Making COBIT 5 part of your IT strategy

I was recently with a number of IT Executives at HP’s Discover Conference. I asked them how important COBIT was for their companies. For those that are new to IT management and compliance, COBIT is the business framework for enterprise IT management and governance created by the standards body ISACA. Just about everyone in the group said COBIT was extremely important. But there’s recently been a new release of COBIT (COBIT 5), and most of the people I asked didn’t seem to know what it means for their organizations. I believe COBIT is going to be increasingly important to IT organizations in the future – we already see it playing an important role in European financial institutions trying weather what has been called financial contagion. For them and you with COBIT 5 you can:

 

  • Mitigate organizational risk for IT and business as a whole
  • Strengthen security
  • Ease your auditing and compliance burden
  • Reduce cost while improving the consistency of IT delivery

For these reasons, I’ve decided to write a blog series to discuss what COBIT 5 asks for in terms of IT measurement and management. My goal is to provide an overview and then over successive weeks to dig into specifics. Please feel free to ask questions during our collective journey. 

 

Why you should care about COBIT 5

COBIT 5 is on its way to becoming an overarching IT standard even though it had its origins nearly 20 years ago as basis for auditing IT management. With the passage of Sarbanes-Oxley in 2002, COBIT got some teeth, especially for financial institutions. And if you were going to be compliant with SOX, you needed to have COBIT ingrained in your organizational DNA.

With COBIT 5, the standard takes a major leap. This isn’t just a refresh. COBIT 5 adds a governance layer. This means that COBIT 5 organizations aren’t just compliant – they’re reaping the benefits of good IT governance, like running more efficiently and effectively. So IT now has a comprehensive framework that assists it in achieving the business’s objectives for the governance and management of enterprise IT. What’s more, it puts enterprise and IT scorecards front and center.

 

How COBIT 5 ties to the Balanced Scorecard

The new release gives sample scorecards – one for the enterprise and one for IT – and shows the linkages between them. Not only that, it shows how to translate high-level enterprise goals into manageable, specific IT-related goals and then map these to specific processes and practices.

 

COBIT 5 defines a set of enterprise-related goals in balanced scorecard format and then cascades them in turn to IT-related goals also in balanced scorecard format. Each scorecard has 4 goal quadrants—financial, customer, internal, and learn and grow. This includes what they call a goal cascade allowing for defining priorities and responsibilities for improvement. They use a similar methodology to the HP Executive Scorecard although with slightly differently naming. Regardless of what performance system you use, you’ll want to have a way to relate KPIs and metrics to the COBIT scorecards.

 Over the next few weeks, I’ll look at COBIT 5’s enterprise scorecard and where IT fits. Next, I’ll do the same for the IT goals scorecard. This includes the specific metrics that relate to each. I’ll then relate these to data that existing systems produce and HP Executive Scorecard uses to create KPIs and metrics. If you walk away with anything today, let it be that COBIT 5 is going to affect how manage your organization and show your progress at control and improvement. It is here to stay, and this is the time to learn how it will affect you.

 

Related links:

Blog post: 3 ways IT leaders can strengthen compliance and control

COBIT 5

Solution page:  IT Performance Management

Twitter: @MylesSuer

 

 

Labels: IT strategy
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
About the Author
Mr. Suer is a senior manager for IT Performance Management. Prior to this role, Mr. Suer headed IT Performance Management Analytics Product ...


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation