3. Areas of expertise
Governance of Enterprise IT (CGEIT)
Enterprise Risk Management (CRISC)
COBIT
ITIL Expert
PRINCE2 Practitioner
Experience
IT Director
VP, IT Operations
Enterprise Program Manager
Governance frameworks consulting
Mark Thomas, CGEIT, CRISC
5. Presentation Synopsis
In the IT Governance environment there are multiple frameworks,
models and standards to choose from. A challenge for most
organizations is simply understanding what all of these are, and
which ones are applicable or appropriate for them. Some common
questions include: If we’re using ITIL, should we consider
COBIT? How do ISO standards fit into my model? Should I be
using Project Management models if I already use COBIT?
In this insightful presentation on frameworks and standards
integration, explore the many models that are available
today: what they are, how they fit, and why choose them. Most
importantly, we will use COBIT as the framework integrator to
create a more holistic approach to leveraging multiple best
practices under a single model.
The purpose of this presentation is to gain an understanding of
various applicable frameworks that exist in the GEIT space, and
how to understand, position, and integrate multiple frameworks
using COBIT5.
6. Presentation Goals
Recognize the various frameworks in the GEIT ecosystem
and how they can be collectively used to align with
enterprise needs.
Understand a model to synchronize various frameworks
such as COBIT, ITIL, TOGAF, PRINCE2, PMBOK, and
many more.
Understand a model to synchronize various standards such
as ISO38500, ISO27000, ISO20000, ISO31000, and many
more.
Identify approaches to selecting appropriate frameworks for
your needs by leveraging COBIT5 as the framework
integrator.
10. How Do We Provide This Value?
EVALUATE stakeholder
needs, conditions and options
DIRECT through prioritization
and decision making
MONITOR performance,
compliance and progress
against agreed-on direction
and objectives
PLAN, BUILD, RUS and
MONITOR activities
Align with the direction set
by the governance body to
achieve the enterprise
objectives
12. Drivers for Framework Adoption
Rising demand for best
practices
More competitive landscape
Cost control
Conformance and performance
Meeting enterprise objectives
Technology investment
justification
13.
14. Standards and Good Practices
Example Framework Categories
Governance
Architecture
ITService
Management
Programand
Project
Management
Risk
Management
Security
Management
Qualityand
Improvement
Lifecycles
Example
Standards
ISO38500 ISO42010 ISO20000 ISO21500
ISO31000
NIST
ISO27001
NIST
ISO15504 ISO12207
Example
Good
Practices
COSO
COBIT
TOGAF
ASL/BiSL
ITIL
PMBOK
PRINCE2
COBIT5
For Risk
COBIT5
for
Security
SIX
SIGMA
PDCA
SDLC
AGILE
DEVOPS
This is not a complete list. It is a representation of the presenter’s experience only.
16. Scenario
Company Background
Managed service provider
Mid-market
Multi-tenant environment
Challenges
Regulatory and compliance
Multiple fragmented frameworks
Customer satisfaction
Duplicated efforts
17. Goals
Adopt an enterprise IT governance
framework that supports value
creation and alignment.
Leverage applicable standards and
industry best practices to balance
performance and conformance.
20. Analyze Business Needs
Leverage the Goals Cascade
from COBIT.
Translate stakeholder needs
into specific, practical and
customized goals.
Cascade the goals to selected
enablers.
Consider external regulations,
laws and contractual
obligations.
Determine the implications of
the overall enterprise control
environment with regard to IT.
ISACA – Information Systems Audit and Control
Association. ITGI – IT Governance Institute
27. Inventory Frameworks
EDM APO BAI DSS MEA
COSO
ISO/IEC 38500
King III
OECD
COSO/ERM
ISO/IEC 31000
TOGAF 9
ISO/IEC 20000
ISO/IEC 27002
ITIL 2011
TOGAF 9
SFIA
ISO/IEC 27002
PMBOK
ISO/IEC 9001-2008
ISO/IEC 27001:2005
ISO/IEC 27002:2011
NIST SP800-53 Rev 1
PMBOK
PRINCE2
ISO/IEC
20000
ITIL 2011
ITIL V3 2011
ISO/IEC 20000
ISO/IEC 27002
BS 25999:2007
ISO/IEC 27002:2011
NIST SP800-53 Rev 1
ISO/IEC
20000
ITIL 2011
COSO = Committee of Sponsoring Organizations of the Treadway Committee
OECD = Organization for Economic Cooperation and Development
TOGAF = The Open Group Architecture Forum
SFIA = Skills Framework for the Information Age
PMBOK = Project Management Body of Knowledge
NIST = National Institute of Standards and Technology
29. Link Frameworks to Selected Enablers
Initial focus on the process enabler.
Process selection based on internal
assessment.
Cross reference to avoid duplication.
Use the COBIT5 Enabling Process Guide for
guidance.
31. COBIT5 Process Reference Model
Process
Identification
Process
Description
Process
Purpose
Statement
Goals Cascade
Information
Process Goals
& Metrics
RACI Chart
Detailed
Practice
Descriptions
Related
Guidance
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
34. Consideration and Tips
You don’t have to call it by its name!
Use more than one framework, they
each have unique focus areas.
There is no such thing as a single
silver bullet.
Ownership and accountability are
key.
Communicate value in business
terms.
Use COBIT Online to assist.
Don’t underestimate Culture, Ethics
and Behaviors.