A process model for measuring relationships with COBIT

Expanding your relationships requires first measuring them to determine how effectively you’re building credibility.

How do you measure the business-partner relationship with your provider organization? Apply COBIT 5.

CIOs have recently reinvigorated the dull IT liaison role by coining it “the business-relationship manager.” This role is accountable for the relationship between information technology and the business partners.

Before business-relationship managers skip off to schedule strategic road-mapping discussions, relationships need to be measured. Asking questions about perceived value realization won’t do it. Inquiring about the benefits received isn’t going to get us there either. This discussion requires metrics—hard, quantifiable metrics that can be measured and monitored over time.

Evolution to COBIT 5

Several frameworks provide insight into robust high-level practices including COSOITILBiSLISO 9000 (quality), ISO 27000 (information security), ISO 31000(risk management), ISO 38500 (IT governance, CMMITOGAF, and PMBOK. However, one framework exceeds all these in providing standardization: COBIT 5.

The Information Systems Audit and Control Association (ISACA) launched the Control Objectives for Information and Related Technologies (COBIT) framework in 1996. ISACA published COBIT 5 in April of 2012. The framework is commonly called Control Objectives for Information and Related Technology (CobiT). The framework concepts—not surprisingly—are extremely relevant to understanding and measuring information technology. COBIT 5 defines best practices for information-technology management.

COBIT is a mature, best-practice framework that has evolved over the last twenty-two years.

  • 1996 Audit: first edition of the framework released, focusing on Audit
  • 1998 Control: second edition of the framework released, adding Control
  • 2000 COBIT3: third edition of the framework released, revising Management Guidelines
  • 2005 COBIT 4.0: fourth edition of the framework released, revising prior editions
  • 2007 COBIT 4.1: minor release, including overall upgrades
  • 2012 COBIT 5: fifth edition and a major overhaul, adding in Val IT 2.0 framework, Risk IT frameworks, concepts from ISACA’s IT Assurance Framework (ITAF), and the Business Model for Information Security (BMIS).

In addition, COBIT 5 is coordinated to major frameworks and standards including ITIL, ISO, PMBOK, PRINCE2, and TOGAF. The COBIT 5 framework is a highly integrated and recognized standard of best practices for information technology management. By using COBIT 5, your organization has already started the journey toward value realization.

COBIT 5 areas and domains

COBIT 5 separates governance from the management of the enterprise. 

Governance area

  • Evaluate, Direct and Monitor (EDM): ensures governance framework setting and maintenance, benefits delivery, risk optimization, resource optimization, and stakeholder transparency

Management of information technology area

  • Align, Plan and Organize (APO): manages the IT management framework; strategy; enterprise architecture; innovation; portfolio; budget and costs; human resources; relationship; service agreements; suppliers; quality; risk; and security
  • Build, Acquire and Implement (BAI): manages programs and projects; requirements definition; solutions identification and build; availability and capacity; organizational change enablement; change, change acceptance, and transitioning; knowledge; assets; and configuration
  • Deliver, Service and Support (DSS): manages operations, service requests and incidents, problems, continuity, security services, and business-process controls
  • Monitor, Evaluate and Assess (MEA):  monitors, evaluates and assesses performance and conformance, the system of internal controls, and compliance with external requirements

ISACA defines COBIT 5 as “a set of enablers to support the implementation of a comprehensive governance and management system for enterprise IT.” The COBIT 5 organizational enablers span seven categories:

  1. Principles, policies and frameworks: shifting behavior into action
  2. Processes: for consistent practices to achieve consistent results
  3. Organizational structures: enterprise decision design
  4. Culture, ethics and behavior: connecting beliefs to conduct
  5. Information: moving from raw data to actionable knowledge
  6. Services, infrastructures and applications: to improve stability, control, and transparency
  7. People, skills and competencies: translates knowledge into results

Managing relationships with COBIT 5

There are several areas applicable to business-relationship management within COBIT 5. However, Align, Plan, and Organize (APO) is the most applicable and, specifically, within the APO domain, the function labeled Manage Relationships.

The process officially called APO08 Manage Relationships is defined as a way to “manage the relationship between business and IT in a formalized and transparent way that ensures a focus on achieving a common and shared goal of successful enterprise outcomes in support of strategic goals within the constraints of budgets and risk tolerance.”

