Summary
Highlights
The video is the final part of a five-video series on COBIT 2019 fundamentals, focusing on the design and implementation of IT governance. It emphasizes that a governance system needs to be designed to function systemically, adapting to the diverse characteristics of different organizations like size, sector, regulatory environment, and threat scenarios to maximize value from IT.
Eleven design factors are used to customize IT governance systems based on an organization's specific needs. These factors influence design in three ways: determining the priority of governance objectives and target capability levels, varying components, and identifying specific priority areas. An example given is how a risk-averse company (risk profile design factor) prioritizes objectives related to IT risk and security management (e.g., EDM03, APO12, DSS05).
The design factors impact the prioritization of governance objectives and their capability levels, the variation or selection of specific components, and the identification of necessary priority areas. For instance, a highly regulated company will emphasize policies, procedures, and specific organizational roles like a compliance officer. Companies adopting DevOps or facing high threat environments require specific variants of COBIT processes tailored by specialized guidance.
The design process involves four steps using the 11 design factors. Step 1: Understand context and strategy by analyzing enterprise strategy, goals, risk profile, and IT-related issues. Step 2: Determine initial scope, applying information from step 1 to prioritize the 40 governance and management objectives. Step 3: Refine the scope by analyzing additional design factors like threat landscape, compliance requirements, IT roles, sourcing models, implementation methods, adoption strategy, and enterprise size. Step 4: Finalize the design by resolving conflicts and setting target capability levels for processes associated with governance objectives.
Implementing IT governance follows a continuous improvement approach, iterating through seven phases. This lifecycle is supported by three components: program management, change enablement, and continuous improvement management. Change enablement focuses on people and culture to ensure successful adoption, while program management manages the projects necessary for implementation.
Phase 1: 'What are the drivers?' Identify the reasons for implementing IT governance and create a business case. Phase 2: 'Where are we now?' Determine prioritized governance and management objectives and assess current capability levels using goal cascades and design factors. Phase 3: 'Where do we want to be?' Define desired capability levels (to-be state) and identify gaps, which become improvement objectives.
Phase 4: 'What needs to be done?' Convert improvement objectives into well-defined projects with business cases. Phase 5: 'How do we get there?' Implement projects, define metrics, and ensure alignment with business. Success requires awareness, communication, understanding, and commitment from top management and process owners. Phase 6: 'Did we get there?' Monitor improvements using defined metrics. Phase 7: 'How do we keep the momentum going?' Review overall success, identify further requirements, reinforce continuous improvement, and prioritize new opportunities.
The four design steps from the design guide support the continuous improvement tasks within the first three phases of the implementation lifecycle. Specifically, design activities related to understanding context and strategy support Phase 1, while determining initial and refined scopes support Phase 2. Finalizing the design, particularly setting target capability levels, supports Phase 3 of the implementation guide.
This video concludes the COBIT 2019 fundamentals series. The presenter offers further assistance and information on COBIT 2019 courses for fundamentals, design, implementation, and cybersecurity.