COBIT 5 was released by ISACA on the 10 April 2012. Visit the ISACA web site to download COBIT 5. Key features of the new version of COBIT 5 are the incorporation of the ISO 38500 model for the corporate governance for IT and the complete replacement of the COBIT Maturity Model with an ISO 15504 aligned COBIT Process Capability Assessment Model. The COBIT process descriptions have been modernised and greater emphasis is placed on alignment with IT and Enterprise goals. Register now to attend one of our leading-edge COBIT 5 seminars.
The COBIT 5 Process Assessment Model (PAM) is based on the international standard ISO/IEC 15504-2 standard. This standard comprises a process dimension (the COBIT 5 PRM) and a capability dimenison (the process attributes).
The assessment approach for conducting a COBIT 5 assessment is detailed in the COBIT 5 Assessor Guide.
The ISO 15504 process attributes for capability improvement provides an evolutionary, logical, reliable and robust methodology for improving the capability of the IT processes.
Higher levels of capability indicate greater sophistication in the ability of management to direct and control the assigned work.
The ITGN can assist you with any one of a number of popular approaches to a COBIT 5 implementation, depending on the circumstances and preferences of the organisation concerned. The ISACA approach is described in the "COBIT 5 Implementation Guide". This approach is for "enabling change" through programme management. It comprises a number of initiatives/projects within a programme. This is not the same "programme management" as described in the process BAI01 Manage Programmes and Projects, which could be an alternative to the Implementation Guide.
The Implementation Guide's programme management approach is characterised by the need for a sponsor to take responsibility for the successful implementation of changes that are often driven by external requirements for improved "GRC" or "pain points" raised by the business. The sponsor authorises the business case for the change and takes responsibility for its success.
An internal governance approach driven by the CIO would be to implement an IT governance framework and the various governance mechanisms at the governance, management and operational levels of the IT organisation and across business units.
Some organisations prefer to focus on building capability, either generally, or specifically in selected process areas, a process or collection of processes. This approach promotes organic growth in capability to achieve pre-defined outcomes.
The management system enabled approach focuses on continuous improvement using small, incremental changes across the operational environment driven by the respective managers and process owners. The ITGN has a specialised management system to jump start the use of a management system by providing a pre-configured system.
At the ITGN we use an Operating Model to describe how an IT organisation functions in support of its business operation. The operating model defines the major information and technology capabilities required to support and execute your business strategy; and how the core components of capability (process, technology and people) are used to drive efficiency and effectiveness.
The COBIT 5 framework can be used to organize IT activities into a logical operating model of 37 process in total. While not all the processes might be essential, the integrated nature of the processes will require that at least a few activities of each process will be required. Defining your organisation's own processes will take into account the integration necessary as well as the possible consolidation of activities into fewer processes.
Good governance requires accountability for the outcomes achieved and mutual respect for each others' decision-making authority. An accountability framework clarifies which roles and responsibilities are important to delivering the results expected, who should lead and who supports the value creation. The operating model separates out responsibility and identifies the "touch-points" between process and process area responsibilities.
Usually, a number of processes and process areas support the operating model. The objective of good IT governance is to effectively and efficiently leverage the IT resources in support of achieving the organisaton's strategic objectives.