COBIT 5: Enabling Processes
Each Enabler needs the input of other Enablers to be fully effective. For example, processes need information and organizational structures need skills and behavior. They also deliver output to benefit other Enablers. For example, processes deliver information, skills, and behavior of individuals to make processes efficient.
COBIT 5: Enabling Processes
The following two graphics show the COBIT 5 structure for governance of enterprise IT. The first graphic shows the overall COBIT structure (five domains) followed by an illustration where the 37 processes are assigned to these domains.
The aim of the COBIT framework is to optimize the business IT structure. All aspects of COBIT 5 are in line with the responsibility areas of plan, build, run and monitor. It acts as an integrator of these different guidance materials, summarizing key objectives under one umbrella framework that links the proven practice models with governance and business requirements. Implementing COBIT processes in a company can create value through effective governance, management enterprise information and IT assets. Business user satisfaction can be created with IT engagement and services by enabling business objectives.
It is important to note that COBIT is a generic framework to manage IT processes and internal controls and must not be treated as a prescriptive standard. Therefore, COBIT key themes must be tailored to the specific governance needs of the company. The organization needs to have a good understanding of the governance controls for IT risks and, more importantly, a firm commitment from its top management. Otherwise, the business alignment of IT risks will not be achievable.
An enterprise can organise its processes as it sees fit, as long as all necessary governance and management objectives are covered. Smaller enterprises may have fewer processes; larger and more complex enterprises may have many processes, all to cover the same objectives.
COBIT 5 includes a process reference model (PRM), which defines and describes in detail a number of governance and management processes. The details of this specific enabler model can be found in the COBIT 5: Enabling Processes volume.
One of the most accepted review methods in the scientific community is the Systematic Literature Review (SLR). A SLR process allows determining the interest of the scientific community in the subject matter of the preliminary research, the type of research and the areas of knowledge to which the topic is more related, among other aspects. For our research, we need to determine the scientific basis of the portfolio of information technology (IT) project, as initial good practice for the implementation of an IT governance culture. Universities have been specifically selected as the type of organization in the communities that have developed formal processes and good practices for the implementation of IT governance. In addition to the SLR, a review was carried out based on non-conventional literature from repositories of prestigious professional organizations and universities. It is concluded that the portfolio of IT projects is a good practice of IT governance and that there is an interest from the scientific community. From this analysis, it is clear that there are works in both the area of Computer Science and the Administration of Organizations.
Universities have adopted Information Technology (IT) within administrative and academic processes. The question at this time is whether its use is adequate, that is, if IT has been acquired under an analysis of needs, if studies have been carried out to observe its benefits and possible risks when implemented, and especially if they have generated institutional value. The question of whether the technologies are aligned with the objectives of the organization and whether they are prioritized by top university management are aspects that have almost never been analyzed. Specific indicators are needed to confirm that IT is being used properly. A culture of IT governance can answer these questions.
Incorporating properly the IT in the University will dynamize its processes and allow them to fulfill its mission (Gonzalez, Arango, Vasquez and Ospina, 2015). If universities do not get IT to create value, they will lose competitive advantage. Universities carry out studies to assess this issue, such as the UniversiTIC reports (Analysis of IT in Spanish Universities) (Gomez, Jimenez, Gumbau and Llorens, 2016), which evolved so that, in addition to being a catalog of available technologies in universities, they collect characteristics of IT governance models. As a complement to the detailed inventory of IT deployed in Spanish universities, good practices in IT management are analyzed, addressing the optimization of IT resources, portfolio of IT projects, IT services, IT management, quality, regulations and IT standards and collaboration (Fernandez, Llorens and Hontoria, 2015). In a dynamic and unpredictable environment, organizations, and therefore universities, are threatened by major changes, especially technological ones (Sierra, 2012). The use of technology and the management of IT projects become a key aspect for them. To develop a strategic role in the business, the IT organization needs to move from being an order-taker to becoming a business partner integrated with the rest of the company's activities, thus ceasing to be a set of tangible and intangible elements to become the strategic ally of the organization.
