• Bookmark

A Partial Transition to COBIT 5 Demonstrates Value to IT

By Victor Antonio Jimenez

COBIT Focus | 24 October 2016

Several years ago, the IT department of the largest bakery factory in the world, with a presence in the United States, Mexico, Central America, South America, Asia, Europe, Canada and the United Kingdom, conducted a COBIT 4 assessment and implementation of a enterprise governance. Recently, it was determined that the assessment and governance process needed to be updated to determine the next steps required to align it with the new business vision.


The initiative was suggested by the company’s architecture and standards (A&S) team and was needed to update processes and practices to align with the new business objectives. Strong IT governance was also necessary to support a soon-to-be-started initiative relating to enterprise architecture.


Since the team responsible for governance was planning to start the upgrade of the COBIT 4 assessment aligned to the new business strategy later in the year, it was decided that the COBIT 5 self-assessment could be segmented and started right away by the A&S team covering only the processes of A&S and in global support areas.


The objectives for this undertaking included:

  • Determining the current maturity level of the company’s processes related to A&S and global support, based on the COBIT 5 framework
  • Defining the target maturity level based on a 3-year plan
  • Defining an implementation plan to achieve the target maturity levels


Scope

The diagnosis of the A&S and global support functions covered 3 of the 5 COBIT domains (12 of 37 processes defined in the COBIT 5 framework). The domains and whether they were required in this case are (figure 1):

  • Evaluate, Direct and Monitor (EDM)—Governance direction. Not included.
  • Align, Plan and Organize (APO)—Use of information and technology. Included.
  • Build, Acquire and Implement (BAI)—IT requirements, acquisition of technology. Included.
  • Deliver, Service and Support (DSS)—Delivery of value from IT. Included.
  • Monitor, Evaluate and Assess (MEA)—Assessing the needs of the company and the regulatory requirements. Not included.

Figure 1—Included Domains

Source: Victor Antonio Jimenez. Reprinted with permission.


The assessment was performed using the COBIT Self - Assessment Guide: Using COBIT 5 and tool kit. The working sessions with team members included an introduction to the COBIT 5 framework for team members who had not participated in the previous COBIT 4 work and had no previous experience using COBIT.


The results were reviewed with management. The results were presented with the current maturity level and the 3-year goal, as shown in figure 2.


Figure 2—Current and Goal Maturity Levels

View Large Graphic.
Source: Victor Antonio Jimenez. Reprinted with permission.


The detail and suggestions for improving processes were presented as shown in figure 3.


Figure 3—Result Detail and Suggestions for Improving Processes

View Large Graphic.
Source: Victor Antonio Jimenez. Reprinted with permission.


A benchmark was set using baseline data provided by Benchmarking and Business Value Assessment of COBIT 5. For comparative purposes, the following benchmarks were set:

  • Industry—Food
  • Revenue—US $13789 million
  • Company Size—124,290 employees
  • Continent—North America

The goal of achieving a maturity level 3 in a period of 3 years was set, as noted in figure 4 based on the capability levels in ISO/IEC 15504-2 Information technology—Process assessment—Part 2: Performing an assessment.


Figure 4—Goal Levels

Source: Victor Antonio Jimenez. Reprinted with permission.


The benchmarking results were presented to senior management using graphics as much as possible (figure 5 ).


Figure 5—Benchmarking Results Example Presented to Senior Management

View Large Graphic.
Source: Victor Antonio Jimenez. Reprinted with permission.


Then the actions aligned with business objectives were defined, taking into consideration the vision, key capabilities and IT objectives. Next, the findings were prioritized and the road map to the goal was set.


It was important to clarify to senior management the objectives, benefits, dependencies and assumptions of every domain to enforce the message that a complete assessment should be performed to have a complete view of the effort.


Once this was done, a set of smaller projects was presented—each of them with the objective, expected benefits and the COBIT process it covered so those responsible for a project could understand its scope and benefits. These initiatives were:

  1. A&S and global support strategic plan
  2. Management framework and services
  3. Management of innovation
  4. Management of knowledge
  5. Management of service requests, incidents and problems
  6. Management of operations, continuity and business process controls

These projects were presented using the template shown in figure 6.


Figure 6—Project Presentation Template

Source: Victor Antonio Jimenez. Reprinted with permission.


The coexistence of COBIT 5 with other standards and frameworks (see figure 7) gave a comprehensive solution to the ongoing effort of the group during the implementation of strategic controls.


Figure 7—COBIT 5 Coverage of Other Standards and Frameworks

Source: ISACA, COBIT 5, USA, 2012


Conclusion

The self-assessment provided the view for a complete scope of the initiatives that are soon to begin to provide the company a balanced approach to IT governance. Although this project was a partial effort on the part of 2 IT areas, it was of great value to set the maturity level goal and devise specific strategies to reach it and show upper management of all IT departments the value of updating the processes and enablers using COBIT 5.


The enterprise continues work to implement the initiatives identified to update them to align with the business strategy as well as all new efforts to increase the maturity processes of IT. COBIT 5 helps in defining the path toward unified, complementary initiatives, all targeted toward a consistent goal.


Victor Antonio Jimenez

Is an IT professional with more than 19 years of experience in application development, project management, new technologies, enterprise architecture, service-oriented architecture (SOA) governance, and IT governance definition and implementation. He has been using COBIT in IT governance implementations since 2012 in both private and public enterprises.

THIS WEBSITE USES INFORMATION GATHERING TOOLS INCLUDING COOKIES, AND OTHER SIMILAR TECHNOLOGY.
BY USING THIS WEBSITE, YOU CONSENT TO USE OF THESE TOOLS. IF YOU DO NOT CONSENT, DO NOT USE THIS WEBSITE. USE OF THIS WEBSITE IS NOT REQUIRED BY ISACA. OUR PRIVACY POLICY IS LOCATED HERE.