Introducing
Your new presentation assistant.
Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.
Trending searches
ACTIVITY 3 Research: COBIT Framework
4
COBIT Framework
Elvis Rene Lugo Cortes
LEARNING ACTIVITY 3 Research: COBIT Framework
Software Audit
present by:
table of contents
1.Introduction
2.Objectives
3.The COBIT Framework
4.Implementation in Mercafam
5.steps of the COBIT framework
6. conclusions
7.bibliography
Introduction
1.Introduction
The company Mercafam does not have an IT department implemented, in this presentation we seek to find the best practices offered by the COBIT framework
Objectives
2.Objectives
- Provide a single globally recognized framework of IT security and control "best practices"
- In order to provide the information that the organization requires to achieve its objectives, IT resources must be managed by a set of processes, properly grouped and normally accepted.
3.The COBIT Framework
The COBIT Framework has been limited to high-level control objectives in the form of a business need within a particular IT process, the achievement of which is enabled by a control objective, for which consideration should be given to potentially applicable controls.
4.Implementation in Mercafam
Start in the Framework with your business objectives Select from the Control Objectives, the IT control objectives and processes that are appropriate for the business. Trade from your business plan
4.Implementation in Mercafam
Implementation in Mercafam
Evaluate the procedures and results with the Audit guides Evaluate the state of the organization with the Administration Guides, identify the critical activities leading to success and measure the performance to achieve the company's objectives.
Implementation in Mercafam
Use as a guide to determine the specific business requirements, goals, and metrics for the company. If IT is to successfully deliver services in support of business strategy, there must be clear ownership and direction of the requirements by the business (the customer) and a clear understanding for IT of how and what must deliver (the supplier).
Implementation in Mercafam
These objectives, in turn, should lead to a clear definition of IT's own objectives (the IT goals), and then these in turn define the IT resources and capabilities (the enterprise architecture for IT) required to execute, accordingly. successfully shape IT's part of the business strategy. So that the client understands the goals
Implementation in Mercafam
The success of the Organization depends largely on understanding the risks and taking advantage of the benefits of IT, for this, it is necessary:
Align IT strategy with business strategy
Ensure that the entire IT strategy and goals gradually flow throughout the company
Provide organizational structures that facilitate the implementation of business goals
Create effective communications between business and IT, and with external partners
Measure IT performance.
Implementation in Mercafam
The company cannot effectively respond to these business and governance requirements without adopting and implementing a governance and control framework for IT, such that:
Aligns with business requirements
Actual performance against requirements is transparent and agile
Organize all your activities in a generally accepted process model
Identify the main resources that are needed
The control objectives that are necessary are defined
5.steps of the COBIT framework
COBIT is a reference framework that provides a process model and a common language so that everyone in the organization can visualize and manage IT activities:
Plan and Organize (PO)This domain encompasses strategy and tactics, and is concerned with identifying ways in which IT can best contribute to the achievement of the company's business objectives. The execution of the strategic vision requires planning, dissemination and management for different perspectives. An adequate organization and a corresponding technological platform are necessary. So the following questions are typically addressed in this domain.
Plan and Organize (PO)
Is IT aligned with business strategy?
Is the company using its computing resources at an optimal level?
Does everyone in the business understand the goals of IT?
Are IT risks understood and properly managed?
Is the quality of the computer systems adequate to the needs of the business?
Acquire and Implement (AI)
Acquire and Implement (AI)To materialize the IT strategy, IT solutions need to be identified, developed or acquired, as well as implemented and integrated into business processes. Additionally, every system requires changes and maintenance to ensure that during its operation it continues to satisfy the business requirements. For this domain the questions arise:
Acquire and Implement (AI)
questions
Do new projects have the potential to deliver solutions that meet business needs?
Is it feasible for the new projects to be executed according to the agreed deadlines and budgets?
Will the new systems operate properly once implemented?
Can the changes be made without jeopardizing the operation of the business?
Provide and Support (DS)
This domain has to do with the delivery of the services that are required, this includes: the provision of the service, the security and continuity management, the support to the users, the administration of the data and the management of the technological platform installations. . For this, the following questions need to be asked:
Provide and Support (DS)
questions
Are IT services being provided in accordance with business priorities?
Are IT costs optimized?
Is the workforce able to use IT systems productively and safely?
Are the confidentiality, integrity and availability of IT systems properly managed?
Monitor and Evaluate (ME)
All IT processes periodically need to be checked for quality and compliance. This domain deals with performance management, monitoring of internal controls, regulations that have to do with compliance and governance. Typical questions in this domain are:
Monitor and Evaluate (ME)
questions
Do IT performance measurement systems allow problems to be detected in time?
Does management ensure that internal controls are effective and efficient?
Can IT performance be related to business objectives?
Are risks, control, compliance and performance being measured and reported?
Maturity Model
Maturity Model This model is the one that ultimately makes it possible for the processes established by COBIT to be auditable, that is, processes that can be verified first if they are fulfilled and executed according to what the company declared – the declaration occurs when the document is published and disseminated. process- and, on the other hand, this model allows establishing the level of development that the process has in the company. For this, it defines 6 states or levels, whose generic definition is that included in the following list, however for each of the 34 processes that make up COBIT there is its own unique Matutity Model.
states of the Maturity Model
Non-existent:
a process is totally lacking. The company has not recognized the need.
Initial:
there is evidence that the company has recognized the need for the process. There is no formal process – standardized – but there are ad-hoc approaches that are applied individually or case by case. Management is disorganized.
Repeatable:
the process is at a level of development such that different people execute more or less the same procedures. There is no formal communication or training of procedures, and responsibility remains individual. There is a great dependence on the knowledge that individuals have and, therefore, there is a significant probability of error.
states of the Maturity Model
Defined:
the process is standardized, documented and disseminated through training. However, the application of the process procedures is left to the discretion of individuals and deviations in their use are unlikely to be detected. The procedures themselves are not sophisticated and correspond to the formalization of existing practices.
Managed:
it is possible to monitor and measure the conformity in the application of the process procedures and it is possible to take actions when the process is not operating properly. Processes are continually being improved. Automations and tools are available that are used in a limited or fragmented way.
Optimized:
the process has been refined to the level of best practices, based on the results of continuous improvement and mature models from other companies. IT is fully used to automate workflow, providing tools that improve quality and effectiveness, increasing the company's adaptability.
6. conclusions
COBIT is clearly a reference framework to professionalize the IT area of a company, which has its own or outsourced capabilities for the implementation of typically supported projects that it has an area of operation with several dozen servers that provide services to more than one location, and that it has maintenance and support areas. And, more importantly, Information Systems are recognized by the board of directors as a key component in the commercial success of the company and, for the same reason, that they imply risks for the business. By this I mean that if your IT area is small, COBIT can be very expensive to implement and therefore would not be justified.
7.bibliography
https://www.monografias.com/trabajos105/cobit-implantado-empresa/cobit-implantado-empresa