SlideShare uma empresa Scribd logo

COBIT 5 FAQ

Mas'ud Adhi Saputra
Mas'ud Adhi Saputra

COBIT 5 Frequently Asked Questions

Liderança e gerenciamento
1 de 4
Baixar para ler offline
COBIT® 5 Frequently Asked Questions (FAQs) 1. What is the purpose of COBIT 5? COBIT 5 provides a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of enterprise information and technology assets (IT). Simply stated, it helps enterprises create optimal value from IT by maintaining a balance between realising benefits and optimising risk levels and resource use. COBIT 5 enables IT to be governed and managed in a holistic manner for the entire enterprise, taking in the full end‐to‐end business and IT functional areas of responsibility, considering the IT‐related interests of internal and external stakeholders. COBIT 5 is generic and useful for enterprises of all sizes, whether commercial, not‐for‐profit or in the public sector. 2. Who is using COBIT 5? COBIT 5 is used globally by those who have the primary responsibility for business processes and technology, depend on technology for relevant and reliable information, and provide quality, reliability and control of information and related technology. 3. Where are the control objectives in COBIT 5? Based on five principles and seven enablers, COBIT 5 uses governance and management practices to describe actions that are examples of good practices to effect governance and management over enterprise IT. Many of these practices and the supporting activities exert ‘control’ over the process to deliver the required outcome. The move from the ‘control objectives’ term was explained in an ISACA® Journal article (volume 4, 2011) written by one of COBIT’s first contributors, Erik Guldentops. The article can be found at this link ’Where Have All The Control Objectives Gone?’ (www.isaca.org/Journal/Past-Issues/2011/volume-4/ pages/Where-Have-All-the-Control-Objectives-Gone.aspx)?w眀w.isac愀⸀org/J漀u爀nal⼀P愀猀t-Is猀甀es/201㄀⼀Vo氀um攀ⴀ4/倀a最e猀⼀Wh攀re-H愀v4. Are there other major differences between COBIT 4.1 and COBIT 5? Yes, the framework design for COBIT 5 was revisited and restructured to ensure complete coverage for all major aspects related to the governance and management of enterprise IT. ISACA has prepared a presentation that outlines the main changes introduced. The presentation can be found at this link ’Compare COBIT versions 4.1 to 5’. 5. What is the overall quality of COBIT 5, and were any industry professionals part of the expert review? To assure the high quality of COBIT 5, several measures were taken. The most important measures are: • The entire research process was overseen by both ISACA’s Knowledge Board and Framework Committee, which are responsible for overseeing all ISACA framework research development. • The detailed research results and deliverables were quality‐controlled throughout the development process by a dedicated task force of experienced volunteer professionals. • A draft design document was issued for public exposure, and the feedback was integrated into the development work to produce the final COBIT 5 products. Before being issued, the draft
development products were distributed to more than 100 subject matter experts around the world to obtain their professional review. • Once ready, draft versions of COBIT 5 and COBIT® 5: Enabling Processes were made available to the public for review. Many good comments were received, suggesting further improvements for consideration. Survey questions concerning the level of satisfaction of the work at the draft stage were included in the public exposure activity, with 79 percent of the responses being positive. Based on the review comments, the development team made changes as appropriate. • The final product was reviewed by COBIT 5 Task Force members, the Framework Committee and the Knowledge Board. 6. Can I use COBIT 5 as a statement of criteria for specific audit conclusions? There are additional professional guides planned that will extend COBIT 5. Amongst these is COBIT 5 for Assurance. This will serve as the guide for assurance professionals wanting to use COBIT 5 in their work. Once complete, COBIT 5 for Assurance will provide comprehensive guidance on using COBIT 5 to support assurance activities. The completion of this guide is planned for 2013. 7. What training is available for the use of COBIT 5? ISACA is developing an education and training portfolio to support COBIT 5. As training is developed, ISACA will communicate news via appropriate media, including the Education & Training page in the COBIT 5 area of the ISACA web site. 8. In what way can I suggest to executive management that it use COBIT 5? Because COBIT is business‐oriented, using it to deliver value and govern and manage IT‐related business risk is straightforward. The COBIT 5 two‐page executive summary and supporting short presentation can be used in the discussion with management. The goals cascade in the framework can be used to: • Determine stakeholder needs and governance objectives (value creation) • Identify enterprise goals that can support stakeholder needs. If the balanced scorecard (BSC) is used to develop these goals, then a common set of terms can be used to communicate the goals. Enterprise goals from the BSC are reproduced in figure 5 on page 19 of COBIT 5. • Select IT‐related goals (for each enterprise goal) that will facilitate the achievement of the goals. IT‐related goals can be found in figure 6 on page 19 of COBIT 5. • Achieve IT‐related goals. This requires the successful application and use of enablers. The framework describes enablers in detail in chapter 5. One of the enablers, processes, is treated separately in the COBIT 5: Enabling Processes publication. • Present the proposed set of needs, goals and enablers to executive management as a means of delivering effective governance and management of IT‐related technology 9. Is the COBIT 5 framework superior to the other standards and frameworks such as the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27000 series and Information Technology Infrastructure Library (ITIL®)? Most enterprise stakeholders and executive management are aware of the importance of the general control frameworks with respect to their fiduciary responsibility, such as Committee of
