Digital Transformation
Showing results for 
Search instead for 
Did you mean: 

5 goals to better manage solution identification and build through COBIT 5


In our most recent post on COBIT 5, we considered what it prescribes for programs and projects. This week, we turn our attention to the solutions identification and build process, which aims to keep solutions in line with enterprise requirements. As such, it includes the topics of design, development, procurement/sourcing, and partnering with suppliers/vendors. For this reason, the activities for this process are configuration management; test preparation; testing; requirements management; and maintenance of business processes, applications, information, infrastructure, and services. With this mouthful, the process’s purpose is to establish timely and cost-effective solutions capable of supporting enterprise strategic and operational objectives.


Goals for solutions identification and build

To improve the management of solutions identification and build, COBIT 5 suggests IT organizations measure themselves against five process-improvement goals. Let’s explore each along with the recommended metrics: 


1.                  The solution design meets enterprise needs, aligns with standards, and addresses all identified risk. When programs and projects are delivered, they need to conform to requirements and enterprise architecture standards, and consider and address risks. Two metrics measure success: number of reworked solution designs due to misalignment with requirements, and time taken to approve that a design deliverable has met requirements.


Imagine a failure under the first metric:The solution is built, and what is delivered does not meet its requirements. As a product manager, I’ve had the pain of cutting features, but I’ve never had to redo the product due to a failure to deliver what is required in the areas that remain. And clearly, the second metric goes after the quality of stakeholder involvement and of the approval process as a whole.


2.                  The solution conforms to the design and is in accordance with organization standards and appropriate control, security, and auditability. This simply says that you design solutions that conform to the enterprise architecture and have security designed in. The metric selected for this process goal is the number of solutions exceptions to design during stage reviews. We clearly want to minimize exceptions to enterprise architecture in particular because it impacts not only the ability to control a solution, but also overall enterprise agility.


3.                  The solution is of acceptable quality and has been successfully tested. This to me is where the rubber meets the road. It seems obvious with such slogans as “quality is job one,” but how often do we release buggy software or simply reclassify a bug type to keep a release date? Two metrics help manage this process goal: number of errors found during testing, and time and effort to complete tests. To reduce high bug counts, we want developers to test and fix code as they create it. At the same time, we want to reduce the time and effort to complete testing in order to become more efficient.  We, also, want to increase the effective testing coverage swath.


4.                  Approved changes to requirements are correctly incorporated into the solution. This is so simple. It says to me that we do what we say. Recommended metric: Number of tracked approved changes that generate new errors. Naturally, we want changes to take out risk. This measures whether this, in fact, happens.


5.                  Maintenance activities successfully address business and technological needs. COBIT 5 suggests here once again that quality does not stop at release—its role is continuing. This is why we often have VPs of applications versus VPs of development. One metric is recommended here: number of demands for maintenance that go unsatisfied. It’s scary when a solution needs maintenance to keep on going and doesn’t get it. Hopefully, this is rarely happening at your company.


So where should you start?

Once again, my suggestion is to start where the most immediate value can be driven. But if it were up to me, I’d start by showing acceptable quality and successfully testing. What do you think? I would love to hear back from you.


Related links:

Blog post: 3 ways IT leaders can strengthen compliance and control

Blog post: Making COBIT 5 part of your IT strategy

Blog post: COBIT 5 guides IT leaders to better manage future orientation in their organizations

Blog post: 7 goals in COBIT 5 that will improve your operational excellence

Blog post: COBIT 5’s scorecard measures IT’s relationship with its customers

Blog post: COBIT 5 scorecard measures the quality of IT’s financial performance


Solution page:  IT Performance Management

Twitter: @MylesSuer

0 Kudos
About the Author


Mr. Suer is a senior manager for IT Performance Management. Prior to this role, Mr. Suer headed IT Performance Management Analytics Product Management including IT Financial Management and Executive Scorecard.

Education Portal of India

nice piece of information, I had come to know about your internet site from my friend vinay, delhi,i have read atleast 12 posts of yours by now, and let me tell you, your website gives the best and the most interesting information. This is just the kind of information that i had been looking for, i'm already your rss reader now and i would regularly watch out for the new post, once again hats off to you! Thanx a ton once again, Regards, Indian Education information

Jan 30-31, 2018
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all