Aug 292014
 

A month ago, I saw the announcement from ISACA about their work revamping the COBIT 5 Core Principles.  These 5 principles provide a good foundation for structuring an IT strategic plan.  It is good to see that the principles start with stakeholder needs.  This aligns well with our shift from focusing on technology to delivering services.  The second principle articulates that IT is an enterprise capability that touches all parts of the business.  The third principle suggests that a consistent framework is needed to ensure that we have a common vocabulary and understanding of the strategy for the organization.  The fourth principle suggests all the components (COBIT calls these enablers) that should be addressed in the IT strategy created.  The final principle might be the toughest principle to implement.  Organizations have a good handle on IT Management. The challenge continues to be the need to elevate the perception of IT in organizations from tactical to strategic.  This can be done by introducing IT Governance into the organization.  IT Governance requires dedicated executive sponsorship and clear communication.

The new core principles are:

  1. Meeting Stakeholder Needs – It is critical to define and link enterprise goals and IT-related goals to best support stakeholder needs.
  2. Covering the Enterprise End to End – Companies must shift from managing IT as a cost to managing IT as an asset, and business managers must take on the accountability for governing and managing IT-related assets within their own functions.
  3. Applying a Single Integrated Framework – Using a single, integrated governance framework can help organizations deliver optimum value from their IT assets and resources.
  4. Enabling a Holistic Approach – Governance of enterprise IT (GEIT) requires a holistic approach that takes into account many components, also known as enablers. Enablers influence whether something will work. COBIT 5 features seven enablers for improving GEIT, including principles, policies and frameworks; processes; culture; information and people.
  5. Separating Governance from Management – Governance processes ensure goals are achieved by evaluating stakeholder needs, setting direction through prioritization and decision making; and monitoring performance, compliance and progress. Based on the results from governance activities, business and IT management then plan, build, run and monitor activities to ensure alignment with the direction that was set.

The following enablers provide structure to an IT strategic plan. We should address each of these 7 enablers in the strategic plan to provide the organization a complete understanding of how IT impacts all areas of the business.

The COBIT 5 framework describes seven categories of enablers:

  • Principles, policies and frameworks are the vehicle to translate the desired behavior into practical guidance for day-to-day management.
  • Processes describe an organized set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals.
  • Organizational structures are the key decision-making entities in an enterprise.
  • Culture, ethics and behavior of individuals and of the enterprise are very often underestimated as a success factor in governance and management activities.
  • Information is required for keeping the organization running and well governed, but at the operational level, information is very often the key product of the enterprise itself.
  • Services, infrastructure and applications include the infrastructure, technology and applications that provide the enterprise with information technology processing and services.
  • People, skills and competencies are required for successful completion of all activities, and for making correct decisions and taking corrective actions.

Here is the link to the announcement: http://www.infosecurity-magazine.com/view/39440/isaca-revamps-cobit-5-core-principles/