OK. I admit it. I love COBIT. Maybe that sounds crazy, but why not? COBIT and the COBIT family of products have served me very well. I’m a practitioner. Since 2003, when I first learned about COBIT, I have been able to find the answers I needed in the COBIT materials. Don’t get me wrong—COBIT doesn’t have all the answers. But I love that it has harmonized a variety of industry-accepted practices. It provides the umbrella that makes digging into those practices more relevant, and puts them into context.
With COBIT 5 coming out soon, it’s a great time to reflect on how COBIT has helped solve some of my favorite practical issues over the years.
Issue 1: We’re thinking about outsourcing, but what is the body of work that we do end-to-end?
Response: Use the COBIT process framework as a reference to identify the processes we have.
Issue 2: We’re already using ITIL; isn’t that enough?
Response: Use COBIT for the end-to-end umbrella view; demonstrate the need to integrate specializations and industry-accepted practices with ITIL, such as TOGAF for architecture; ISO 27002 for information security; PMP, PRINCE 2, and MSP for program and project management; Balanced Scorecard for strategy management; Six Sigma for process improvement; CMMI-DEV for software product or service development; etc.
Issue 3: What improvements do we need to make in our processes?
Response: Use the COBIT maturity attributes and maturity models to assess as-is and must-be states. Then design and deliver quick-win projects to bridge the gaps.
Issue 4: What is the connection of the work of individual contributors to business objectives?
Response: Use COBIT Appendix 1, Tables Linking Goals and Processes (which includes Linking Business Goals to IT Goals and Linking IT Goals to IT Processes) for each process to demonstrate the linkage of the process activities to the business goals.
Issue 5: How do we focus on organizational structure in a way that helps us deliver more value?
Response: Leverage Plan and Organise 4 (PO4). Be concise about roles and responsibilities. Dig further into organizational design. Deliberately focus on lateral structures as well as the traditional vertical structures. Use formal charter documents for lateral structures.
Issue 6: How do we link the processes with the tools and applications that support them?
Response: The COBIT maturity attributes are my favorite help here. The attributes remind us that mature process execution depends on multiple attributes, including tools. The Tools and Automation maturity level 5 reminds us that, at that level, “Tools are fully integrated with other related tools to enable end-to-end support of the processes.”
Looking forward, I’m excited about my friend’s makeover. COBIT 5 is a major improvement in the guidance on governance and management of enterprise information and the related technology. Looks like my love affair with COBIT is just going to grow and grow.
Is COBIT your friend, too? Let me know with your comments!
Bob Frelinger, CGEIT, CISA
Oracle Corporation
We welcome your comments! Please log in using the Sign In link at the top right of this page and then leave your comment in the box at the end of the post.
To view all blog posts, please click on the ISACA Now link in the blue box on the left.
View full post on ISACA Now: Posts
View full post on National Cyber Security