COBIT-5 - CIO dashboard

I was looking for a framework that enables me to provide a dashboard at the CIO level. This dashboard, in my vision, would extend the control objectives accross the IT organization from the business alignment through IT life-cycle. COBIT-5 was something that drew my attention.

I did some research on COBIT-5 over the past few weekends and COBIT-5 is quite a progression if you have not matured into COBIT-4.

The following might sound a bit boring but please bear with me here.

As you know, COBIT-5 is not just a risk management framework, it is an overall governance and IT management framework.

At the least, one needs to identify management objectives then define scope (see diagram below) process areas, control objectives. If the process area coverage is too large, you can focus on just Risk Management portion. You can probably focus/pick risk management domains at this time. Then you could leverage the management guidelines (recommended by COBIT-5 handbooks) and develop a maturity road map

Furthermore, you will need to find a balance between Governance (policy compliance and such) vs. Management of IT (plan-build-run-measure and such) layers of COBIT-5. For example, certain areas such as Supply-chain or Infosecurity or DR may need additional emphasis on governance

Specifically, the scope in COBIT-5 has enormously increased which now includes People management, Business alignment etc. and I am not sure if a certain governance team (Infosec team, DR team, COmpliance team) can leverage this alone.  Even, a combined GRC team may find it overwhelming given the current IT spending trend in the industry. I believe it takes a village (or rather enterprise IT) to align with COBIT-5.

COBIT-5 has definitely a good balance of governance (processes to measure IT) and IT management (processes to run IT). So, compared to ITIL, the plus I could see coming out of this framework is, we can leverage COBIT-5 for an executive level dashboard to provide a ‘measured’ view of where each processes are and their overall health. This could provide an overall comfort for a CIO at all times.

Now, you can’t execute this alone in the industry - in my opinion, you need multiple companies adapting this to exchange practice notes and mature together.

How do we do it? I do not have the answer.

Tags: , , , ,

Leave a Reply

You must be logged in to post a comment.