Scribd
Upload
1K views65 pages

Cobit Guide

This document discusses Cobit 2019 and compares it to Cobit 5. It outlines typical pain points organizations experience with enterprise governance of IT, such as failed initiatives, security breaches, and regulatory non-compliance. It also lists trigger events that often prompt organizations to improve their IT governance. The rest of the document focuses on comparing Cobit 5 to Cobit 2019, outlining 11 design factors to consider when implementing Cobit 2019, such as enterprise strategy, goals, risks, issues, threats, compliance, sourcing models, and technology adoption. It provides resources to learn more about Cobit 2019 and its focus areas.

Uploaded by

hoanthanhhai
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
Download as pdf or txt
1K views65 pages

Cobit Guide

This document discusses Cobit 2019 and compares it to Cobit 5. It outlines typical pain points organizations experience with enterprise governance of IT, such as failed initiatives, security breaches, and regulatory non-compliance. It also lists trigger events that often prompt organizations to improve their IT governance. The rest of the document focuses on comparing Cobit 5 to Cobit 2019, outlining 11 design factors to consider when implementing Cobit 2019, such as enterprise strategy, goals, risks, issues, threats, compliance, sourcing models, and technology adoption. It provides resources to learn more about Cobit 2019 and its focus areas.

Uploaded by

hoanthanhhai
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
Download as pdf or txt
Download as pdf or txt
You are on page 1/ 65

Cobit 2019

Somchai Patviboon
CISA,CISM,CRISC,CGEIT,CSX fundamental
Axl_best@Hotmail.com
Enterprise governance of information and technology (EGIT)

Cobit 2019
www.isaca.org
Sustaining the Governance System
Typical Pain Points
• Frustration between different IT entities across the organization because
of a perception of low contribution to business value
• Frustration between business departments (i.e., the IT customer) and the
IT department because of failed initiatives or a perception of low
contribution to business value
• Significant I&T-related incidents, such as data loss, security breaches,
project failure, application errors,linked to IT
• Service delivery problems by the IT outsourcer(s)
• Failure to meet IT-related regulatory or contractual requirement
• Regular audit findings or other assessment reports about poor IT
performance or reported IT quality or service problems
• Substantial hidden and rogue IT spending
• Duplications between various initiatives, or other forms of wasted resources
• Insufficient IT resources, staff with inadequate skills and staff burnout/dissatisfaction
• IT-enabled changes or projects frequently failing to meet business needs and delivered
late or over budget
• Multiple and complex IT assurance efforts
• Reluctance of board members, executives or senior management to engage with IT, or
lack of committed business sponsors for IT
• Complex IT operating model and/or unclear decision mechanisms for IT-related
decisions
• Excessively high cost of IT
• Obstructed or failed implementation of new initiatives or innovations caused by the
current IT architecture and systems
• High level of end-user computing, creating (among other issues) a lack of
oversight and quality control over the applications that are being
developed and put in operation
• Business departments implementing their own information solutions with
little or no involvement of the enterprise IT department
• Ignorance of and/or noncompliance with security and privacy regulations
• Inability to exploit new technologies or innovate using I&T
• Regular issues with data quality and integration of data across various
sources
• Gap between business and technical knowledge
Trigger events
• Merger, acquisition or divestiture
• Shifts in the market, economy or competitive position
• Changes in business operating model or sourcing arrangements
• New regulatory or compliance requirements
• Significant technology change or paradigm shifts
• Enterprise wide governance focus or project
• External audit or consultant assessments
• New business strategy or priority
• Desire to significantly improve the value gained from I&T
Cobit 5 vs Cobit 2019 Comparation

Cobit 5
Cobit 5
Cobit 5
Cobit 5
Cobit 5
Cobit 5
bit 5
Cobit
5
Cobit 5
Cobit 5
Cobit 5
B. Component: Organizational Structures

Cobit 5
C. Component: Information Flows and Items

Cobit 5
Cobit 5
Cobit 5
Cobit 5
11 Factors
Focus Areas
• Examples of focus areas include small and medium enterprises,
cybersecurity, digital transformation, cloud computing, privacy, and
DevOps
• A number of focus area content guides are in preparation, and the set
will continue to evolve. For the latest information on currently
available and pending publications and other content, please visit
www.isaca.org/cobit.
11 Factors
Factor 1 - Enterprise Strategy
Factor 2 -Understand Enterprise Goals
Factor 3- Understand the Risk Profile
Factor 4- Understand Current I&T-Related Issues
Factor 5- Threat Landscape
Consider the Threat Landscape (Design Factor 5)
Factor 6 – Compliance Requirements
Factor 7- Role of IT
Factor 8 - the Sourcing Model for IT
Factor 9 IT Implementation Methods
Factor 10 Technology Adoption Strategy
Factor 11 Enterprise Size

13

At the time of publication of the COBIT® 2019 Design Guide: Designing an Information
26

and Technology Governance Solution, the small and medium


enterprise focus area content was in development and not yet released.
http://www.isaca.org/COBIT/Pages/COBIT-2019-Design-Guide.aspx
Enterprise Strategy (Design Factor 1)

You might also like