Governance of Enterprise IT(GEIT)

Governance Objective: Value Creation from Benefits Realisation + Risk Optimisation + Resource Optimisation
Goals Cascade: Stakeholder Drivers (Environment, Technology Evolution, …) -> Stakeholder Needs ->Enterprise Goals ->
-> IT-related Goals -> Enabler Goals
COBIT 5 Enterprise Goals: BSC Dimension (Financial, Customer, Internal, Learning and Growth)
Internal Stakeholders: External Stakeholders: Business Partners, Suppliers, Shareholders,
Board, Cxx, Business executives, Managers, Internal audit, users, … Regulators/Government, External users, Customers,
Standardisation organisations, External auditors, Consultants, …
5 Principles of COBIT5 7 Enablers of COBIT5 Enabler Dimensions
1. Meeting stakeholder needs 1. Principles, policies and Stakeholders
2. Covering the Enterprise end-to-end frameworks  Internal / External
3. Applying a Single Integrated Framework 2. Processes Goals (Expected outcome of enabler;
3. Organisational structures Application or operation of the enabler itself):
4. Enabling a Holistic Approach (7 Enablers)
4. Culture, ethics and behaviours  Intrinsic Quality - Enablers work accurately,
5. Separating governance from management
5. Information objectively and provide accurate, objective and
DIKW 6. Service, infrastructure and reputable results
Data – Information - Knowledge –- Wisdom (Value) applications  Contextual Quality (Relevant, complete,
Information Enabler 7. People skills and competencies current, appropriate, consistent,
Intrinsic quality: Accuracy, Objectivity, Believability, understandable and easy to use)
Enabler Performance  Accessibility& Security (of enablers +
Reputation
Management outcomes)
Contextual and representational quality
Metrics for Achievement of Goals Life Cycle
Relevancy, Completeness, Currency,
Appropriate amount of information, Concise
(Lag indicator)  Plan
 Are stakeholders needs  Design
representation, Consistent representation
Interpretability, Understandability, Ease of
addressed?  Build/Acquire/Create/Implement
manipulate  Are enabler goals achieved?  Use/Operate
Security/accessibility quality Availability/timeliness, Metrics for Application of  Evaluate/Monitor
Restricted access Practice (Lead Indicators):  Update/Dispose
Information layers:  Is life cycle managed? Good Practices
 Are good practices applied?  Practices
 Physical world (carrier/media), Empiric (user
interface), Syntactic (code/language), Semantic  Work Products (Inputs/Outputs)
(meaning), Pragmatic (use), Social world (e.g. Information for Business (COBIT 4.1)
contracts, law, culture) Good Policy 1.Effectiveness 5.Availability
Effective, Efficient, Non-intrusive 2.Efficiency 6.Compliance
3.Confidentiality 7.Reliability
4.Integrity

Process Reference Model COBIT 5 Process Capability Model COBIT 4.1 Maturity Model
5 Domains: 37 Processes 5 Optimising PA5.1 Process Innovation 5 Optimised
Governance PA5.2 Process Optimisation
 Evaluate, Direct & Monitor (EDM) – 4 Predictable PA4.1 Process Management 4 Managed and measurable
5pr. PA4.2 Process Control
Management 3 Established PA3.1 Process Definition 3 Defined process
 Align, Plan & Organise (APO) – PA3.2 Process Deployment
strategic – 13pr. 2 Managed PA2.1 Performance Management 2 Repeatable but intuitive
 Build, Acquire & Implement (BAI) – PA2.2 Work Product Management
tactical – 10pr. 1 Performed PA1.1 Process Performance (Goals) 1 Initial/Ad hoc
 Deliver, Service & Support (DSS)- 0 Incomplete - - (Performance Attribute (PA)) 0 Non-existent
operational – 6pr.
Rating Levels:
 Monitor, Evaluate & Assess (MEA) –
3pr.  F - Fully achieved (>85%)  P – Partially achieved (15-50%)
Plan – Build – Run - Monitor  L - Largely achieved (50-85%)  N – Non achieved (<15%)
COBIT5 Implementation Life Cycle
Phase 1 2 3 4 5 6 7
How do we
What are the Where are we Where do we What needs to be How do we get Did we get keep
?
drivers? now? want to be? done? there? there? the momentum
going?
