COBIT and ITIL

WIKI

Carlos Andres Perez Cuello

MATEO ARENAS RIVERA
JOSE EDUARDO HERNANDEZ POLANCO

SANDRA MILENA BERNATE BAUTISTA

UNIVERSITY FOUNDATION OF THE ANDIA AREA

SYSTEMS ENGINEERING 8th SEMESTER
GOVERNMENT OF YOU
VALLEDUPAR
2019
INTRODUCTION
This work consists of a deepening of topics such as: the
IT resource optimization, the COBIT architecture, service strategy under
ITIL, among other topics that will be addressed, in order to investigate or expand the
knowledge about these tools and the use they have within a
organization and within universities.
IT GOVERNMENT

http://www.execyl.es/execyl/8612/

CONCEPT AND IMPORTANCE

The IT governance is the structure of relationships and processes that is found in the
scope of directing and controlling the achievements and objectives that a intends
organization, this is obtained by adding value, while achieving a balance
between the risk and the environment regarding IT and all its processes, on the other hand the
IT governance helps companies by providing them with ease in
maximum utilization of your information, of its benefits, capitalizing on all
their opportunities to achieve competitive advantages and among other things be able to
align IT governance with a broad corporate governance that includes the board
and the objective administration in order to provide leadership and structures
organizational necessary to be able to demonstrate good management and control
in the process, for information technology to succeed in performance
in their processes it is necessary to take into account the following: the optimal investment,
utilization and allocation of IT resources (people, applications, technology,
facilities, data), in the service of the needs of each one of the
companies.

MAIN AREAS OF IT GOVERNMENT

The IT government is divided into 5 important areas which are:

 http://11041446.blogspot.es/1446092926/essay-govern-yourself/

Next, a brief explanation of these 5 areas will be provided.

IT governance:
Strategic Alignment: IT governance ensures that both the processes of
businesses like those ofinformation technology work together.
Risk Management: IT governance enables the company to visualize
widely thepossible business risksand provides forms of
minimize them.
Value Delivery: key benefit of IT governance, ensuring that the sector
the information technology to be as efficient and effective as possible.
Resource Management: in this case, the role of the IT government is
ensure that the management of the company's human and technological resources
be as optimized as possible.
Performance Measurement: through the use of indicators that go much further
beyond financial criteria, IT Governance ensures measurement and the
accurate assessment of business results.

GOVERNMENT IT TOOLS
 Unable to access the content of the provided URL.
define-how-to-improve-it/

On the other hand, IT governance helps us to be aware of the status of the

resources and IT processes through the use of metrics, for this it makes use of the
following tools:
Key Performance Indicator.
CMM (Process Assessment Model).
BSC (Balanced Scorecard).
Each of these tools allows us to evaluate how things are being carried out.
each process, that all actions to be taken are measured and well verified,
that manage organizational performance and help to focus on all the
company objectives not only financial, but also in processes, clients and in
the growth and learning of the company, therefore, these are based on the
models that cover the following centuries:
DEFINE: establish the purposes and objectives of the model.
MEASURE: Identify and establish baseline levels for the different levels.
ANALYZE: evaluate the data and information obtained from the events.
improve: implement, develop and evaluate solutions.
CONTROL: ensure that problems are identified, and that the new ones
methods can be applied.
these tools have additional purposes, such as helping to
communication and self-assessment; in risk monitoring; in evaluating quality
of software development and in defining the scope of the audit and management.
Among these tools, the most widely used in our field are:
COBIT
oriented to respond to specific aspects.
COBIT

It is the acronym for defining Control Objectives for Information and related Technology
(Control Objectives for information and technology related), which is a
framework created by ISACA (Information Systems Audit and Control
Association (Association for Control and Audit of Information Systems) for the
management of IT and IT Governance. It is a set of support tools that
allows the management of organizations to close the gap between the
control requirements, technical problems, and business risks.

This framework provides good practices and presents activities for IT Governance.
in a manageable and logical structure. The good practices of COBIT bring together the
consensus of experts, who will help optimize the investment in IT and
they will provide a measurement mechanism that will allow judging when the
activities are going down the wrong path.

The mission of COBIT is to research, develop, publish, and promote a set

of generally accepted control objectives, authorized, updated by
ISACA to be used in daily business management,
IT and security professionals.

