1COBITPart1ITGovernance---IT治理框架.pptx

COBIT Part 1 IT Governance 2009 年 3 月 马怡骢 1 SITC:Service&Security 开场时间 请简单介绍您自己 名字 公司/产业别 工作性质 贵公司推行IT治理的程度 在这堂课中,想了解的事情 任何愿意和大家分享的事?2 SITC:Service&Security 前沿小站 3 SITC:Service&Security IT management to IT Governance ISO31000 ISO38500 BS25999 Prince2 PMBOK COBIT ITIL V3 ISO27001 ISPL SCAMPI TOGAF Security&Availability Mgt ISO17799 ISO13335 ISO9001 SW-CMMI IT Governance&Service Mgt Governance&Risk Mgt ISO15408 ITIL v2 IT Management Change&Release Mgt TicketIT NIST800 Supplier Mgt Mgt system&Org Finance&Capacity Mgt ISO15504 Appraisal&audit Mgt MOF&MSF ISO20000 4 SITC:Service&Security COBIT foundation exam The exam consists of 40 multiple-choice questions.To pass the exam,an individual must correctly answer 28 or more questions or attain a score of 70%or higher.Prerequisites None.Learning Outcomes How IT management issues are affecting organizations The need for a control framework driven by the need for IT governance How COBIT meets the requirement for an IT governance framework How COBIT is used with other standards and best practices The COBIT framework and all the components of COBIT How to apply COBIT in a practical situation How the use of COBIT is supported by ITGI COBIT is a registered trademark of ISACA 5 SITC:Service&Security Certifications overview ISO38500 ISO20000 ISO27001 COBIT foundation exam ITIL Foundation exam Service Manager Expert CISA/CISM CISSP B U S I N E S S I N D I V I D U A L 6 SITC:Service&Security 学习目标 了解何為IT治理及為何需要IT治理 7 SITC:Service&Security Agenda Governance to why we need IT Governance What is IT Governance IT Governance Framework IT Alignment Value Delivery Risk Management Resource Management Performance Management ISO38500:2008 VS CGEIT Conclusions 8 SITC:Service&Security World-class IT?Aligned with the business and providing transparent value Top management attention through appropriate IT Governance mechanisms Engaged in performance measurement Committed to continuous improvement 9 SITC:Service&Security Enterprise governance is a set of responsibilities and practices exercised by the board and executive management with the goal of:Providing strategic direction Ensuring that objectives are achieved Ascertaining that risks are managed appropriately Verifying that the enterprises resources are used responsibly Enterprise Governance RESOURCE MANAGEMENT www.itgi.org www.itgi.org 10 SITC:Service&Security Enterprise governance is about:Conformance Adhering to legislation,internal policies,audit requirements,etc.Performance Improving profitability,efficiency,effectiveness,growth,etc.Enterprise Governance Drives IT Governance Enterprise governance and IT governance require a balance between conformance and performance goals directed by the board.Performance Conformance 11 SITC:Service&Security Scenario IT-Governance IT is an intensively discussed topic in Organisations and Enterprises.Discussion ranges from cost factor to business enabler.A close link between the Enterprise-Strategy and IT-strategy is key,but it seems the distance between Enterprise-Management and IT is growing.Top Managers come very often from the classical disciplines.CIOs are not very often members of the Board.For many Enterprises are Consolidation,Concentration on core business and Operational Excellence additional priorities of today.12 SITC:Service&Security Organizations require a structured approach for managing these and other challenges.This will ensure that there are agreed objectives for IT,good management controls in place and effective monitoring of performance to keep on track and avoid unexpected outcomes.The Need for IT Governance Keeping IT Running Security Value/Cost Managing Complexity Aligning IT with Business Regulatory Compliance 13 SITC:Service&Security Forces Driving IT Governance Compliance Security Business/IT Alignment ROI Project Execution 14 SITC:Service&Security Role of IT Source of differentiation and advantage Support core business processes Support back office Copyright The Boston Consulting Group 1960s 1970s 1980s 1990s 2000s Airlines Retailing Automotive Health Care Financial Services 2010s IT evolution over time IT role IT needs to be linked with business strategy to generate value for the business Copyright The Boston Consulting Group Development Exhausted Or New Future Push To Be Expected?(1)IT evolving from Support Tool into Source of Competitive Advantage.15 SITC:Service&Security Why get into IT Governance?“Due diligence”IT is critical to the business Expectations and reality dont match IT hasnt gotten the attention it deserves IT involves huge investments and large risks 16 SITC:Service&Security Sarbanes-Oxley(cont.)17 SITC:Service&Security Sarbanes-Oxley(cont.)Effects of Sarbanes-Oxley Created the Public Company Accounting Oversight Board(PCAOB)Reinforces Auditor Independence Strengthen Internal Control Structure with organizations Upgrade financial Disclosures Created Accountability at the Executive Level Protect Investors 18 SITC:Service&Security“中国萨班斯”“中国萨班斯”企业内部控制基本规范企业