1

COBIT and IT Governance

JASON SINGER CYBR 615 7/21/13

Why are we here today?

Centralized control over IT and aligning it with the business goals of Newton and Newton.
IT

Governance

Control Objectives for Information and related Technology (COBIT) is a framework for information technology that allows managers to have oversight over IT and build value rather than cost.

COBIT

Executives should will be able:

Use metrics to gauge effectiveness of IT Direct IT for optimal advantage Discover and mitigate IT Risk

How Does COBIT Support the Governance of IT?

COBIT supports the Governance of IT by providing a framework that:
IT is aligned with the business IT enables the business and maximizes benefits IT resources are used responsibly IT risks are managed appropriately

Bottom-line: COBIT will increase the value of IT

COBIT
Strategy and tactics Determine how IT can contribute to business goals
Identify IT solutions Developed or acquired Implemented in to business processes Maintenance of existing systems

Plan and Organization

Acquire and Implement

Monitor and Evaluate

Metrics Oversight over control processes External audit

Deliver and Support

Delivery of actual services Training Security

Plan and Organize

To realize the IT strategy, IT solutions need to be identified, developed or acquired, as well as implemented and integrated into the business process. In addition, changes in and maintenance of existing systems are covered by this domain to make sure that the life cycle is continued for these systems.

Acquire and Implement

To realize the IT strategy, IT solutions need to be identified, developed or acquired, as well as implemented and integrated into the business process. In addition, changes in and maintenance of existing systems are covered by this domain to make sure that the life cycle is continued for these systems.

Deliver and Support

This domain is concerned with the actual delivery of required services, which range from traditional operations over security and continuity aspects to training. In order to deliver services, the necessary support processes must be set up. This domain includes the actual processing of data by application systems, often classified under application controls.

Monitor and Evaluate

All IT processes need to be regularly assessed over time for their quality and compliance with control requirements.

This domain thus addresses managements oversight of the organization's control process and independent assurance provided by internal and external audit or obtained from alternative sources.

Who else is using COBIT for IT Governance?

10

Benefits of COBIT
Common language between Executives, business staff and IT Staff Leaders will better understand what IT is capable of Leaders will be able to integrate IT in to business objectives Ultimately get more from IT

11

IT will cost less as it will become more efficient and optimized

Reduce operation risk by having the right controls in place

Bottom Line
Implementing COBIT will establish a link between IT and the business with oversight from Executives who will ensure that IT is postured to add value to the business.

12

COBIT and IT Governance

13

Questions?

References:

14

COBIT 4.1 brochure (http://www.isaca.org/KnowledgeCenter/cobit/Documents/CobiT-Products.pdf)

Cedarville University

(http://www.cedarville.edu/Search.aspx?q=gray_audit_presentation)