• Follow Us On Twitter

Our Blog

Solving Framework Fatigue. Using COBIT5 to Manage Frameworks and Achieve Business Value

December 3, 2016

With a multitude of models, standards, bodies of knowledge and frameworks in our industry, it’s easy to see how navigating through these becomes utterly exhausting for an IT service organization. The jigsaw puzzle of frameworks is daunting. Frameworks, whether adopted from industry models or built internally, provide critical structure. Nonetheless, many feel that they are a hindrance.

If this sounds familiar, then take a look at COBIT.  COBIT is a framework that can assist the enterprise in not only creating a holistic approach to the Governance of Enterprise IT, but can also be effectively used as a framework to integrate other frameworks.

Understanding Value

A large challenge many organizations face is not realizing that there are several governing levels and areas that must be considered when selecting the most appropriate frameworks. In today’s environment, one single industry framework simply won’t suffice.

Looking through a governance lens, it is important to understand that adopting frameworks requires a solid understanding of the business environment as well as the value that each of these frameworks provides. Therefore, it is vital that frameworks are analyzed and adopted based on several factors, all of which should focus on one theme: create value for the enterprise. This means that IT enabled investments provide expected business benefits while optimizing resources and risks. Recognizing this is the first step towards creating a system of frameworks to support value.

creating-value

The Framework Ecosystem

Consider looking at the framework ecosystem from multiple levels as illustrated below. These levels provide good starting point for determining what value is created by leveraging a framework. Stakeholder needs have many drivers, but these must have a balance between performance and conformance.

At the Enterprise Governance level, the Balanced Scorecard helps measure business performance, while COSO (Committee of Sponsoring Organizations) creates a system of internal controls for conformance. This is followed by the GEIT level (Governance of Enterprise IT) where frameworks such as COBIT exist. At the Standards and Good Practices levels, frameworks can be selected based on their ability to satisfy the stakeholder needs.

framework-altitudes

Simply understanding these levels will not automatically select the right frameworks. Since every enterprise sees value differently, an inventory of appropriate solutions must be conducted.

An Inventory of Frameworks

Now that we have identified the layers, what are the specific frameworks that exist? First, it is important to understand that frameworks come in many shapes and sizes, and all have very specific business challenges and value propositions. The table below illustrates generic categories, and some of the more popular frameworks being adopted today to support them. Of course, these are not complete lists, but represents how many of these can be placed in the enterprise to provide the most value.

framework-categories

It is usually at this point where framework overload begins to emerge, and many organizations simply go right to the solution before truly understanding the reasons why, or jump to a single framework that appears to satisfy the most requirements.

It is impossible to simply pick a few frameworks and decide that they are the right fit because the industry says so. A key success factor to consider when integrating frameworks and standards is to strategically leverage several models based on their value contribution to the enterprise.

Integrating frameworks

There are a few myths about frameworks should be known before you start: First, a ‘best practice’ is only as good as how well it is adopted; Second, frameworks are suggestive not prescriptive; and finally, there is no such thing as a single silver bullet.

Therefore, it is no surprise that one of the top questions today regarding multiple frameworks is this: Is there a at least framework that will help me manage all of my frameworks? The answer is simple. Yes, and it is called COBIT. This comprehensive framework is part of the ISACA product family (www.isaca.org/cobit) and assists enterprises in achieving value through the governance and management of enterprise IT. At the core of the framework are five principles, which are major inputs to how an enterprise selects, adopts and leverages other frameworks.

  1. Meeting Stakeholder Needs. Creating value through benefits realization by optimizing costs and risks.
  2. Covering the Enterprise End to End. Include owners and stakeholders, a governing body, executive management, and operations and execution.
  3. Applying a Single Integrated Framework. Integrating all common industry frameworks and standards under a single model.
  4. Enabling a Holistic Approach. Using enablers to ensure that the governance objectives are met.
  5. Separating Governance from Management. Providing a clear separation between direction and the management of executing that direction.

Principle number four above consists of seven core enablers. Think of an enabler as an ingredient to success. Within the context of an initiative to integrate multiple frameworks, these factors can guide in the successful selection and integration of multiple frameworks. Although many frameworks today have a tendency to focus on processes (one of the seven enablers), it is important to consider a holistic approach to an IT governance initiative. This means connecting the dots between multiple areas that can have an effect on each other. The list of these enablers is below:

  1. Principles, Policies and Frameworks
  2. Processes
  3. Organizational Structures
  4. Culture, Ethics and Behavior
  5. Information
  6. Services, Infrastructure and Applications
  7. People, Skills and Competencies

How does COBIT become a framework to manage frameworks? From a holistic view, the enablers will not only help identify which frameworks are appropriate, but can also assist in determining the level of adoption as well. One of the powerful features of COBIT is that it references other frameworks. Within the COBIT Process Reference Model, there are 37 processes in 5 domains. Each process is further described with information noted below.

process-reference-model

In the Related Guidance section, COBIT refers to the applicable industry frameworks and standards that offer the most guidance from a best practice perspective. For example, if an organization is adopting formal practices for the process of managing changes COBIT suggests further guidance in both ITIL and ISO20000, and where to look. If enterprise architecture is the focus, the COBIT suggests TOGAF, etc. Therefore, it is not enough to just adopt COBIT, because there is further guidance in the form of other frameworks and standards that provide further good practices.

Adopting COBIT as a framework to integrate other frameworks is a good business decision. Since COBIT is first and foremost a business framework, it focuses on stakeholder needs and assists organizations in balancing performance and conformance when suggesting supporting frameworks.

Suggestions for success

Of course there are a few good practices to consider when selecting, integrating, and adopting multiple frameworks in this ecosystem. The list below are some of these good practices.

  1. Understand how the levels of governance interact. It is very important to understand how the enterprise sees the levels so that frameworks can be correctly positioned.
  2. Use COBIT as a framework integrator. COBIT uses a holistic approach to governance enablers, and assists in determining which industry frameworks and standards are applicable.
  3. Use more than one framework. They each have unique focus areas. The framework ecosystem must provide value for the enterprise, and one single framework cannot provide everything needed to accomplish this objective alone.
  4. Train the stakeholders on the utility and applicability of each framework. Companies love to train, but often fail to go to the next step of transforming the things learned from training into actual value. The lack of training and understanding of how frameworks help an organization is the number one silent killer of any adoption.

Regardless of industry or size, all companies need governance, and with that need comes multiple frameworks, models and standards. Using COBIT to assist in integrating a holistic approach to governance while managing multiple best practices will ultimately help meet the governance goal of meeting stakeholder needs. COBIT has many tools and techniques in the product architecture that can be adopted to reduce the exhaustion of managing multiple frameworks, and allow the enterprise to focus on value.

As always, this is my perspective and I welcome your comments.