Another key concept of COBIT is the systematic determination and improvement of the
maturity of the process, which has 6 levels (0 to 5) to measure the level of maturity
of the IT processes:

Nonexistent - There is no information or knowledge about the

IT governance
Initial / ad hoc - In the process there are undefined tasks, but there is trust.
in the initiative
Repeatable but intuitive - The process has quality personnel and
defined tasks
Defined - Defined and institutionalized process, has policy,
established standards and procedures
Manageable and measurable - The process has complete control structures.
and performance analysis.
Optimized - the processes have been refined to the best level.
practice, based on the results of continuous improvement and design of the
maturity with other organizations.

COBIT 5

It is based on COBIT 4.1, and in turn expands it by integrating other

important frameworks and standards such as Val IT and Risk IT, Information Technology
Infrastructure Library (ITIL) and the related ISO standards in this standard. Provides
of a comprehensive framework that helps companies achieve their objectives
for the government and management of corporate IT. Helps organizations to
create optimal value from IT, generating benefits, optimizing resources and
minimizing risk levels. It aligns with other standards and frameworks of
relevant references 55 and, therefore, allows the company to use COBIT 5 as the
general management and governance integrating framework. It is comprehensive regarding
company coverage, providing a basis for effective integration
other frameworks, standards, and practices used.

A unique general framework serves as a consistent and integrated source of guidance in

a common language, non-technical and technologically agnostic.

Allows IT to be governed and managed in a holistic way for the entire

company, covering the entire business from start to finish and the functional areas
of IT responsibility, considering the IT-related interests of the
internal and external stakeholders. This framework is generic and useful for
companies of all sizes. The COBIT V5 framework contains 5
principles and 7 enablers.

In the process reference model focused on COBIT 5, the processes of

government and management are divided into process domains among which
They are located:

BUSINESS GOVERNANCE PROCESSES

The Domain contains 5 governance processes in which practices are defined.
EDM - [Evaluate, Direct and Monitor].

EVALUATE, GUIDE AND SUPERVISE [EDM]:

EDM01 - Ensure the establishment and maintenance of the framework of

government reference
Check the requirements for IT governance

EDM02 - Ensure the Delivery of Benefits

Policies for proper IT investment are established.

EDM03 - Ensure Risk Optimization

It is verified that the risk related to IT is determined and
managed.

EDM04 - Ensure Resource Optimization

It is verified that the resources (People, Processes, and technology) exist and are
available to meet the company's objectives.

EDM05 - Ensure Transparency towards Stakeholders

Stakeholders must be aware of the decisions made by
the managers and the necessary corrective actions.

PROCESSES FOR BUSINESS IT MANAGEMENT

It is composed of 13 processes that contribute to the

optimal construction of business objectives and in the direction for delivery
of solutions and services.

ALIGN, PLAN AND ORGANIZE

]

APO01 Manage the IT Management Framework

It aims to preserve the corporate mission and vision of IT focused
to the strategic alignment.

APO02 Manage the Strategy

The business must be understood in its entirety by identifying the options.
strategic IT.

APO03 Manage Corporate Architecture

Define the components (Business processes, data, applications) in order to
that strategies are developed for the company and IT.

APO04 Manage Innovation

Verify the innovation opportunities with existing or new technology.

APO05 Manage the Portfolio

The service portfolio consists of proposals based on the objectives.
strategic for investment and resources.

APO06 Manage the Budget and Costs

It is analyzed how much will be paid if a service is chosen.

APO07 Manage Human Resources

The staff, the required skills, and the needs of each is defined.
job position.

APO08 Manage Relationships

Mutual relationship between the internal and external client of the organization.

APO09 Manage Service Contracts

The supplier that best suits the organization is chosen.

APO10 Manage the Suppliers

Selection of suppliers, management of relationships, performance review.
APO11 Manage Quality
Requirements, standards, alignments to meet the needs of the
organization.

APO12 Manage Risks

Identify and reduce IT-related risks.

APO13 Manage Security

How will the information be safeguarded, what measures will be taken.

BUILD, ACQUIRE AND IMPLEMENT

IMPLEMENT) [BAI].

BAI01 Manage Programs and Projects

the projects are selected for execution through a
planning schedule.

BAI02 Manage Requirements Definition

It must be verified that the requirements are well defined before proceeding.
be in line with the organization.

BAI03 Manage the Identification and Construction of Solutions

Application of the continuous improvement of the service that is being implemented.

BAI04 Manage Availability and Capacity

The availability of suppliers and raw materials is verified when
they need.

BAI05 Manage the Change Enablement

It should be communicated to the entire organization through a channel of
communication that will present a change or a new service.

BAI06 Manage Changes

The documentation for the new service is being prepared.

