Cobit 4.1

Get Started. It's Free
or sign up with your email address
Cobit 4.1 by Mind Map: Cobit 4.1

1. business orientation

1.1. link business & IT goals

1.2. metrics

1.3. maturity models

1.4. responsibilities

1.5. Basic COBIT principle

2. control objectives

2.1. achievement of business goals

2.1.1. process outcome

2.1.2. process capability & performance

2.2. prevention, detection and correction of undesired events

2.3. control design tests

2.3.1. control practices detailed "how" and "why" that may be needed

2.4. best practice management statements based on global standards and expert views

2.4.1. high-level statement of the desired result to be achieved by implementing control procedures within a specific IT activity.

2.4.2. detailed underpin high-level control objectives by focusing on the control of key tasks and activities that are related to the IT process.

3. IT Governance

3.1. focus areas

3.1.1. Strategic alignment strategic objectives Setting goals Devising strategies to achieve stated goals Designing action plans to implement strategies benefits Value addition to business products and services Optimal use of resources Enable cost-effective administration and management

3.1.2. Performance management Balanced scorecard financial strategy customer process knowledge key success factor effective metrics, defined and approved by stakeholders

3.1.3. Risk management activities Understanding the risk appetite or the Organization’s attitude to taking risks Defining the impact and likelihood of a risk. Approving the Risk Management action plan. management of risks Risk Mitigation Risk Transfer Risk Acceptance Risk Avoidance

3.1.4. Resource management resource optimization features look ahead strategy A Look Ahead Strategy will help to update the required skills inventory  and make an effective recruitment, retention and training program to ensure that the organization is not suddenly short of the required skills.

3.1.5. Value delivery

3.2. principles

3.2.1. direct and control Executive management provides direction by setting objectives and authorizing specific IT activities. Control ensures that the objective is achieved and no undesired incidents occur.

3.2.2. responsibility

3.2.3. accountability

3.2.4. activities

3.3. stakeholders

3.4. scope

3.5. IT challenges

3.5.1. keep IT running

3.5.2. value alignment business - IT requirements management project & portfolio management business case management return of investment management

3.5.3. costs reasons Most organizations don’t understand the costs associated with their IT assets. Operational budgets increase every year as a result of complex licensing, maintenance, and outsourcing contracts. Failed projects result in large financial losses. IT spending by business units and central IT departments is not coordinated.

3.5.4. mastering complexity problems Maintaining technical competence Managing diverse technical infrastructures Adapting to rapid changes and new developments Managing external relationships and service providers

3.5.5. alignment IT - business reasons Poorly defined business requirements Inability to set priorities Complexity of projects Lack of committed business sponsors Lack of clear business drivers for solutions Communication gaps between business and IT

3.5.6. regulatory compliance Corporate governance and financial reporting Privacy and security

3.5.7. security

3.6. benefits

3.6.1. confidence of top management by providing common language, enabling clearer decision-making mechanisms, and facilitating transparency and accuracy of management information.

3.6.2. responsiveness of IT to business by providing clear chains of command, effective decision making, and greater confidence in taking risks and making investments.

3.6.3. higher ROI IT governance helps reduce project failures, optimize IT infrastructure, and increase the efficiency of IT processes.

3.6.4. more reliable services IT governance gives framework to ensure lower risks, better quality of services, and greater customer satisfaction

3.6.5. more transparency ensures that the right information is available to the right level of decision makers.

4. Mission

4.1. To research, develop, publicize, and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers and auditors.

5. Components

5.1. IT processes

5.1.1. process orientation 4 domains plan & organize acquire & implement deliver & support monitor & evaluate 34 processes per domain control leveling control measures responsibility area plan build run monitor Untitled enterprise architecture applications information infrastructure people key activities responsibility & accountability chart

5.2. IT resources

5.2.1. applications the automated user systems and manual procedures that process the information.

5.2.2. information data, in all their forms, input, processed and output by the information systems in whatever form is used by the business

5.2.3. infrastructure technology and facilities (i.e., hardware, operating systems, database management systems, networking, multimedia, and the environment that houses and supports them) that enable the processing of the applications.

5.2.4. people personnel required to plan, organise, acquire, implement, deliver, support, monitor and evaluate the information systems and services. They may be internal, outsourced or contracted as required.