The process purpose statement, to “create improved outcomes, increased confidence, trust in IT, and effective use of resources” sounds strangely similar to the objective and responsibility of the business-relationship manager (BRM).

Within the Align, Plan, and Organize domain and the APO08 Manage Relationships process, there are five key management practices:

  1. Understand business expectations (APO08.01)
  2. Identify opportunities, risk, and constraints for IT to enhance the business (APO08.02)
  3. Manage the business relationship (APO08.03)
  4. Coordinate and communicate (APO08.04)
  5. Provide input to the continual improvement of services (APO08.05)

Measuring relationships with COBIT 5

The Manage Relationships process is designed to achieve four main objectives with supporting measures:

Alignment of IT and business strategy

  • Percent of enterprise strategic goals and requirements supported by IT strategic goals
  • Level of stakeholder satisfaction with the scope of planned portfolio of programs and services
  • Percent of IT value drivers mapped to business value drivers

Delivery of IT services in line with business requirements

  • Number of business disruptions due to IT service incidents
  • Percent of business stakeholders satisfied that IT service delivery meets agreed-on service levels
  • Percent of users satisfied with the quality of IT service delivery

Enablement and support through integrating applications and technology into business processes

  • Number of business-processing incidents caused by technology integration errors
  • Number of business-process changes that need to be delayed or reworked because of technology integration issues
  • Number of IT-enabled business programs delayed or incurring additional cost due to technology-integration issues
  • Number of applications or critical infrastructures operating in silos and not integrated

Knowledge, expertise, and initiatives for business innovation

  • Level of business executive awareness and understanding of IT innovation possibilities
  • Level of stakeholder satisfaction with levels of IT innovation expertise and ideas
  • Number of approved initiatives resulting from innovative IT ideas

The future of organizational design

Leveraging COBIT 5 enhances the provider organization’s ability to measure the business partner’s relationship adequately. The additional benefit is a best-practices framework that can only improve provider credibility. Adding value begins by measuring value.

Previous articleHow BRMs can tap into the value of business architecture
Next articleNew strategies for growth with product management
Peter is a technology executive with over 20 years of experience, dedicated to driving innovation, digital transformation, leadership, and data in business. He helps organizations connect strategy to execution to maximize company performance. He has been recognized for Digital Innovation by CIO 100, MIT Sloan, Computerworld, and the Project Management Institute. As Managing Director at OROCA Innovations, Peter leads the CXO advisory services practice, driving digital strategies. Peter was honored as an MIT Sloan CIO Leadership Award Finalist in 2015 and is a regular contributor to CIO.com on innovation. Peter has led businesses through complex changes, including the adoption of data-first approaches for portfolio management, lean six sigma for operational excellence, departmental transformations, process improvements, maximizing team performance, designing new IT operating models, digitizing platforms, leading large-scale mission-critical technology deployments, product management, agile methodologies, and building high-performance teams. As Chief Information Officer, Peter was responsible for Connecticut’s Health Insurance Exchange’s (HIX) industry-leading digital platform transforming consumerism and retail-oriented services for the health insurance industry. Peter championed the Connecticut marketplace digital implementation with a transformational cloud-based SaaS platform and mobile application recognized as a 2014 PMI Project of the Year Award finalist, CIO 100, and awards for best digital services, API, and platform. He also received a lifetime achievement award for leadership and digital transformation, honored as a 2016 Computerworld Premier 100 IT Leader. Peter is the author of Learning Intelligence: Expand Thinking. Absorb Alternative. Unlock Possibilities (2017), which Marshall Goldsmith, author of the New York Times No. 1 bestseller Triggers, calls "a must-read for any leader wanting to compete in the innovation-powered landscape of today." Peter also authored The Power of Blockchain for Healthcare: How Blockchain Will Ignite The Future of Healthcare (2017), the first book to explore the vast opportunities for blockchain to transform the patient experience. Peter has a B.S. in C.I.S from Bentley University and an MBA from Quinnipiac University, where he graduated Summa Cum Laude. He earned his PMP® in 2001 and is a certified Six Sigma Master Black Belt, Masters in Business Relationship Management (MBRM) and Certified Scrum Master. As a Commercial Rated Aviation Pilot and Master Scuba Diver, Peter understands first hand, how to anticipate change and lead boldly.