Using COBIT for Value-Based Direction Setting: A Business Transformation Road-Mapping Assignment

Opeyemi Onifade
Author: Opeyemi Onifade, CISA, CRISC, CISM, CGEIT, CCSP, CISSP, PCIQSA
Date Published: 1 February 2022

Every organization goes through a phase in its life cycle that leaves it with 2 options: transform or decline. In this digital age, it is beneficial for top management to approach these opportunities for business transformation as required steps to surviving or thriving by using solutions-based or value-based perspectives. A transformation program is likely to be suboptimal if driven by tools and technology capabilities rather than value realization objectives.

As an example, a conglomerate of enterprises in Lagos, Nigeria, needed to confront the IT-related issues impeding its potential. The organization engaged a consulting team to support the board and management to set the direction for digital technology adoption in its ongoing business transformation drive. The conglomerate has been in business for 18 years and has 133 full-time employees. The technology organization of the conglomerate serves more than 10 subsidiaries of the enterprise, with operations in disparate sectors of the economy, including banking, investment, finance, energy and logistics.

The consultants introduced the organization's top management to the COBIT® design factors published in COBIT® 2019 Design Guide: Designing an Information and Technology Governance Solution as a way of establishing the organizational context necessary to determine the strategic digital capability options for the enterprise and its subsidiaries. COBIT was used to bring clarity to the engagement by asking 4 important questions.

Question 1: Are You Doing the Right Things?

The organization's decision makers were interviewed to understand the business drivers. The interviews examined the organization’s value and risk drivers. Facilitated sessions with the principal leaders of the organization examined the strategic focus of each of the subsidiaries to determine the suitable digital capabilities required to transform the business. COBIT provides 4 strategic archetypes to which to relate. For some of the subsidiaries, the strategic focus was on growing revenue and expanding the customers’ base. For others, the focus was on differentiation and innovation, cost leadership, client service and stability.

The chosen strategic focus for each subsidiary helped determine the priorities of the enterprise goals based on the 13 generic goals in COBIT 2019. The prioritized goals help to clarify the strategic drivers. The organization also adopted the metrics for the chosen enterprise goals.

Question 2: Are You Doing Them the Right Way?

Having determined the priority goals on which to focus, the consultants mapped the alignment goals (using the COBIT mapping tables) to the COBIT governance and management objectives. This helped to determine the existence of appropriate objectives and adequate underpinning components necessary to effectively attain the prioritized goals.

The summary of the findings reveals key learnings:

  • The existing organizational structure was no longer adequate to support the growth of the organization.
  • The current portfolio of IT-related services, infrastructure and applications was due for retirement and replacement.
  • The skills and competencies of the IT personnel had become dated.
  • Several processes were not performing their purposes.
  • Missing work products were observed due to suboptimal automation, which also exposed the organization to compliance infractions.

Question 3: Are You Getting Them Done Well?

To answer the third question, the consultants conducted a process capability assessment of the prioritized objectives for each of the subsidiaries. The prioritized objectives are depicted in figure 1.

Figure 1—Prioritized Objectives
Figure 1
Source: Adapted from ISACA®, COBIT® 2019, USA, 2019

The findings showed that, in general, most of the processes were at level 1 of the COBIT performance management (CPM) model. 

The enterprise management decided to target capability level 3 for the associated processes in the aforementioned objectives based on the guidance from the COBIT design tool kit. Level 3 capability ensures that the process in focus is well defined and achieves its purpose in a much more organized way using organizational assets.

Business leaders must gain clarity regarding the value-based strategic choices they need to make to sustain value for their organizations.

Question 4: Are You Getting the Benefits?

The business capability road map was determined with the aid of the COBIT design tool kit. The key performance indicators (KPIs) were adopted from the metrics listed for the practices under the objectives.

A benefit register was also created to direct and control the implementation of the prioritized initiatives. The high-priority initiatives were underpinned by corresponding business cases. The business case template in COBIT® 2019 Framework: Introduction and Methodology was adapted for this exercise.

Business leaders must gain clarity regarding the value-based strategic choices they need to make to sustain value for their organizations. The mind map in figure 2 can be used to help leaders design a vision script and an execution road map.

Figure 2—Mind Map
Figure 2
Source: Adapted from ISACA®, COBIT® 2019, USA, 2019 and ValIT™

Conclusion

COBIT provides proven answers to the most pertinent questions in the digital transformation journey. However, business leaders must learn to ask value-based questions to equip them to realize the benefits and optimize the risk of their information and technology investments. COBIT is the answer, but do you know the questions? Asking the right questions and answering them using COBIT ensures that efforts are moving in the right direction.

Opeyemi Onifade, CISA, CRISC, CISM, CGEIT, CCSP, CISSP, PCIQSA

Is the founding director at Afenoid Enterprise Limited, a leading cyber, information risk and digital transformation service provider. Afenoid is a Payment Card Industry Qualified Security Assessor company, an ISACA® Accredited Training Organization and SWIFT Cybersecurity Solutions Provider. Onifade has led the company for more than 10 years. He can be reached at opeyemi@afenoid.com.