Sponsoring Organizations of the Treadway Commission (COSO), Code of Connection (CoCo), the UK Corporate Governance Code, King III, etc.; however, enterprise stakeholders and executive management may not necessarily be aware of the details of each framework. In addition, enterprise managers are increasingly aware of the more technical security guidance, such as the ISO/IEC 27000 series, and service delivery guidance, such as ITIL. Although the aforementioned standard and framework emphasise business control and IT security and service management and delivery issues in specific areas of enterprise IT‐related activity, only COBIT 5 integrates all functions and processes that establish the governance of enterprise IT (GEIT) into overall enterprise governance and from a business perspective. It should be noted that ISO/IEC 15504 and ITIL V3 were used to develop the governance and management practices. COBIT 5 is not meant to replace any of these frameworks or standards. It is intended to emphasise what governance and management elements and practices are required to create value from information and technology in support of enterprise business goals. 10. What is the quickest and best way to convince key executives and other enterprise stakeholders of the value of using COBIT 5? The enterprise’s culture is vitally important. A proactive culture will be more receptive than one that is not proactive; however, consider emphasizing COBIT’s focus on stakeholder value creation, it being business driven, its alignment with other internationally recognised standards and frameworks, and its simple, but complete, structure. COBIT 5 is based on five principles and seven enablers. All other governance and management guidance in COBIT 5 cascade from these basic areas. 11. Has the COBIT 5 framework been accepted by C‐level executives? Yes, previous versions of COBIT have been accepted in many enterprises globally, and new cases continue to be documented. However, it should not be a surprise that in those entities where the chief information officer (CIO) has embraced COBIT as a business framework for information and technology, this has come as a direct consequence of one or more COBIT champions within the audit and/or IT function(s). Even more important than acceptance by the CIO is acceptance by the board of directors and executive management. Successful implementation of governance and management of enterprise IT using COBIT depends greatly on the commitment of the executive management team as a whole. The CIO alone cannot implement COBIT 5 effectively throughout the enterprise because there are implications for many areas of the enterprise outside of the IT function. The emphasis on value creation and alignment of stakeholder needs, enterprise goals, and IT‐related goals will ensure that COBIT 5 is seen as a business framework. 12. How is COBIT 5 aligned with the international standard on IT governance, ISO/IEC 38500? COBIT 5 clearly differentiates between the key areas of governance and management. In alignment with ISO/IEC 38500, COBIT 5 presents governance in terms of Evaluate, Direct and Monitor. These terms come directly from the standard’s ’Model for Corporate Governance of IT’. 13. Do I need to meet an exact level when assessing a process using COBIT's process assessment models?
The main purpose of the COBIT assessment programme (the programme web site can be found at this link ‘COBIT Assessment Programme’) is to give management a robust, reliable, repeatable approach and supporting tools to better understand the current capability of their governance and management processes, and to help management do benchmarking, gap analysis and process improvement planning. The assessment objective is to understand the level of capability that is present and the level that is appropriate for a given process, based on business requirements, and to understand the nature of any gaps so that any significant weaknesses in the process can be identified and improved. 14. What does COBIT stand for? COBIT was originally an acronym for Control Objectives for Information and related Technology. Now used in short form, COBIT is used to identify the name of the framework. 15. Why is COBIT 5 presented in international English? Starting with the first COBIT (1996), a conscious effort was made to use international English to underscore the global nature of the sources that went into its development (the international standards and frameworks used as references) and the global application of the resulting COBIT. Over the years, this approach has been questioned and challenged from time to time, but it has remained in place and all COBIT derivative products follow this rule as well.