BAI07 Manage Change and Transition Acceptance

The implementation of the service is verified with the involved personnel.

BAI08 Manage Knowledge

It is verified that all parties involved are informed of the service.

BAI09 Manage the Assets

It is verified that the appropriate technologies are available for implementation.
of the service.

BAI10 Manage Configuration

The structure for the implementation of the service is defined.
DELIVER AND PROVIDE SERVICE AND SUPPORT
SUPPORT) [ DSS ]

DSS01 Manage Operations

All activities included in the service are managed.

DSS02 Manage Service Requests and Incidents

When using a service, inconveniences may arise that must be addressed.
manage through the help desk.

DSS03 Manage Problems

The problem is something that happens once, if it occurs again it is an incident.
It is already known how to solve it.

DSS04 Manage Continuity

The problem in the help desk is classified by levels in order to indicate the
state and who is in charge of the incident.

DSS05 Manage Security Services

The roles of the staff, the service, and the responsibility that is handled.
performing in an organization.

DSS06 Manage Controls in Business Processes

Supervise the proper functioning of the service.

SUPERVISE, EVALUATE AND VALUE

ASSESS) [ MEA ]

MEA01 Monitor, Evaluate and Assess Performance and Compliance

It is responsible for evaluating results according to the objectives of
business.

MEA02 Monitor, Evaluate, and Assess the Internal Control System

Evaluate each stage of the service; if a failure occurs, apply improvement.
continue.

MEA03 Monitor, Evaluate, and Assess Compliance with Requirements

External
Each process must comply with established rules and laws.

WEB TO PERFORM COBIT 5 SIMULATION

Unable to access the provided URL.

5.html
Unable to access external links.

Unable to access external content or links.

WEB OF ENTITIES FOR TRAINING AND COBIT CERTIFICATION

Unable to process the URL provided. Please provide the text to be translated.
foundations/?gclid=EAIaIQobChMI2bLilp6j4QIVhIjICh0WRAuLEAAYASAAEgI
00PD_BwE

Unable to access content from the provided URL.

Unable to access or translate content from the provided URL.

Invalid request. Please provide text for translation.

Invalid input; unable to translate URLs.

ITIL

ITIL (IT Infrastructure Library) is the process management framework.

IT Services that provide a set of best practices collected by
the British Government Trade Office and which describes the processes
necessary to manage the IT department effectively in order to optimize
benefits and ensure the integration of services in the value chain of the
business units.
ITIL is a registered trademark of the Government Commercial Office.
Government Commerce, OGC) in 2001 the CCTA was integrated into the OGC.
December 2005, the OGC issued a notice of an update known as ITIL
v3, which was scheduled to be released at the end of 2006; one of the
Benefits of ITIL in its new update is a glossary of terms
precisely defined.
The main objective is to provide value to the customer and the business in the form of services.
of IT using different tools, steps, and a defined structure for the
implementation. ITIL is a guide that provides the organization with how to use IT.
as a tool to facilitate change in the business, transformation and
growth, "is divided into 5 main areas which provide a scope
professional and systematic for IT services, enabling organizations
provide appropriate services, constantly ensure they are achieving
the business goals and obtaining profits.

ITIL Lifecycle

Service strategy - Service design - Service implementation and transition

- Service operation - Continuous monitoring and improvement of the service statistically
There is time loss in each IT project: Operation phase: 70-80% time
and cost. Development phase: 30-20% acquisition. Based on this statistic it is
fundamental that in every IT project the processes of IT Service Management
be effective and efficient, "this applies to any type of organization, large
either small, public or private, with centralized or decentralized IT services, with
internal IT services or provided by third parties.

ADVANTAGES AND BENEFITS

When implementing ITIL as a best practice in organizations, the goal is to seek the
following advantages and/or benefits:

Improve IT services
 Improve customer satisfaction through more professional service

Improve productivity

Reduce costs

Improve the use of skills and experiences

Improve the delivery of third-party services

Align projects with business needs

Through the ITIL methodology, roles, tasks, and responsibilities are assigned.
that can be adapted to any IT organization, "the goal of this improvement
practice is to have better communication and management in the organization of
TI. Provides the necessary elements to determine improvement objectives and
goals that help the organization to mature and grow.
In order to become an expert in ITIL implementation, it is necessary to cover the
following steps or certification processes, there are four levels within this
- Fundamentals (Foundation Level) - Intermediate (Lifecycle Stream &
Capability Stream) - ITIL Diploma - Advanced (Advanced Service Management
Professional Diploma.

