ISACA COBIT 2019 – Implementation
- Implementing Enterprise Governance Over IT
Welcome to the implementation section, which is surprisingly about how to implement COBIT, meaning how to make it work in your organization. COBIT doesn’t bring so much new information here. Implementation, according to COBIT is primarily about some form of project or program management and these are not new approaches on the market. Let’s start with two cookies. Comments how COBIT approaches the Governance Implementation at the beginning of this course, we’ve mentioned that governance of Int doesn’t belong to an It department only, but it spreads within the whole enterprise. Therefore, it must be implemented as an integral part of enterprise governance, covering the full end to end business and It functional areas of responsibility.
Governance programs need to be sponsored by executive management, be properly scoped and define objectives that are attainable if the executive management is not initiating or supporting the program. We call that sometimes the downtotop approach there is a high probability of failure or very slow and painful fight to implement COBIT practices. One of the common reasons why some governance system implementation fails is that they are not initiated and then managed properly as a program to ensure the benefits are realized. That’s why we need to use Program project management approach. It’s also assumed that while a program and project approach is recommended to effectively drive improvement initiatives, the goal is also to make sure that the improvement becomes part of a normal business practice. For this reason, the implementation approach is based on empowering business and It stakeholders and role players to take ownership of It related governance and management decisions and activities by facilitating and enabling change.
We’re going to call this area Change Enablement. The implementation program is closed when the process for focusing on It related priorities and governance improvement is generating measurable benefits and the program has become embedded in ongoing business activity. This circle here represents the COBIT approach for implementation. It is the core structure and we will use it from now on through this whole lecture. As you see this circle, the project or the implementation steps are divided into seven phases. You can see them in the outer part of the ring labeled one to seven. It is also divided into three parts program Management the dark blue ring, change Enablement, the red ring and continual improvement the light blue ring. Let’s explain each. Program management is a step by step process how to plan, coordinate and manage a change. You need to prepare, plan, find resources and coordinate them, keep an eye on the schedule and so on.
Whilst Change Enablement is focusing only on people or cultural aspect of a change, they run together with the program management. You’ve maybe heard about change, resistance and various emotions which people experience when dealing with change. So Change Enablement here is a step by step guide how to handle people during COBIT implementations and finally continual improvement, which is a process of improving your enterprise governance not as onetime change only, but as everyday activities as a part of a normal working and business practice. Now let’s have a look at each of these seven phases in details. Please be aware that these phases are in great detail described in COBIT implementation guide, which we’ve mentioned in Lecture COBIT Format and Product Architecture, but they are not in scope of this basic course. But we do have an extract from this implementation guide here so you can have a taste of how COBIT approaches the implementation.
Phase number one is called what are the Drivers? And contains actions that need to be done for each of the three implementation parts the Program Management, Change Enablement and Continual Improvement. As you can see here, for program management, you initiate program for Change Enablement, established desire to change and for continual improvement you recognize need to act. Phase One of the implementation approach identifies current change drivers, which is an internal or an external event or key issue that serves as a stimulus for the change.
Trends, industry, market or technical performance, shortfalls software implementations and even the goals of the enterprise can all act as the change drivers. We identify risks associated with implementation here and describe it in a business case. The rest of the business case is prepared as well to justify the whole initiative. The business case clarifies the benefits of the governance implementation and help us to monitor them through the program. Phase two is called where are we now? And is dedicated to mapping current state and finding deficiencies in your It governance. Here we align It related objectives with enterprise strategies and risks and prioritize the most important enterprise goals and alignment goals. Remember the Goal cascade. It can help us here. We can use COBIT design factors to help us to select these goals. Remember our lecture design factors and our walkthrough through the COBIT design guide. That is where we learned this topic. Based on the selected enterprise and It related goals and other design factors, the company must identify critical governance and management objectives and underlying processes.
Again, the Gol Cascade and the Design guides can help us here. Management needs to know its current capability and where deficiencies may exist. This can be achieved by a process capability assessment of the current status of selected process. Phase three. Where do we want to be? Is about setting targets for the future. You’ve discovered your deficiencies in previous steps, so you define your goals here. Some solutions will be quick wins and other more challenging long term tasks. Priorities should be given to projects that are easier to achieve and likely to give the greatest benefit. Longer term tasks should be broken down into manageable pieces. Once you have your targets, you can plan step by step how you will achieve these targets or goals. Phase Four describes how to plan feasible and practical solutions by defining projects supported by justifiable business cases and a change plan for implementation. We have created business case for the overall implementation, but each partial project of the implementation will have its own business case as well. These partial business cases can help to ensure that the project benefits are identified and continuously monitored.
Step Five how do we get there? Is the actual implementation of your plan from the previous step. Phase five ensures implementing the proposed solution via day to day practices and establishing measures and monitoring system to ensure that business alignment is achieved and performance can be measured throughout the implementation. We need to ensure engagement, awareness, communication, understanding and commitment from the top management and ownership by the affected business and it process owners. And phase six is verification whether you have achieved your targets and transition of all implemented changes into normal business operation. It focuses on sustainable transition of the new governance and management practices into normal business operations. It means, for example, implementing appropriate policies, standards and procedures, and the implementing changes must be tracked and if not followed, corrective measures taken. It also focuses on monitoring achievements of the improvements, using the performance metrics and expected benefits. And the last phase how do we keep the momentum going? Is making sure that the implemented changes sustain in the organization and become part of continual improvement as well.
Program and project management is based on good practices and provides for checkpoints at each of the seven phases to ensure that the program’s performance is on track, the business case and risks are updated and planning for the next phase is adjusted as appropriate. Further guidance on program and project management can also be found in COBIT Management Objective, Bai One managed programs and Bai Eleven managed projects. Here we have the seven phases of COBIT implementation and I will remind you we had also several steps in designing a tailored governance system lecture specifically for designing COBIT, which is actually part of the implementation.
So let’s map together how these design steps fit to our implementation circle. As you can see, phase one of the implementation contains or equals to the step one of the design guide understand the enterprise context and strategy. Phase two equals to step two to four of the design and phase three to step four of the design. And that is all we need to COBIT Regarding implementation, you’ve learned that we have three ways of cooperate implementation, program management, change, enablement and continual improvement. And they are divided into seven phases from number one, what are the drivers up to? Number seven how do we keep the momentum going? If you’d like to read more, you can find references to the COBIT 2019 Introduction and Methodology book in your student guide appendix.
- Wrap-up
Congratulations, you have completed the whole course. Great job. Well done. Let’s wrap up what all the great things we’ve learned in Framework Introduction. We’ve learned what COBIT is, what books it consists of, and what are its benefits. And we’ve learned that governance are all the needs of company stakeholders translated into rules by which the company is then governed. In section Three, we studied the basic principles of COBIT which are the good advice, which, if you follow, you will live happily ever after. In section Four, we learned that to apply all the rules you need the Governance System the governance system is a system of various components, such as processes, organizational structures, information and so on, which work together to ensure governance in your company.
COBIT is divided into 40 chapters, which are called Governance and Management Objectives. We’ve covered that in details in section Five, where we went step by step through each objective. You’ve learned how to find out how great you are with COBIT in section Six, Performance Management. And you found out how to design COBIT, sell it within your company, and implement in the 7th, eight and nine sections of the course.
So those of you who are preparing for your exam, I wish you a great result. And for all of you, I hope you enjoyed the course. I’m hoping to see you in some of my future courses. I specialized in several more areas and I’m super excited about creating some even more fun courses.