Recomendados

Cobit 5 - An Overview
Cobit 5 - An OverviewCobit 5 - An Overview
Cobit 5 - An Overview
Anurag Purohit
 
Cobit5
Cobit5Cobit5
Cobit5
ISACA-Istanbul
 
Cobit 4.1 ivo oktavianti
Cobit 4.1 ivo oktaviantiCobit 4.1 ivo oktavianti
Cobit 4.1 ivo oktavianti
darminritonga amy
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
Markus Yaldu
 
COBIT 5 as a standard in the Jordanian banking system
COBIT 5 as a standard in the Jordanian banking systemCOBIT 5 as a standard in the Jordanian banking system
COBIT 5 as a standard in the Jordanian banking system
Mark Constable
 
Cobit 2019 foundation study material
Cobit 2019 foundation study materialCobit 2019 foundation study material
Cobit 2019 foundation study material
Anees Shaikh
 
COBIT 5.0 vs COBIT 2019
COBIT 5.0 vs COBIT 2019COBIT 5.0 vs COBIT 2019
COBIT 5.0 vs COBIT 2019
Sreechith Radhakrishnan
 
Cobit 5 introduction plgr
Cobit 5 introduction plgrCobit 5 introduction plgr
Cobit 5 introduction plgr
Pedro Garcia Repetto
 

Recomendados

Cobit 5 - An Overview
Cobit 5 - An OverviewCobit 5 - An Overview
Cobit 5 - An Overview
Anurag Purohit
 
Cobit5
Cobit5Cobit5
Cobit5
ISACA-Istanbul
 
Cobit 4.1 ivo oktavianti
Cobit 4.1 ivo oktaviantiCobit 4.1 ivo oktavianti
Cobit 4.1 ivo oktavianti
darminritonga amy
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
Markus Yaldu
 
COBIT 5 as a standard in the Jordanian banking system
COBIT 5 as a standard in the Jordanian banking systemCOBIT 5 as a standard in the Jordanian banking system
COBIT 5 as a standard in the Jordanian banking system
Mark Constable
 
Cobit 2019 foundation study material
Cobit 2019 foundation study materialCobit 2019 foundation study material
Cobit 2019 foundation study material
Anees Shaikh
 
COBIT 5.0 vs COBIT 2019
COBIT 5.0 vs COBIT 2019COBIT 5.0 vs COBIT 2019
COBIT 5.0 vs COBIT 2019
Sreechith Radhakrishnan
 
Cobit 5 introduction plgr
Cobit 5 introduction plgrCobit 5 introduction plgr
Cobit 5 introduction plgr
Pedro Garcia Repetto
 
Cobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise ITCobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise IT
Balasubramanian.C PMP®,ITIL®,PRINCE2®,COBIT®5
 
COBIT5 Introduction
COBIT5 IntroductionCOBIT5 Introduction
COBIT5 Introduction
Mohammad Reda Katby
 
Introduction to COBIT 2019 Certification and Training
Introduction to COBIT 2019 Certification and TrainingIntroduction to COBIT 2019 Certification and Training
Introduction to COBIT 2019 Certification and Training
Mark Edmead
 
Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111
Patrick Soenen
 
Study Notes - COBIT 5 Foundation Certification
Study Notes - COBIT 5 Foundation CertificationStudy Notes - COBIT 5 Foundation Certification
Study Notes - COBIT 5 Foundation Certification
WAJAHAT IQBAL
 
Cobit Foundation Training
Cobit Foundation TrainingCobit Foundation Training
Cobit Foundation Training
vyomlabs
 
Cobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposalCobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposal
Emilio Gratton
 
CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
EnterpriseGRC Solutions, Inc.
 
