Using COBIT 2019 to better understand the enterprise context and strategy

As many of you know, I’m a big fan and proponent of the COBIT framework. The newest version, COBIT 2019 is in my opinion, a big improvement over the previous version, COBIT 5. I won’t get into all of the various COBIT details in this article, however, what I do want to focus on is how we can use the Governance System Design Workflow (Figure 1) to better understand the enterprise context and the enterprise strategy.

Figure 1: COBIT 2019 Governance System Design Workflow

How does this governance system help me understand my enterprise strategy and goals? Before we answer that, let’s start from the beginning. What is a governance system and why do we need one?

In the article What is governance and what should IT leaders be doing about it? (https://www.cio.com/article/2448788/governance-what-does-governance-mean.html) author  Dean Meyer writes “Governance means all the processes that coordinate and control an organization’s resources and actions.” Expanding on this definition, Gartner further defines IT Governance as “the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals” (https://www.gartner.com/en/information-technology/glossary/it-governance). To expand this more, Gartner adds that IT Governance is “concerned with ensuring that the IT organization operates in an effective, efficient, and compliant fashion.” Think of governance as checks and balances. Does the business understand that IT can deliver? Does IT understand what the business wants? When there is poor (or no) governance, it usually results in the business not getting what they need and IT delivering solutions that do not align with the business values.

COBIT 2019 defines seven (7) governance system components. The most familiar component are processes. COBIT 2019 defines 40 Governance and Management processes/objectives. Other components include: organizational structures; policies and procedures, information items, culture and behavior, skills and competencies, and services, infrastructure and applications. These components contribute individually and collectively to the good operations of an enterprise.

We have established the importance of a good governance system. How do we go about creating one and more importantly, how do we make sure that it is tailored to our specific enterprise? It is not advisable to take another company’s governance framework and apply it to ours. You can try and in fact, it might work to some degree, but in most likelihood, the two enterprises will have subtle differences. It would be like taking the tires off a truck and putting them on a compact car. They are both vehicles and they use tires but not the same tires.  

In order to customize the governance system, COBIT 2019 introduced the concept of Design Factors. Design Factors influence in different ways the tailoring of the governance system. There are a total of 11 Design Factors. For this article, we are only going to discuss the first step in the Governance System Design Workflow shown in Figure 1. The first step is “Understand the Enterprise Context and Strategy” and incorporates four design factors.

• Design Factor 1: Understand enterprise strategy
• Design Factor 2: Understand enterprise goals
• Design Factor 3: Understand the risk profile
• Design Factor 4: Understand current I&T (information and technology) related issues

In the Design Factor 1, we are looking to understand the enterprise strategy. Enterprises can have different strategies, which can be expressed as one or more of the archetypes:

• Growth/Acquisition
• Innovation/Differentiation
• Cost Leadership
• Client Service/Stability

Organizations typically have a primary strategy and, at most, one secondary strategy.

Design Factor 2 relates to the Enterprise Goals that support the enterprise strategy. That is, the Enterprise strategy is realized by the achievement of (a set of) enterprise goals. COBIT 2019 defines a set of 13 generic enterprise goals; each enterprise can and should prioritize its enterprise goals in alignment with the chosen enterprise strategy. These goals are defined in the COBIT framework, structured according to the balanced scorecard (BSC) dimensions.

The third design factor is to understand the enterprise's risk factor. The risk profile identifies the sort of I&T related risk to which the enterprise is currently exposed and indicates which areas of risk are exceeding the risk appetite.

The final fourth design factor is I&T-related issues. This is a related method for an I&T risk assessment for the enterprise to consider which I&T-related issues it currently faces, or, in other words, what I&T-related risks have materialized.

In conclusion, if the need is to understand your organization’s strategy and context, COBIT 2019 provides the steps and the design factors to assist in this task. This is the first step to better understand your enterprise and to help design a tailored governance system specific to your needs. We can (and should) use this method during an organizational transformation. Let’s say the strategy right now is innovation/differentiation. In this mode, the enterprise’s focus is on offering different and/or innovative products or services to your clients. And you maintain this strategy for a period of time. Then new competitors enter the market. Now your strategy is not as effective as it previously was because competitors have similar products to yours. This might require a shift in your strategy archetype. Maybe now you focus on cost leadership (short-term cost minimization). Assuming you have a large market share and your financials support lowering the cost, it will curtail your competitors from overpowering you.

In future articles, I will cover more of the design factors and the next steps in the creation of a tailored governance system. Remember, a tailored governance system can ensure the effective and efficient use of IT in enabling an organization to achieve its goals.