Find Resources and Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

Subscribe to this discussion

COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT

Join author Arturo Umana, as he responds to ISACA member questions beginning 7 December 2015. Add your questions by responding to this post!

You must be logged in and be a member of this group* to participate.
*After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.

It is a well-known fact that one of themajor improvements in COBIT® 5 was the integrationof both Val IT and Risk IT into the framework. This follows the logical development line of COBIT® along its different versions and reflects better the needs of appropriate governance of enterprise IT (GEIT) for modern enterprises. For those using combinations of previous versions of these 3 frameworks, or parts of them, moving into a single, unified framework is definitely a promising perspective.

Read the rest of the article here
You must sign in to rate content.
(1 ratings)

Comments

RE: COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT

Hi all, I'm very curious if some of you have made similar excperiences with the switsching from COBIT 4.2 to COBIT 5, and how you dealt with the break with the CMM-based approach to maturity.
Arturo650Lively at 12/22/2015 12:19:18 PM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT

There is no difference in the approach used for COBIT 4.1 and COBIT 5. Both are based on the CMMI model for maturity. What is different is that COBIT 4.1 is a superficial assessment. The assessment is based on a very small selection of controls that give an indication of the possible maturity. Its not a very accurate or reliable assessment of process capability. Two experienced users of COBIT could come to very different conclusions about maturity. Usually the less experience the assessor, the higher the score. A COBIT 5 assessment is much more rigorous. It is not based on just the controls. t requires the identification of the relevant activities to achieve the selected outcomes, and at higher levels, it requires the identification of the related management practices. A COBIT 5 assessment requires a knowledgeable person with considerable experience with the COBIT process model to perform a proper assessment.
peterhillEnergizer at 12/24/2015 3:28:26 PM Quote
You must sign in to rate content.
(1 ratings)

RE: COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT

Most probably I'm overseing something, but as far as I could see while moving into the new framework, the approach in COBIT 5 is based on ISO/IEC 15504, while the COBIT 4.1 (sorry for the typo above) maturity assessment is rather CMMI oriented. There are in my humble opinion commonalities, but some considerable differences, too. As far as Iknow, in COBIT 4.1 it was already possible to follow the ISO based COBIT Assessment Programme, but we kept in my former organization CMMI because it had been already introduced some years before and proven very useful. As my own experience with CMMI was positive, I continued using it after moving to my current organization. Nonetheless, I fully agree that the COBIT 5 assessment is more accurate.
Arturo650Lively at 12/25/2015 4:45:45 PM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT

Mr. Umana,

Nice article, please keep up the good work.

Coming from a CMMI background myself (CMMI-DEV 1.3 upgrade implementation), I can appreciate your journey and the eye-openers you have experienced.

However, as Mr. Hill mentioned, using CMMI alone for assessment of Process Maturity would not be effective. as it does indeed give a "superficial" perspective. COBIT 4.1 CMMI assessment was based on Process Maturity, whereas COBIT 5 PAM is based on Process Capability.

So the big question is, "what is difference between Process Maturity & Process Capability"? Though it quite sounds like a nice title for a much more detailed topic, however just to suffice, Process Maturity looks only into stability of the process, whereas Process Capability looks not only into stability of process but also how well-tied and integrated a process is, to the overall performance goals of the organisation.

In my opinion, I guess that's why COBIT 5 PAM is so rigorous.
Rohit BanerjeeInfluential at 1/3/2016 2:58:10 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT

Thanky a lot! Yes, I fully agree that focusing on the process maturity alone is not as accurate and reliable as it would be to move forward into process capability. This definitely makes a lot sense, but as we are still at the beginning of creating the awareness of the added value of GEIT within the organization, making this step will need considerable time and major efforts. Maybe you have some advice on how to achieve this change faster and smoothly? It would be really highly appreciated!
Arturo650Lively at 1/3/2016 7:47:58 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT

Thanky a lot! Yes, I fully agree that focusing on the process maturity alone is not as accurate and reliable as it would be to move forward into process capability. This definitely makes a lot sense, but as we are still at the beginning of creating the awareness of the added value of GEIT within the organization, making this step will need considerable time and major efforts. Maybe you have some advice on how to achieve this change faster and smoothly? It would be really highly appreciated!
Arturo650 at 1/3/2016 7:47:58 AM
I would recommend practically using the Goals Cascading to define the stakeholders needs first. COBIT 5 indeed is a very well thought of framework, and it indeed intends to truly bridge the Enterprise goals to the IT goals, by using a well-refined cascaded BSC.

