Practicing proper governance with Cobit 5

Figure 1 — Cobit 5 Logo

The sales pitch for Cobit

I have seen many initiatives and projects failed due to the lack or having proper governance in place. Let’s be realistic it can be difficult to get governance correct and in most cases people don’t even know where to get started with governance.

What is Cobit 5?

The following is the definition from the official book:

Cobit goals cascade

Figure 2 — Cobit 5 Goals Cascade Diagram
  1. Stakeholder drivers influence stakeholder needs.
  2. Stakeholder needs cascade to enterprise goals.
  3. Enterprise goals cascade to IT-related goals.
  4. IT-related goals cascade to enabler goals.

Principles of Cobit

Figure 3 — Cobit 5 Principles Diagram
  • Principle 1 — Meeting stakeholders needs.
  • Principle 2 — Covering the enterprise end-to-end.
  • Principle 3 — Applying a single integrated framework.
  • Principle 4 — Enable a holistic approach.
  • Principle 5 — Separating governance from management.

Cobit Areas

Figure 4 — Cobit 5 Areas and Domains Diagram
  • Evaluate, Direct, Monitor (EDM)
  • 5 processes
  • Plan (APO — Align, Plan, and Organize)
  • 13 processes
  • Build (BAI — Build, Aquire, and Implement)
  • 10 processes
  • Run (DSS — Deliver, Service, and Support)
  • 6 processes
  • Monitor (MEA — Monitor, Evaluate, and Assess)
  • 3 processes

Cobit Processes

Figure 5 — Cobit 5 Processes Diagram

Evaluate, Direct, Monitor (EDM)

  • EDM 1 — Set and maintain the governance framework.
  • EDM 2 — Ensure value optimization.
  • EDM 3 — Ensure risk optimization.
  • EDM 4 — Ensure resource optimization.
  • EDM 5 — Ensure stakeholder transparency.

Align, Plan, and Organize (APO)

  • APO 1 — Define the management framework for IT.
  • APO 2 — Manage strategy.
  • APO 3 — Manage enterprise architecture.
  • APO 4 — Manage innovation.
  • APO 5 — Manage portfolio.
  • APO 6 — Manage budget and cost.
  • APO 7 — Manage human resources
  • APO 8 — Manage relationships.
  • APO 9 — Manage service agreements.
  • APO 10 — Manage suppliers.
  • APO 11 — Manage quality.
  • APO 12 — Manage risk.
  • APO 13 — Manage security.

Build, Acquire, and Implement (BAI)

  • BAI 1 — Manage programs and projects.
  • BAI 2 — Define requirements.
  • BAI 3 — Identify and build solutions.
  • BAI 4 — Manage availability and capacity.
  • BAI 5 — Manage organizational change enablement for delivery, service and support.
  • BAI 6 — Manage changes.
  • BAI 7 — Manage change acceptance and transitioning.
  • BAI 8 — Manage knowledge.
  • BAI 9 — Manage assets.
  • BAI 10 — Manage configuration.

Deliver, Service, and Support (DSS)

  • DSS 1 — Manage operations.
  • DSS 2 — Manage service requests and incidents.
  • DSS 3 — Manage problems.
  • DSS 4 — Manage continuity.
  • DSS 5 — Manage security services.
  • DSS 6 — Manage business process controls.

Monitor, Evaluate, and Assess (MEA)

  • MEA 1 — MEA performance and conformance.
  • MEA 2 — MEA the system of internal control.
  • MEA 3 — MEA compliance with external requirements.

Cobit Enterprise Enablers

Figure 6 — Cobit 5 Enterprise Enablers Diagram
  • Are the vehicle to translate the desired behavior into practical guidance for day-to-day management. Internal and External stakeholders.
  • Describe an organized set of properties and activities.
  • Lifecycle of a process.
  • Governance and management processes.
  • Describe RACI and roles.
  • In the enterprise, it is very often underestimated as a success factor in governance and management activities.
  • Define its attributes: Physical, Empirical, Syntactic, Semantic, Type, Currency, Pragmatic, Retention, Status, Contingency, Novelty, Social.
  • Includes: Reuse, Buy vs Build, Agility, Simplicity and openness, Definition of Architecture Principles, Architecture Viewpoints, Service Levels.
  • Are linked to people.
  • Define role skills.
  • Requirements.
  • Skill levels.
  • Skill categories.
  • Skill definitions
Figure 7 — Cobit 5 Enabler Dimensions Diagram
  • Internal Stakeholders
  • External Stakeholders
  • Intrinsic Quality
  • Results.
  • Process according to best practices.
  • Information is actual and true.
  • Contextual Quality
  • Fit for purpose.
  • Relevant.
  • Easy to apply.
  • Effectiveness
  • Access and security
  • Plan
  • Design
  • Build / Acquire / Create / Implement
  • Use / Operate
  • Evaluate / Monitor
  • Update / Dispose

Process Capability Model and Levels

Figure 8 — Cobit 5 Process Capability Model and Levels Diagram
  • The process is not implemented or fails to achieve its purpose.
  • The process is implemented and achieves its purpose.
  • The process is managed and results are specified, controlled and maintained.
  • A standard process is defined and used throughout the organization.
  • The process is executed consistently within defined limits.
  • The process is continuously improved to meet relevant current and projected business goals.
  • Not achieved — 0–15%
  • Partially achieved →15% — 50%
  • Largely achieved →50% — 85%
  • Fully achieved →85% — 100%

Summary

The Cobit 5 framework has clear guidance and information available on how to setup and maintains a governance implementation. Even if you start small at taking small pieces of the framework to get started on governance, then you are on the right path. Let me challenge you to pick a couple of elements of the framework and apply it to your next project or solution. Then start building it up from there. If you have an Enterprise Architecture Board in your organization, then ask them for help and guidance to implement Cobit 5.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cecil

Cecil

Passion for Software and Enterprise Architecture. I like to play with Azure, Cloudflare and programming languages (C#, Rust, and JavaScript).