THE IMPLEMENTATION OF ITIL

It is becoming increasingly common, many organizations are opting to certify their

staff in the implementation of this practice are concerned about training,
updates, courses, diplomas, conferences in order to improve quality
of its Service Management. Some of the organizations that have
implemented are:

. High technology: Microsoft, HP, Fujitsu, IBM;

. Distributors: Target, Walmart and Staples;

. Financial Organizations: Citi, Bank of America, Barclay’s

Bank

. Entertainment: Sony, Disney;

. Manufacturing: Boeing, Toyota, Bombardier;

. Compañías de Ciencias: Eli Lilly, Pfizer, Takeda

Pharmaceuticals.
AREAS OF KNOWLEDGE OF ITIL V3

Through ITIL, the aim is to improve the quality of IT Service Management.

The ITIL v3 standard consists of five publications for Management
IT Services "The framework of best practices in IT Service Management represents
a complete set of organizations, tools, education services and
consulting, related frameworks, and publications. Currently
many organizations, certified individuals, working groups, and others
participants are cooperating to promote and improve the ITIL standard in order to
to have a better quality in IT Service Management.

ITIL Certifications

The ITIL qualification standards are managed by the ITIL Certification

Management Board (ICMB) that brings together OGC, itSMF International, and the two
Existing Exam Institutes: Examination Institute for Information Technology (EXIN,
Dutch institution) and Information Systems Examination Board (ISEB, United Kingdom
United). There are three levels of ITIL certification for professionals:

Basic Certificate (Foundation Certificate): certifies a basic knowledge of ITIL

in IT service management and understanding of the
ITIL-specific terminology. It is intended for those who wish to
know the good practices specified in ITIL.

Certificate of Responsibility (Practitioner's Certificate): intended for those who have

responsibility in the design of departmental management processes
information technologies and in the planning of associated activities
the processes.

Manager's Certificate: guarantees that the holder

has deep knowledge in all subjects related to the
management of information technology departments, and it enables
to guide the implementation of ITIL-based solutions. ITIL stands for the framework
best practices in IT Service Management represents a complete set
of organizations, tools, education and consulting services, frameworks of
related work, and publications.

REQUIREMENTS FOR CERTIFICATION

To be accredited in ITIL, all organizations must meet the

following requirements:
All organizations awaiting accreditation can opt for licensed materials.
trainers and/or an MQS from another Organization to be accredited for the purpose of
meet the accreditation requirements and the needs of their clients. In
in these cases, the organization designated by APM Limited Group needs
ensure that the licensing aspects meet the global evaluation criteria.

When an organization to be accredited chooses the training of another

organization to be accredited, the training can only be carried out within
from the parameters in which said organization is certified.

Accrediting organizations can have Affiliates to conduct courses on

training in certain regions, territories or markets. The affiliates are
obliged to sign an intellectual property license and may be subject to
review by the institution designated by APM Group Limited as
part of the certification audit process.

All affiliated training institutions must be advised by the

organization designated by APM Group Limited.

WEB TO CONDUCT ITIL SIMULATION

Unable to access the content of the provided URL.

Invalid input or request. Please provide text for translation.

strategy.html

The provided text is a URL and does not contain translatable content.
n_exam_questions.PDF

The provided link does not contain any translatable text.

paper_C_201608_V2.1.PDF

Unable to access the content of the link provided.

WEB FOR ITIL V3 TRAINING AND CERTIFICATION

The provided text is a URL and does not contain translatable content.

Unable to process the request. The provided text is a URL and does not contain translatable content.

https://www.meetup.com/en/ITIL-Certification-ITIL-Foundation-V3/

Invalid input, unable to translate URL.

BIBLIOGRAPHY

Periñán, I. L. M., & Villegas, G. U. (2011). IT Governance - State of the Art. Systems
& Telematics, 9(17), 23-53.

Estébanes, E. M., & Cano, J. C. G. (2011). Governing yourself through Cobit 4.1 and
expected changes in Cobit 5.0. Ecorfan Journal, 2(5), 109-131.

Pérez, D. (2018). From Administration to IT Governance. Systems Journal, (96),

65-72.

http://cobitmmatiasc.blogspot.com/2017/03/domains-and-processes-of-
The provided text does not contain any content for translation.

http://cobitzd.blogspot.com/2017/03/domains.html

Unable to access external content or links.

Invalid input. Please provide text for translation.

Invalid request. No text provided for translation.

proposal-training-itil-v3-semi-presential.pdf

Unable to access the content of the provided URL.