ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > COBIT 2019 and Marathons

COBIT 2019 and Marathons 

Pam Nigro, ISACA board director and senior director of information security at Heath Care Service Corporation
| Posted at 10:00 AM by ISACA News | Category: COBIT-Governance of Enterprise IT | Permalink | Email this Post | Comments (1)

Pam NigroTraining is important for marathon runners, but there are a number of specific factors that go into marathon runners achieving their personal best. Take a look at the examples below (and for you non-runners, your COBIT and digital transformation muscles will be exercised soon enough):

1. Get strong. It’s strength and conditioning, particularly around the ankles, knees and hips, that separates elites from mere mortals, according to British distance legend Liz McColgan.
2. Get loose. You want optimal flexibility and power from the first step. Come the end of the race, you'll actually have more energy reserves as you'll have run more efficiently.
3. Pace the workout. Going out too fast in both training and racing is the undoing of many talented runners.
4. Run with purpose. Each run has a plan with a focus, which increases motivation, gives training structure and ultimately improves times.
5. Create real incentives. Every runner knows the trick of mentally breaking up long runs into shorter, more manageable chunks; with rewards along the way and at the finish line.
6. Maintain quality. New shoes every 300 miles. Running in an old, worn-out pair of shoes can result in painful injuries and can mean a possible early end to your running career.

In many ways, digital transformation is like giving organizations a new pair of running shoes. Digital transformation, however, is not just technology; it’s more often about shedding outdated processes and legacy technology, giving organizations a chance to run faster.

Achieving your organization’s personal best requires more than just a new pair of running shoes. There are six steps, as outlined by ISACA’s recently updated COBIT 2019 framework, that can facilitate your organization’s ability to keep in top running condition. Here’s how:

  1. Get strong. COBIT incorporates the latest technology evolutions and methods, including new guidance on data management. COBIT enables your organization to strengthen and focus on the key objectives that are rightsized for your organization to continue to move forward. 
  2. Get loose. Up-to-date and flexible frameworks for governance of enterprise IT will empower you to address current security risks, DevOps/DevSecOps, and cloud computing, and enabling the digital transformation sweeping many of our organizations.
  3.  Pace the workout. The new Design Guide allows organizations to create a plan and tailor a governance system to specific context, defining the right priorities and providing a leaner, much more effective and efficient governance system.
  4. Run with purpose. Deploy a framework that is an authoritative reference useable by an organization’s boards, senior management, business and IT management and practitioners, audit and risk professionals, as well as external entities such as regulators and external auditors. This ultimately gives structure to align an organization and guide risk management activities.
  5. Create real incentives. The COBIT 2019 Implementation Guide provides you with assistance and direction for organizational change management and program management, identifying challenges and success factors.
  6. Maintain quality. Embedding and enabling an intuitive process capability model like CMMI will empower process improvement initiatives and allow for easier techniques and approaches to communicate with senior management.

Everyone approaches a marathon differently and, likewise, the approach to COBIT is different for every organization. No one way is better than the other; it’s just different. Your approach will depend upon your organization’s risk tolerance and appetite for change. At some point, as with runners, you will “hit the wall.” If it happens, don’t get too discouraged – be sure to refocus, recommit to the goal and recalibrate.

Editor’s note: Enhance your training of COBIT 2019 and stay fit for your organization in a pre-conference workshop at the 2019 GRC Conference in Ft. Lauderdale, Florida, USA, on 11 August or at a pre-conference workshop at EuroCACS/CSX 2019 in Geneva, Switzerland, on 14-15 October. For additional opportunities, see ISACA’s upcoming Training Week schedule.


Great analogy

I'm not a marathon runner but found this to be a great analogy to setting up governance framework. Thanks for including reference links to help dig deeper into Design Guide and COBIT 2019 Implementation Guide. Very helpful. Thank you!
Cinthia756 at 7/25/2019 11:53 AM
You must be logged in and a member to post a comment to this blog.