Cobit 5, Management Information Sys

Assignment Help:

CobiT 5

CobiT 5 expands the topics related to governance over IT to obtain more value from IT. An important step in CobiT 5 is the integration of Val IT guidelines for benefits realization.

Secondly, it appears that the need for a more integrative approach and the need of a common framework (a kind of Esperanto for IT governance) has been another reason to create a new CobiT. CobiT 5, ISACA integrates many frameworks into one such as BMIS, ITAF, RISK IT; and, additionally, takes a multiple stakeholder perspective. In figure 8, CobiT 5 processes are shown.

2189_CobiT 5.png

Figure 1: CobiT 5 Governance and Management Processes (CobiT 5 2012)

One of CobiT 5's new features is the addition of new management practices for information systems: "For each CobiT process, the management practices provide a complete set of high level requirements for effective and practical management (governance) of organization IT".  Moreover, CobiT 5 states that more detailed guidance for practices and activities will be developed in the future (CobiT 5 2012). This signalizes that more guidance for the management of costs and benefits in a more profound way could be introduced in the future.

Goals in CobiT 5:

CobiT 5 recognizes different goals that are represented in a more detailed and dynamic way comparing to its predecessor. Firstly, common business goals (the so called Enterprise Goals) can be related to governance objectives with primary (strong) and secondary (less strong) relationships. Secondly, IT related goals which deal with IT related outcomes for the realization of organization goals can be combined with a certain numbers of CobiT 5 enablers to achieve the desired outcome (CobiT 5 2012).

Both types of goals are represented with a Balanced Score Card (BSC) in which it is possible to visualize their corresponding dimension in regard to financial, customer, internal, and learning and growth topics (Ibid.).

It is important to underline that the framework has been considerably reorganized from being an IT process model that into a framework with more governance practices for IT, management and a process model.  Many components such as the balance scorecard, maturity models, goals and metrics, and roles and responsibilities (RACI) charts are present in CobiT 5. However, many changes has been made and some elements has been even removed; such as the CobiT 4.1 Diamond (governance focus areas), and some processes and control objectives. For example, CobiT 4.1's control objective PO 4.8 "Responsibility for Risk, Security and Compliance" has been deleted. However, risk, security and compliance control aspects are found in other elements of the new framework.

CobiT 5 distinguishes five principles. The first principle is "Integrator framework" which means that CobiT 5 integrates existing ISACA guidelines on governance and management of organization IT. Moreover, it incorporates other standards and frameworks such as Val IT in one architecture for structuring guidance (CobiT 5 2012). According to the CobiT 5, the new architecture is a "simple" one. However, the author of this thesis disagree on that and considers CobiT 5 as integrative framework of high complexity with topics and focus areas that in the practice interact with each other. To obtain an overview of the whole state of governance requires in CobiT the application of a large number of processes and metrics, which in some cases overlap which each other.

2417_CobiT 5 a.png

Figure 2: CobiT 5 Principles (CobiT 5 2012)

The second principle is "Stakeholder Value Driven". Internal and external stakeholders are integrated in the CobiT 5 framework. Topics on stakeholder needs and conflicting expectations are translated into three generic governance: benefits, realisation, risk balancing and cost optimisation. According to CobiT 5 "Stakeholder needs are influenced by a number of drivers, e.g., strategy changes, a changing business and regulatory environment, and (use of) technology evolutions". RACI charts show the expected involvement of stakeholders in each process (Ibid.).

2430_CobiT 5 b.png

Figure 3: RACI Charts (CobiT 5 2012)

The third principle is "Business and Context Focussed" and is closely associated with the principle "Stakeholder Value Driven". To start with, stakeholder needs can be connected to different governance objectives. Afterwards, those governance objectives can be translated into organization goals and into IT-related goals. Finally, processes, organizational structures and information can be defined in support of the IT-related goals. For example, an important goal could be to "align IT with the business strategy" in order to cultivate a more business focused IT unit. In an organization, in which customer satisfaction is an important part of the business strategy, the goal could be to create a more customer oriented IT function (Ibid.).

The fourth principle is "Enabler Based" and it refers to the Enablers assistance necessary to implement robust governance and management systems. The word "enablers" refers to governance and management processes, principles and policies, organizational structures, skills and competences, culture and behaviour, as well as services capabilities and information (Ibid.).   

The fifth principle is "Governance and Management Structured". CobiT 5 distinguishes between governance processes and management processes. Governance processes include objectives such as value delivery, risk management and resource balancing and practices related to the evaluation of strategic decisions, while the management processes cover areas of planning, building, running and monitoring of organization for end-to-end IT issues. To continue, interactions between governance and management can be found in the figure below (CobiT 5 2012).

Similar to its predecessor, CobiT 5 is not a dogmatic book of instructions and it represents a reference for the convenience of organizations and auditors. The process reference model in CobiT 5 is divided in governance and management domains. The governance domain deals with governance processes (evaluate, direct, monitor) and the management domain deals with the areas of plan, build, run and monitor (four domains similar to CobiT 4.1.1) (CobiT 5 2012). CobiT 5 separates the processes into governance and management, however, it is important to remark that both areas are highly interconnected.

CobiT 5 expands the number of governance related processes. In CobiT 4.1.1, there is only one process covering IT governance topics which is the ME4 Provide IT governance and it states:  "ME4 covers the process of governance oversight over IT, in keeping with COBIT's purpose as an IT governance framework." (CobiT 4.1 2007).

Differently to CobiT 4.1.1, the IT governance Model in CobiT 5 is based on the tasks evaluate, direct and monitor from the ISO/IEC 38500. CobiT 5's governance part has also been expanded by new processes: EDM1/EDM2/EDM3/EDM4 (CobiT 5 2012). For example EDM1 includes aspects from Val IT key management practices such as "Develop an understanding of the significance of IT and the role of governance." Other examples are EDM2 which covers Val IT practice "Define value for the organization" and EDM3.1 which is related to IT risk assessment topics covered by RISK IT (Ibid.). Figure 10 gives a helicopter overview of CobiT 5 governance and management processes.


Related Discussions:- Cobit 5

Variety of ways to test a bcp plan, QUESTION 1 The major decision hiera...

QUESTION 1 The major decision hierarchy for disclosing security problems is if the problem is with a product owned by the business or if it is used by the business. Although th

Cloud computing, what is the best way to write about cloud computing from t...

what is the best way to write about cloud computing from the IS point of view?

A company''s employees are its most important resources, QUESTION (a) A...

QUESTION (a) A company's employees are its most important resources. Describe Five responsibilities of the HR Department in a company (b) How can an integrated Human Resourc

Management information, Management information   The provision of usefu...

Management information   The provision of useful management information is now an important requirement in the efficient and effective running of library and information servic

Library and information network, Library and Information Network Durin...

Library and Information Network During the last decade, the importance of computer networks and telecommunications has grown tremendously.' Computers can now communicate with

current development in the field of industrial relations, Describe the Ind...

Describe the Industrial Relations in India. Discuss the current development in the field of Industrial Relations in any organization you are familiar with. Briefly explain the orga

Use of system methodology, Use of System Methodology However, the syste...

Use of System Methodology However, the systems methodology can be used:  As an aid in the choice of a commercially available I11 system,  as an aid in the design and i

OLTP OLPP, Differentiate between OLTP and OLPP? ..............................

Differentiate between OLTP and OLPP? ...............................................................................................................................................

Mis, Choose an industry of your choice and evaluate the past and present st...

Choose an industry of your choice and evaluate the past and present state of MIS in an organization of the industry. #Minimum 100 words accepted#

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd