Using COBIT 2019 to Plan and Execute an Organization’s Transformation Strategy

COBIT^® is an IT governance and management framework designed to help organizations create value from their IT initiatives, better manage their risk and optimize resources.¹ COBIT^® 2019 defines 40 governance and management objectives, as shown in figure 1.

Figure 1—COBIT Core Model

Source: ISACA^®, COBIT^® 2019 Framework: Introduction and Methodology, USA, 2018

The governance and management objectives in COBIT 2019 are grouped into 5 domains.

The governance objectives are contained in the Evaluate, Direct and Monitor (EDM) domain. In this domain, the governing body evaluates strategic options, directs senior management on the chosen strategic options and monitors the achievement of the strategy. The management objectives are contained in 4 domains. The Align, Plan and Organize (APO) domain addresses the overall organization, strategy and supporting activities for information and technology (I&T). The Build, Acquire and Implement (BAI) domain addresses the definition, acquisition and implementation of I&T solutions and their integration in business processes. The Deliver, Service and Support (DSS) domain addresses the operational delivery and support of I&T services, including security. And the Monitor, Evaluate and Assess (MEA) domain addresses performance monitoring and conformance of I&T with internal performance targets, internal control objectives and external requirements. Figure 2 illustrates how these objectives are grouped by domain.

Figure 2—COBIT 2019 Objectives

Source: ISACA^®, COBIT^® 2019 Framework: Introduction and Methodology, USA, 2018

A recent professional focus has been in the area of helping organizations move from strategy planning to operational results. In the COBIT world, this means the journey from EDM to MEA.

Within the management objectives is found the APO domain, on which this discussion will focus—specifically objective APO02 Managed Strategy. It is important for an enterprise to have a strategy for moving forward. The questions to answer include:

• Does the enterprise have a strategy?
• Is it the “right” strategy?
• Is the organization ready to take the journey?
• How does the organization know if it is the correct journey?

Here is the description of APO2, taken directly from COBIT^® 2019 Framework: Governance and Management Objectives:

Provide a holistic view of the current business and I&T environment, the future direction, and the initiatives required to migrate to the desired future environment. Ensure that the desired level of digitization is integral to the future direction and the I&T strategy. Assess the organization’s current digital maturity and develop a road map to close the gaps. With the business, rethink internal operations as well as customer-facing activities. Ensure focus on the transformation journey across the organization. Leverage enterprise architecture building blocks, governance components and the organization’s ecosystem, including externally provided services and related capabilities, to enable reliable but agile and efficient response to strategic objectives.²

As can be seen, there is a lot to APO02. There are several key phrases/key words from that description that merit highlighting: “…view of the current business and I&T environment…,” “…(a)ssess the organization’s current digital maturity…,”and “…transformation journey….” What is implied here is that before the enterprise starts the journey, it needs to first determine the environment (and the forces that shape its strategic direction), assess its capability maturity and identify areas that need improvement to successfully complete the transformation journey.

One of the great features of COBIT is that it provides detailed information on enterprise goals (EGs), alignment goals (AGs) and the metrics that can be used to measure them. Figure 3 shows the COBIT goals cascade. Stakeholder needs need to be transformed into an enterprise’s actionable strategy. The goals cascade further supports translation of EGs into priorities for AGs.

Figure 3—COBIT 2019 Goals Cascade

Source: ISACA^®, COBIT^® 2019 Framework: Introduction and Methodology, USA, 2018

There are 13 EGs and 13 AGs. The complete list is available in COBIT^® 2019 Framework: Introduction and Methodology. APO02 focuses on the following primary EGs and AGs:

• EG01 Portfolio of competitive products and services
• EG05 Customer-oriented service culture
• EG08 Optimization of internal business process functionality
• EG12 Managed digital transformation programs
• AG08 Enabling and supporting business processes by integrating applications and technology

APO02 contains 6 key management process practices. Each process has 1 or more activities and their desired capability level. A process reaches a certain capability level as soon as all activities of that level are performed successfully. To help with this effort, COBIT includes a number of example metrics to measure the achievement of the practice.

The 6 management practices for APO02 are:

• APO02.01 Understand enterprise context and direction
• APO02.02 Assess current capabilities, performance and digital maturity of the enterprise
• APO02.03 Define target digital capabilities
• APO02.04 Conduct a gap analysis
• APO02.05 Define the strategic plan and road map
• APO02.06 Communicate the I&T strategy and direction

What does all this mean and how do these practices help in managing strategy? COBIT provides details on what can be done for each step:

• Step 1—Understand the enterprise context (i.e., industry drivers, relevant regulations, basis for competition), its current way of working and its ambition level in terms of digitization (APO02.01).
• Step 2—Assess the performance of current I&T services and develop an understanding of current business and I&T capabilities (both internal and external). Assess current digital maturity of the enterprise and its appetite for change (APO02.02).
• Step 3—Based on the understanding of enterprise context and direction, define the target I&T products and services and required capabilities. Consider reference standards, best practices and validated emerging technologies (APO02.03).
• Step 4—Identify gaps between current and target environments and describe the high-level changes in the enterprise architecture (APO02.04).
• Step 5—Develop a holistic digital strategy, in cooperation with relevant stakeholders, and detail a road map that defines the incremental steps required to achieve the goals and objectives. Ensure focus on the transformation journey through the appointment of a person who spearheads the digital transformation and drives alignment between business and I&T (APO02.05).
• Step 6—Create awareness and understanding of the business and I&T objectives and direction, as captured in the I&T strategy, through communication to appropriate stakeholders and users throughout the enterprise (APO02.06).

Conclusion

Enterprise success begins with understanding where the organization is now, understanding where it wants to be and developing the right strategy for how to get there. It is also critical to understand not only how it will get there, but also why it wants to go in that direction. Once the enterprise understands the why, it can then answer what it needs to do to reach the new target and, finally, ask how it is going to make it happen. And, fortunately, for all those undertaking the transformation journey, COBIT 2019 provides clear instructions and steps to create an effective road map and ensure a successful trip.

Mark T. Edmead, CISA, COBIT 2019 Accredited Trainer, COBIT 5 Assessor, BRMP, CBRM, DevOps Foundation, Lean IT, TOGAF 9.2

Is an IT transformation consultant and trainer. Over the past 28 years, he has provided IT transformation and business improvement services that align information technology with business goals to drive bottom-line performance and growth. He has delivered numerous international workshops in countries such as Australia, Chile, Germany, Hong Kong, Japan, Kuwait, Malaysia, Mexico, Peru, Scotland, Singapore, Switzerland, Taiwan and the United Arab Emirates. Edmead’s focus is on change management, process improvement, enterprise architecture, technology road mapping, strategic IT planning, IT organization analysis, IT portfolio management and IT governance. He can be reached at http://www.linkedin.com/in/markedmead/.

Endnotes

¹ ISACA^®, COBIT^® 2019 Framework: Introduction and Methodology, USA, 2018
² Ibid.