Home / Resources / News and Trends / Industry News / 2022 / Using COBIT for Value Based Direction Setting

使用COBIT进行基于价值的方向设置:业务转换路径映射分配

Opeyemi Onifade
Author: Opeyemi Onifade, CISA, CRISC, CISM, CGEIT, CCSP, CISSP, PCIQSA
Date Published: 1 February 2022

每个组织都会经历生命周期中的一个阶段,只有两个选择:转型或衰落. In this digital age, 通过使用基于解决方案或基于价值的观点,将这些业务转换机会作为生存或发展的必要步骤,对高层管理人员是有益的. 如果由工具和技术能力驱动,而不是价值实现目标驱动,那么转换计划很可能是次优的.

As an example, a conglomerate of enterprises in Lagos, Nigeria, 需要面对阻碍其潜力的it相关问题. 该组织聘请了一个咨询团队来支持董事会和管理层,以确定在其正在进行的业务转型中采用数字技术的方向. 该集团已经经营了18年,拥有133名全职员工. 该集团的技术机构为澳门赌场官方下载的10多个子公司提供服务, with operations in disparate sectors of the economy, including banking, investment, finance, energy and logistics.

顾问们把该组织的高层管理人员介绍给 COBIT® design factors published in COBIT® 2019设计指南:设计信息和技术治理解决方案 作为建立组织环境的一种方式,以确定澳门赌场官方下载及其子公司的战略数字能力选项. COBIT通过提出4个重要的问题,使契约变得清晰.

Question 1: Are You Doing the Right Things?

对组织的决策者进行了访谈,以了解业务驱动因素. 访谈检查了组织的价值和风险驱动因素. 与组织主要领导人的便利会议检查了每个子公司的战略重点,以确定转型业务所需的合适数字能力. COBIT provides 4 strategic archetypes to which to relate. For some of the subsidiaries, 战略重点是增加收入和扩大客户群. For others, the focus was on differentiation and innovation, cost leadership, client service and stability.

为每个子公司选择的战略重点有助于根据COBIT 2019中的13个一般目标确定澳门赌场官方下载目标的优先级. The prioritized goals help to clarify the strategic drivers. 该组织还采用了所选澳门赌场官方下载目标的度量标准.

Question 2: Are You Doing Them the Right Way?

Having determined the priority goals on which to focus, 顾问将对齐目标(使用COBIT映射表)映射到COBIT治理和管理目标. 这有助于确定是否存在有效实现优先目标所需的适当目标和充分的基础组成部分.

The summary of the findings reveals key learnings:

  • 现有的组织结构已不足以支持组织的发展.
  • The current portfolio of IT-related services, 基础设施和应用程序应该退役和替换.
  • IT人员的技能和能力已经过时了.
  • Several processes were not performing their purposes.
  • 由于次优自动化,缺失的工作产品被观察到, which also exposed the organization to compliance infractions.

Question 3: Are You Getting Them Done Well?

To answer the third question, 顾问们对每个子公司的优先目标进行了过程能力评估. The prioritized objectives are depicted in figure 1.

Figure 1—Prioritized Objectives
Figure 1
Source: Adapted from ISACA®, COBIT® 2019, USA, 2019

The findings showed that, in general, 大多数过程处于COBIT性能管理(CPM)模型的第1级. 

基于来自COBIT设计工具包的指导,澳门赌场官方下载管理层决定将上述目标中相关过程的能力级别3作为目标. 第3级能力确保所关注的过程定义良好,并使用组织资产以更有组织的方式实现其目的.

商业领袖必须明确他们需要做出的基于价值的战略选择,以维持组织的价值.

Question 4: Are You Getting the Benefits?

业务能力路线图是在COBIT设计工具包的帮助下确定的. 关键绩效指标(kpi)是从目标下的实践所列出的度量标准中采用的.

还建立了一个利益登记册,以指导和控制优先倡议的实施. 高优先级的计划由相应的业务案例支撑. The business case template in COBIT® 2019 Framework: Introduction and Methodology was adapted for this exercise.

商业领袖必须明确他们需要做出的基于价值的战略选择,以维持组织的价值. The mind map in figure 2 可以用来帮助领导者设计愿景脚本和执行路线图吗.

Figure 2—Mind Map
Figure 2
Source: Adapted from ISACA®, COBIT® 2019, USA, 2019 and ValIT™

Conclusion

COBIT为数字化转型过程中最相关的问题提供了经过验证的答案. However, 商业领袖必须学会提出基于价值的问题,使他们能够意识到信息和技术投资的好处,并优化风险. COBIT is the answer, but do you know the questions? 使用COBIT提出并回答正确的问题可以确保工作朝着正确的方向发展.

Opeyemi Onifade, CISA, CRISC, CISM, CGEIT, CCSP, CISSP, PCIQSA

Is the founding director at Afenoid Enterprise Limited, a leading cyber, information risk and digital transformation service provider. Afenoid是一家支付卡行业合格安全评估公司,ISACA® 认证培训机构和SWIFT网络安全解决方案提供商. Onifade has led the company for more than 10 years. He can be reached at opeyemi@afenoid.com.