Find Resources and Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

Subscribe to this discussion

COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

The internal audit team of one of the biggest gaming operators in Europe implemented a cloud-based governance, risk and compliance (GRC) platform to improve the quality of its audit work papers and the productivity and collaboration with the other assurance teams (i.e., compliance, risk, security) of the company. MetricStream1 was selected as partner for this implementation. The platform provided the functionality to quickly evaluate the effectiveness and efficiency of processes, risk and controls.

For assessing the capability of IT processes and the related controls’ design and operational effectiveness, the COBIT® 5 process model was selected and uploaded to the GRC software platform processes universe. The COBIT® process model could be easily mapped to the International Organization for Standardization/International Electrotechnical Commission’s (ISO/IEC’s) ISO/IEC 27001: 2013 information security standard, which is incorporated within the WLA Security Control Standard (WLA-SCS:2016),2 a standard widely adopted by lottery companies. Therefore, using both an automated audit management system and a standardized control framework, consistent and repeatable evaluation of the organization’s IT processes’ efficiency, effectiveness, maturity and compliance readiness with the worldwide lottery industry standards could be easily achieved.



To read the rest of this article, click here.

You must sign in to rate content.
(1 ratings)

Comments

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

We will be happy to exchange views on this topic and hear from any member of the community that has implemented a similar approach in a company with an agile IT organisation or in the gaming/ entertainment industry.
MAMLively at 10/17/2017 4:17:18 AM Quote
You must sign in to rate content.
(1 ratings)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Dear members,

if you find the article interesting I encourage you to comment. Your feedback will contribute in the further development of this study.


John PanopoulosLively at 10/17/2017 7:04:52 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Hi, 

Good article, however I have a query. Which Maturity model had been used for arriving ta conclusion?  Was it PAM of COBIT 5 or any other model? 

Regards,

Sunil
Sunil BakshiSocial at 10/17/2017 9:01:32 AM Quote
You must sign in to rate content.
(1 ratings)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Sunil thank you for your comment. Regarding the model that was used it was the PAM. (we did not want to invent the wheel). Eventhough, you can use your own assesement model, we recommend to stick with PAM. Thanks.
John PanopoulosLively at 10/18/2017 2:26:22 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Thank Ioannis and Maria for sharing with us your experience. This reinforces the scope and applicability of COBIT and PAM. Your approach can be replicate for the others sectors' internationally recognized security standards. Best, Graciela
Graciela BragaEnergizer at 10/18/2017 1:38:59 PM Quote
You must sign in to rate content.
(1 ratings)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Thank you Graciela. You are right, the approach can be used in other industries also!
John PanopoulosLively at 10/19/2017 7:17:49 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Good article
Jacob Kurian AmbatEnergizer at 10/23/2017 7:27:21 PM Quote
You must sign in to rate content.
(1 ratings)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Jacob, thank you.
John PanopoulosLively at 10/24/2017 8:33:30 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

It would be nice to flesh out the details of systems capable of automated control testing. The core cost savings of arising from LEAN waste eliminations can be remarkably good. In my case, automated control testing itself has a measured ROI of 343% over 5 years and a potential 1023% ROI in perpetuity. Elements of LEAN waste eliminated include Rework and Motion. Other features include: - Automated control tests capable of collecting platform appropriate technical evidence in a consistent manner - Automatically inspected for passing/flagged/failing elements - Scored for continuous compliance dashboard uses - Preservation for human inspection - Auditor ready proofs of integrity Reducing collection and evaluation time from 40 to 60 effort hours per sample to 3 minutes per sample saves massive costs. Further, it improves the ability to completely monitor continuous compliance even if an external auditor might only be interested in samples. In the case of the PCI DSS several controls can be both automatically collected and graded for pass/fail/flag criteria. While other controls such as inspecting a network diagram or policy updates for example will remain hand done. This functions then can feed and integrate into Audit flow for LEAN waste reduction in terms larger controls and working paper flow for continuous compliance testing and periodic attestation work flows.
Don TurnbladeEnergizer at 10/24/2017 9:16:43 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

