ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > Examining the Adoption of COBIT 5

Examining the Adoption of COBIT 5

Makoto Miyazaki, CISA, CPA
| Published: 6/15/2015 3:10 PM | Permalink | Email this Post | Comments (0)

Three years have passed since the release of COBIT 5. How is the popularization of it in Japan compared with the previous version? There are actually several success stories of COBIT 5 adoption in other countries, as reported in COBIT Focus.

But in Japan, I do not know of many successful cases in which organizations fully adopted the COBIT 5 Framework and Enabling Processes, except for a few cases such as the adoption introduced in Yuichi (Rich) Inaba, CISA, and Hiroyuki Shibuya’s COBIT Focus article, “Creating Value With COBIT 5 at a Tokio Marine Group Company.”

Some IT auditors and/or planners still discuss COBIT 5 in the context of simply replacing processes from COBIT 4 with the equivalents from COBIT 5. They seem to understand the COBIT 5 Framework and the Enabling Processes as mutually independent existences, ignoring that the Enabling Processes are developed based on the evolution of the framework. There, the results of the consideration about governance and management of enterprise IT (GEIT) as a whole may be stunted as mere individual item-by-item adoption of processes or management practices to individual issues at (lower) management levels. They may also overlook the facts that COBIT 5 mainly refers the new concept of GEIT instead of just looking at “IT governance.”

Generally, Japanese enterprises are good at a hands-on, bottom-up management style— kaizen initiative. However, they are not very familiar with the top-down approach, drilling-down of frameworks into on-site operational level management. Basically, it is doubtful they recognize the importance of this approach. They tend to avoid abstract discussion on frameworks and, without practical or concrete guidelines or procedures, they even have antagonism toward frameworks and the top-down approach (even if real governance exists and works in enterprises).

I think such a tendency may cause the discussion on COBIT 5 to focus only on transferring processes from COBIT 4 into COBIT 5. And in such a situation, can the COBIT 5 Framework and the Enabling Processes be understood as the developers’ intentions?

Meanwhile, does COBIT 5 fully articulate how to adopt its framework? As I mention in my recent Journal article, I think the principle of “enterprise end-to-end” and governance-management cycle, which is described by some figures in the framework, is the most adoptable principle. I had continuously been searching for ways or a sort of template for adoption of the principle. But many resources suggest adoption of applicable processes or management practices for individual issues, without discussing implementation for the whole governance-management cycle.

Because of these challenges, I wrote my Journal article to serve as a template for adoption of governance-management cycle tracing input/output flows/networks.

Read Makoto Miyazaki’s recent ISACA Journal article:
Navigating I/O Flows/Networks to Enhance the Governance Management Cycle,” ISACA Journal, volume 3, 2015.

Comments

There are no comments yet for this post.
Email