One of the most difficult questions to answer is how an organization can implement a governance culture of IT in a practical way. Management teams are adopting principles of IT governance. According to Delgado, Marcilla, Calvo-Manzano and Fernandez-Vicente (2012), "IT governance encompasses a set of good practices that facilitate new opportunities for improvement in organizations". One of the best practices that can be applied in relation to the acquisition principle is the implementation of a portfolio of IT projects (Fernandez, Hontoria and Llorens, 2014). The portfolio of technological projects is the concrete expression of the company's technological strategy. In what and how resources are spent tells us a lot about the strategic priorities of a company, no matter they are explicit or not. Organizations must use IT portfolio management techniques to ensure that programs (a set of related IT projects) are aligned with strategic objectives (ISACA, 2013). The need to govern IT is a consequence of two strategic factors: the needs of the business and the maturity of the company (Juiz and Toomey, 2015). As shown in Toomey (2009), in addition to technology, we must consider people, processes and structure to understand the IT governance. According to Laita and Belaissaoui (2017), the IT governance aims to ensure that IT expectations and achievements are aligned with organizational objectives and that the associated risks are under control. There must be a strategic alignment between the use of IT and the achievement of business goals, both from the public or private sectors. Governing IT today is not a choice, and the Strategic Portfolio of IT Projects is a good practice that can help us with its implementation.
The ultimate goal of a systematic literature review is to carefully summarize all the relevant information about a specific topic of interest. It is important to extract from the selected publications the answer to various questions, so that it allows us to successfully address our future research. The first step for our research has been to look for answers on the IT governance and the portfolio of IT projects issues. In the review conducted, different approaches to how to use IT properly can be found. This new approach allows us to determine methods, good practices, standards, frameworks and procedures, which attempt to analyze how to use IT appropriately as service providers, and their relationship with users and customers. The IT governance can be seen as the set of mechanisms, structures, procedures and relationships defined by the senior management to evaluate, direct and monitor actions and the correct use and management of IT (Santos and Santos, 2017). The key element in IT governance is the alignment of IT to the business and, thereby, generating business value. IT services are increasingly integrated into business operations. According to Fernandez et al. (2015), the alignment of IT with the business allows to verify the impact of IT infrastructure and IT projects and services on the organization itself. We must move the focus of IT from cost efficiency to operational effectiveness and thus improve business processes. In relation to the project portfolio, numerous works have been found with different models (PMI, 2013). Some of them are even specifically designed for universities (Correa and Benavides, 2013). The strategic priorities of a company are reflected on what and how resources are spent. The portfolio of IT projects is a powerful tool for IT governance. It requires close connections between principles, processes, people and performance. Next, how the different selected works address different aspects is presented, that is, basic approaches, research lines, problems detected and proposed solutions.
Rahimi et al. (2016) propose a new business and IT alignment model in organizations, providing results that explain how IT creates organizational value. Additionally, Ghorfi, Oudau, Aboutajdineand Aroussi (2014) determine a model that allows the people in charge of IT to have a decision tool regarding their future strategic choices. Santos and Santos (2017) affirm that the effectiveness of IT governance in public or private companies will be achieved if the results of decision-making and related processes for the management and control of IT operations reach IT objectives. The findings can be used to improve the current IT governance frameworks, enabling companies to focus on IT concerns with a strong impact on the performance of IT governance. Project management is the institutional memory of governance. Simon, Fischbach and Schoder (2013) establish closer relations between the business architecture and the management of the IT portfolio through their integration not only in the process but also in the strategy, the meta-model, the organization and the level of the software tool. With regard to the selection process of IT projects, several solutions are proposed. Zhijie (2012) suggests that IT governance plays an important role in the selection of IT projects and the prioritization of the portfolio. Regarding solutions found in universities, Fernandez et al. (2015) state that one of the best practices that can be applied in relation to the acquisition principle is the implementation of a portfolio of IT projects. An IT investment portfolio should be designed based on a prioritized set of well-defined IT projects, that is, a portfolio of IT projects must be executed. One of the bases of good IT governance consists in developing a portfolio of projects aligned with the objectives of the University (Fernandez, Gumbau and Llorens, 2012; Fernandez et al., 2014; Gomez et al., 2016; Fernandez et al., 2015). 041b061a72