What is Cobit
What is CobitWhat is Cobit
What is Cobit
Ben Kalland
 
Cobit 5 used in an information security review
Cobit 5 used in an information security reviewCobit 5 used in an information security review
Cobit 5 used in an information security review
Johnbarchie
 
COBIT 5 - Principal 3 Applying A Single Integrated Framework
COBIT 5 - Principal 3 Applying A Single Integrated FrameworkCOBIT 5 - Principal 3 Applying A Single Integrated Framework
COBIT 5 - Principal 3 Applying A Single Integrated Framework
Mohammad Reda Katby
 
Comparación de CobiT 5 con CobiT 4.1
Comparación de CobiT 5 con CobiT 4.1Comparación de CobiT 5 con CobiT 4.1
Comparación de CobiT 5 con CobiT 4.1
Slime Argentina
 
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
CTE Solutions Inc.
 
DevOps, BA and COBIT don’t really align, or do they?
DevOps, BA and COBIT don’t really align, or do they?DevOps, BA and COBIT don’t really align, or do they?
DevOps, BA and COBIT don’t really align, or do they?
IIBA-Canberra
 
Governance Tools Boyd Carter 2006
Governance Tools Boyd Carter 2006Governance Tools Boyd Carter 2006
Governance Tools Boyd Carter 2006
Freelancer Training
 
Lailatul izzati
Lailatul izzatiLailatul izzati
Lailatul izzati
Lailatul Izzati
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001
Burcu Pelin TELLİ
 
COBIT 5 - Principal 5 Separating Governance From Management
COBIT 5 - Principal 5 Separating Governance From ManagementCOBIT 5 - Principal 5 Separating Governance From Management
COBIT 5 - Principal 5 Separating Governance From Management
Mohammad Reda Katby
 
Cobit 4.1 Highlights
Cobit 4.1 HighlightsCobit 4.1 Highlights
Cobit 4.1 Highlights
geoffharmer
 
Bluevibe@Fsc1
Bluevibe@Fsc1Bluevibe@Fsc1
Bluevibe@Fsc1
OESYNE
 
Cobit
CobitCobit
Cobit
Securelogy
 
Intro To COBIT IT Controls And Cost Benefit Analysis
Intro To COBIT IT Controls And Cost Benefit AnalysisIntro To COBIT IT Controls And Cost Benefit Analysis
Intro To COBIT IT Controls And Cost Benefit Analysis
webmentorman
 

Mais conteúdo relacionado

Mais procurados

Comparación de CobiT 5 con CobiT 4.1
Comparación de CobiT 5 con CobiT 4.1Comparación de CobiT 5 con CobiT 4.1
Comparación de CobiT 5 con CobiT 4.1
Slime Argentina
 
DevOps, BA and COBIT don’t really align, or do they?
DevOps, BA and COBIT don’t really align, or do they?DevOps, BA and COBIT don’t really align, or do they?
DevOps, BA and COBIT don’t really align, or do they?
IIBA-Canberra
 

Mais procurados (19)

Cobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise ITCobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise IT
 
COBIT5 Introduction
COBIT5 IntroductionCOBIT5 Introduction
COBIT5 Introduction
 
Introduction to COBIT 2019 Certification and Training
Introduction to COBIT 2019 Certification and TrainingIntroduction to COBIT 2019 Certification and Training
Introduction to COBIT 2019 Certification and Training
 
Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111
 
Study Notes - COBIT 5 Foundation Certification
Study Notes - COBIT 5 Foundation CertificationStudy Notes - COBIT 5 Foundation Certification
Study Notes - COBIT 5 Foundation Certification
 
Cobit Foundation Training
Cobit Foundation TrainingCobit Foundation Training
Cobit Foundation Training
 
Cobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposalCobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposal
 
CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
 
What is Cobit
What is CobitWhat is Cobit
What is Cobit
 
Cobit 5 used in an information security review
Cobit 5 used in an information security reviewCobit 5 used in an information security review
Cobit 5 used in an information security review
 
COBIT 5 - Principal 3 Applying A Single Integrated Framework
COBIT 5 - Principal 3 Applying A Single Integrated FrameworkCOBIT 5 - Principal 3 Applying A Single Integrated Framework
COBIT 5 - Principal 3 Applying A Single Integrated Framework
 
Comparación de CobiT 5 con CobiT 4.1
Comparación de CobiT 5 con CobiT 4.1Comparación de CobiT 5 con CobiT 4.1
Comparación de CobiT 5 con CobiT 4.1
 
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
 
DevOps, BA and COBIT don’t really align, or do they?
DevOps, BA and COBIT don’t really align, or do they?DevOps, BA and COBIT don’t really align, or do they?
DevOps, BA and COBIT don’t really align, or do they?
 
