When most organizations undertake an important process improvement effort (e.g., compliance, cyber security,governance), they typically refer to different standards and prepare a complex process to implement the improvement.
From this author’s point of view, the main issue with that approach is that it refers to only one standard for the process and follows it strictly from the 1st page to the last. These kinds of projects are usually long in duration, expensive, require the engagement of several experts, and may require the purchase of hardware and software. These things are not cheap.
To easily integrate this kind of project into the organization, the project leader should take into account those processes that provide important value as quickly as possible for the organization(quick wins). By focusing on the quick wins, it will be less likely for stakeholders to withhold support from or question the project, and the project leader can quickly obtain support from the project sponsors.
To read the rest of this article click here: http://www.isaca.org/COBIT/focus/Pages/which-screws-have-to-tighten.aspx