1

COBIT Framework is a control framework for IT Governance defines the reasons IT Governance is needed, the stakeholders and what it needs to accomplish. It is an international framework that integrates all of the main global IT standards. COBIT stands for; The Control OBjectives for Information related Technology. And COBIT is developed by the IT Governance Institute. COBITs Mission is to research, develop, publicize and promote an authoritative, uptodate, internationally accepted IT governance control framework for adoption by enterprises and daytoday use by business managers, IT professionals and assurance professionals COBIT's success as an increasingly internationally accepted set of guidance materials for IT governance has resulted in the creation of a growing family of publications and products designed to assist in the implementation of effective IT governance throughout an enterprise. It has been implemented by many organizations to provide an organization ensure alignment between use of Information Technology (IT) and its business goals. The framework explains how IT processes deliver the information that the business needs to achieve its objectives. This delivery is controlled through 34 high-level control objectives, one for each IT process, contained in the four domains of PO(Planning and Organization), AI(Acquisition and Implementation), DS(Delivery and Support), and ME(Monitoring and Evaluation) as the building blocks of the COBIT framework. COBIT; Improves IT efficiency and effectiveness Helps IT understand the needs of the business Puts practices in place to meet the business needs as efficiently as possible Helps executives understand and manage IT investments throughout their life cycle Provides a method to calculate whether IT services and new initiatives are meeting business requirements and are likely to deliver the benefits expected Helps to develop and document the appropriate organizational structures, processes and tools for effective management of IT Provides an authoritative, international set of generally accepted practices that helps boards of directors, executives and managers increase the value of IT and reduce related risks

COBIT and IT Governance COBIT focuses on improving IT governance in organizations. COBIT provides a framework to manage and control IT activities and supports five requirements for a control framework. Business Focus- COBIT achieves sharper business focus by aligning IT with business objectives. Primary focus is value delivery and not technical excellence. Process Orientation- When organizations implement COBIT, their focus is more process-oriented so due to this organization is able to maintain and control in periods of rapid change or crisis. General Acceptability- COBIT is a proven and globally accepted standard for increasing the contribution of IT to organizational success Regulatory Requirements- Recent corporate scandals have increased regulatory pressures on boards of directors to report their status and ensure that internal controls are appropriate this is due to regulatory requirements Common Language- Common language helps build confidence and trust so this is a main plus point of COBIT control.

Benefits of Implementing COBIT There is a clear difference between enterprises that manage their IT well and those that are not. Implementation of COBIT is a sign of a well-run enterprise, as it is a proven and internationally accepted set of tools and techniques. The benefits of implementing COBIT include: A common language for executives, business and IT staff A view, understandable to management, of what IT does A better understanding of how the business and IT can work together for successful delivery of IT initiatives Better alignment, based on a business focus Better quality IT services Improved efficiency and optimization of cost Reduced operational risk More effective management of IT Clear policy development More efficient and successful audits Clear ownership and responsibilities, based on process orientation

COBIT 5 COBIT 5 is the latest edition of globally accepted COBIT framework, and it is the only business framework for the governance and management of enterprise IT. COBIT 5 has clarified management level processes and integrated COBIT 4.1, Val IT and Risk IT content into one process reference model. It is a combination of COBIT 4.0, Val IT 2.0 and Risk IT. COBIT 5 provides a complete framework that supports enterprises to achieve their goals and deliver value through effective governance and management of enterprise IT. It helps enterprises to create best value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use. COBIT 5 enables information and related technology to be governed and managed completely for the entire enterprise. The COBIT 5 principles and enablers are generic and useful for enterprises of all sizes, whether commercial, not-for-profit or in the public sector. COBIT Principles The five COBIT 5 principles: I. II. III. IV. Meeting Stakeholder Needs Covering the Enterprise End-to-end Applying a Single Integrated Framework Enabling a Holistic Approach

V.

Separating Governance From Management

Principle 1- Meeting Stakeholder Needs Enterprises should create value for their stakeholders. Enterprises have many stakeholders, and creating value means doing something different which are different from each other. Governance is about negotiating and deciding amongst different stakeholders value interests. The governance system should consider all stakeholders when making benefit, resource and risk assessment decisions regarding the benefits, risks and the resources. Stakeholder needs have to be transformed into an enterprises actionable strategy. The COBIT 5 goals make stakeholder needs into specific goals within the enterprise, IT-related goals and enabler goals.

