Digital Transformation
Showing results for 
Search instead for 
Did you mean: 

7 goals in COBIT 5 that will improve your operational excellence


Recently in “Making COBIT 5 part of your IT strategy,” I wrote about why the latest release of the COBIT standard should be on your radar. This week I review what COBIT says about measuring IT’s ability to deliver. In scorecard parlance, I will be reviewing operational excellence. I’ve already looked at what COBIT 5 recommends for IT’s customer relationships and financial transparency. As with those previous posts, we will review COBIT 5’s recommendations for the enterprise as a whole and then focus on the IT Balanced Scorecard recommendations.


Operation goals for the enterprise

For IT’s customers, the business, COBIT 5’s operational quadrant has five areas or business questions that a business should score itself by. They are:


1)      Optimization of business process functionality

2)      Optimization of business process costs

3)      Managed business change programs

4)      Operational and staff productivity

5)      Compliance with internal policies


Why should IT organizations look at these business goals? IT has a direct impact on several on 1, 2, and 5. And IT has a role to play in the success of 3 and 4.


Operational goals for IT

How should IT score performance with its business customers? COBIT 5 provides seven goal areas, and if you compare these to the business-related scorecard above, you see once again close linkage. Let’s explore each goal area and their respective metrics: 


  1.    IT agility:  Three metrics are recommended for this goal area: Level of satisfaction of business executives with IT’s responsiveness to new requirements; number of critical business processes supported by up-to-date infrastructure and applications; and average time to turn strategic IT objectives into an agreed-on and approved initiatives. These metrics nicely relate to three enterprise goal areas shown above. For them, they answer a number of critical questions. Does the business feel IT is responsive? Is IT keeping the corporate capabilities system running reliably and consistently able to deliver distinctive business outcomes? And lastly, how agile is IT at getting on new strategic objectives?

2.    Security of information, processing, infrastructure, and applications: Four metrics are recommended for this goal area: Number of security incidents causing financial loss, business disruption, or public embarrassment; number of IT services with outstanding security requirements; time to grant, change, and remove access privileges, compared to agreed-on service levels; and frequency of security assessments against latest standard guidelines. To me, the first is disaster and if it happens frequently, it will lead to an IT organizational change. The next two are about battening down the hatches, and the last is about assessing how up-to-data my controls are.


3.     Optimization of IT assets, resources, and capabilities: There are three metrics with this goal area: frequency of capability maturity and cost optimization assessment; trend in assessment results; and satisfaction levels of business and IT executives with IT-related costs and capabilities. These ask IT organization to assess and benchmark how well they are doing and to see how in line costs are with business and IT expectations.


4.       Enablement and support of business processes by integration applications and technology into business processes: Four metrics are recommended with this goal area: number of business processing incidents caused by technology integration errors; number of business process changes that need to be delayed or reworked because of technology integration issues; number of IT-enabled business programs delayed or incurring additional costs due technology integration issues; and number of applications or critical infrastructure operating in silos and not integrated. These answer the following questions: How well does technology integrate to business processes and how mature is the corporate enterprise architecture?


5.      Delivery of programs delivering benefits, on time, on budget, and meeting requirements and quality standards: Four metrics are recommended with this goal area: number of programs/projects on time and within budget; percent of stakeholders satisfied with program and project quality; number of programs needing significant rework due to quality defects; and cost of application maintenance versus overall IT costs. These metrics relate to the enterprise goal of optimization of business process costs. They answer a number of critical questions. How well are programs and projects managed and tested? How well is the current service portfolio operating? High maintenance cost here could imply poor delivery.


6.      Availability of reliable and useful information for decision making: Three metrics are recommended for this goal area: level of business user satisfaction with quality and timeliness (availability) of management information; number of business process incidents caused by non-availability of information; and ratio and extent of erroneous business decisions where erroneous or unavailable information was a key factor. These metrics answer how available and how good is the management information provided by IT.


7.      IT compliance with internal policies: Four metric recommendations are made within this final goal area. They include number of incidents related to non-compliance to policy; percent of stakeholders who understand policies; percent of policies supported by effective standards and working practices; and frequency of policy reviews and updates. This is huge area for IT and includes: buying to standards, configuring to standards, and reviewing to standards. Doing this well limits security issues, increases business agility, and protects IT and business from compliance issues.


Where to start?

My suggestion is that you start where the most immediate value can be driven. I would start where the most leverage can be had whether it is for service delivery, program and project management, and infrastructure and application compliance. Pick one area and improve there. In my next post, I will turn my attention to final portion of the scorecard the Learning and Growth quadrant. In the meantime, feel free to ask questions or comment below on this post.  


Related links:

Blog post: 3 ways IT leaders can strengthen compliance and control

Blog post: Making COBIT 5 part of your IT strategy


Solution page:  IT Performance Management

Twitter: @MylesSuer

0 Kudos
About the Author


Mr. Suer is a senior manager for IT Performance Management. Prior to this role, Mr. Suer headed IT Performance Management Analytics Product Management including IT Financial Management and Executive Scorecard.

Jan 30-31, 2018
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all