COBIT 5 Implementation

by
Greet VOLDERS
Voquals N.V. - Belgium
2
COBIT Implementation The Guide
The goal of COBIT Implementation is:


A method for implementing a Governance program for
Enterprise IT, based on COBIT 5.
This comprises the general principles and concept,
the phasing, and all components of each phase.
3
COBIT Implementation The Presentation
The goal of this presentation is:


To provide a solid basis
to develop your own implementation approach and guidance
on all the phases of the implementation program.
4
The Content of this presentation :
Position of Governance of Enterprise IT (GEIT), and the
relation with an implementation program
Explanation of the phases, with related activities, and a
detailed explanation of the components of each step.
Practical examples and an explanation how to use
available tools.
COBIT Implementation The Presentation
Slide 5 COBIT 5 - Greet Volders
Introduction & Evolution
Overview of the Approach
Practical Use & Challenges
Some guidance
Agenda
Slide 6 COBIT 5 - Greet Volders
Introduction & Evolution
Overview of the Approach
Practical Use & Challenges
Some guidance
Agenda
Slide 7 COBIT 5 - Greet Volders
Introduction: Place in the COBIT 5 product Family
Emphasis on GEIT = Governance of Enterprise IT
The improvement of governance of enterprise IT is
increasingly recognised by top management as an
essential part of enterprise governance
GEIT implementations need to be managed as
programmes sponsored by executive management,
be properly scoped, and define objectives that are
attainable.

Slide 8 COBIT 5 - Greet Volders
Introduction: Objectives & Scope
Self-assessment, measurement and diagnostic tools
Presentations
Related articles and further explanations
Slide 9 COBIT 5 - Greet Volders
Introduction: Implementation Toolkit
and Integrating Frameworks, Standards and Good Practices
The board and executives should mandate adoption
of a GEIT framework as an integral part of enterprise
governance
The framework and resulting enablers should be
aligned and in harmony with (amongst others) the:
Enterprise policies, strategies, governance and business
plans, and audit approaches
Enterprice Risk Management (ERM) framework
Existing enterprice governance organisation, structures and
processes
Slide 10 COBIT 5 - Greet Volders
Introduction: Leveraging COBIT 5
Slide 11 COBIT 5 - Greet Volders
2003 : First Implementation Guide
based on COBIT 3
2007 : IT Governance Implementation Guide
using COBIT

and VAL IT
TM
2009 : Implementing and Continually Improving IT
Governance
using COBIT

, VAL IT
TM
and RiskIT Components
2012 : COBIT 5 Implementation

Evolution
Slide 12 COBIT 5 - Greet Volders
The Road Map to IT Governance
Slide 13 COBIT 5 - Greet Volders
Seven Phases of
the Implementation
Life Cycle
Slide 14 COBIT 5 - Greet Volders
Components
of the Life Cycle
Slide 15 COBIT 5 - Greet Volders
Introduction & Evolution
Overview of the Approach
Practical Use & Challenges
Some guidance
Agenda
Slide 16 COBIT 5 - Greet Volders
Board and Executive Management
Business management and business process owners
CIO
IT management and IT process owners
Compliance, risk management and legal experts
Internal audit
Implementation team
Employees
Internal GEIT Stakeholders
Slide 17 COBIT 5 - Greet Volders
IT service providers
Regulators
Shareholders (where relevant)
Customers
External auditors
Business partners, e.g. suppliers
External GEIT Stakeholders
Slide 18 COBIT 5 - Greet Volders
Independent Assurance and
Role of Auditors
Be aware of the role of assurance professionals
Internal auditors
External auditors
Any other professional performing assessments
Purpose
To assess IT Services & processes
Independent advice
Demonstrate compliance with (inter)national regulations

Slide 19 COBIT 5 - Greet Volders
Seven Phases of
the Implementation
Life Cycle
Slide 20 COBIT 5 - Greet Volders
Challenges with their
root causes and success factors
Enabling change
Which considerations to make in each phase for a
successful change management
RACI for key activities
Components of each phase
Slide 21 COBIT 5 - Greet Volders
Implementation Life Cycle
Overview of responsibilities
Detailed description
Phase objective
Phase description
Continual improvement tasks
Change enablement tasks
Programme management tasks
Examples of the inputs likely to be required
Suggested ISACA and other framework items to be utilised
The outputs that need to be produced
Components of each phase
Slide 22 COBIT 5 - Greet Volders
Phase 1 : What are the drivers ?
Obtain an understanding of the programme
background and objectives and current
governance approach.

Define the initial programme
concept business case.

Obtain the buy-in and commitment of all key
stakeholders
Slide 23 COBIT 5 - Greet Volders
Phase 2: What are we now ?
Ensure that the programme team knows and
understands the enterprise goals and how the
business and IT function need to deliver value
from.

Identify the critical processes or other enablers
that will be addressed in the improvement plan.
Identify the appropriate management practices
for each selected process.

Obtain an understanding of the enterprises
present and future attitude towards risk
and IT risk position and determine how it will
impact the programme.
Slide 24 COBIT 5 - Greet Volders
Phase 3: Where do we want to be?
Determine the gaps between the as-is and the
to-be positions of the selected processes, and
translate these gaps into opportunities.

Describe and communicate desired outcome.

Determine the targeted capability for each of
the selected processes.
Use this information to create a detailed
business case and high-level programme plan.



Slide 25 COBIT 5 - Greet Volders
Phase 4: What needs to be done?
Translate improvement opportunities
into justifiable contributing projects.


Empower role players and identify
quick wins.

