Find Resources and Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

Subscribe to this discussion

COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5

Join author Opeyemi Onifade as he responds to ISACA member questions beginning 2 March 2015. Add your questions by responding to this post!

You must be logged in and be a member of this group* to participate.
*After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.


The Central Bank of Nigeria issued a compliance document titled “Nigeria Financial Services IT Standards Blueprint” in May 2013.1 The blueprint, which includes time lines, is the main driver for the implementation of IT-related standards such as COBIT® 5, ISO/IEC 27001:2013, ISO/IEC 20000:2011 and ISO/IEC 22301:2012 in banks and IT service provider organizations in Nigeria today. The blueprint was developed by Accenture for the regulatory body prior to the publication of COBIT 5. The revised edition, which is in the works, will reference COBIT 5 specifically.

The implementation of these good practices is expected to result in improved operational effectiveness, uptime and availability, service quality, enterprise control and management, risk management and assurance, regulatory reporting, and business continuity.

Read the rest of the article here
You must sign in to rate content.
(Unrated)

Comments

RE: COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5

I feel this blueprint creates an unrealistic expectation that will be extremely costly and time consuming for Nigerian financial institutions to implement. The current version is actually based on COBIT 4.1 and contains considerable overlap in the standards it references.  

Is the standard being set in this blueprint not unrealistic?


peterhillEnergizer at 2/27/2015 12:56:04 PM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
OpeOnifadeLively at 3/3/2015 5:59:39 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5

@peterhill,

You observed correctly that COBIT 4.1 is referenced in the blueprint, but I can confirm to you that a revision is in the works.

It is a fact that the implementation of the blueprint has been "costly and time consuming" for the Nigerian banks. However the reality on ground as  I have observed as a local practitioner is that  the banks have accepted the challenge of compliance management and doing well with the timelines and targets. The point  of this article is to show a smart approach to addressing the "considerable overlap" in the  requirements. 

I think the right question to consider is: "what is the realistic approach to addressing the requirements in the blueprint?" I think using COBIT 5 as an integrator model helps. 
 

OpeOnifadeLively at 3/3/2015 6:01:41 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
CherilynTXLively at 3/3/2015 6:04:46 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5

Yes though this blueprint refers COBIT 4.1, companies should look forward implementing best practices of COBIT 5.0. We are working with one of Nigerian bank on assessing on various frameworks. We understand reactions that not all these frameworks are essential, but some of them would really help these banks to improve efficiency and gain business benefits. Some of these are ISO 20000, ISO 27001,CMMI, ISO 22301, TOGAF and COBIT would make more sense.
Kiran172Lively at 3/3/2015 8:00:50 AM Quote
You must sign in to rate content.
(1 ratings)

RE: COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5

Hi,

I recently came across your article and wanted to ask for a few clarifications.

The article was itself well summarized. However, I was under the impression that your article might cover some of the common integration points of both the ISO/IEC 27001:2013 and ISO/IEC 20000:2012 Management Systems.

Hence, I request your inputs and share your insight on couple of "nested" question(s).

Since both the ISO standards are normative/prescriptive in nature, in your case did you merge the 2 sets policies, procedures, etc. into one common Management System (perhaps IMS or PAS99) or did you end up maintaining 2 separate sets of (almost) mutually exclusive Management Systems under the common umbrella of COBIT 5? 

If the latter, then did you have to define a separate policy(ies), processes, etc. for GEIT/IT Governance as well? 

If yes, how did you categorize them under Governance Systems (or something similar, since they would be out of scope for Management Systems) or under ISO/IEC 38500:2015?

Apologies for sounding so brash, but this doubt has been annoying me for past couple of years, and no one has been able to give a satisfactory answer. 
Rohit BanerjeeInfluential at 8/18/2015 3:15:04 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5

Hi,

I recently came across your article and wanted to ask for a few clarifications.

The article was itself well summarized. However, I was under the impression that your article might cover some of the common integration points of both the ISO/IEC 27001:2013 and ISO/IEC 20000:2012 Management Systems.

Hence, I request your inputs and share your insight on couple of "nested" question(s).

Since both the ISO standards are normative/prescriptive in nature, in your case did you merge the 2 sets policies, procedures, etc. into one common Management System (perhaps IMS or PAS99) or did you end up maintaining 2 separate sets of (almost) mutually exclusive Management Systems under the common umbrella of COBIT 5? 

If the latter, then did you have to define a separate policy(ies), processes, etc. for GEIT/IT Governance as well? 

If yes, how did you categorize them under Governance Systems (or something similar, since they would be out of scope for Management Systems) or under ISO/IEC 38500:2015?

