Sunday, October 13, 2013

IT Governance - COBIT 5 version - S1E7 - Principle 5: Separating Governance From Management

Governance and Management:

The COBIT 5 framework makes a clear distinction between governance and management. These two disciplines encompass different types of activities, require different organisational structures and serve different purposes. The COBIT 5 view on this key distinction between governance and management is:

Governance: ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives.In most enterprises, governance is the responsibility of the board of directors under the leadership of the chairperson.

Management: Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives.In most enterprises, management is the responsibility of the executive management under the leadership of the CEO.


Interaction Between Governance and Management:

From the definitions of governance and management, it is clear that they comprise different types of activities, with different responsibilities; however, given the role of governance—to evaluate, direct and monitor—a set of interactions is required between governance and management to result in an efficient and effective governance system. 


















COBIT 5 Process Reference Model:

COBIT 5 is not prescriptive, but it advocates that enterprises implement governance and management processes such that the key areas are covered.

An enterprise can organize its processes as it sees fit, as long as all necessary governance and management objectives are covered. Smaller enterprises may have fewer processes; larger and more complex enterprises may have many processes, all to cover the same objectives.






















COBIT 5 includes a process reference model, which defines and describes in detail a number of governance and management processes. It represents all of the processes normally found in an enterprise relating to IT activities, providing a common reference model understandable to operational IT and business managers. The proposed process model is a complete, comprehensive model, but it is not the only possible process model. Each enterprise must define its own process set, taking into account its specific situation.

Incorporating an operational model and a common language for all parts of the enterprise involved in IT activities is one of the most important and critical steps towards good governance. It also provides a framework for measuring and monitoring IT performance, providing IT assurance, communicating with service providers, and integrating best management practices.

The COBIT 5 process reference model divides the governance and management processes of enterprise IT into two main process domains:
Governance—Contains five governance processes; within each process, evaluate, direct and monitor (EDMpractices are defined.
Management—Contains four domains, in line with the responsibility areas of plan, build, run and monitor (PBRM), and provides end-to-end coverage of IT. These domains are an evolution of the COBIT 4.1 domain and process structure. The names of the domains are chosen in line with these main area designations, but contain more verbs to describe them:
– Align, Plan and Organise (APO)
– Build, Acquire and Implement (BAI)
– Deliver, Service and Support (DSS)
– Monitor, Evaluate and Assess (MEA)

Each domain contains a number of processes. Although, as described previously, most of the processes require ‘planning’, ‘implementation’, ‘execution’ and ‘monitoring’ activities within the process or within the specific issue being addressed (e.g., quality, security), they are placed in domains in line with what is generally the most relevant area of activity when looking at IT at the enterprise level.The COBIT 5 process reference model is the successor of the COBIT 4.1 process model, with the Risk IT and Val IT process models integrated as well.




No comments:

Post a Comment