I am impressed with Cobit 5. The leap from 4.1 to 5 is significant and useful. Points to note:
- the level of detail has been REDUCED!
- Cobit has discovered POLICIES! The framework is no longer a purely process perspective, but recognizes a defined set of enablers including people, principles, policies etc.
- the structure is deliberately constrained to framework level. There is no attempt to define policies, just the processes and objectives.
- alignment with TOGAF and ITIL has brought Cobit some way into the real world
The framework therefore encourages users to develop the enablers. I started by re-examining Principles. Interestingly there is (to my mind) no single good source of Principles. I have therefore attempted a set, below. My next task is to review the SAE Policy hierarchy and to develop the hierarchy and our existing set of CBDI-SAE policy instances within the Cobit framework. We already have a good set of instances and this will be an interesting exercise. I anticipate evolving the Principles – inevitable when you do mapping I guess . . .
|Primary Principles||Supporting Principles|
|Maximizes Business Value||Affordable, Sustainable|
|Enables Agile Business||Responsive, Just in Time Solutions,
Incremental Delivery, Continuous Release
|Secure||Business Continuity, Risk, Reliability, IP protected|
|Compliant||Compliance with Law and regulatory requirements|
|Ensures High Quality Information||Data is an Asset, Shared, Accessible,
with defined accountability for quality
|Ease of Use||Transparent technology, minimum training requirement|
|Business Driven||Requirements based Change, Pull/Demand System,
Business is fully Accountable
|Service Oriented Architecture||Interoperable, Componentized,
IT Services directly support Business Services
|Managed standardization||Technology independence, Shared services