Advertisement
opexxx

ISACA COBIT® 5 - Glossary (EN) Export

Sep 28th, 2015
251
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.88 KB | None | 0 0
  1. accountable party (RACI) The individual, group or entity that is ultimately responsible for a subject matter, process or scope
  2.  
  3. In a RACI chart, answers the question: Who accounts for the success of the task?
  4. accountability of governance Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against plans. In most enterprises, governance is the responsibility of the board of directors, under the leadership of the chairperson.
  5. Activity In COBIT, the main action taken to operate the process. Guidance to achieve management practices for successful governance and management of enterprise
  6. IT. Activities:
  7. - Describe a set of necessary and sufficient action-oriented implementation steps to
  8. achieve a Governance Practice or Management Practice
  9. - Consider the inputs and outputs of the process
  10. - Are based on generally accepted standards and good practices
  11. - Support establishment of clear roles and responsibilities
  12. - Are non-prescriptive and need to be adapted and developed into specific procedures appropriate for the enterprise
  13. alignment A state where the enablers of governance and management of enterprise IT support the goals and strategies of the enterprise
  14. application architecture Description of the logical grouping of capabilities that manage the objects necessary to process information and support the enterprise's objectives
  15. architecture board A group of stakeholders and experts who are accountable for guidance on enterprise architecture related matters and decisions, and for setting architectural policies and standards
  16. authentication The act of verifying the identity of a user and the user's eligibility to access computerised information
  17.  
  18. Scope Note: Assurance: Authentication is designed to protect against fraudulent logon activity.
  19. It can also refer to the verification of the correctness of a piece of data.
  20. baseline architecture The existing description of the fundamental underlying design of the components of the business system before entering a cycle of architecture review and redesign
  21. benefits realisation One of the objectives of governance. The bringing about of new benefits for the enterprise, the maintenance and extension of existing forms of benefits, and the elimination of those initiatives and assets that are not creating sufficient value.
  22. business continuity Preventing, mitigating and recovering from disruption. The terms 'business resumption planning', 'disaster recovery planning' and 'contingency planning' also may be used in this context; they focus on recovery aspects of continuity, and for that reason the 'resilience' aspect should also be taken into account.
  23. business goal The translation of the enterprise's mission from a statement of intention into performance targets and results
  24. Business process control The translation of the enterprise's mission from a statemenThe policies, procedures, practices and organisational structures designed to provide reasonable assurance that a business process will achieve its objectives of intention into performance targets and results
  25. Chargeback The redistribution of expenditures to the units within a company that gave rise to them
  26.  
  27. Scope Note: Chargeback is important because without such a policy, misleading views may be given as to the real profitability of a product or service, as certain key expenditures will be ignored or calculated according to an arbitrary formula.
  28. COBIT 1. COBIT 5: Formerly known as Control Objectives for Information and related Technology (COBIT); now used only as the acronym in its fifth iteration. A complete, internationally accepted framework for governing and managing enterprise information and technology (IT) that supports enterprise executives and management in their definition and achievement of business goals and related IT goals. COBIT describes five principles and seven enablers that support enterprises in the development, implementation, and continuous improvement and monitoring of good IT-related governance and management practices.
  29.  
  30. Scope Note: Earlier versions of COBIT focused on control objectives related to IT processes, management and control of IT processes and IT governance aspects.
  31.  
  32. Adoption and use of the COBIT framework are supported by guidance from a growing family of supporting products. (See www.isaca.org/cobit for more information.)
  33.  
  34. 2. COBIT 4.1 and earlier: Formerly known as Control Objectives for Information and related Technology (COBIT). A complete, internationally accepted process framework for IT that supports business and IT executives and management in their definition and achievement of business goals and related IT goals by providing a comprehensive IT governance, management, control and assurance model. COBIT describes IT processes and associated control objectives, management guidelines (activities, accountabilities, responsibilities and performance metrics) and maturity
  35. code of ethics A document designed to influence individual and organisational behaviour of employees by defining organisational values and the rules to be applied in certain situations. It is adopted to assist those in the enterprise called upon to make decisions understand the difference between 'right' and 'wrong' and to apply this understanding to their decisions.