Apologies for sounding so brash, but this doubt has been annoying me for past couple of years, and no one has been able to give a satisfactory answer. 
Rohit BanerjeeInfluential at 8/18/2015 3:15:04 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5

Yes though this blueprint refers COBIT 4.1, companies should look forward implementing best practices of COBIT 5.0. We are working with one of Nigerian bank on assessing on various frameworks. We understand reactions that not all these frameworks are essential, but some of them would really help these banks to improve efficiency and gain business benefits. Some of these are ISO 20000, ISO 27001,CMMI, ISO 22301, TOGAF and COBIT would make more sense.
Kiran172Lively at 3/3/2015 8:00:50 AM Quote
You must sign in to rate content.
(1 ratings)

RE: COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
CherilynTXLively at 3/3/2015 6:04:46 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5

@peterhill,

You observed correctly that COBIT 4.1 is referenced in the blueprint, but I can confirm to you that a revision is in the works.

It is a fact that the implementation of the blueprint has been "costly and time consuming" for the Nigerian banks. However the reality on ground as  I have observed as a local practitioner is that  the banks have accepted the challenge of compliance management and doing well with the timelines and targets. The point  of this article is to show a smart approach to addressing the "considerable overlap" in the  requirements. 

I think the right question to consider is: "what is the realistic approach to addressing the requirements in the blueprint?" I think using COBIT 5 as an integrator model helps. 
 

OpeOnifadeLively at 3/3/2015 6:01:41 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
OpeOnifadeLively at 3/3/2015 5:59:39 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5

I feel this blueprint creates an unrealistic expectation that will be extremely costly and time consuming for Nigerian financial institutions to implement. The current version is actually based on COBIT 4.1 and contains considerable overlap in the standards it references.  

Is the standard being set in this blueprint not unrealistic?


peterhillEnergizer at 2/27/2015 12:56:04 PM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5

Yes though this blueprint refers COBIT 4.1, companies should look forward implementing best practices of COBIT 5.0. We are working with one of Nigerian bank on assessing on various frameworks. We understand reactions that not all these frameworks are essential, but some of them would really help these banks to improve efficiency and gain business benefits. Some of these are ISO 20000, ISO 27001,CMMI, ISO 22301, TOGAF and COBIT would make more sense.
Kiran172Lively at 3/3/2015 8:00:50 AM Quote
You must sign in to rate content.
(1 ratings)

RE: COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5

I feel this blueprint creates an unrealistic expectation that will be extremely costly and time consuming for Nigerian financial institutions to implement. The current version is actually based on COBIT 4.1 and contains considerable overlap in the standards it references.  

Is the standard being set in this blueprint not unrealistic?


peterhillEnergizer at 2/27/2015 12:56:04 PM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
OpeOnifadeLively at 3/3/2015 5:59:39 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5

@peterhill,

You observed correctly that COBIT 4.1 is referenced in the blueprint, but I can confirm to you that a revision is in the works.

It is a fact that the implementation of the blueprint has been "costly and time consuming" for the Nigerian banks. However the reality on ground as  I have observed as a local practitioner is that  the banks have accepted the challenge of compliance management and doing well with the timelines and targets. The point  of this article is to show a smart approach to addressing the "considerable overlap" in the  requirements. 

I think the right question to consider is: "what is the realistic approach to addressing the requirements in the blueprint?" I think using COBIT 5 as an integrator model helps. 
 

OpeOnifadeLively at 3/3/2015 6:01:41 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5

An out-of-office message containing personal information or a comment that violates community policies was deleted by the administrator.
CherilynTXLively at 3/3/2015 6:04:46 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Implementing an ISO-integrated Management System Using COBIT 5

Hi,

I recently came across your article and wanted to ask for a few clarifications.

The article was itself well summarized. However, I was under the impression that your article might cover some of the common integration points of both the ISO/IEC 27001:2013 and ISO/IEC 20000:2012 Management Systems.

Hence, I request your inputs and share your insight on couple of "nested" question(s).

Since both the ISO standards are normative/prescriptive in nature, in your case did you merge the 2 sets policies, procedures, etc. into one common Management System (perhaps IMS or PAS99) or did you end up maintaining 2 separate sets of (almost) mutually exclusive Management Systems under the common umbrella of COBIT 5? 

If the latter, then did you have to define a separate policy(ies), processes, etc. for GEIT/IT Governance as well? 

If yes, how did you categorize them under Governance Systems (or something similar, since they would be out of scope for Management Systems) or under ISO/IEC 38500:2015?

Apologies for sounding so brash, but this doubt has been annoying me for past couple of years, and no one has been able to give a satisfactory answer. 
Rohit BanerjeeInfluential at 8/18/2015 3:15:04 AM Quote
You must sign in to rate content.
(Unrated)

Leave a Comment

* required

You must login to leave a comment.