• Bookmark

Applying the Goals Cascade to the COBIT 5 Principle Meeting Stakeholder Needs

By Govind Kulkarni, COBIT 5, CSQA, DevOps Master, ISO 27000 Auditor, ITIL Expert, PMP

COBIT Focus | 24 April 2017

COBIT 5 is a renowned best practice framework for governing and managing enterprise information technology. This framework covers the entire enterprise from end to end in terms of processes, organization structures, policies, skills and talent, information, and other enablers, and top to bottom from the board of directors to incident management specialists working in operations. Before an enterprise thinks about implementing COBIT 5, it is necessary to understand the principles that are defined in the framework. During COBIT 5 implementation, the 5 principles act as a guiding light and provide adequate details of what should be done. If an organization wants a successful COBIT 5 implementation, it must first learn and understand the COBIT 5 principles.


This article elaborates on the first principle, Meeting Stakeholder Needs, and illustrates it with real-world examples.


Meeting Stakeholder Needs—Principle 1

Let us take up the principle from the framework guide and take a close look from top to bottom, as indicated in figure 1. This is the COBIT 5 Goals Cascade, which shows how stakeholder drivers create stakeholder needs, and those needs define the enterprise’s goals. The enterprise goals, in turn, generate IT-related goals, which define the enabler goals. These various components of the cascade must be addressed in order to carry out a successful implementation.

Figure 1—COBIT 5 Goals Cascade Overview

Source: ISACA, COBIT 5, USA, 2012


To illustrate the principle, XYZ Tours and Travel will serve as the example enterprise.


Please note that the names and details are fictitious, and although the COBIT 5 framework guide is referred to, it is customized for this case study.


About the Enterprise: XYZ Tours and Travel

Figure 2 outlines the details of XYZ Tour and Travel.


Figure 2—XYZ Tours and Travel

Serial Number

Details

Description

Remarks

1 Enterprise name XYZ Tours and Travel  
2 Established 1994  
3 Owners Tarun Verma, Ritika Sharma  
4 Turnover US $98 Million  
5 Profit as per last balance sheet US $31 Million  
6 Number of employees 125  
7 Number of fleet 28 air-conditioned buses, sleeper class  
8 Business
  • Connects to 22 destinations across major US cities. Every day, 75 trips are undertaken.
  • Sightseeing in major cities
  • Customized tour packages for schools, families and corporations
  • Cargo
For sightseeing and customized tour packages, XYZ has reserved 3 buses.
9 Awards/accolades The enterprise has been awarded Best Tour Operator in the last year.  
10 Departments Sales, marketing and customer service
HR and training
Administration
Purchasing
Finance
Operations
IT
In the IT department, there are 7 resources working to provide support to the business.
11 Home office New York City, New York, USA There are offices leased or owned in 22 US cities.
12 Major IT services used
  • Enterprise resource planning (ERP)
  • Agent management system
  • Customer relationship management (CRM)
  • Training and simulation management
  • Website and registration and booking management system
  • Scheduling management system
  • Billing management system
Registration has integration with payment gateways, short message service (SMS) and chat services.

Source: G. Kulkarni. Reprinted with permission.


Now that the details of the enterprise have been defined, the next step is to identify the enterprise’s stakeholders.


Stakeholders and Their Needs

XYZ Tours and Travel analyzed stakeholders and identified them in a separate document called a stakeholder map. Each stakeholder’s details are captured in the map document. The stakeholder details are shown in figure 3.


The reason to identify stakeholder needs is to better serve each of the stakeholders and fulfill their needs by way of properly governing and managing.


Figure 3—XYZ Tours and Travel Stakeholder Map

Serial Number

Stakeholder Type

Description

Major Needs

1 External Investors/shareholders Higher return on investments year on year
2 External Customer Economical, safe and punctual travels
3 External Booking agents Accurate, timely payment of commissions
4 External Government/regulators On-time payment of taxes
Filing of income tax returns
Compliance with data, emission and safety standards
5 External Supplier Accurate, timely payment of invoices
6 External Audit agencies Transparency in finance and bookkeeping
7 Internal Employees Job safety
Timely payment of salaries
Bonuses
Work/life balance

Source: G. Kulkarni. Reprinted with permission.