In my opinion, if at least these initial steps are performed diligently, then the rest of the process is much simpler.

Please feel free to let me know if you need any additional help. 
Rohit BanerjeeInfluential at 1/4/2016 10:43:33 PM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT

Thanky a lot! Yes, I fully agree that focusing on the process maturity alone is not as accurate and reliable as it would be to move forward into process capability. This definitely makes a lot sense, but as we are still at the beginning of creating the awareness of the added value of GEIT within the organization, making this step will need considerable time and major efforts. Maybe you have some advice on how to achieve this change faster and smoothly? It would be really highly appreciated!
Arturo650 at 1/3/2016 7:47:58 AM
I would recommend practically using the Goals Cascading to define the stakeholders needs first. COBIT 5 indeed is a very well thought of framework, and it indeed intends to truly bridge the Enterprise goals to the IT goals, by using a well-refined cascaded BSC.

In my opinion, if at least these initial steps are performed diligently, then the rest of the process is much simpler.

Please feel free to let me know if you need any additional help. 
Rohit BanerjeeInfluential at 1/4/2016 10:43:33 PM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT

Thanky a lot! Yes, I fully agree that focusing on the process maturity alone is not as accurate and reliable as it would be to move forward into process capability. This definitely makes a lot sense, but as we are still at the beginning of creating the awareness of the added value of GEIT within the organization, making this step will need considerable time and major efforts. Maybe you have some advice on how to achieve this change faster and smoothly? It would be really highly appreciated!
Arturo650Lively at 1/3/2016 7:47:58 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT

Mr. Umana,

Nice article, please keep up the good work.

Coming from a CMMI background myself (CMMI-DEV 1.3 upgrade implementation), I can appreciate your journey and the eye-openers you have experienced.

However, as Mr. Hill mentioned, using CMMI alone for assessment of Process Maturity would not be effective. as it does indeed give a "superficial" perspective. COBIT 4.1 CMMI assessment was based on Process Maturity, whereas COBIT 5 PAM is based on Process Capability.

So the big question is, "what is difference between Process Maturity & Process Capability"? Though it quite sounds like a nice title for a much more detailed topic, however just to suffice, Process Maturity looks only into stability of the process, whereas Process Capability looks not only into stability of process but also how well-tied and integrated a process is, to the overall performance goals of the organisation.

In my opinion, I guess that's why COBIT 5 PAM is so rigorous.
Rohit BanerjeeInfluential at 1/3/2016 2:58:10 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT

Most probably I'm overseing something, but as far as I could see while moving into the new framework, the approach in COBIT 5 is based on ISO/IEC 15504, while the COBIT 4.1 (sorry for the typo above) maturity assessment is rather CMMI oriented. There are in my humble opinion commonalities, but some considerable differences, too. As far as Iknow, in COBIT 4.1 it was already possible to follow the ISO based COBIT Assessment Programme, but we kept in my former organization CMMI because it had been already introduced some years before and proven very useful. As my own experience with CMMI was positive, I continued using it after moving to my current organization. Nonetheless, I fully agree that the COBIT 5 assessment is more accurate.
Arturo650Lively at 12/25/2015 4:45:45 PM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT

There is no difference in the approach used for COBIT 4.1 and COBIT 5. Both are based on the CMMI model for maturity. What is different is that COBIT 4.1 is a superficial assessment. The assessment is based on a very small selection of controls that give an indication of the possible maturity. Its not a very accurate or reliable assessment of process capability. Two experienced users of COBIT could come to very different conclusions about maturity. Usually the less experience the assessor, the higher the score. A COBIT 5 assessment is much more rigorous. It is not based on just the controls. t requires the identification of the relevant activities to achieve the selected outcomes, and at higher levels, it requires the identification of the related management practices. A COBIT 5 assessment requires a knowledgeable person with considerable experience with the COBIT process model to perform a proper assessment.
peterhillEnergizer at 12/24/2015 3:28:26 PM Quote
You must sign in to rate content.
(1 ratings)

RE: COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT

Hi all, I'm very curious if some of you have made similar excperiences with the switsching from COBIT 4.2 to COBIT 5, and how you dealt with the break with the CMM-based approach to maturity.
Arturo650Lively at 12/22/2015 12:19:18 PM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT

