There are a number of key benefits to be gained from effective governance of enterprise IT (GEIT). Among those benefits are IT-business alignment, the realization of the benefits of IT investments, reduced costs, reduced IT-related business risk, and the ability to meet regulatory and compliance requirements. Many organizations across different industries, including retail, banking, oil and gas, telecommunications and government sectors, are implementing or improving GEIT using the COBIT 5 framework.
Implementing an effective GEIT framework requires management commitment, a focused approach and resources. The 5 most common mistakes people make during a GEIT implementation are:
Attempting to implement processes and practices in a one-size-fits-all manner without customization. It helps to think of COBIT 5 as a tool kit. Having knowledge of which tools to use for what purposes ensures a successful implementation. When adopting COBIT 5, one must choose the right processes to meet the organization needs. Use the goals cascade, the pain points and trigger events to identify the right processes. Also, make sure to tailor COBIT 5 to suit the organization’s needs. Remember, COBIT 5 is a framework (guidance), and it must be customized according to an organization’s needs because every organization is unique.
Setting unrealistic or overly ambitious goals to complete the project within a short period of time. Implementing GEIT is about cultural change; people behaving in a new way or adopting new processes. Behavioral changes take time, so prioritize activities, select a few of the most important and most beneficial processes, and make changes incrementally. It can be very effective to achieve a quick win within 3 months to build momentum within the organization and then keep moving forward with other areas of improvement.
Treating COBIT 5 adoption as a one-time project or using a third party to implement GEIT. GEIT implementation is a continuous journey. Projects can fail or be terminated when key personnel move out of key implementation roles. Ensure that there is buy-in from management and the team when initiating the project. Remember, GEIT must be owned (accountability) by the board of directors (BoD). Ensure that team members are motivated and see the benefits from the project. Use third parties to help set up GEIT, but ensure that internal team members are trained to follow the new practices and maintain the system.
Having the GEIT project owned by a single individual within IT. It is important to remember, it is not a one-man show. GEIT is a business change and the ownership must be with the business. IT personnel can initiate the journey, but there must be involvement and participation from business executives and other stakeholders. Use the COBIT 5 Responsible, Accountable, Consulted and Informed (RACI) chart (customized to the organization) to ensure that the responsibilities and accountabilities are defined and agreed upon by the stakeholders. Remember to get approval for the GEIT project from the senior executives who own the project.
Making implementation all about policy and process documentation. Many organizations believe documenting their processes equals GEIT implementation. In reality, documentation is only 10% or less of the overall GEIT journey. The remaining 90% is about managing the organizational changes by educating people, helping them to follow new processes and practices, reviewing and refining the processes, and reviewing the effectiveness of the change.
An effective GEIT implementation requires commitment from stakeholders, a customized COBIT 5 framework to meet the needs of the organization, and sufficient time and effort to manage organizational changes and measure the postimplementation performance.
Sreechith Radhakrishnan, COBIT Certified Assessor, ISO/IEC 20000 LA, ISO/IEC 27001 LA, ISO22301 LA, ITIL Expert, PMP
Is lead trainer and principal consultant with Global Success Systems FZ LLC, United Arab Emirates, where he and his team help organizations improve their IT performance and reap maximum benefit from their IT investments. He is an accredited trainer for multiple disciplines including COBIT, ITIL, PMP and IT security. His more than 19 years of dynamic IT management experience includes network infrastructure management, project management, IT operations management and service management.