Prioritise and focus on the high-
impact projects.
Integrate the improvement projects
into the overall programme plan.
Slide 26 COBIT 5 - Greet Volders
Phase 5: How do we get there?
Implement the detailed improvement
projects, leveraging enterprise
programme and project management
capabilities, standards and practices.

Enable operation and use

Execute the plan, and monitor,
measure and report on project
progress.
Slide 27 COBIT 5 - Greet Volders
Phase 6: Did we get there?
Integrate the metrics for project
performance and benefits realisation of the
overall governance improvement programme
into the performance measurement system
for regular and ongoing monitorings.

Embed the new approach in the organisation

Set targets that will be measured after an
agreed-on period.

Slide 28 COBIT 5 - Greet Volders
Phase 7: How do we keep the momentum going?

Review the program effectiveness at program closure
Assess the results and experience gained from the
programme.
Record and share any lessons learned.

Improve organisational structures, processes, roles and
responsibilities to change the enterprises behaviour so
that GEIT becomes business as usual and is continually
optimised.

Continually monitor performance, ensure that results are
regularly reported, and drive commitment and ownership
of all accountabilities and responsibilities.
Slide 29 COBIT 5 - Greet Volders
Introduction & Evolution
Overview of the Approach
Practical Use & Challenges
Some guidance
Agenda
Slide 30 COBIT 5 - Greet Volders
What is the challenge for Implementation Projects?
Why do Implementation Projects fail?
How to overcome the difficulties and to realize a
successful implementation?
Practical Use & Challenges
Slide 31 COBIT 5 - Greet Volders
Objective
Integrate more efficiency and effectiveness
In the selected processes
To ensure control by the management on the realized improvements
GOOD implementation is crucial
the development takes time, but is manageable
The implementation is often under-estimated
To foresee the necessary resources to provide assistance !
Challenge for Implementation Projects
Slide 32 COBIT 5 - Greet Volders
Difficulties to intellectually manage the processes that
need to be implemented, by CIOs & IT management
Processes are aiming at the management of the information
technology and not the technology itself.
Most CIOs and IT managers are getting outside their comfort
zone when dealing with these management control processes.
Why do Implementation Projects fail?
Slide 33 COBIT 5 - Greet Volders
Governance causes a perceived overhead
because the lack the mind-set for a general acceptation of
GRC-principles
Governance / Risk management / Compliance
However, improving enterprise performance and delivery of
stakeholder needs, can be realized by:
Governance, which aims at value creation;
Risk management, which aims at protecting the created value;
Compliance, which aims at complying with
external laws and regulations.
Why do Implementation Projects fail?
Slide 34 COBIT 5 - Greet Volders
Frameworks are by definition descriptive and not prescriptive
Need for transforming the generic descriptive process reference
model into a company-specific prescriptive processes
Some challenges
Managing the created processes, practices and work products in an
efficient and effective way
Clear definition of the roles of the involved actors, to manage the
activities and work instructions.

Why do Implementation Projects fail?
Slide 35 COBIT 5 - Greet Volders
Learn to work with the material of COBIT
Customize (and make specific) the concepts of the model to your
specific needs & situation
GRC principles must become part of the DNA of an organisation
=> Need for real commitment from both management and employees
Managers : knowledgeable in the subject field
Employees : endorsed with transparent accountability and access to all
relevant information
How to get a successful implementation?
Slide 36 COBIT 5 - Greet Volders
Introduction & Evolution
Overview of the Approach
Practical Use & Challenges
Some guidance
Agenda
Slide 37 COBIT 5 - Greet Volders
Provide guidance on how to identify key topic areas
requiring clear decision-making roles and responsibilities.
Is a guide and, if found useful, could be modified and
adapted to suit an enterprises specific organisation and
requirements
Example Decision Matrix
Slide 38 COBIT 5 - Greet Volders
Example Decision Matrix

Slide 39 COBIT 5 - Greet Volders
4 pages of example risk scenarios
Example Mapping Risk Scenarios to
COBIT 5 Processes
Slide 40 COBIT 5 - Greet Volders
Executive Summary
Background
Business Challenges
Proposed Solution

With for all chapters a reference to the relevant paragraphs
in the Implementation Guide
Example Business Case
Slide 41 COBIT 5 - Greet Volders
To help you in Identifying the Need to Act :
Before starting the Governance Implementation Project, its
important to recognise the paint points within your organisation
Including the issues, which are being experienced within the
organisaiton, on the higher levels, will improve the Buy-in to the
Business Case.
List of Typical Pain Points, in chapter 3 Taking the first
steps towards GEIT
Mapping to the COBIT5 processes, in Appendix A

Mapping Pain Points to COBIT5 Processes
Slide 42 COBIT 5 - Greet Volders
Mapping Pain Points to COBIT5 Processes
Slide 43 COBIT 5 - Greet Volders
Guidance : How to use the Implementation Toolkit

Content
of the
Toolkit
for
COBIT 4.1
Slide 44 COBIT 5 - Greet Volders
Guidance : COBIT5 Toolkit

Content
of the
Toolkit
for
COBIT 5
Setup an adequate implementation plan for your company /
department
To start an implementation roadmap and correctly scope such
an implementation program
Apply the implementation methodology, proposed by ISACA,
with its seven phases and three aspects to consider
How to overcome difficulties during & after an
implementation
COBIT Implementation What have we learned?
Slide 47 COBIT 5 - Greet Volders

Voquals N.V.
Greet Volders
Genebroek 34
2450 Meerhout
Phone +32 14 22 54 04
Mobile +32 475 63 45 06

Gvolders@voquals.be
www.voquals.be

More Information