There is no difference in the approach used for COBIT 4.1 and COBIT 5. Both are based on the CMMI model for maturity. What is different is that COBIT 4.1 is a superficial assessment. The assessment is based on a very small selection of controls that give an indication of the possible maturity. Its not a very accurate or reliable assessment of process capability. Two experienced users of COBIT could come to very different conclusions about maturity. Usually the less experience the assessor, the higher the score. A COBIT 5 assessment is much more rigorous. It is not based on just the controls. t requires the identification of the relevant activities to achieve the selected outcomes, and at higher levels, it requires the identification of the related management practices. A COBIT 5 assessment requires a knowledgeable person with considerable experience with the COBIT process model to perform a proper assessment.
peterhillEnergizer at 12/24/2015 3:28:26 PM Quote
You must sign in to rate content.
(1 ratings)

RE: COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT

Hi all, I'm very curious if some of you have made similar excperiences with the switsching from COBIT 4.2 to COBIT 5, and how you dealt with the break with the CMM-based approach to maturity.
Arturo650Lively at 12/22/2015 12:19:18 PM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT

Most probably I'm overseing something, but as far as I could see while moving into the new framework, the approach in COBIT 5 is based on ISO/IEC 15504, while the COBIT 4.1 (sorry for the typo above) maturity assessment is rather CMMI oriented. There are in my humble opinion commonalities, but some considerable differences, too. As far as Iknow, in COBIT 4.1 it was already possible to follow the ISO based COBIT Assessment Programme, but we kept in my former organization CMMI because it had been already introduced some years before and proven very useful. As my own experience with CMMI was positive, I continued using it after moving to my current organization. Nonetheless, I fully agree that the COBIT 5 assessment is more accurate.
Arturo650Lively at 12/25/2015 4:45:45 PM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT

Mr. Umana,

Nice article, please keep up the good work.

Coming from a CMMI background myself (CMMI-DEV 1.3 upgrade implementation), I can appreciate your journey and the eye-openers you have experienced.

However, as Mr. Hill mentioned, using CMMI alone for assessment of Process Maturity would not be effective. as it does indeed give a "superficial" perspective. COBIT 4.1 CMMI assessment was based on Process Maturity, whereas COBIT 5 PAM is based on Process Capability.

So the big question is, "what is difference between Process Maturity & Process Capability"? Though it quite sounds like a nice title for a much more detailed topic, however just to suffice, Process Maturity looks only into stability of the process, whereas Process Capability looks not only into stability of process but also how well-tied and integrated a process is, to the overall performance goals of the organisation.

In my opinion, I guess that's why COBIT 5 PAM is so rigorous.
Rohit BanerjeeInfluential at 1/3/2016 2:58:10 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT

Thanky a lot! Yes, I fully agree that focusing on the process maturity alone is not as accurate and reliable as it would be to move forward into process capability. This definitely makes a lot sense, but as we are still at the beginning of creating the awareness of the added value of GEIT within the organization, making this step will need considerable time and major efforts. Maybe you have some advice on how to achieve this change faster and smoothly? It would be really highly appreciated!
Arturo650Lively at 1/3/2016 7:47:58 AM Quote
You must sign in to rate content.
(Unrated)

RE: COBIT Focus -COBIT 5 and the Added Value of Governance of Enterprise IT

Thanky a lot! Yes, I fully agree that focusing on the process maturity alone is not as accurate and reliable as it would be to move forward into process capability. This definitely makes a lot sense, but as we are still at the beginning of creating the awareness of the added value of GEIT within the organization, making this step will need considerable time and major efforts. Maybe you have some advice on how to achieve this change faster and smoothly? It would be really highly appreciated!
Arturo650 at 1/3/2016 7:47:58 AM
I would recommend practically using the Goals Cascading to define the stakeholders needs first. COBIT 5 indeed is a very well thought of framework, and it indeed intends to truly bridge the Enterprise goals to the IT goals, by using a well-refined cascaded BSC.

In my opinion, if at least these initial steps are performed diligently, then the rest of the process is much simpler.

Please feel free to let me know if you need any additional help. 
Rohit BanerjeeInfluential at 1/4/2016 10:43:33 PM Quote
You must sign in to rate content.
(Unrated)

Leave a Comment

* required

You must login to leave a comment.