COBIT Case Study: Adnoc Distribution 

 

Adnoc Distribution is an integrated energy company with 5,500 employees and revenue of more than US $3 billion. Founded in 1973, Adnoc Distribution markets and distributes petroleum products and services within the United Arab Emirates and internationally. As one of the largest and most innovative government-owned petroleum companies in the Arab Gulf, Adnoc Distribution is renowned and respected for the exceptional quality and reliability of its products and services. Offering a wide variety of petroleum and natural gas products and services, Adnoc Distribution is committed to providing customers and partners with reliable energy solutions.

Why did Adnoc choose to implement COBIT?

Adnoc Distribution was growing in leaps and bounds with the initiation of a multibillion-dollar natural gas project that increased the complexity of operations. Resources were not proportionally increased, projects were not prioritized and IT value was increasingly questioned. A significant issue contributing to these problems was that many IT processes were not standardized and, thus, not repeatable, which contributed to the inefficiency of IT service delivery. There were huge challenges facing the IT department as it tried to meet the expectation of the business.

Adnoc Distribution did not have established processes and procedures to provide IT services in an effective and efficient manner. The company recognized that the activities were dependent on people and were not formally documented so that they could be repeated in a standardized manner. This also meant that there were no control mechanisms to ensure that the activities were carried out appropriately.

In addition, IT was not effectively aligned to the business to support the organizational goals. For example, prioritizing the investments for various IT projects was not done in a disciplined way. There was also a gap in providing value to the business due to a lack of effective program management. IT was viewed as a cost center, and management did not believe that the investment was justified.

Hence, IT department leaders suggested implementing Control Objectives for Information and related Technology (COBIT) to add discipline, improve service levels, increase IT users’ satisfaction and improve IT governance practices—thereby enabling the business to achieve its goals.

Why was COBIT identified as the best framework to use?

Adnoc wanted to streamline its IT processes and felt that no other standard offered a complete framework to address all the elements of a process, including measurements, key performance indicators (KPIs) and key goal indicators (KGIs). COBIT was found to be more general and business-oriented than other standards. It encompasses most of the elements an IT environment would possess, while other standards focus on one respective area.

“For example, ISO 27001 addresses the information security elements, whereas COBIT goes beyond this and looks at a more panoramic view of the processes in a standard way,” said Ali Guidoum, Ph.D., CISM, IT advisor for Adnoc. “However, it does not preclude the implementation of other complementary standards—in fact, many other standards are mapped with COBIT.”

How did Adnoc get management buy-in for COBIT?

It was quite a challenge to deliver the message of IT governance to the board. However, IT staff succeeded by delivering awareness sessions on IT governance and how COBIT would help the IT goals align with business goals. The IT department also explained to management that if the processes are standardized using COBIT, IT could more effectively deliver the services in line with the expectations of the business.

The target management groups to whom the sessions were delivered were the IT steering committee, auditing department and executive management. The awareness sessions helped management to give the right support in terms of budget, resources and the necessary commitment to back the project. The IT department’s presentation of case studies featuring other successful companies where COBIT was implemented also gave management the confidence that COBIT is an effective and useful model for improving the existing governance and IT practices.

How is COBIT being used?

"COBIT implementation at Adnoc was spearheaded by Bhavani Suresh, who led team of nearly 35 people who contributed to the project. As a result of the team's efforts, all four IT departments—Data Center Operations, Retail Automation, Network and Help Desk, and Application Systems—are now using COBIT."

The departments identified many COBIT processes that they deemed necessary for implementation. However, to narrow them down to a manageable number, Adnoc used COBIT to map its business goals to IT goals and then prioritized the related processes through a risk-assessment approach.

Adnoc then implemented the three most important and relevant COBIT processes, according to the current budget and resources availability. The three processes selected focused on change management, business continuity and service level management.

All departments use a change management process that was designed based on COBIT to ensure that it is applied in a controlled manner and minimizes interruption to services. The change management process also helps the departments follow a standard, systematic process that is repeatable, measurable and improved upon continuously.

Additionally, service level management (SLM) was implemented across the entire organization. Adnoc essentially adopted a COBIT SLM process that formalized the service level agreements with various other business units, resulting in clear expectations. The SLM process is continuously improved based on feedback from business executives.

Business continuity planning was another significant project initiated under COBIT. The framework was developed, a business continuity model (BCM) was created with clear roles and responsibilities, and different types of procedures handling were developed. The BCM is not specifically an IT project; it involved different departments of the company, such as safety and security, human resources, etc., and COBIT provided the common language.

Other interlinked processes, such as configuration management and security management, are also being designed and developed based on COBIT.

Currently, Adnoc uses COBIT in combination with other best practices, including portions of IT Infrastructure Library (ITIL), as well as ISO 27001 and Project Management Body of Knowledge (PMBOK) standards.

Additional COBIT processes, including one related to data management, have been identified for the next phase of implementation.

What benefits did Adnoc Distribution realize by using COBIT?

The main goal of the COBIT implementation was to improve the efficiency of the delivery of the information systems services by either improving the existing processes or designing and implementing new processes—and that goal has been accomplished.

Although Adnoc Distribution was aware that not all the COBIT processes were applicable or required, the prioritization exercise helped the company streamline the implementation and carry it out in phases. The processes achieved their intended results, and a significant improvement was noticed in the efficiency of IT services delivery. They have led to organization and maturity and have been embedded in the IT culture.

After noticing a great deal of success following the first phase of COBIT implementation, the company is eager to move forward to embrace additional COBIT processes. Additionally, Adnoc Distribution is conducting a great deal of work to integrate COBIT with other frameworks for maximum benefit. While it is expected to take one to two years to achieve the seamless integration of the different frameworks, Adnoc looks forward to the eventual efficiencies it will realize as a result.