Define
Programme Initiate problems Define road Plan Realise Review
Execute plan
Management program and map programme benefits Effectiveness
opportunities
Establish Form
Change Communicate Identify role Operate and Embed new
desire to implementation Sustain
Enablement outcome players use approaches
change team
Continual
Recognise Assess current Define target Build Implement Operate Monitor and
Improvement
need to act state state improvements improvements improvements evaluate
Lifecycle
 Governance of Enterprise IT (GEIT)
Enterprise = organisation = commercial (corporate) OR public sector OR not for profit
Governance Objective: Value Creation from Benefits Realisation + Risk Optimisation+ Resource Optimisation
Governance Scope = where governance applies: usually the enterprise, but can be just some assets
GOALS CASCADE: Stakeholder Needs
Enterprise Goals
IT-related Goals
Enabler Goals
5 Principles of COBIT 5 7 Enablers of COBIT 5 (i.e. Governance Enablers)
1. Meeting stakeholder needs 1. Principles, policies and frameworks
2. Covering the Enterprise end-to-end 2. Processes
3. Single integrated Framework 3. Organisational structures Memory aid:
4. Holistic approach of 7 enterprise Enablers 4. Culture, ethics and behaviours POP PICS
5. Separating governance from management 5. Information
6. Service infrastructure and applications
Memory aid: “Stakeholder FEES” 7. People skills and competencies
Generic Governance Enablers
Enabler Dimensions Enabler Performance Management
Stakeholders Questions to be answered:
Internal & External Outcomes (Lag indicators)
Goals = expected outcome of enabler Are stakeholders’ needs addressed?
Intrinsic Quality (work well & provide results) Are enabler goals achieved?
Contextual Quality (Relevance, effectiveness) Functioning of enabler itself (Lead indicator)
Accessibility & Security (of enablers + outcomes) Is the enabler lifecycle managed?
Life Cycle Are good practices applied?
Plan, Design, Information Enabler (Enabler 5)
Build/Acquire/Create/Implement
Use/Operate Intrinsic quality:
Evaluate/Monitor Accuracy, Objectivity, Believability, Reputation
Update/Dispose Information layers
Good Practices Physical world (carrier/media), Empiric (User interface)
Practices Syntactic (code/language), Semantic (meaning)
Work Products (Inputs & Outputs) Pragmatic (use)
Social world (e.g. contracts, law, culture)
COBIT 5 Processes COBIT 5 Process Capability Assessment Model (PAM)
5 Domains = 37 processes Performance
0 Incomplete
Governance Attribute (PA)
Evaluate, Direct & Monitor (EDM) PA1.1 Process Performance
1 Performed
Management
Align, Plan & Organise (APO) – strategic
Build, Acquire & Implement (BAI) – tactical PA2.1 Performance Management
Deliver, Service & Support (DSS) - operational 2 Managed
Monitor, Evaluate & Assess (MEA) PA2.2 Work Product Management
EDM(5) APO(13) BAI(10) DSS(6) PA3.1 Process Definition
MEA(3) 3 Established
PA3.2 Process Deployment
Memory aid: PA4.1 Process Measurement
Management domains are in alphabetic 4 Predictable
order. PA4.2 Process Control
E is 5th letter in alphabet and EDM has
5 processes. PA5.1 Process Innovation
In alphabetic order, Management 5 Optimising PA5.2 Process Optimisation
processes get less by 3 or 4
COBIT 5 Implementation Lifecycle
Phase 1 2 3 4 5 6 7
What are the Where are we Where do we What needs to How do we get Did we get How do we keep
drivers? now? want to be? be done? there? there? the momentum
going?
Programme Initiate Define problems Define road Plan Execute plan Realise Review
Management program & opportunities map programme benefits Effectiveness
Change Establish Form Communicate Identify role Operate and Embed new Sustain
Enablement desire to implementation outcome players use approaches
change team
Continual Recognise Assess current Define target Build Implement Operate Monitor and
Improvement need to act state state improvements improvements improvements evaluate
Lifecycle