Now the enterprise has been defined and the stakeholders and their needs have been identified. Note that the enterprise did not go to each stakeholder and ask, “Do you have this need?” Certain needs are implicit and must be understood by the enterprise unless explicitly stated by the stakeholders. Every stakeholder category has its own needs that may be the same as or different from the needs of other stakeholder categories.


Now, the enterprise must ask itself what will happen if it does not meet the defined stakeholder needs.


The answer to this is that the enterprise cannot continue to exist. The reason? Investors will shy away because they do not see any value in their investments, customers will disappear because they do not wish to continue to get bad service, suppliers will depart because they cannot get payments and dues, and employees will start to search for jobs elsewhere.


The COBIT 5 principles call for creating value for stakeholders, which means the stakeholder’s needs must be fulfilled. Governance is all about recognizing conflicting needs, and balancing, prioritizing and considering every stakeholder while making decisions to ensure that their needs continue to be fulfilled.


Enterprise Goals Aligned to Stakeholder Needs

Next, stakeholder needs must be reflected in the goals of the enterprise, as illustrated in figure 4.


Figure 4—Aligning Stakeholder/Enterprise Needs

Serial Number

Stakeholder

Major Needs

Enterprise Goals of XYZ Tours and Travel

Priority

1 Investors/shareholders Higher return on investments year on year Achieve higher returns in share prices through higher profit.
Increase investor satisfaction.
Achieve sales targets.
P1
P1
P1
2 Customer Economical, safe and punctual travels Increase customer satisfaction. P1
3 Booking agents Accurate, timely payment of commissions Increase agent satisfaction. P1
4 Government/Regulators On-time payment of taxes
Filing of income tax returns
Compliance with data, emission and safety standards
File taxes and returns with zero defects and delays.
Avoid penalties.
P1
P1
5 Supplier Accurate, timely payment of invoices Increase supplier satisfaction. P2
6 Audit agencies Transparency in finance and bookkeeping Avoid violations/breaches of compliance requirements. P1
7 Employees Job safety
Timely payment of salaries
Bonuses
Work/life balance
Increase employee satisfaction. P1

Source: G. Kulkarni. Reprinted with permission.


COBIT 5 suggests 17 generic goals. In this example, for the sake of brevity, only 1 or 2 are used. Also, each goal is assigned a priority for its achievement.


Information Technology and Enterprise Needs

IT is an important department that needs to govern and manage information across the enterprise and play a key role in enabling XYZ Tours and Travel to achieve its goals.


If IT is not governed or managed properly, then the enterprise’s goals cannot be met and stakeholders’ needs will not be fulfilled.


This is the reason the enterprise’s goals and IT goals must align, as shown in figure 5.


Figure 5—Alignment of IT and Enterprise Goals

Serial Number

Enterprise Goals of XYZ Tours and Travel

IT Departmental Goals

Priority

1

Achieve higher returns in share prices through higher profit.
Increase investor satisfaction.
Achieve sales targets.

Achieve higher availability, security, continuity and capacity of services of ERP and CRM.
Ensure proper risk management.
Align decisions on investment in IT to IT needs and policies.
P1
2 Increase customer satisfaction. Achieve higher availability, security, continuity and capacity of services used by customers.
Ensure required functionality and ease of use.
Ensure higher availability and correct functioning of the booking management system, scheduling management system and billing management system.
Ensure proper risk management.
P1
3 Increase agent satisfaction. Achieve higher availability, security, continuity and capacity of services used by booking agents.
Through ERP, issue timely commission disbursements.
Ensure proper risk management.
P1
4 File taxes and returns with zero defects and delays.
Avoid penalties.
Achieve higher availability, security, continuity and capacity of services of ERP.
Comply with regulations and legislation related to data protection, completeness, correctness and availability.
P1
5 Increase supplier satisfaction. Achieve higher availability, security, continuity and capacity of services of ERP. P1
6 Avoid violations/breaches of compliance requirements. Comply with regulations and legislation related to data protection, completeness, correctness and availability. P1
7 Increase employee satisfaction. Achieve higher availability, security, continuity and capacity of services of ERP. P2

Source: G. Kulkarni. Reprinted with permission.


