Are you looking for an overarching IT framework that is compatible with other IT standards and approaches? Do you need help in building the business case to justify investments in IT service management and IT governance? Are you looking for a way to have the governance of IT considered as part of overall governance of the enterprise? Then let me introduce you to COBIT®!
Since its introduction in 2012, COBIT 5 reflects the evolution of COBIT from an audit and control approach to an overarching governance and service management framework. Let’s take a closer look at COBIT and the benefits that COBIT can provide for an organization.
COBIT, formerly known as Control Objectives for Information and Related Technology, is a framework created by ISACA® (formerly known as the Information Systems Audit and Control Association) for IT management and IT governance. First released in 1996, COBIT focused initially only on auditing. The current version of COBIT, COBIT 5, integrates previous ISACA guidance, including Val IT™, Risk IT™, and COBIT 4. COBIT 5 also aligns with other IT standards and frameworks, such as ITIL®, ISO/IEC 38500, and others. As a result, COBIT 5 provides a truly comprehensive framework for helping organizations achieve their objectives for the governance and management of IT.
COBIT can be used within any size and type of organization, as it’s written in non-technical language and looks at integrating the governance of an organization from end-to-end, not just the governance of IT. Immediately one can see the positive outcomes of this approach. COBIT promotes the fact that IT is pervasive and integral in all business activities in nearly all organizations. As such, IT should be governed as part of an overall enterprise governance approach, and not separately and distinctly from the rest of the enterprise. IT can no longer be thought of as a “function” or department within an organization. IT is enterprise-wide. No longer can organizations think of projects as “business projects” or “IT projects”, but rather projects, whether initiated within or external to the IT organization, must be thought of as IT-enabled business initiatives. The use and implementation of IT is not cheap, and now more than ever the investments that businesses make in its use of IT must result in furthering competitive advantage and utilizing IT as a strategic asset. COBIT provides needed guidance to ensure that IT is governed as a part of the overall governance of the enterprise.
Nevertheless, I recognize that within some organizations, governing an enterprise from end-to-end, and including IT as part of that enterprise governance may not quite be in reach just yet. If this describes your organization, COBIT can still be utilized within your organization, particularly in regards to IT service management (ITSM). If you’re already doing some kind of ITSM – regardless of the maturity of your implementation – COBIT will enhance and help identify justifiable improvements to your ITSM implementation. If you’re just getting started on your ITSM journey, COBIT provides great advice regarding the questions you should ask for identifying and justifying needed governance and management processes. The answers to these questions then help in obtaining buy-in for getting IT governance or ITSM started in your organization.
Looking at COBIT from the IT perspective, there are a number of benefits that may be derived from incorporating COBIT.
COBIT is “framework-friendly”
As I mentioned earlier, not only does COBIT 5 integrate previous COBIT guidance, such as Val IT, Risk IT, and COBIT 4, it also provides an overarching governance for, and implementation of, other relevant frameworks and standards. So if your organization has based its ITSM implementation and IT governance on ITIL, ISO/IEC 38500, ISO/IEC 27001, ISO/IEC 9000, TOGAF®, PMBOK®, or others, COBIT can enhance what you’ve done. Through the use of the goals cascade and process capability model, COBIT can also help identify justifiable changes to what you’re doing to further improve your use of these other standards and frameworks.
COBIT helps translate business needs into IT enablers
COBIT 5 introduces the goals cascade, a mechanism that can be used to correlate business goals into IT goals and deliverables. The goals cascade starts at the stakeholder level through identifying business drivers. These business drivers then form the basis for specific enterprise goals. The enterprise goals in turn cascade to IT-related goals, which are then mapped to the specific COBIT processes that can be used to realize these IT-related goals. Within the detailed mapping, there is guidance for whether an identified process is a primary or secondary enabler of that IT goal.
COBIT provides a “ready-made” toolset
To assist with implementation, COBIT provides a robust set of tools. First of all, COBIT provides a documented question set, which can be used to clarify the needs and requirements of the stakeholders of an enterprise. For each of its 37 processes, COBIT documents a suggested RACI (Responsible, Accountable, Consulted, and Informed) matrix to help articulate the roles involved, as well as generic guidance on how to build, execute, monitor, and improve processes. COBIT also provides a process capability assessment model, based on ISO/IEC15504, to identify strengths, weaknesses, and risk. This assessment model introduces objective criteria that can be used to identify opportunities for improvement.
COBIT helps illustrate the business value of IT
Arguably, one of the more powerful features of COBIT 5 is the use of a balanced scorecard to illustrate the business value of IT. The balanced scorecard (BSC), developed by Kaplan and Norton of the Harvard Business School in 1996, is used in many organizations to help measure enterprise execution in four defined areas – Financial, Customer, Internal, and Learning and Growth. COBIT extends the use of the BSC by applying the same four areas from the perspective of IT. By doing so, the IT BSC provides insight into the value contribution of IT in business terms.
These are only a few of the benefits that may be achieved through the adoption of COBIT. Like any IT framework, the use of COBIT must be approached from an “adopt and adapt” perspective. As the needs and requirements of any enterprise are unique to that enterprise, implementation of COBIT must be considered in the context of the organization, and adapted for use within that organization.
If you’d like to learn more, the primary COBIT 5 reference, “A Business Framework for the Governance and Management of Enterprise IT” is freely available for download from the ISACA website (www.isaca.org). Enjoy! And let me know if you have any questions.
ISACA, COBIT, Val IT, and Risk IT are trademarks of ISACA.
ITIL is a registered trademark of AXELOS Limited.
TOGAF is a registered trademark of The Open Group.
PMBOK is a registered trademark of Project Management Institute, Inc.