COBIT 2019 and Marathons

COBIT 2019 and Marathons
Author: Pam Nigro, MBA, CRMA, CISA, CGEIT, CRISC, CDPSE, ISACA Board Chair, Vice President of Security and Security Officer at Medecision
Date Published: 25 July 2019

Training is important for marathon runners, but there are a number of specific factors that go into marathon runners achieving their personal best. Take a look at the examples below (and for you non-runners, your COBIT and digital transformation muscles will be exercised soon enough):

1. Get strong. It’s strength and conditioning, particularly around the ankles, knees and hips, that separates elites from mere mortals, according to British distance legend Liz McColgan.
2. Get loose. You want optimal flexibility and power from the first step. Come the end of the race, you'll actually have more energy reserves as you'll have run more efficiently.
3. Pace the workout. Going out too fast in both training and racing is the undoing of many talented runners.
4. Run with purpose. Each run has a plan with a focus, which increases motivation, gives training structure and ultimately improves times.
5. Create real incentives. Every runner knows the trick of mentally breaking up long runs into shorter, more manageable chunks; with rewards along the way and at the finish line.
6. Maintain quality. New shoes every 300 miles. Running in an old, worn-out pair of shoes can result in painful injuries and can mean a possible early end to your running career.

In many ways, digital transformation is like giving organizations a new pair of running shoes. Digital transformation, however, is not just technology; it’s more often about shedding outdated processes and legacy technology, giving organizations a chance to run faster.

Achieving your organization’s personal best requires more than just a new pair of running shoes. There are six steps, as outlined by ISACA’s recently updated COBIT 2019 framework, that can facilitate your organization’s ability to keep in top running condition. Here’s how:

  1. Get strong. COBIT incorporates the latest technology evolutions and methods, including new guidance on data management. COBIT enables your organization to strengthen and focus on the key objectives that are rightsized for your organization to continue to move forward. 
  2. Get loose. Up-to-date and flexible frameworks for governance of enterprise IT will empower you to address current security risks, DevOps/DevSecOps, and cloud computing, and enabling the digital transformation sweeping many of our organizations.
  3.  Pace the workout. The new Design Guide allows organizations to create a plan and tailor a governance system to specific context, defining the right priorities and providing a leaner, much more effective and efficient governance system.
  4. Run with purpose. Deploy a framework that is an authoritative reference useable by an organization’s boards, senior management, business and IT management and practitioners, audit and risk professionals, as well as external entities such as regulators and external auditors. This ultimately gives structure to align an organization and guide risk management activities.
  5. Create real incentives. The COBIT 2019 Implementation Guide provides you with assistance and direction for organizational change management and program management, identifying challenges and success factors.
  6. Maintain quality. Embedding and enabling an intuitive process capability model like CMMI will empower process improvement initiatives and allow for easier techniques and approaches to communicate with senior management.

Everyone approaches a marathon differently and, likewise, the approach to COBIT is different for every organization. No one way is better than the other; it’s just different. Your approach will depend upon your organization’s risk tolerance and appetite for change. At some point, as with runners, you will “hit the wall.” If it happens, don’t get too discouraged – be sure to refocus, recommit to the goal and recalibrate.

Editor’s note: Enhance your training of COBIT 2019 and stay fit for your organization in a pre-conference workshop at the 2019 GRC Conference in Ft. Lauderdale, Florida, USA, on 11 August or at a pre-conference workshop at EuroCACS/CSX 2019 in Geneva, Switzerland, on 14-15 October. For additional opportunities, see ISACA’s upcoming Training Week schedule.