Governance Tools Boyd Carter 2006
Governance Tools Boyd Carter 2006Governance Tools Boyd Carter 2006
Governance Tools Boyd Carter 2006
 
Lailatul izzati
Lailatul izzatiLailatul izzati
Lailatul izzati
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001
 
COBIT 5 - Principal 5 Separating Governance From Management
COBIT 5 - Principal 5 Separating Governance From ManagementCOBIT 5 - Principal 5 Separating Governance From Management
COBIT 5 - Principal 5 Separating Governance From Management
 
Cobit 4.1 Highlights
Cobit 4.1 HighlightsCobit 4.1 Highlights
Cobit 4.1 Highlights
 

Destaque

Bluevibe@Fsc1
Bluevibe@Fsc1Bluevibe@Fsc1
Bluevibe@Fsc1
OESYNE
 
PO7: Adminsitrar Recursos Humanos de TI
PO7: Adminsitrar Recursos Humanos de TIPO7: Adminsitrar Recursos Humanos de TI
PO7: Adminsitrar Recursos Humanos de TI
Blue Delacour
 
Crisis management - Types and Examples
Crisis management - Types and ExamplesCrisis management - Types and Examples
Crisis management - Types and Examples
Nupur Bhardwaj
 

Destaque (8)

Bluevibe@Fsc1
Bluevibe@Fsc1Bluevibe@Fsc1
Bluevibe@Fsc1
 
Cobit
CobitCobit
Cobit
 
Intro To COBIT IT Controls And Cost Benefit Analysis
Intro To COBIT IT Controls And Cost Benefit AnalysisIntro To COBIT IT Controls And Cost Benefit Analysis
Intro To COBIT IT Controls And Cost Benefit Analysis
 
Using COBIT PO9 to perform Project Risk Analysis
Using COBIT PO9 to perform Project Risk AnalysisUsing COBIT PO9 to perform Project Risk Analysis
Using COBIT PO9 to perform Project Risk Analysis
 
PO5 Y PO6 DE COBIT
PO5 Y PO6 DE COBITPO5 Y PO6 DE COBIT
PO5 Y PO6 DE COBIT
 
PO7: Adminsitrar Recursos Humanos de TI
PO7: Adminsitrar Recursos Humanos de TIPO7: Adminsitrar Recursos Humanos de TI
PO7: Adminsitrar Recursos Humanos de TI
 
Crisis management - Types and Examples
Crisis management - Types and ExamplesCrisis management - Types and Examples
Crisis management - Types and Examples
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
 

Semelhante a COBIT 5 FAQ

Semelhante a COBIT 5 FAQ (20)

Cobit 4.1 ivooktavianti
Cobit 4.1 ivooktaviantiCobit 4.1 ivooktavianti
Cobit 4.1 ivooktavianti
 
Cobit 4.1 ivo oktavianti
Cobit 4.1 ivo oktaviantiCobit 4.1 ivo oktavianti
Cobit 4.1 ivo oktavianti
 
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptxPPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
 
Donna Febriani
Donna FebrianiDonna Febriani
Donna Febriani
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
 
02-cobit5-introduction.ppt
02-cobit5-introduction.ppt02-cobit5-introduction.ppt
02-cobit5-introduction.ppt
 
Darmin ritonga 11353205418
Darmin ritonga 11353205418Darmin ritonga 11353205418
Darmin ritonga 11353205418
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
 
Cobit® 5 Comparação com Cobit® 4
Cobit® 5 Comparação com Cobit® 4Cobit® 5 Comparação com Cobit® 4
Cobit® 5 Comparação com Cobit® 4
 
Cobit5 compare-with-4.1
Cobit5 compare-with-4.1Cobit5 compare-with-4.1
Cobit5 compare-with-4.1
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
 
COBIT
COBITCOBIT
COBIT
 
Cobit 4.1 indri
Cobit 4.1 indriCobit 4.1 indri
Cobit 4.1 indri
 
COBIT5-IntroductionS
COBIT5-IntroductionSCOBIT5-IntroductionS
COBIT5-IntroductionS
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
 
