5 Tips for Implementing IT Governance With COBIT5
IT has become a strategic element to create opportunities, innovation and competitive advantage. However, it entails inherent risk related to confidentiality, integrity and availability of information that requires attention. Delivering value to stakeholders requires good governance and management of IT (GEIT). COBIT 5 provides a comprehensive framework that helps organizations achieve their goals and create value through effective GEIT. The following are several tips for implementing IT governance or continuous process improvement using the COBIT 5 framework:
- Obtain senior management support. A key success factor for COBIT 5 is top management providing the direction, mandate and ongoing commitment for the initiative, and all parties supporting the governance and management processes should understand the business and IT objectives. The board is accountable for IT governance and should understand the strategic importance of IT, take responsibility for IT governance and include it on the organization’s agenda.
- Understand the external and internal organizational context and identify the relevant factors that may affect the ability to achieve business objectives. Whether one is engaged in an audit or implementing IT governance, a management system or a continuous improvement initiative, before starting, one needs to understand the organizational context and stakeholders’ needs. The organization must specify objectives with sufficient clarity to enable the identification and assessment of risk. The COBIT 5 framework focuses on business objectives using the goals cascade model and balanced scorecard (BSC) domains.
- Justify the project with a business case. A practical solutions implementation defines projects justified by business cases. A business case identifies the project benefits and enables compliance monitoring. The business case is a valuable business management tool to focus on value creation. A business case should include: business benefits, business changes needed, investment required, constraints and dependencies, roles, responsibilities and accountability, and a plan to monitor/measure benefit realization.
- Focus on quick wins and prioritize the most beneficial improvements that are easiest to implement. Quick wins help to build credibility. Among the various improvement options, prioritize those that are most beneficial while also considering that it is necessary to give short-term results; therefore, select the easiest to implement. Achievement of such wins will provide a proof of concept as well as help minimize resistance to change.
- Adopt and adapt the COBIT 5 framework to the unique context of the organization. Adopt and adapt best practices to meet the business approach to changes in policies and processes. COBIT 5 process guidance includes how the IT-related enterprise process practices and activities support the IT-related goals of “Managed IT-related business risk,” “IT compliance and support for business compliance with external laws and regulations,” and “IT compliance with internal policies.” The COBIT 5 processes enabler guidance for the 37 COBIT 5 processes supports enterprises in their selection and development of control activities and other arrangements (e.g., structural segregation of duties), particularly with the practices and activities to consider for IT-related enterprise processes.