While many organisations are familiar with using COBIT for risk management and compliance activities, few have explored using COBIT as a basis for transforming their IT function. Establishing new roles (i.e. accountability) within the IT organisation is often at the centre of aligning the IT organisation with the overall business strategy. In an effort to cut costs, increase competitiveness and grow revenues organisations analyse, codify, and seek to tangibly improve their most vital processes to deliver business results that are measurable and sustainable.
COBIT, a popular IT management and governance framework, can help determine where to get started and how to get this done efficiently. Structuring IT to support and enable business growth in line with the overall organisation's business strategy requires IT executives to use tools such as the Business Balanced Scorecard to align daily IT activities with the overall business strategy. CobiT provides a starting point for this through a generic business balanced scorecard for IT. Most organisations will find that this generic business balanced scorecard fits reasonably well and is a useful first draft of their balanced scorecard. IT executives can engage their business leaders in discussions around the organisation's business strategy and how this translates into expectations of IT.
Cascading the generic business balanced scorecard down into the IT organisation drives the alignment of the IT organisation with the business strategy. Using CobiT as the basis for aligning the IT organisation with the business goals results in a quick and efficient approach that increases the transparency of the key performance areas within the IT organisation. It allows the business to understand the value of what it is investing in and facilitates proper trade-offs between IT and non-IT spending.
Reducing IT cost and complexity requires organisations to take a critical look at their processes and determine how the process activities add value to the overall business strategy or minimise risk. Addressing the growing number of regulatory compliance requirements requires a holistic approach that seeks to minimise the number controls and check-points which is process based to ensure that the approach is effective and sustainable.
At the centre of CobiT is an integrated process model. IT activities are grouped in 34 processes, each with a life-cycle to be managed in alignment with business goals. Individual processes comprise a number of activities that are grouped in process areas and placed under the responsibility of a particular role. The integrated nature of the CobiT process model ensures points of collaboration are identified and possible duplication of activities is avoided.
During implementation, the generic CobiT process model is refined to match the organisation's specific requirements. Documentation, approval points and governance steps for the refined process are added and process capability is built following the predefined sequence described by way of a process maturity model.
Process workflow charts are used to map the organisation's roles to process related activities. Job descriptions for each role are based on a detailed understanding of the workflow of each process and the outcome to be achieved. Performance metrics are established and monitored to ensure that the process delivers against the overall business goals.