Audit rizkie hafizzah
Audit rizkie hafizzahAudit rizkie hafizzah
Audit rizkie hafizzah
 
Uas dwi widiastuti
Uas dwi widiastutiUas dwi widiastuti
Uas dwi widiastuti
 
Co5bit
Co5bitCo5bit
Co5bit
 
COBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKCOBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORK
 

Último

Becoming an Inclusive Leader - Bernadette Thompson
Becoming an Inclusive Leader - Bernadette ThompsonBecoming an Inclusive Leader - Bernadette Thompson
Becoming an Inclusive Leader - Bernadette Thompson
PPMA - Public Sector People Managers' Association
 
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTECAbortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Riyadh +966572737505 get cytotec
 
Agile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxAgile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptx
alinstan901
 
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
dollysharma2066
 
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 

Último (20)

Peak Performance & Resilience - Dr Dorian Dugmore
Peak Performance & Resilience - Dr Dorian DugmorePeak Performance & Resilience - Dr Dorian Dugmore
Peak Performance & Resilience - Dr Dorian Dugmore
 
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
 
Disrupt or be Disrupted - Kirk Vallis.pdf
Disrupt or be Disrupted - Kirk Vallis.pdfDisrupt or be Disrupted - Kirk Vallis.pdf
Disrupt or be Disrupted - Kirk Vallis.pdf
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC Bootcamp
 
Unlocking the Future - Dr Max Blumberg, Founder of Blumberg Partnership
Unlocking the Future - Dr Max Blumberg, Founder of Blumberg PartnershipUnlocking the Future - Dr Max Blumberg, Founder of Blumberg Partnership
Unlocking the Future - Dr Max Blumberg, Founder of Blumberg Partnership
 
Becoming an Inclusive Leader - Bernadette Thompson
Becoming an Inclusive Leader - Bernadette ThompsonBecoming an Inclusive Leader - Bernadette Thompson
Becoming an Inclusive Leader - Bernadette Thompson
 
Imagine - Creating Healthy Workplaces - Anthony Montgomery.pdf
Imagine - Creating Healthy Workplaces - Anthony Montgomery.pdfImagine - Creating Healthy Workplaces - Anthony Montgomery.pdf
Imagine - Creating Healthy Workplaces - Anthony Montgomery.pdf
 
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
 
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTECAbortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
 
internal analysis on strategic management
internal analysis on strategic managementinternal analysis on strategic management
internal analysis on strategic management
 
Agile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxAgile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptx
 
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
 
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
 
Continuous Improvement Infographics for Learning
Continuous Improvement Infographics for LearningContinuous Improvement Infographics for Learning
Continuous Improvement Infographics for Learning
 
Empowering Local Government Frontline Services - Mo Baines.pdf
Empowering Local Government Frontline Services - Mo Baines.pdfEmpowering Local Government Frontline Services - Mo Baines.pdf
Empowering Local Government Frontline Services - Mo Baines.pdf
 
Leadership in Crisis - Helio Vogas, Risk & Leadership Keynote Speaker
Leadership in Crisis - Helio Vogas, Risk & Leadership Keynote SpeakerLeadership in Crisis - Helio Vogas, Risk & Leadership Keynote Speaker
Leadership in Crisis - Helio Vogas, Risk & Leadership Keynote Speaker
 
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
 
Construction Project Management | Coursera 2024
Construction Project Management | Coursera 2024Construction Project Management | Coursera 2024
Construction Project Management | Coursera 2024
 
Imagine - HR; are handling the 'bad banter' - Stella Chandler.pdf
Imagine - HR; are handling the 'bad banter' - Stella Chandler.pdfImagine - HR; are handling the 'bad banter' - Stella Chandler.pdf
Imagine - HR; are handling the 'bad banter' - Stella Chandler.pdf
 
LoveLocalGov - Chris Twigg, Inner Circle
LoveLocalGov - Chris Twigg, Inner CircleLoveLocalGov - Chris Twigg, Inner Circle
LoveLocalGov - Chris Twigg, Inner Circle
 