IT Goals Aligned to Enabler Goals

IT depends on complete and appropriate use of 7 enablers. If all of the enablers are working properly, then they will help achieve IT goals. The 7 enablers defined by COBIT 5 are:

  1. Principles, policies and frameworks
  2. Processes
  3. Organizational structures
  4. Information
  5. Culture, ethics and behavior
  6. People, skills and competencies
  7. Services, infrastructure and applications

When implementing COBIT 5, it is advantageous to focus on all 7 enablers with equal importance rather then just focusing on, for example, processes, although processes play a crucial role. Hence, the mapping can be done as shown in figure 6. It is assumed that if these processes exist and are capable and mature, then IT goals will be met. Although these processes are indicative, they interface with other processes and provide outputs. We need to define process goals; process purpose; a responsible, accountable, consulted and informed (RACI) matrix; and practices and activities for each while implementing processes.


Figure 6—Aligning IT Goals With Enabler Goals

Serial Number

IT Departmental Goals

Processes

1 Achieve higher availability, security, continuity and capacity of ERP and CRM services.
Ensure proper risk management.
Align decisions on investment in IT to IT needs and policies.
Availability management
Capacity management
Security management
Business continuity management
Risk management
Portfolio management
Finance management
Service level management
2 Achieve higher availability, security, continuity and capacity of services used by customers.
Ensure required functionality and ease of use.
Ensure higher availability and correct functioning of the booking management system, scheduling management system and billing management system.
Ensure proper risk management.
Availability management
Capacity management
Security management
Business continuity management
Risk management
Portfolio management
Finance management
Service level management
Usability
Transition and change management
3 Achieve higher availability, security, continuity and capacity of services used by booking agents.
Through ERP, issue timely commission disbursements.
Ensure proper risk management.
Availability management
Capacity management
Security management
Business continuity management
Risk management
Portfolio management
Finance management
Service level management
Usability
Transition and change management
4 Achieve higher availability, security, continuity and capacity of ERP services.
Comply with regulations and legislation related to data protection, completeness, correctness and availability.
Availability management
Capacity management
Security management
Business continuity management
Risk management
Portfolio management
Finance management
Service level management
Usability
Transition and change management
5 Achieve higher availability, security, continuity and capacity of ERP services. Availability management
Capacity management
Security management
Business continuity management
Risk management
Portfolio management
Finance management
Service level management
Usability
Transition and change management
6 Comply with regulations and legislation related to data protection, completeness, correctness and availability. Availability management
Capacity management
Security management
Business continuity management
Risk management
Portfolio management
Finance management
Service level management
Transition and change management
External and internal controls monitoring
7 Achieve higher availability, security, continuity and capacity of ERP. Availability management
Capacity management
Security management
Business continuity management
Risk management
Portfolio management
Finance management
Service level management
Usability
Transition and change management

Source: G. Kulkarni. Reprinted with permission.


Conclusion

This brief case study is just an example to illustrate how enterprise stakeholders’ needs drill down to the enabler goals. It is recommended that the COBIT 5 framework guide, particularly the appendix section, be used for further mapping. True learning and understanding of COBIT 5 principles will happen only by mapping them to real-life scenarios.


Govind Kulkarni, COBIT 5, CSQA, DevOps Master, ISO 27000 Auditor, ITIL Expert, PMP

Is an experienced software developer with 2 decades of experience providing IT solutions. He has worked in the entire life cycle of software development and, currently, he conducts training in COBIT 5, ITIL and software testing. Kulkarni has completed consulting assignments for gap analysis, COBIT 5/ITIL implementation, assessments using the ISO 15504 standard and tool customization for clients across the globe. His current interests include business continuity, IT assessment and cost management, scalability and performance optimization of web applications, predictive analytics, and technology areas such as OpenStack and DevOps. He was one of the editors of the book How to Reduce the Cost of Software Testing, published by CRC Press in 2012. He can be reached at goodgovind1505@gmail.com.

THIS WEBSITE USES INFORMATION GATHERING TOOLS INCLUDING COOKIES, AND OTHER SIMILAR TECHNOLOGY.
BY USING THIS WEBSITE, YOU CONSENT TO USE OF THESE TOOLS. IF YOU DO NOT CONSENT, DO NOT USE THIS WEBSITE. USE OF THIS WEBSITE IS NOT REQUIRED BY ISACA. OUR PRIVACY POLICY IS LOCATED HERE.