Get Started. It's Free
or sign up with your email address
Cobit 4.1 by Mind Map: Cobit 4.1

1. document proces

2. resources

2.1. COBIT online

2.1.1. repository of all COBIT information and enables feedback from users

2.1.1.1. COBIT online

2.1.1.2. PDF downloads

2.1.1.2.1. COBIT Executive Summary

2.1.1.2.2. COBIT Framework

2.1.1.2.3. COBIT Control Objectives

2.1.1.2.4. COBIT Management Guidelines

2.1.1.2.5. COBIT IT Assurance Guide

2.1.1.2.6. COBIT Implementation Toolset

2.1.1.3. benchmarking

2.1.2. maintain the content and implement future versions

2.1.3. community

2.2. COBIT Quickstart

2.2.1. aimed at

2.2.1.1. SME

2.2.2. focus

2.2.2.1. 30 IT processes

2.2.2.2. 62 control objectives

2.2.2.3. metrics

2.2.3. available to Full subscribers

2.3. COBIT Security baseline

2.3.1. nontechnical security guide and a QuickStart for security objectives

2.3.2. X-reference to ISO17799

2.3.3. survival kits

2.3.3.1. 1 -> home users

2.3.3.1.1. 9 simple rules

2.3.3.2. 2 -> professional users

2.3.3.2.1. do's & don't's

2.3.3.3. 3 -> managers

2.3.3.3.1. important conditions to be checked

2.3.3.4. 4 -> executives

2.3.3.4.1. questionnaire & action list

2.3.3.5. 5 -> senior executives

2.3.3.6. 6 -> board of directors

2.3.4. free PDF download

2.3.5. Untitled

2.4. IT Governance implementation guide

2.4.1. approach

2.4.1.1. need to create & preserve value

2.4.1.2. gap analysis

2.4.1.3. taking measures

2.4.1.4. Untitled

2.4.2. road map

2.4.2.1. bootstrap

2.4.2.2. generic process

2.4.2.2.1. Untitled

2.4.2.3. templates & tools

2.4.3. tool set

2.4.3.1. presentations

2.4.3.2. documents

2.4.3.3. assessment tools

3. control framework

3.1. requirements

3.1.1. provide sharper business focus

3.1.2. defines a common language

3.1.3. helps meet regulatory requirements

3.1.3.1. Sarbanes Oxley Act of 2002

3.1.3.1.1. New and enhanced standards of responsibility and accountability for accuracy, reliability, and transparency of financial reporting

3.1.3.1.2. Emphasis on transparent disclosures for meaningful analysis and interpretation

3.1.3.1.3. Emphasis on the use of a recognized Internal Control Framework for evaluation of internal controls

3.1.3.1.4. Stricter penalties for wrongdoing — intentional or otherwise

3.1.3.1.5. Implementation guidance or directives by the Securities and Exchange Commission (SEC)

3.1.3.1.6. goals

3.1.3.1.7. implementation roadmap

3.1.3.1.8. documentation requirements

3.1.4. has general acceptability among organizations

3.1.4.1. best practices

3.1.5. ensures process orientation

3.2. management guidelines

3.2.1. means

3.2.1.1. Balanced Business Scorecards

3.2.1.1.1. Financial

3.2.1.1.2. Customer

3.2.1.1.3. Internal process

3.2.1.1.4. Learning / innovation

3.2.2. resources per process

3.2.2.1. process inputs & outputs

3.2.2.2. key activities & RACI charts

3.2.2.3. IT, process & activity goals

3.2.2.3.1. IT goals

3.2.2.3.2. process goals

3.2.2.3.3. activity goals

3.2.2.4. key goal indicators (KGI's)

3.2.2.4.1. IT KGI

3.2.2.4.2. process KGI

3.2.2.5. key performance indicators (KPI's)