COBIT 5 FAQ

  • 1. COBIT® 5 Frequently Asked Questions (FAQs) 1. What is the purpose of COBIT 5? COBIT 5 provides a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of enterprise information and technology assets (IT). Simply stated, it helps enterprises create optimal value from IT by maintaining a balance between realising benefits and optimising risk levels and resource use. COBIT 5 enables IT to be governed and managed in a holistic manner for the entire enterprise, taking in the full end‐to‐end business and IT functional areas of responsibility, considering the IT‐related interests of internal and external stakeholders. COBIT 5 is generic and useful for enterprises of all sizes, whether commercial, not‐for‐profit or in the public sector. 2. Who is using COBIT 5? COBIT 5 is used globally by those who have the primary responsibility for business processes and technology, depend on technology for relevant and reliable information, and provide quality, reliability and control of information and related technology. 3. Where are the control objectives in COBIT 5? Based on five principles and seven enablers, COBIT 5 uses governance and management practices to describe actions that are examples of good practices to effect governance and management over enterprise IT. Many of these practices and the supporting activities exert ‘control’ over the process to deliver the required outcome. The move from the ‘control objectives’ term was explained in an ISACA® Journal article (volume 4, 2011) written by one of COBIT’s first contributors, Erik Guldentops. The article can be found at this link ’Where Have All The Control Objectives Gone?’ (www.isaca.org/Journal/Past-Issues/2011/volume-4/ pages/Where-Have-All-the-Control-Objectives-Gone.aspx)?w眀w.isac愀⸀org/J漀u爀nal⼀P愀猀t-Is猀甀es/201㄀⼀Vo氀um攀ⴀ4/倀a最e猀⼀Wh攀re-H愀v4. Are there other major differences between COBIT 4.1 and COBIT 5? Yes, the framework design for COBIT 5 was revisited and restructured to ensure complete coverage for all major aspects related to the governance and management of enterprise IT. ISACA has prepared a presentation that outlines the main changes introduced. The presentation can be found at this link ’Compare COBIT versions 4.1 to 5’. 5. What is the overall quality of COBIT 5, and were any industry professionals part of the expert review? To assure the high quality of COBIT 5, several measures were taken. The most important measures are: • The entire research process was overseen by both ISACA’s Knowledge Board and Framework Committee, which are responsible for overseeing all ISACA framework research development. • The detailed research results and deliverables were quality‐controlled throughout the development process by a dedicated task force of experienced volunteer professionals. • A draft design document was issued for public exposure, and the feedback was integrated into the development work to produce the final COBIT 5 products. Before being issued, the draft
  • 2. development products were distributed to more than 100 subject matter experts around the world to obtain their professional review. • Once ready, draft versions of COBIT 5 and COBIT® 5: Enabling Processes were made available to the public for review. Many good comments were received, suggesting further improvements for consideration. Survey questions concerning the level of satisfaction of the work at the draft stage were included in the public exposure activity, with 79 percent of the responses being positive. Based on the review comments, the development team made changes as appropriate. • The final product was reviewed by COBIT 5 Task Force members, the Framework Committee and the Knowledge Board. 6. Can I use COBIT 5 as a statement of criteria for specific audit conclusions? There are additional professional guides planned that will extend COBIT 5. Amongst these is COBIT 5 for Assurance. This will serve as the guide for assurance professionals wanting to use COBIT 5 in their work. Once complete, COBIT 5 for Assurance will provide comprehensive guidance on using COBIT 5 to support assurance activities. The completion of this guide is planned for 2013. 7. What training is available for the use of COBIT 5? ISACA is developing an education and training portfolio to support COBIT 5. As training is developed, ISACA will communicate news via appropriate media, including the Education & Training page in the COBIT 5 area of the ISACA web site. 8. In what way can I suggest to executive management that it use COBIT 5? Because COBIT is business‐oriented, using it to deliver value and govern and manage IT‐related business risk is straightforward. The COBIT 5 two‐page executive summary and supporting short presentation can be used in the discussion with management. The goals cascade in the framework can be used to: • Determine stakeholder needs and governance objectives (value creation) • Identify enterprise goals that can support stakeholder needs. If the balanced scorecard (BSC) is used to develop these goals, then a common set of terms can be used to communicate the goals. Enterprise goals from the BSC are reproduced in figure 5 on page 19 of COBIT 5. • Select IT‐related goals (for each enterprise goal) that will facilitate the achievement of the goals. IT‐related goals can be found in figure 6 on page 19 of COBIT 5. • Achieve IT‐related goals. This requires the successful application and use of enablers. The framework describes enablers in detail in chapter 5. One of the enablers, processes, is treated separately in the COBIT 5: Enabling Processes publication. • Present the proposed set of needs, goals and enablers to executive management as a means of delivering effective governance and management of IT‐related technology 9. Is the COBIT 5 framework superior to the other standards and frameworks such as the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27000 series and Information Technology Infrastructure Library (ITIL®)? Most enterprise stakeholders and executive management are aware of the importance of the general control frameworks with respect to their fiduciary responsibility, such as Committee of