Principle 2- Covering the Enterprise End-to-end COBIT 5 addresses the governance and management of information and related technology from an enterprise wide, end-to-end perspective. This means that COBIT 5 adds governance of enterprise IT into enterprise governance. The governance system for enterprise IT proposed by COBIT 5 integrates effortlessly in any governance system because COBIT 5 aligns with the latest views on governance. Also that covers all functions and processes within the enterprise. COBIT 5 does not focus only on the IT function, but treats information and related technologies as assets that need to be distributed by everyone in the enterprise. Principle 3- Applying a Single Integrated Framework COBIT 5 aligns with the latest relevant other standards and frameworks used by enterprises: Enterprise: COSO, COSO ERM, ISO/IEC 9000, ISO/IEC 31000 IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, PMBOK/PRINCE2, CMMI This allows the enterprise to use COBIT 5 as the overarching governance and management framework integrator. ISACA plans a capability to facilitate COBIT user mapping of practices and activities to third-party references. Principle 4- Enabling a Holistic Approach COBIT 5 enablers are factors that, individually and collectively, influence whether something will work in the case of COBIT, governance and management over enterprise IT. And they are driven by the goals cascade. Higher-level IT-related goals define what the different enablers should achieve It is described by the COBIT 5 framework in seven categories;
1. Processes describe an organized set of practices and activities 2. Organizational structures are the key decision-making entities in an organization. 3. Culture, ethics and behavior of individuals and of the organization 4. Principles, policies and frameworks translate the desired behavior into practical guidance for day-to-

day management
5. Information is required for keeping the organization running and well governed also information is

very often the key product of the enterprise.

6. Services, infrastructure and applications include the infrastructure, technology and applications that

provide the enterprise with information technology

4 7. People, skills and competencies are linked to people and are required for successful completion of all

activities and for making correct decisions and taking corrective actions. Systemic governance and management through interconnected enablers to achieve the main objectives of the enterprise, it must always consider an interconnected set of enablers. Each enabler needs the input of other enablers to be fully effective; for example, processes need information, organizational structures need skills and behavior. And it delivers output to the benefit of other enablers; for example, processes deliver information, skills and behavior make processes efficient. Principle 5- Separating Governance From Management The COBIT 5 framework makes a clear difference between governance and management. These two elements encompass different types of activities. They also require different organizational structures and serve different purposes. In most enterprises, governance is the responsibility of the board of directors under the leadership of the chairperson. On the other hand, management is the responsibility of the executive management under the leadership of the CEO. Governance ensures that stakeholders needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives. Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives. So in conclusion we can see that COBIT 5 is a powerful tool of achieving business goals through IT governance. COBIT 5 is not inflexible, but it supports that organizations implement governance and management processes such that the key areas are covered.

ISO 9001
What is ISO 9001 2008? ISO 9001 is an international quality management standard. It is quickly becoming the most popular quality standard in the Earth. Most of organizations in over 80 countries have adopted it, & many more are in the development of doing so. Why its controls the quality? It saves capital consumers expect it, Also competitors use it. ISO 9001 is the International Organization for Standardization. It is situated in Switzerland and it was established in 1947 to increase common international standards in so many areas. Its members come from over 100 national standards bodies. ISO's idea is to make possible international trade by as long as a single set of principles that people everywhere would identify and respect. The ISO 9001 quality management standard applies to areas such as electronics, banking, publishing, and aerospace, oil and gas, shipping ISO has two kinds of quality management principles. Requirements and Guidelines. Collectively these two kinds of quality standards make up what is known as the ISO 9000 family of standards. Requirements are the formal expectations that you must meet if you wish to be officially certified or registered. They are required. Guidelines, on the other hand, are suggestions and recommendations only. They are unpaid. In the past, ISO had three sets of quality supplies: ISO 9001, ISO 9002, and ISO 9003. Though, now theres only one standard: ISO 9001 2008. ISO 9002 and 9003 have been dropped. ISO 9001 applies to all types of organizations and companys It doesn't matter what kind of size they are or what they do. It can help both manufactured goods and service leaning organizations achieve principles of quality that are accepted and respected all over the world. How does ISO 9001 2008 Work?