It would be nice to flesh out the details of systems capable of automated control testing. The core cost savings of arising from LEAN waste eliminations can be remarkably good. In my case, automated control testing itself has a measured ROI of 343% over 5 years and a potential 1023% ROI in perpetuity. Elements of LEAN waste eliminated include Rework and Motion. Other features include: - Automated control tests capable of collecting platform appropriate technical evidence in a consistent manner - Automatically inspected for passing/flagged/failing elements - Scored for continuous compliance dashboard uses - Preservation for human inspection - Auditor ready proofs of integrity Reducing collection and evaluation time from 40 to 60 effort hours per sample to 3 minutes per sample saves massive costs. Further, it improves the ability to completely monitor continuous compliance even if an external auditor might only be interested in samples. In the case of the PCI DSS several controls can be both automatically collected and graded for pass/fail/flag criteria. While other controls such as inspecting a network diagram or policy updates for example will remain hand done. This functions then can feed and integrate into Audit flow for LEAN waste reduction in terms larger controls and working paper flow for continuous compliance testing and periodic attestation work flows.
Don TurnbladeEnergizer at 10/24/2017 9:16:43 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Jacob, thank you.
John PanopoulosLively at 10/24/2017 8:33:30 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Good article
Jacob Kurian AmbatEnergizer at 10/23/2017 7:27:21 PM Quote
You must sign in to rate content.
(1 ratings)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Thank you Graciela. You are right, the approach can be used in other industries also!
John PanopoulosLively at 10/19/2017 7:17:49 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Thank Ioannis and Maria for sharing with us your experience. This reinforces the scope and applicability of COBIT and PAM. Your approach can be replicate for the others sectors' internationally recognized security standards. Best, Graciela
Graciela BragaEnergizer at 10/18/2017 1:38:59 PM Quote
You must sign in to rate content.
(1 ratings)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Sunil thank you for your comment. Regarding the model that was used it was the PAM. (we did not want to invent the wheel). Eventhough, you can use your own assesement model, we recommend to stick with PAM. Thanks.
John PanopoulosLively at 10/18/2017 2:26:22 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Hi, 

Good article, however I have a query. Which Maturity model had been used for arriving ta conclusion?  Was it PAM of COBIT 5 or any other model? 

Regards,

Sunil
Sunil BakshiSocial at 10/17/2017 9:01:32 AM Quote
You must sign in to rate content.
(1 ratings)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Dear members,

if you find the article interesting I encourage you to comment. Your feedback will contribute in the further development of this study.


John PanopoulosLively at 10/17/2017 7:04:52 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

We will be happy to exchange views on this topic and hear from any member of the community that has implemented a similar approach in a company with an agile IT organisation or in the gaming/ entertainment industry.
MAMLively at 10/17/2017 4:17:18 AM Quote
You must sign in to rate content.
(1 ratings)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

We will be happy to exchange views on this topic and hear from any member of the community that has implemented a similar approach in a company with an agile IT organisation or in the gaming/ entertainment industry.
MAMLively at 10/17/2017 4:17:18 AM Quote
You must sign in to rate content.
(1 ratings)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Hi, 

Good article, however I have a query. Which Maturity model had been used for arriving ta conclusion?  Was it PAM of COBIT 5 or any other model? 

Regards,

Sunil
Sunil BakshiSocial at 10/17/2017 9:01:32 AM Quote
You must sign in to rate content.
(1 ratings)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Thank Ioannis and Maria for sharing with us your experience. This reinforces the scope and applicability of COBIT and PAM. Your approach can be replicate for the others sectors' internationally recognized security standards. Best, Graciela
Graciela BragaEnergizer at 10/18/2017 1:38:59 PM Quote
You must sign in to rate content.
(1 ratings)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Good article
Jacob Kurian AmbatEnergizer at 10/23/2017 7:27:21 PM Quote
You must sign in to rate content.
(1 ratings)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Dear members,

if you find the article interesting I encourage you to comment. Your feedback will contribute in the further development of this study.


John PanopoulosLively at 10/17/2017 7:04:52 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Sunil thank you for your comment. Regarding the model that was used it was the PAM. (we did not want to invent the wheel). Eventhough, you can use your own assesement model, we recommend to stick with PAM. Thanks.
John PanopoulosLively at 10/18/2017 2:26:22 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Thank you Graciela. You are right, the approach can be used in other industries also!
John PanopoulosLively at 10/19/2017 7:17:49 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

Jacob, thank you.
John PanopoulosLively at 10/24/2017 8:33:30 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus - Using COBIT 5 to Assess IT Processes Capabilities

It would be nice to flesh out the details of systems capable of automated control testing. The core cost savings of arising from LEAN waste eliminations can be remarkably good. In my case, automated control testing itself has a measured ROI of 343% over 5 years and a potential 1023% ROI in perpetuity. Elements of LEAN waste eliminated include Rework and Motion. Other features include: - Automated control tests capable of collecting platform appropriate technical evidence in a consistent manner - Automatically inspected for passing/flagged/failing elements - Scored for continuous compliance dashboard uses - Preservation for human inspection - Auditor ready proofs of integrity Reducing collection and evaluation time from 40 to 60 effort hours per sample to 3 minutes per sample saves massive costs. Further, it improves the ability to completely monitor continuous compliance even if an external auditor might only be interested in samples. In the case of the PCI DSS several controls can be both automatically collected and graded for pass/fail/flag criteria. While other controls such as inspecting a network diagram or policy updates for example will remain hand done. This functions then can feed and integrate into Audit flow for LEAN waste reduction in terms larger controls and working paper flow for continuous compliance testing and periodic attestation work flows.
Don TurnbladeEnergizer at 10/24/2017 9:16:43 AM Quote
You must sign in to rate content.
(Unrated)

Leave a Comment

* required

You must login to leave a comment.