Day: June 16, 2016

When a majority of enterprises report that less than half of their IT initiatives actually deliver the expected business benefits, it is time to take a closer look at what businesses can do to attain those sought after benefits.

Enterprises make investments in technology as part of their daily operations, so the need for business benefits realization from those investments is ongoing. That need—and the general failure of businesses to meet it consistently—is the driving idea behind the creation of COBIT 5 for Business Benefits Realization, a new book from ISACA.

The book details how the COBIT 5 framework can help businesses achieve the benefits from their technology investments as envisioned when those investment decisions were made.

Barriers to IT Benefits
So why are a majority of businesses seeing less than stellar returns from their IT initiatives? The answer lies in three common barriers to benefits realization. First, it is difficult to determine exactly which IT benefits are realized due to the significant lag between the decision to invest in technology and the realization of benefits. Next, common misperceptions can compromise benefits realization. For example, enterprises often believe benefits realization management is a simple, easy process. It is not. Lastly, a paradoxical gap arises between the knowledge of good management practices and the actual application of those practices. Business benefits realization management is no exception.

Drivers to Business Benefits Realization
What actually drives benefits realization? A study by John Ward and Elizabeth Daniel identified the following issues:

• Complex, sophisticated IT systems and applications require increasing levels of skill to deliver/use effectively.
• IT industry expectations for proven benefits and time to realize them are unrealistic.
• Enterprise-wide applications impact a wide range of internal and external stakeholders, and rely on active cooperation to achieve benefits.
• IS/IT benefits are increasingly diverse and difficult to identify, describe and measure.
• It is difficult to relate business performance improvements to specific IS/IT projects because they are usually a combination of improved technology and other changes.
• An increasing focus on short-term financial returns prevents many longer-term benefits of a coherent, sustained IS/IT investment strategy.
• Benefit reviews are not consistently performed when projects end, so lessons learned are not transferred to future projects.

COBIT 5:  A Framework for Achieving Objectives
As a comprehensive framework that helps organizations achieve their objectives for the governance and management of enterprise IT, COBIT 5 enables businesses to optimize value by balancing benefits realization, risk optimization, and resource use.

COBIT 5 for Business Benefits Realization builds on COBIT 5 by focusing on governance and management of business benefits realization to provide contextualized guidance for consultants, experts in governance and business management, IT professionals, and other interested parties.

The book outlines the key characteristics of effective business benefits realization management, as identified by Steve Jenner and APMG International. They include:

• Actively searching for benefits versus passively tracking against forecast.
• Evidence-based forecasting and practices.
• Transparent forecasting and reporting with a clear line of sight from strategic objectives to business benefits.
• Forward-thinking that emphasizes learning and continuous improvement.
• Managing across the full business change lifecycle, rather than as an add-on at the end of a project.

COBIT 5 enables these key success characteristics through its specific governance and management processes, practices and activities that contribute to benefits realization, and risk and resource optimization.

Benefits of COBIT 5 for Business Benefits Realization
COBIT 5 for Business Benefits Realization provides the following benefits:

• Better understanding of increasingly complex but significant areas of business benefits realization
• Better understanding of key links between business benefits realization and enterprise and IT strategy, and enterprise architecture
• Clarity on the application of COBIT 5 governance and management principles to business benefits realization
• Details on how each COBIT 5 enabler supports business benefits realization
• Contextual references to industry best practices from leading benefits realization authors and researchers

Members can download the book here.

Peter Tessin, Technical Research Manager, ISACA

[ISACA Now Blog]

COBIT—which turned 20 this year— not only has technical value, but is also an enabler that can improve our careers and our networking opportunities.

ISACA offers IT professionals education, conferences and training to take our careers to a higher level. These activities allow us to create and maintain rich professional contacts and, of course, friendships. In my case, ISACA and COBIT allow me to participate in IT governance and management publications, audit conferences and sustainability events.

As a COBIT follower, I think its 20th birthday is a great moment to remember how many projects have been made better because of COBIT. Or, in other words, how pervasive is COBIT?

Assessing, Identifying Organizational Risks
When you are an auditor or information systems professional, you know very well that the use of IT creates risks for your organization. As an auditor, you must assess those risks and identify and review the effectiveness of the controls that are in place to mitigate them. For example, if your business is supported by IT, you must ensure service availability, accurate and timely information, reliable IT and applications controls, physical security, regulatory compliance, competent and motivated personnel, an appropriate decision-making structure, and well-implemented government and management practices.

But when you use COBIT to audit an accounting system, questions arise:  Why are you doing this audit? For what? For whom? Of course, you use it to benefit the company, because you need to know the financial and economic situation, value of their investment, and achieved profitability.

But there are also other stakeholders, including shareholders and banks that invest or lend money, employees and customers providing and receiving services, the state and its watchdogs that ensure transparency and, finally, society in general.

Considering Sustainability and Social Responsibility
At this point, sustainability and social responsibility considerations are added to the mix, and the field of enterprise IT comes to the forefront. What is the primary role of IT? What should it be? How do IT decisions impact the economic, social and environmental aspects of the enterprise? How does IT help in an earthquake? How much does it help children to study, communicate with others, or simply imagine a better future? Can we measure that? Probably, and COBIT can help. COBIT aligns IT with business needs, whatever the business’s mission or core values are. It evaluates, directs and monitors how IT is, and will be, used.

COBIT also allows enterprises to plan, build, run and monitor all IT resources. But its value increases when a life is saved or a planet is protected by specialized or green IT:  As the International Telecommunication Union’s (ITU) 5th Green Standards Week Declaration stated:

“Think sustainable:  Bridge the gap between experts from the ICT, environment, urban planning, energy sectors and policy makers, to encourage the integration of ICTs into environmental, urban and energy policies in order to improve knowledge on the catalytic role that information and communication technologies (ICTs) can play in reducing energy consumption, increasing environmental resilience, tackling climate change impacts, and enhancing energy efficiency and promoting a circular economy.”

In other words, COBIT 5:

• Improves governance:  COBIT 5 ensures that all stakeholders are identified and their needs are evaluated to determine the enterprise’s overall goals and its associated IT-related goals.
• Improves measurement, monitoring and evaluation systems:  COBIT 5 uses indicators as management tools at various levels and in various sectors to improve monitoring and information systems at different scales.
• Assesses the roles of public and private actors:  COBIT 5 recognizes different stakeholders with different needs and obligations.
• Increases the resilience of human and natural systems:  COBIT 5 suggests stakeholder needs are related to sustainability and, thus, allows the use of its goals to cascade to ensure the identification of enterprise goals and the evaluation of possible risks that can hurt their achievement. So, the implemented

IT process will be capable of delivering outcomes even if the risk factors materialize and the conditions are not the best.

What has COBIT done for you and your organization? Please share your thoughts with ISACA’s online COBIT community.

Braga will present Using the COBIT 5 Assessment Program to Improve the Work Process Capability at the 2016 Governance Risk and Control Conference (GRC), 22-24 August 2016, in Fort Lauderdale, Florida USA.

Editor’s note:  The ISACA Now Blog section is celebrating Women in Technology Month throughout June by featuring female bloggers. If you are a female blogger and would like to contribute a blog, please contact us at news@isaca.org.

Graciela Braga, CGEIT, COBIT 5 Foundation Certificate, CSX Fundamentals Certificate

[ISACA Now Blog]