You make your mind up that you need to make up a quality management system that complies with the ISO 9001 requirements. That's your task you wish to follow this path since you believe the need to control or improve the worth of your goods and services, to reduce the costs associated with poor quality, or to become more competitive. Otherwise, you choose this path simply because your customers expect you to do so or because a governmental body has made it compulsory you then build up a quality management system that meets the supplies specified by ISO 9001. But how do you expand such a excellence management system? There are at least two approaches. You can also do a gap analysis or track a detailed quality management system development plan. If you've previously got a completion quality management system, we propose that you hold out a gap analysis. A gap analysis will tell you exactly what you need to do to meet the ISO 9001 standard. It will help you to make out the gaps that live among by the ISO 9001 standard and your organization's processes. Once you know where is the gaps are, you can take steps to fill up your gaps. By following this incremental come close to, you will not only accomplish with the ISO 9001 standard, but you will also improve the overall worth of your organization's excellence management system. A gap analysis will also help you to recognize how much time it will take and how much it will cost to bring your QMS into agreement with the ISO 9001 standard. However, if you don't have a quality management system or you're starting from scrape, we propose that you use an ISO 9001 process-based QMS development plan to develop your excellence management system. Once your QMS has been completely developed and implemented, you may wish to take out an internal compliance audit to make sure that it complies with the ISO 9001 supplies. Once you're sure that your QMS is fully biddable, you're ready to ask a registrar (certification body) to audit the success of your QMS. If your auditors like what they see, they will confirm that your QMS has met ISO's supplies. While ISO 9001 is specifically designed to be used for documentation purposes, you don't have to turn into certified. ISO does not require formal guarantee (registration). You can simply found a acquiescent QMS and then say to the world that it complies with the ISO 9001 standard. Of course, your observance claim may have more integrity in the marketplace if a self-regulating registrar has audited your QMS and agrees with your claim. PMBOK Guide Fifth Edition Review
PMI just released the draft version of PMBOK Guide 5th edition for review; and I had the chance to go through it. There are some changes in the new Guide, the biggest change is that they introduced 7 new processes, one new knowledge area Project Stakeholder Management, and removed 2 processes Manage Stakeholder Expectations, Report Performance , so now we have 47 processes and 10 knowledge areas, below are the new changes: Seven new processes Process Knowledge Area Process Group Plan Scope Management Scope Planning Plan Schedule Management Time Planning Plan Cost Management Cost Planning Plan Stakeholder Management Stakeholder Planning Manage Stakeholder Engagement Stakeholder Executing Control Stakeholder Engagement Stakeholder Monitor & Control Control Communication Communication Monitor & Control Project Stakeholder Management, which has four processes: o Identify Stakeholders: This process was originally in the communication management knowledge area. o Plan Stakeholder Management. o Manage Stakeholder Engagement. o Control Stakeholder Engagement. Removed process : o Manage Stakeholder Expectations o Report Performance Comparison between the 4th and 5th PMBOK Guide in terms of Knowledge Areas Knowledge 4th 5th Comments

Area Integration Scope Time Cost Quality Human Resources

6 5 6 3 3 4

6 6 New Plan Scope Management process 7 New Plan Schedule Management process 4 New Plan Cost Management process 3 4

New Control Communication process, Identify Stakeholders process moved to Stakeholder Knowledge Area, both Manage Stakeholder Expectations and Communication 5 3 Report Performance were removed. Risk 6 6 Procurement 4 4 Total new knowledge area, with 3 brand new processes, and Identify Stakeholders process which was originally within communication Knowledge Stakeholder 0 4 area 42 47 Comparison between the 4th and 5th PMBOK Guide in terms of Process Groups Process Group 4th 5th Comments Initiation 2 2 Planning 24 Added Plan Scope, Schedule, Cost, and Stakeholder Management processes Added Manage Stakeholder Engagement, removed Manage Stakeholder Executing 8 8 Expectations Added Control Stakeholder Engagement, Control Communication, removed M&C 10 11 Report Performance Closing 2 2 42 47 This is just a brief, more details are coming soon. 20