Governance and Management Objectives

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
3 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
4
Video Transcription
00:00
next. Let's talk about governance and management objectives.
00:06
So in this video we're going to talk about what our governance processes, what are management processes,
00:11
the five domains and the focus of each of these domains.
00:19
So let's talk about the governance and management objectives that air defined by co bit
00:24
objectives can be seen as a way in which to bridge the gap between technical issues, business risks
00:31
and business goals.
00:33
Essentially, it is the way in which I t can achieve enterprise goals.
00:38
There are basic concepts that we should address when talking about governance and management objectives.
00:44
This framework states that objective should always relate toe one process.
00:48
We will go over an example of how an objective will will relate to components, especially a process
00:55
related components of other types will achieve objectives. But remember again, objectives should relate toe one process with an identical or similar name.
01:04
Governance processes are the responsibility of the board of directors.
01:08
If you don't have that executive management and or senior leadership
01:14
as we talked about earlier, the governance body is the one that sets the strategic direction for I T. And how it can achieve business goals and objectives.
01:23
Management processes fall under the responsibility and accountability off. Senior and middle management is mint.
01:30
An example would be business managers, departmental heads, I t managers, etcetera.
01:38
They are ultimately held accountable for the management processes and objectives.
01:42
So remember, we've gone over the five domains of co bit.
01:46
There are four domains that management is responsible for while the governance body is responsible for one domain to evaluate, direct and monitor.
01:57
I know we've seen this multiple times, but let's go over it again.
02:00
Governance and management objectives are grouped into five different and distinct domains.
02:07
Governance objectives are grouped into the E. D m domain,
02:10
where the governing body will evaluate strategic options, direct senior management on those options and monitor the achievement of that strategy.
02:20
This distinct domain will allow the governing body to evaluate the options that are available to the organization and select a strategic direction.
02:29
From there, it will direct senior management on those options and how to achieve the aforementioned
02:34
monitoring is an important component of this domain.
02:38
Senior leaders must monitor the progress and achievement of their strategy.
02:43
If the enterprise is not able to fulfill the strategic goal, decisions must be made on how a new goal or more guidance should be given on how else to achieve that goal.
02:53
Think of this as the top where the decisions and strategic options are evaluated and decided upon and then trickled down to the rest of the enterprise.
03:04
Although there is just one domain in the governance category, it is a big one.
03:08
Some objectives within the E. D M domain include ensuring benefits, delivery, resource optimization, risk optimization, stakeholder engagement and governance framework setting and maintenance
03:23
management. Objectives include A P O, B A, I. D. S S and M E A.
03:30
A. P O will address the overall
03:31
organization. The strategy and the supporting activities that are required for I T
03:38
management will align strategic goals that were defined by the board of directors or senior leadership.
03:44
They will be in charge of aligning the organization to achieve those objectives in an efficient and effective manner.
03:51
That means that planning and organizing are necessary components to be aligned to strip thio
03:57
to be aligned to the strategic direction that is set by the governing body.
04:01
The supporting activities required for I t to fulfill and realized business goals will need to be coordinated, planned and organized in this domain.
04:13
Some objectives that fall under the A P O domain includes managing relationships, service agreements, vendors, quality risk data. Human resource is budget and costs. Innovation strategy and I t management frameworks.
04:31
B A. I includes the definition, acquisition and implementation of I T. Solutions that are integrated into business processes
04:43
from there. Once the objectives and strategic goals have been aligned with the overall strategic goals
04:48
planned and organized, the B AI domain will build and acquire and implement I t. Solutions to be integrated into business processes.
04:59
This is the part where technical solutions will be built or acquired and implemented within the enterprise to interact with processes and other components like people and information.
05:11
The subjective is fulfilling the strategic goal set by the governance objective and is a natural successor to the A p o domain.
05:19
Some objectives within the B ai domain includes managing programs,
05:24
managing knowledge, managing assets, managing projects, I t changes, organizational changes projects and I t acceptance and transitioning.
05:39
The DSS domain will support I T services and its operational delivery. This also includes security
05:46
once the I T solutions have been built or acquired and implemented. It will then be delivered within the organization.
05:53
It will service and support I t operations.
05:57
I T services sometimes require additional support and servicing, like managing security incidents or hardware problems.
06:03
Some objectives within the DSS domain includes managing operations, managing service requests and incidents, managing continuity problems, managing business process controls and managing security services.
06:19
Security is and should be a big part of your I T governance framework.
06:25
It usually falls under the DSS domain.
06:28
If you want to remain compliant with laws and regulations and be in alignment with major standards and best practices, security should be a big part of your I T governance program
06:39
supporting I T services, especially after cyber incidents will also fall under this category.
06:47
Lastly, MEA will address the the performance, monitoring and conformance of I T with internal performance targets, internal control objectives and external requirements.
07:00
Monitoring the performance and compliance of I T. With targets set by senior leadership is essential.
07:06
You don't want to spend all this time setting a strategic direction.
07:11
Aligning and organizing your IittIe resource is to the strategic goal
07:15
building and implementing these solutions and supporting and servicing I T. Assets without actually monitoring to see if you're right. Re sources are actually fulfilling your internal targets and objectives.
07:28
Additionally, you don't want to monitor. You want to monitor for any gaps that could leave you noncompliant with your I T governance plan or worse laws and regulations.
07:39
Thus, you have to monitor and evaluate and assess whether or not I t is conforming with objectives
07:46
within this domain. You can also address the performance of I T. In terms of effectiveness and efficiency, to make any improvements if need be, to minimize risk and maximize business value.
07:59
Some objectives that fall under the MEA jurisdiction include managing performance and conformance
08:05
system of internal controls, managing compliance with external requirements and managing assurance.
08:13
It's important to remember that thes governance and management directives are grouped into five domains because the governing body will have a different responsibility than management objectives.
08:24
All of the's will tie together to create an overall I T governance program in which I t remains compliant, effective, efficient and creates visible business value to an organization.
08:37
Okay, so quick pop quiz.
08:39
In what domain would you set the strategic direction of your ICT Eagles.
08:45
If you answered BDM, you are correct.
08:50
So in this video we talked about governance and management processes,
08:56
the five domains
08:58
and the emphasis of each of the five domains.
Up Next
COBIT Foundations

In this COBIT training, we discover a success story of how COBIT was enacted to support the specific organization’s IT infrastructure. We will explore how COBIT can support organizational goals and objectives.

Instructed By