3.2.2.5.1. measure the activity goals

3.2.2.6. maturity models

3.2.2.6.1. non-existent

3.2.2.6.2. initial

3.2.2.6.3. repeatable but intuitive

3.2.2.6.4. defined process

3.2.2.6.5. managed & measurable

3.2.2.6.6. optimized

3.3. audit guidelines

3.3.1. structure

3.3.1.1. stages

3.3.1.1.1. identification & documentation

3.3.1.1.2. evaluation

3.3.1.1.3. compliance testing

3.3.1.1.4. substantive testing

3.3.1.2. levels

3.3.1.2.1. General IT audit approach

3.3.1.2.2. Process audit guidelines

3.3.1.2.3. Audit attention points to complement Detailed Control Objective

3.3.2. process requirements

3.3.2.1. Define audit scope

3.3.2.1.1. Business process concerned.

3.3.2.1.2. Platforms, systems, and their interconnectivity, supporting the process.

3.3.2.1.3. Roles, responsibilities, and organizational structure.

3.3.2.2. Identify information requirements relevant for the business process

3.3.2.2.1. Relevance to the business process.

3.3.2.3. Identify inherent IT risks and overall level of control

3.3.2.3.1. Recent changes and incidents in business, and technology environment.

3.3.2.3.2. Result of audits, self-assessments, and certification.

3.3.2.3.3. Monitoring controls applied by management.

3.3.2.4. Select processes and platforms to audit

3.3.2.4.1. processes

3.3.2.4.2. resources

3.3.2.5. Set audit strategy

3.3.2.5.1. Controls X risk.

3.3.2.5.2. Steps and tasks.

3.3.2.5.3. decision points

3.3.3. objectives

3.3.3.1. management reassurance

3.3.3.2. direction setting

3.3.3.3. manage risks

3.3.3.4. corrective actions

3.3.3.5. develop audit programs

3.4. related to other frameworks

3.4.1. ITIL

3.4.1.1. best practices for IT service management

3.4.1.2. process level

3.4.1.2.1. process execution

3.4.1.2.2. process control

3.4.2. ISO / IEC 17799

3.4.2.1. Code of Practice for Information Security Management

3.4.2.2. process level

3.4.2.2.1. process control

3.4.2.2.2. strategic

3.4.3. CMM

3.4.3.1. model for improvement software delivery process execution and process control

3.4.3.2. process level

3.4.3.2.1. process execution

3.4.3.2.2. process control

3.4.4. COSO

3.4.4.1. framework for establishing internal controls and determining their effectiveness.

3.4.4.1.1. elements

3.4.4.2. compliance with COBIT

3.4.4.2.1. internal control is a process

3.4.4.2.2. high level compliance

3.4.4.2.3. COBIT is IT specific

3.4.5. COBIT

3.4.5.1. process level

3.4.5.1.1. process control

3.4.5.1.2. strategic

4. history

4.1. 1996

4.1.1. version 1

4.2. 1998

4.2.1. version 2

4.3. 2002

4.3.1. version 3

4.3.1.1. management guidelines

4.4. 2005

4.4.1. version 4

4.4.1.1. extended guidelines

4.4.1.2. integrated single volume

4.4.1.3. free as PDF

4.4.1.4. COBIT online

5. measurement

5.1. benchmarking of IT process & capability

5.1.1. CMM

5.2. goals and metrics of IT processes

5.2.1. Balanced business scorecard

5.3. activity goals

6. business orientation

6.1. link business & IT goals

6.2. metrics

6.3. maturity models

6.4. responsibilities

6.5. Basic COBIT principle

7. control objectives

7.1. achievement of business goals

7.1.1. process outcome

7.1.2. process capability & performance

7.2. prevention, detection and correction of undesired events

7.3. control design tests

7.3.1. control practices

7.3.1.1. detailed "how" and "why" that may be needed

7.4. best practice management statements based on global standards and expert views

7.4.1. high-level

7.4.1.1. statement of the desired result to be achieved by implementing control procedures within a specific IT activity.

7.4.2. detailed

7.4.2.1. underpin high-level control objectives by focusing on the control of key tasks and activities that are related to the IT process.

8. IT Governance

8.1. focus areas

8.1.1. Strategic alignment

8.1.1.1. strategic objectives

8.1.1.1.1. Setting goals

8.1.1.1.2. Devising strategies to achieve stated goals

8.1.1.1.3. Designing action plans to implement strategies

8.1.1.2. benefits

8.1.1.2.1. Value addition to business products and services

8.1.1.2.2. Optimal use of resources

8.1.1.2.3. Enable cost-effective administration and management

8.1.2. Performance management

8.1.2.1. Balanced scorecard

8.1.2.1.1. financial

8.1.2.1.2. strategy

8.1.2.1.3. customer

8.1.2.1.4. process

8.1.2.1.5. knowledge

8.1.2.2. key success factor

8.1.2.2.1. effective metrics, defined and approved by stakeholders

8.1.3. Risk management

8.1.3.1. activities

8.1.3.1.1. Understanding the risk appetite or the Organization’s attitude to taking risks

8.1.3.1.2. Defining the impact and likelihood of a risk.

8.1.3.1.3. Approving the Risk Management action plan.

8.1.3.2. management of risks

8.1.3.2.1. Risk Mitigation

8.1.3.2.2. Risk Transfer

8.1.3.2.3. Risk Acceptance

8.1.3.2.4. Risk Avoidance

8.1.4. Resource management

8.1.4.1. resource optimization

8.1.4.1.1. features

8.1.4.2. look ahead strategy

8.1.4.2.1. A Look Ahead Strategy will help to update the required skills inventory  and make an effective recruitment, retention and training program to ensure that the organization is not suddenly short of the required skills.