  36. competence The ability to perform a specific task, action or function successfully
  37. consulted party (RACI) Refers to those people whose opinions are sought on an activity (two-way communication)
  38.  
  39. In a RACI chart, answers the question: Who is providing input?
  40.  
  41. Key roles that provide input. Note that it is up to the accountable and responsible roles to obtain information from other units or external partners, too; however, inputs from the roles listed are to be considered and, if required, appropriate action has to be taken for escalation, including the information of the process owner and/or the steering committee
  42. context The overall set of internal and external factors that might influence or determine how an enterprise, entity, process or individual acts Scope Note: Context includes:
  43. - Technology context - Technological factors that affect organization's ability to extract value from data
  44. - Data context - Data accuracy, availability, currency and quality
  45. - Skills and knowledge - General experience, and analytical, technical and business skills
  46. - Organization and cultural context - Political factors, and whether the organisation prefers data to intuition - Strategic context - Strategical objectives of the enterprise
  47. control The means of managing risk, including policies, procedures, guidelines, practices or organisational structures, which can be of an administrative, technical, management or legal nature. Also used as a synonym for safeguard or countermeasure.
  48. culture A pattern of behaviours, beliefs, assumptions, attitudes and ways of doing things
  49. driver External and internal factors that initiate and affect how an enterprise or individuals act or change
  50. enterprise goal See Business goal
  51. enterprise governance A set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risk is managed appropriately and verifying that the enterprise's resources are used responsibly. It could also mean a governance view focussing on the overall enterprise; the highest-level view of governance to which all others must align.
  52. full economic life cycle A period of time during which material business benefits are expected to arise from, and/or during which material expenditures (including investments, running and retirement costs) are expected to be incurred by, an investment programme
  53. good practice A proven activity or process that has been successfully used by multiple enterprises and has been shown to produce reliable results
  54. governance The framework, principles and policies, structures, processes and practices, information, skills, culture, ethics, and behaviour to set direction and monitor compliance and performance of the enterprise aligned with the overall purpose and defined objectives. Governance defines accountability, responsibility and decision making (among other elements).
  55. governance/management practice For each COBIT process, the governance and management practices provide a complete set of high-level requirements for effective and practical governance and management of enterprise IT. They are statements of actions from governance bodies and management.
  56. governance enabler Something (tangible or intangible) that assists in the realization of effective governance
  57. governance framework A framework is a basic conceptual structure used to solve or address complex issues; an enabler of governance; a set of concepts, assumptions and practices that define how something can be approached or understood, the relationships amongst the entities involved, the roles of those involved, and the boundaries (what is and is not included in the governance system).
  58.  
  59. Examples: COBIT and COSO's Internal Control—Integrated Framework
  60. governance of enterprise IT An asset that, like other important business assets, is essential to an enterprise's business. It can exist in many forms: printed or written on paper, stored electronically, transmitted by post or electronically, shown on films, or spoken in conversation.
  61. information An asset that, like other important business assets, is essential to an enterprise's business. It can exist in many forms: printed or written on paper, stored electronically, transmitted by post or electronically, shown on films, or spoken in conversation.
  62. informed party (RACI) Refers to those people who are kept up to date on the progress of an activity (one-way communication)
  63.  
  64. In a RACI chart, answers the question: Who is receiving information?
  65.  
  66. Roles who are informed of the achievements and/or deliverables of the task. To role in 'accountable', of course, should always receive appropriate information to oversee the task, as do the responsible roles for their area of interest.
  67. inputs and outputs The process work products/artefacts considered necessary to support operation of the process.
  68.  
  69. They enable key decisions, provide a record and audit trail of process activities, and enable follow-up in the event of an incident. They are defined at the key management practice level, may include some work products used only within the process and are often essential inputs to other processes. The illustrative COBIT 5 inputs and outputs should not be regarded as an exhaustive list since additional information flows could be defined depending on a particular enterprise's environment and process framework.
