IT Governance Based On COBIT 05

 Governance and Management

The COBIT 5 framework makes a clear distinction between governance and management. These two disciplines

encompass different types of activities, require different organisational structures and serve different purposes.

The COBIT 5 view on this key distinction between governance and management is:

Governance

Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced,

agreed-on enterprise objectives to be achieved; setting direction through prioritisation and decision making;

and monitoring performance and compliance against agreed-on direction and objectives.

In most enterprises, governance is the responsibility of the board of directors under the leadership of the chairperson.

Management

Management plans, builds, runs and monitors activities in alignment with the direction set by the governance

body to achieve the enterprise objectives.

In most enterprises, management is the responsibility of the executive management under the leadership of the CEO.

Interactions Between Governance and Management

From the definitions of governance and management, it is clear that they comprise different types of activities, with

different responsibilities; however, given the role of governance—to evaluate, direct and monitor—a set of interactions

is required between governance and management to result in an efficient and effective governance system. These

interactions, using the enabler structure, are shown below,

  • Processes

a distinction is made between governance and

management processes, including specific sets of practices and activities for each. The process model also includes RACI charts,

describing the responsibilities of different organisational structures and roles within the enterprise

  • Information

The process model describes inputs to and outputs from the different process practices to other processes, including information

exchanged between governance and management processes. Information used for evaluating, directing and monitoring enterprise

IT is exchanged between governance and management as described in the process model inputs and outputs.

  • Organisational Structures

A number of organisational structures are defined in each enterprise; structures can sit in the governance space or the

management space, depending on their composition and scope of decisions. Because governance is about setting the direction,

interaction takes place between the decisions taken by the governance structures—e.g., deciding about the investment portfolio

and setting risk appetite—and the decisions and operations implementing the former

  • Principles, policies and frameworks

Principles, policies and frameworks are the vehicle by which governance decisions are institutionalised within the enterprise, and

for that reason are an interaction between governance decisions (direction setting) and management (execution of decisions)

  • Culture, ethics and behaviour

Behaviour is also a key enabler of good governance and management of the enterprise. It is set at the top—leading by

example—and is therefore an important interaction between governance and management

  • People, skills and competencies

Governance and management activities require different skill sets, but an essential skill for both governance body members and

management is to understand both tasks and how they are different.

  • Services, infrastructure and applications

Services are required, supported by applications and infrastructure to provide the governance body with adequate information and

to support the governance activities of evaluating, setting direction and monitoring.

COBIT 5 Process Reference Model

COBIT 5 is not prescriptive, but it advocates that enterprises implement governance and management processes such that

the key areas are covered, as shown in figure


The COBIT 5 process reference model divides the governance and management processes of enterprise IT into two main

process domains:

• Governance—Contains five governance processes; within each process, evaluate, direct and monitor (EDM)5

practices are defined.

• Management—Contains four domains, in line with the responsibility areas of plan, build, run and monitor (PBRM),

and provides end-to-end coverage of IT. These domains are an evolution of the COBIT 4.1 domain and process

structure. The names of the domains are chosen in line with these main area designations, but contain more verbs to

describe them:

– Align, Plan and Organise (APO)

– Build, Acquire and Implement (BAI)

– Deliver, Service and Support (DSS)

– Monitor, Evaluate and Assess (MEA)

Each domain contains a number of processes. Although, as described previously, most of the processes require ‘planning’,

‘implementation’, ‘execution’ and ‘monitoring’ activities within the process or within the specific issue being addressed

(e.g., quality, security), they are placed in domains in line with what is generally the most relevant area of activity when

looking at IT at the enterprise level.

The COBIT 5 process reference model is the successor of the COBIT 4.1 process model, with the Risk IT and Val IT

process models integrated as well.

Figure 16 shows the complete set of 37 governance and management processes within COBIT 5. The details of all

processes, according to the process model described previously, are included in COBIT 5: Enabling Processes.



Comments

Post a Comment

Popular posts from this blog

Assignment No:03

Image
2. Suppose an organization has initiated a project to build a data warehouse, according to the proposal submitted to the management, the investment is a few dozens of millions of rupees. a.) Draw a suitable diagram that depicts a data warehouse architecture. b.) State 2 advantages of data warehouse to an organization.      Enables organizations to forecast with confidence.      Improves the decision making process. c.) Data warehouse projects are large IT investments that are susceptible to fail. Briefly explain 3 possible factors that effect the success or failure of large IT investments taking data warehousing as an example.      Identify your existing bottlenecks that are slowing down the flow of information. Performance optimization won’t matter if that is not done first. The design should always focus on ease of use and speed. Design is very important because users can be distracted by making their data warehouse into an intricate design...
Read more

Introducing an e-learning website for students following the national curriculum

Image
  What is e-Learning? e-Learning is the employment of technology to aid and enhance learning. It can be as simple as High School students watching a video documentary in class or as complex as an entire university course provided online. Introducing e-learning to SriLanka can be challenging at first but the government will take actions to make sure that all students get to partake in e-studies. e-Learning began decades ago with the introduction of televisions and over-head projectors in classrooms and has advanced to include interactive computer programmes, 3D simulations, video and telephone conferencing and real-time online discussion groups comprised of students from all over the world. As technology advances, so does e-learning, making the possibilities endless. Benefits Information (such as health and safety) can be kept current by updating the intranet site. Staff can be instructed to update their training as and when the information is updated; with out the need to organize...
Read more