8.1.5. Value delivery

8.2. principles

8.2.1. direct and control

8.2.1.1. Executive management provides direction by setting objectives and authorizing specific IT activities.

8.2.1.2. Control ensures that the objective is achieved and no undesired incidents occur.

8.2.2. responsibility

8.2.3. accountability

8.2.4. activities

8.3. stakeholders

8.4. scope

8.5. IT challenges

8.5.1. keep IT running

8.5.2. value

8.5.2.1. alignment business - IT

8.5.2.2. requirements management

8.5.2.3. project & portfolio management

8.5.2.4. business case management

8.5.2.5. return of investment management

8.5.3. costs

8.5.3.1. reasons

8.5.3.1.1. Most organizations don’t understand the costs associated with their IT assets.

8.5.3.1.2. Operational budgets increase every year as a result of complex licensing, maintenance, and outsourcing contracts.

8.5.3.1.3. Failed projects result in large financial losses.

8.5.3.1.4. IT spending by business units and central IT departments is not coordinated.

8.5.4. mastering complexity

8.5.4.1. problems

8.5.4.1.1. Maintaining technical competence

8.5.4.1.2. Managing diverse technical infrastructures

8.5.4.1.3. Adapting to rapid changes and new developments

8.5.4.1.4. Managing external relationships and service providers

8.5.5. alignment IT - business

8.5.5.1. reasons

8.5.5.1.1. Poorly defined business requirements

8.5.5.1.2. Inability to set priorities

8.5.5.1.3. Complexity of projects

8.5.5.1.4. Lack of committed business sponsors

8.5.5.1.5. Lack of clear business drivers for solutions

8.5.5.1.6. Communication gaps between business and IT

8.5.6. regulatory compliance

8.5.6.1. Corporate governance and financial reporting

8.5.6.2. Privacy and security

8.5.7. security

8.6. benefits

8.6.1. confidence of top management

8.6.1.1. by providing

8.6.1.1.1. common language, enabling clearer

8.6.1.1.2. decision-making mechanisms, and facilitating transparency and accuracy of management information.

8.6.2. responsiveness of IT to business

8.6.2.1. by providing

8.6.2.1.1. clear chains of command, effective decision making, and greater confidence in taking risks and making investments.

8.6.3. higher ROI

8.6.3.1. IT governance helps reduce project failures, optimize IT infrastructure, and increase the efficiency of IT processes.

8.6.4. more reliable services

8.6.4.1. IT governance gives framework to ensure lower risks, better quality of services, and greater customer satisfaction

8.6.5. more transparency

8.6.5.1. ensures that the right information is available to the right level of decision makers.

9. Mission

9.1. To research, develop, publicize, and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers and auditors.

10. Components

10.1. IT processes

10.1.1. process orientation

10.1.1.1. 4 domains

10.1.1.1.1. plan & organize

10.1.1.1.2. acquire & implement

10.1.1.1.3. deliver & support

10.1.1.1.4. monitor & evaluate

10.1.1.2. 34 processes

10.1.1.2.1. per domain

10.1.1.2.2. control leveling

10.1.1.2.3. control measures

10.1.1.3. responsibility area

10.1.1.3.1. plan

10.1.1.3.2. build

10.1.1.3.3. run

10.1.1.3.4. monitor

10.1.1.3.5. Untitled

10.1.1.4. enterprise architecture

10.1.1.4.1. applications

10.1.1.4.2. information

10.1.1.4.3. infrastructure

10.1.1.4.4. people

10.1.1.5. key activities

10.1.1.5.1. responsibility & accountability chart

10.2. IT resources

10.2.1. applications

10.2.1.1. the automated user systems and manual procedures that process the information.

10.2.2. information

10.2.2.1. data, in all their forms, input, processed and output by the information systems in whatever form is used by the business

10.2.3. infrastructure

10.2.3.1. technology and facilities (i.e., hardware, operating systems, database management systems, networking, multimedia, and the environment that houses and supports them) that enable the processing of the applications.

10.2.4. people

10.2.4.1. personnel required to plan, organise, acquire, implement, deliver, support, monitor and evaluate the information systems and services. They may be internal, outsourced or contracted as required.

10.3. business requirements / information criteria

10.3.1. quality

10.3.1.1. quality

10.3.1.2. costs

10.3.1.3. delivery

10.3.2. fiduciary

10.3.2.1. categories

10.3.2.1.1. effectiveness

10.3.2.1.2. efficiency

10.3.2.1.3. reliability

10.3.2.1.4. compliance

10.3.3. security

10.3.3.1. categories

10.3.3.1.1. confidentiality

10.3.3.1.2. integrity

10.3.3.1.3. availability