COBIT 2019 Program
Governance of Enterprise IT Services
- COBIT 2019 Gap Assessment & Roadmap Development
- COBIT 2019 Designing a Tailored Governance System
- COBIT 2019 Enterprise Goals & Alignment Goals Cascade
- COBIT 2019 Process Capability Assessment
- COBIT 2019 Adoption & Implementation
- COBIT 2019 Training Courses & Workshops
COBIT 2019 Overview
COBIT is a framework for the governance and management of enterprise information and technology, aimed at the whole enterprise.
Enterprise IT means all the technology and information processing the enterprise puts in place to achieve its goals, regardless of where this happens in the enterprise. In other words, enterprise IT is not limited to the IT department of an organization, but certainly includes it.
Benefits of Information and Technology Governance
This consists of creating value for the enterprise through IT, maintaining and increasing value derived from existing IT investments, and eliminating IT initiatives and assets that are not creating sufficient value.
This entails addressing the business risk associated with the use, ownership, operation, involvement, influence, and adoption of IT within an enterprise.
IT-related business risk consists of IT related events that could potentially impact the business.
This ensures that the appropriate capabilities are in place to execute the strategic plan and sufficient, appropriate, and effective resources are provided. Resource optimization ensures that an integrated, economical IT infrastructure is provided, new technology is introduced as required by the business, and obsolete systems are updated or replaced.
Six Principles for a Governance System
1Each enterprise needs a governance system to satisfy stakeholder needs and to generate value from the use of IT. Value reflects a balance among benefits, risks, and resources, and enterprises need an actionable strategy and governance system to realize this value.
2A governance system for enterprise IT is built from a number of components that can be of different types and that work together in a holistic way.
3A governance system should be dynamic. This means that each time one or more of the design factors are changed (e.g., a change in strategy or technology), the impact of these changes on the EGIT system must be considered. A dynamic view of EGIT will lead toward a viable and future-proof EGIT system.
4A governance system should clearly distinguish between governance and management activities and structures.
5A governance system should be tailored to the enterprise’s needs, using a set of design factors as parameters to customize and prioritize the governance system components.
6A governance system should cover the enterprise end to end, focusing not only on the IT function but on all technology and information processing the enterprise puts in place to achieve its goals, regardless where the processing is located in the enterprise.
Three Principles for a Governance Framework
1A governance framework should be based on a conceptual model, identifying the key components and relationships among components, to maximize consistency and allow automation.
2A governance framework should be open and flexible. It should allow the addition of new content and the ability to address new issues in the most flexible way while maintaining integrity and consistency.
3A governance framework should align with relevant major-related standards, frameworks, and regulations.
Designing a Tailored Governance System using COBIT 2019 framework
There is no unique, one-size-fits-all governance system for enterprise IT. Every enterprise has its distinct character and profile. It will differ from other organizations in several critical respects: size of the enterprise, industry sector, regulatory landscape, threat landscape, role of IT for the organization, and tactical technology-related choices, among others.
All these aspects to which COBIT® refers collectively as design factors require organizations to tailor their governance systems to realize the most value out of their use of IT.
A total of 11 design factors are analyzed and reviewed as per the organization’s environment, strategies and operating model to enable a broad holistic and comprehensive view of the enterprise governance of IT.
We start from COBIT core model and from there, we apply changes to the generic framework based on the relevance and importance of a series of design factors.
- Management objective priority/selection: the COBIT core model contains 40 governance and management objectives, each consisting of the process and a number of related components. They are intrinsically equivalent; there is no natural order of priority among them. However, design factors can influence this equivalence and make some governance and management objectives more important than others, sometimes to the extent that some governance and management objectives may become negligible. In practice, this higher importance translates into setting higher target capability levels for important governance and management objectives.
- Components variation: Components are required to achieve governance and management objectives. Design factors can mandate specific variations of components or can influence the importance of components.
- Need for specific focus area guidance: some design factors, such as threat landscape, specific risk, target development methods, infrastructure set-up, will drive the need for variation of the core COBIT model content to a specific context.
Designing a Tailored Governance System using COBIT 2019 framework
Stakeholder needs need to be transformed into an enterprise’s actionable strategy. COBIT 2019 goals cascade supports enterprise goals, which is one of the key design factors for a governance system. The goals cascade further supports translation of Enterprise Goals into priorities for Alignment Goals, which supports prioritization of management objectives.
The goals cascade is important because it allows the definition of priorities for implementation, improvement and assurance of governance of enterprise IT based on (strategic) objectives of the enterprise and the related risk.
- Develop Enterprise-Alignment Goals Matrix to help address achieving stakeholder needs through setting Enterprise Goals (business objectives) and accordingly setting up Alignment Goals (customized IT Goals) to help achieve the business objectives.
- The Goals Matrix is based on COBIT 2019 Framework for the governance and management of enterprise IT.
- Design and establish key performance indicators for the enterprise and alignment goals: Performance management is an essential part of the Enterprise Governance and Management of IT system.
Setting KPIs on the goals level is essential to establish a vehicle for management reporting to the board, to foster consensus among key stakeholders about IT’s strategic aims, to demonstrate the effectiveness and added value of IT and to communicate about IT’s performance, risks and capabilities.
COBIT 2019 Adoption and Implementation Programs
Based on the design governance framework for enterprise IT, and based on the enterprise alignment goals cascade, we establish and design an adoption program to implement the designed framework and achieve the desired targets.
- Work on a complete COBIT adoption program, targeting specific Process Capability Levels.
- Design and deliver full IT Governance documentation covering the IT Governance manual/guiding principles, and proper process documentation that ensures consistent deployment of the processes as per the framework.
- Establish an IT Governance Framework covering; Roles and Responsibilities, Processes, Structures, Key Performance Indicators measuring the processes and their related goals, etc.
- Work with the client on the process’s deployment as per the design phase and perform regular assessments for the deployment phase to reach the target capability levels.
COBIT 2019 Process Capability Assessments
Perform Process Capability Assessment for COBIT Governance and Management Objectives, based on COBIT process assessment methodology (PAM), to determine the as-is/current capability level of each objective in the framework.
Provide the client with a complete roadmap for achieving the Target Capability levels and addressing any identified gaps in the objectives under assessment.
Provide the client with an official reflection letter indicating the current capability levels achieved as per the performed assessment.
COBIT 2019 Trainings and workshops
Provide comprehensive training programs, covering COBIT Foundation, COBIT Implementation, COBIT Assessments, COBIT for Risk, COBIT for assurance, and IT Governance workshops for top management.