  • 3. Sponsoring Organizations of the Treadway Commission (COSO), Code of Connection (CoCo), the UK Corporate Governance Code, King III, etc.; however, enterprise stakeholders and executive management may not necessarily be aware of the details of each framework. In addition, enterprise managers are increasingly aware of the more technical security guidance, such as the ISO/IEC 27000 series, and service delivery guidance, such as ITIL. Although the aforementioned standard and framework emphasise business control and IT security and service management and delivery issues in specific areas of enterprise IT‐related activity, only COBIT 5 integrates all functions and processes that establish the governance of enterprise IT (GEIT) into overall enterprise governance and from a business perspective. It should be noted that ISO/IEC 15504 and ITIL V3 were used to develop the governance and management practices. COBIT 5 is not meant to replace any of these frameworks or standards. It is intended to emphasise what governance and management elements and practices are required to create value from information and technology in support of enterprise business goals. 10. What is the quickest and best way to convince key executives and other enterprise stakeholders of the value of using COBIT 5? The enterprise’s culture is vitally important. A proactive culture will be more receptive than one that is not proactive; however, consider emphasizing COBIT’s focus on stakeholder value creation, it being business driven, its alignment with other internationally recognised standards and frameworks, and its simple, but complete, structure. COBIT 5 is based on five principles and seven enablers. All other governance and management guidance in COBIT 5 cascade from these basic areas. 11. Has the COBIT 5 framework been accepted by C‐level executives? Yes, previous versions of COBIT have been accepted in many enterprises globally, and new cases continue to be documented. However, it should not be a surprise that in those entities where the chief information officer (CIO) has embraced COBIT as a business framework for information and technology, this has come as a direct consequence of one or more COBIT champions within the audit and/or IT function(s). Even more important than acceptance by the CIO is acceptance by the board of directors and executive management. Successful implementation of governance and management of enterprise IT using COBIT depends greatly on the commitment of the executive management team as a whole. The CIO alone cannot implement COBIT 5 effectively throughout the enterprise because there are implications for many areas of the enterprise outside of the IT function. The emphasis on value creation and alignment of stakeholder needs, enterprise goals, and IT‐related goals will ensure that COBIT 5 is seen as a business framework. 12. How is COBIT 5 aligned with the international standard on IT governance, ISO/IEC 38500? COBIT 5 clearly differentiates between the key areas of governance and management. In alignment with ISO/IEC 38500, COBIT 5 presents governance in terms of Evaluate, Direct and Monitor. These terms come directly from the standard’s ’Model for Corporate Governance of IT’. 13. Do I need to meet an exact level when assessing a process using COBIT's process assessment models?
  • 4. The main purpose of the COBIT assessment programme (the programme web site can be found at this link ‘COBIT Assessment Programme’) is to give management a robust, reliable, repeatable approach and supporting tools to better understand the current capability of their governance and management processes, and to help management do benchmarking, gap analysis and process improvement planning. The assessment objective is to understand the level of capability that is present and the level that is appropriate for a given process, based on business requirements, and to understand the nature of any gaps so that any significant weaknesses in the process can be identified and improved. 14. What does COBIT stand for? COBIT was originally an acronym for Control Objectives for Information and related Technology. Now used in short form, COBIT is used to identify the name of the framework. 15. Why is COBIT 5 presented in international English? Starting with the first COBIT (1996), a conscious effort was made to use international English to underscore the global nature of the sources that went into its development (the international standards and frameworks used as references) and the global application of the resulting COBIT. Over the years, this approach has been questioned and challenged from time to time, but it has remained in place and all COBIT derivative products follow this rule as well.