and Project Management Using COBIT 5, Part 3 This is the continuation of a series of articles published in COBIT Focus beginning in September 2017. The first article [i] discussed the approach for mapping COBIT® 5 with the Project Management Institute (PMI’s) standards and publication A Guide to the Project Management Body of Knowledge(PMBOK Guide). The second article discussed the differences between PMI standards and COBIT 5 at a high level.
[ii] PMI published the standards shown in figure 1 that have been adopted by manyorganizations. Each of these publications has identified and defined processesfor implementing these standards. Each standard has a different number ofprocesses, as shown in the second column of figure 1. Figure 1—PMI Publications
Name of Publication
Process Groups
Number of Processes
A Guide to the Project Management Body of Knowledge 5th Edition
3
15
The Standard for Program Management 3 rd Edition
5
36
The Standard for Portfolio Management 3 rd Edition
5
47
This article provides a mapping of the portfoliomanagement standards with the COBIT 5 processes. The approach shown in figure 2 was developed to map the PMIstandards with COBIT 5 processes. PMI has revised the publications noted with a fourth edition, updating portfolio [iii] and program management.[iv] A sixth edition of PMBOK[v] was published in September 2017. However, since this mapping was undertaken prior to these publications, the standards listed in figure 1 are described herein. The changes in new editions shall be discussed subsequently. To read the rest of this article, click here: http://www.isaca.org/COBIT/focus/Pages/portfolio-program-and-project-management-using-cobit-5-part-3.aspx Carly555
at 1/24/2018 1:20:45 PM
You must sign in to rate content.
(Unrated)
Tips to implement Cobit 5 for IT governance Hi, The main purpose of this discussion is to get to know about how to optimize Cobit 5 in implementing IT governance framework in an enterprise. Please participate and lets assist each other to learn it from beginner to expert level. Thanks, Kind Regards, Obaidullah Obaidullah605
at 3/6/2018 5:08:32 AM
You must sign in to rate content.
(Unrated)
Leave a Comment You must login to leave a comment.
Start a Discussion You must be a logged in to start a discussion.
Join / Leave this Group
You must be logged in to join this group.
« RETURN TO ALL DISCUSSIONS « RETURN TO TOPIC
REPORT THIS
* required