  70. investment portfolio The collection of investments being considered and/or being made
  71. IT application Electronic functionality that constitutes parts of business processes undertaken by, or with the assistance of, IT
  72. IT goal A statement describing a desired outcome of enterprise IT in support of enterprise goals. An outcome can be an artefact, a significant change of a state or a significant capability improvement.
  73. IT service The day-to-day provision to customers of IT infrastructure and applications and support for their use. Examples include service desk, equipment supply and moves, and security authorisations.
  74. management Entails the judicious use of means (resources, people, processes, practices, etc.) to achieve an identified end. It is a means or instrument by which the governance body achieves a result or objective. Management is responsible for execution within the direction set by the governance body. Management is about planning, building, organising and controlling operational activities to align with the direction set by the governance body, and reporting back on these activities.
  75. model A way to describe a given set of components and how those components relate to each other to describe the main workings of an object, system, or concept
  76. objective Statement of a desired outcome
  77. organisational structure An enabler of governance and of management. Includes the enterprise and its structures, hierarchies and dependencies.
  78.  
  79. Example: Steering committee
  80. output See Inputs and outputs
  81. owner Individual or group that holds or possesses the rights of and the responsibilities for an enterprise, entity or asset, e.g., process owner, system owner
  82. policy Overall intention and direction as formally expressed by management
  83. principle An enabler of governance and of management. Comprises the values and fundamental assumptions held by the enterprise, the beliefs that guide and put boundaries around the enterprise's decision making, communication within and outside the enterprise, and stewardship - caring for assets owned by another.
  84.  
  85. Example: Ethics charter, social responsibility charter
  86. process Generally, a collection of practices influenced by the enterprise's policies and procedures that takes inputs from a number of sources (including other processes), manipulates the inputs and produces outputs (e.g., products, services)
  87.  
  88. Scope note: Processes have clear business reasons for existing, accountable owners, clear roles and responsibilities around the execution of the process, and the means to measure performance.
  89. process (capability) attribute ISO/IEC 15504: A measurable characteristic of process capability applicable to any process
  90. process capability ISO/IEC 15504: A characterization of the ability of a process to meet current or projected business goals
  91. process goal A statement describing the desired outcome of a process. An outcome can be an artefact, a significant change of a state or a significant capability improvement of other processes.
  92. programme and project management office (PMO) The function responsible for supporting programme and project managers, and gathering, assessing and reporting information about the conduct of their programmes and constituent projects
  93. quality Being fit for purpose (achieving intended value)
  94. RACI chart Illustrates who is responsible, accountable, consulted and informed within an organisational framework
  95. resource Any enterprise asset that can help the organisation achieve its objectives
  96. resource optimisation One of the governance objectives. Involves effective, efficient and responsible use of all resources - human, financial, equipment, facilities, etc.
  97. responsible party (RACI) Refers to the person who must ensure that activities are completed successfully In a RACI chart, answers the question: Who is getting the task done? Roles taking the main operational stake in fulfilling the activity listed and creating the intended outcome
  98. risk The combination of the probability of an event and its consequence (ISO/IEC 73)
  99. risk management One of the governance objectives. Entails recognising risk; assessing the impact and likelihood of that risk; and developing strategies, such as avoiding the risk, reducing the negative effect of the risk and/or transferring the risk, to manage it within the context of the enterprise's risk appetite.
  100. service catalogue Structured information on all IT services available to customers
  101. services See IT service
  102. skill The learned capacity to achieve predetermined results
  103. stakeholder Anyone who has a responsibility for, an expectation from or some other interest in the enterprise - e.g., shareholders, users, government, suppliers, customers and the public
  104. system of internal control The policies, standards, plans and procedures, and organisational structures designed to provide reasonable assurance that enterprise objectives will be achieved and undesired events will be prevented or detected and corrected
  105. value creation The main governance objective of an enterprise, achieved when the three underlying objectives (benefits realisation, risk optimisation and resource optimisation) are all balanced
  106.  
  107. Using Quizlet Help Mobile Students Teachers Upgrades
  108.  
  109. About Quizlet Company Jobs Privacy Terms Contact
  110.  
  111. Study Everywhere! © 2015 Quizlet Inc. Follow @quizlet on Twitter.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement