I recently asked a group of IT executives how important COBIT was for their companies. Nearly everyone I talked to said it was extremely important. But when I asked them what they knew about COBIT 5, most admitted they didn’t know what the new release meant for their organizations.
Having studied COBIT 5 in-depth, I believe it is going to be increasingly important to IT organizations. We already see it playing an important role in European financial institutions trying to weather the current storm. For them and you, COBIT 5 raises the bar in measuring and managing IT governance and transparency in the following areas:
- Governance: Organizational risk for IT and business as a whole
- Governance: Auditing and compliance requirements
- Transparency: Consistency and quality of IT delivery
- Transparency: Control over IT costs and alignment of expenditures with business needs
Why should you care about COBIT 5?
COBIT 5 is on its way to becoming the default choice for an overarching business framework, even though it had its origins nearly 20 years ago as the basis for auditing IT management. With the passage of Sarbanes-Oxley in 2002, COBIT got more teeth, especially with financial institutions. If you were going to be compliant with Sarbanes-Oxley, you needed to have COBIT ingrained in your organizational DNA.
With COBIT 5, the framework takes another major leap. This isn’t just a refresh. COBIT 5 adds a governance layer, meaning that COBIT 5 organizations aren’t just compliant, they’re reaping the benefits of good IT governance and management—running more efficiently and effectively. So IT now has a comprehensive framework that assists it in achieving the business’s objectives for the governance and management of enterprise IT. What’s more, it puts balanced scorecards front and center.
COBIT 5 uses balanced scorecard to demonstrate governance, control and improvement
The new release shows how to translate high-level enterprise goals into manageable, specific, IT-related goals and then map these to specific processes and practices. Each scorecard has four goal quadrants—financial, customer, internal and learn-and-grow. This includes what they call a goal cascade, enabling you to define priorities and responsibilities for improvement. If you walk away with anything from this post, let it be that COBIT 5 is going to affect how you manage your organization and show your progress at control and improvement.
COBIT 5 demands financial transparency
COBIT 5 also demands financial transparency. Of highest importance are the following areas:
- Alignment of IT and business strategy
- Realized benefits for IT-enabled investments and service portfolio
- Transparency of IT costs, benefits and risks
The first point focuses on the consistency of IT services and programs in meeting business needs. Obviously the second is about improving the IT organization’s ability to develop quantifiable business cases during the proposal/project/program phases, the ability to measure ROI for projects and proposals released to the service catalog, and the ability to measure the continuing value of services. The third area is about making sense out of IT costs, benefits and risks.
Service-based costing shows true value of IT
Driving transparency into IT costs, benefits and risks is especially difficult for almost all IT organizations, because IT is considered by most corporate-finance organizations to be a cost center. This is a big problem. In the language of accounting, a cost center is an entity or organization that has cost but no revenue or value. Of course the latter is not true because IT organizations are a major driver of business productivity. However, with cost-center accounting, IT spend is presented based on technology expenditure. For the business, this makes IT spend look like a bunch of piece parts.
Because the business does not consume IT's piece parts, COBIT suggests measurements related to how the business does consume IT services and programs. As long as IT organizations present costs at technology or cost-center levels, there is no chance for understanding the real costs, benefits and risk of IT services. However, with service-based costing such as COBIT suggests, the gulf between the business and IT can be eliminated because costs are presented at a level of indenture the business understands. In the budgeting season, the business and IT can talk about IT and its services from a value perspective. And even more importantly, IT can have a seat at the table. IT can ask: Why are we still investing in this service when only one person is using it and it's costing us X dollars?
COBIT 5 will change your IT organization for the better
Taking the steps to COBIT 5 is not just about governance and transparency, it is about building an IT organization that has more credibility with its peers. It is about making an IT organization that is understandable to the outside world. This way the rest of business can see how well IT is doing at delivery—when it succeeds and when it fails. To make this reality, IT organizations need to get to service-based costing. Then a business dialogue with the rest of business can finally begin.
Myles Suer
Senior Manager, IT Performance Management
HP Software
We welcome your comments! Please log in using the Sign In link at the top right of this page and then leave your comment in the box at the end of the post. To view all blog posts, please click on the ISACA Now link in the blue box on the left.