Saturday, October 12, 2013

IT Governance - COBIT 5 version - S1E3 - Principle 1: Meeting Stakeholder Needs

Introduction:

Enterprises exist to create value for their stakeholders. Consequently, any enterprise—commercial or not—will have value creation as a governance objective. Value creation means realizing benefits at an optimal resource cost while optimizing risk. Benefits can take many forms, e.g., financial for commercial enterprises or public service for government entities.




Enterprises have many stakeholders, and ‘creating value’ means different—and sometimes conflicting—things to each of them. Governance is about negotiating and deciding amongst different stakeholders’ value interests. By consequence, the governance system should consider all stakeholders when making benefit, risk and resource assessment decisions. For each decision, the following questions can and should be asked: For whom are the benefits? Who bears the risk? What resources are required?


COBIT 5 Goals Cascade:

Every enterprise operates in a different context; this context is determined by external factors (the market, the industry, geopolitics, etc.) and internal factors (the culture, organisation, risk appetite, etc.), and requires a customized governance and management system.

Stakeholder needs have to be transformed into an enterprise’s actionable strategy. The COBIT 5 goals cascade is the mechanism to translate stakeholder needs into specific, actionable and customized enterprise goals, IT-related goals and enabler goals. This translation allows setting specific goals at every level and in every area of the enterprise in support of the overall goals and stakeholder requirements, and thus effectively supports alignment between enterprise needs and IT solutions and services.

Step 1. Stakeholder Drivers Influence Stakeholder Needs
Stakeholder needs are influenced by a number of drivers, e.g., strategy changes, a changing business and regulatory environment, and new technologies.

Step 2. Stakeholder Needs Cascade to Enterprise Goals
Stakeholder needs can be related to a set of generic enterprise goals. These enterprise goals have been developed using the balanced scorecard (BSC) dimensions, and they represent a list of commonly used goals that an enterprise may define for itself. Although this list is not exhaustive, most enterprise-specific goals can be mapped easily onto one or more of the generic enterprise goals.
COBIT 5 defines 17 generic goals, as shown in figure 5, which includes the following information:
• The BSC dimension under which the enterprise goal fits
• Enterprise goals
• The relationship to the three main governance objectives—benefits realization, risk optimization and resource optimization. (‘P’ stands for primary relationship and ‘S’ for secondary relationship, i.e., a less strong relationship.)






Step 3. Enterprise Goals Cascade to IT-related Goals
Achievement of enterprise goals requires a number of IT-related outcomes, which are represented by the IT-related goals. IT-related stands for information and related technology, and the IT-related goals are structured along the dimensions of the IT balanced scorecard (IT BSC). COBIT 5 defines 17 IT-related goalsThe mapping table shows how each enterprise goal is supported by a number of IT-related goals.

Step 4. IT-related Goals Cascade to Enabler Goals
Achieving IT-related goals requires the successful application and use of a number of enablers. Enablers include processes, organizational structures and information, and for each enabler a set of specific relevant goals can be defined in support of the IT-related goals.

Enterprise Goals

IT-Related Goals



Using the COBIT 5 Goals Cascade:

Benefits of the COBIT 5 Goals Cascade
The goals cascade is important because it allows the definition of priorities for implementation, improvement and assurance of governance of enterprise IT based on (strategic) objectives of the enterprise and the related risk. In practice, the goals cascade:
• Defines relevant and tangible goals and objectives at various levels of responsibility
• Filters the knowledge base of COBIT 5, based on enterprise goals, to extract relevant guidance for inclusion in specific implementation, improvement or assurance projects
• Clearly identifies and communicates how (sometimes very operational) enablers are important to achieve enterprise goals

Using the COBIT 5 Goals Cascade Carefully:
The goals cascade—with its mapping tables between enterprise goals and IT-related goals and between IT-related goals and COBIT 5 enablers (including processes)—does not contain the universal truth, and users should not attempt to use it in a purely mechanistic way, but rather as a guideline. There are various reasons for this, including:
• Every enterprise has different priorities in its goals, and priorities may change over time.
• The mapping tables do not distinguish between size and/or industry of the enterprise. They represent a sort of common denominator of how, in general, the different levels of goals are interrelated.
• The indicators used in the mapping use two levels of importance or relevance, suggesting that there are ‘discrete’ levels of relevance, whereas, in reality, the mapping will be close to a continuum of various degrees of correspondence.

Using the COBIT 5 Goals Cascade in Practice:
From the previous disclaimer, it is obvious that the first step an enterprise should always apply when using the goals cascade is to customize the mapping, taking into account its specific situation. In other words, each enterprise should build its own goals cascade, compare it with COBIT and then refine it.
For example, the enterprise may wish to:
• Translate the strategic priorities into a specific ‘weight’ or importance for each of the enterprise goals.
• Validate the mappings of the goals cascade, taking into account its specific environment, industry, etc.

Governance and Management Questions on IT:

The fulfillment of stakeholder needs in any enterprise will—given the high dependency on IT—raise a number of questions on the governance and management of enterprise IT


Governance and Management Questions (Internal)
Governance and Management Questions (External)


No comments:

Post a Comment