5.3. business requirements / information criteria

5.3.1. quality quality costs delivery

5.3.2. fiduciary categories effectiveness efficiency reliability compliance

5.3.3. security categories confidentiality integrity availability

6. document proces

7. resources

7.1. COBIT online

7.1.1. repository of all COBIT information and enables feedback from users COBIT online PDF downloads COBIT Executive Summary COBIT Framework COBIT Control Objectives COBIT Management Guidelines COBIT IT Assurance Guide COBIT Implementation Toolset benchmarking

7.1.2. maintain the content and implement future versions

7.1.3. community

7.2. COBIT Quickstart

7.2.1. aimed at SME

7.2.2. focus 30 IT processes 62 control objectives metrics

7.2.3. available to Full subscribers

7.3. COBIT Security baseline

7.3.1. nontechnical security guide and a QuickStart for security objectives

7.3.2. X-reference to ISO17799

7.3.3. survival kits 1 -> home users 9 simple rules 2 -> professional users do's & don't's 3 -> managers important conditions to be checked 4 -> executives questionnaire & action list 5 -> senior executives 6 -> board of directors

7.3.4. free PDF download

7.3.5. Untitled

7.4. IT Governance implementation guide

7.4.1. approach need to create & preserve value gap analysis taking measures Untitled

7.4.2. road map bootstrap generic process Untitled templates & tools

7.4.3. tool set presentations documents assessment tools

8. control framework

8.1. requirements

8.1.1. provide sharper business focus

8.1.2. defines a common language

8.1.3. helps meet regulatory requirements Sarbanes Oxley Act of 2002 New and enhanced standards of responsibility and accountability for accuracy, reliability, and transparency of financial reporting Emphasis on transparent disclosures for meaningful analysis and interpretation Emphasis on the use of a recognized Internal Control Framework for evaluation of internal controls Stricter penalties for wrongdoing — intentional or otherwise Implementation guidance or directives by the Securities and Exchange Commission (SEC) goals implementation roadmap documentation requirements

8.1.4. has general acceptability among organizations best practices

8.1.5. ensures process orientation

8.2. management guidelines

8.2.1. means Balanced Business Scorecards Financial Customer Internal process Learning / innovation

8.2.2. resources per process process inputs & outputs key activities & RACI charts IT, process & activity goals IT goals process goals activity goals key goal indicators (KGI's) IT KGI process KGI key performance indicators (KPI's) measure the activity goals maturity models non-existent initial repeatable but intuitive defined process managed & measurable optimized

8.3. audit guidelines

8.3.1. structure stages identification & documentation evaluation compliance testing substantive testing levels General IT audit approach Process audit guidelines Audit attention points to complement Detailed Control Objective

8.3.2. process requirements Define audit scope Business process concerned. Platforms, systems, and their interconnectivity, supporting the process. Roles, responsibilities, and organizational structure. Identify information requirements relevant for the business process Relevance to the business process. Identify inherent IT risks and overall level of control Recent changes and incidents in business, and technology environment. Result of audits, self-assessments, and certification. Monitoring controls applied by management. Select processes and platforms to audit processes resources Set audit strategy Controls X risk. Steps and tasks. decision points

8.3.3. objectives management reassurance direction setting manage risks corrective actions develop audit programs

8.4. related to other frameworks

8.4.1. ITIL best practices for IT service management process level process execution process control

8.4.2. ISO / IEC 17799 Code of Practice for Information Security Management process level process control strategic

8.4.3. CMM model for improvement software delivery process execution and process control process level process execution process control

8.4.4. COSO framework for establishing internal controls and determining their effectiveness. elements compliance with COBIT internal control is a process high level compliance COBIT is IT specific

8.4.5. COBIT process level process control strategic

9. history

9.1. 1996

9.1.1. version 1

9.2. 1998

9.2.1. version 2

9.3. 2002

9.3.1. version 3 management guidelines

9.4. 2005

9.4.1. version 4 extended guidelines integrated single volume free as PDF COBIT online

10. measurement

10.1. benchmarking of IT process & capability

10.1.1. CMM

10.2. goals and metrics of IT processes

10.2.1. Balanced business scorecard

10.3. activity goals