Improving Business With COBIT 5

Benefits realization of IT-enabled investments is a strategic imperative. In a 2008 study on benefits realization, researchers found that in the majority of enterprises surveyed (57%), less than half of the change initiatives undertaken delivered the expected business benefits.¹ This conclusion is consistent with earlier studies that show that that the majority of IT-enabled initiatives are judged to be unsuccessful. Clearly there is an underlying message that the effectiveness of business benefits realization (BBR) could be improved, and with COBIT 5 as the business-IT framework of choice, better practices and better outcomes can be expected.

The subject of business benefits improvement of IT-enabled investments has long been of interest to business executives and managers, but it has been somewhat overshadowed by the predominance of keep the lights on (KTLO) share of the IT budget. Now, thanks to recent developments to boost IT productivity (cloud computing, development and operations [DevOps], Agile/Lean, etc.), the KTLO share has been dramatically reduced to make room for more business-focused, IT-enabled investments. This gives rise to the imminent growth in significance of improved practices and outcomes in this area. One indication of this is the dozen or so books and research papers published in this area in just the past 5 years.

The subject of business benefits improvement of IT-enabled investments has long been of interest to business executives and managers, but it has been somewhat overshadowed by the predominance of keep the lights on share of the IT budget.

This article is a brief synopsis of ISACA’s publication, COBIT 5 for Business Benefits Realization. This publication is part of a continuing series of practitioner guides based on the COBIT 5 framework. The following guides in the series have already been published:

• COBIT 5 for Information Security
• COBIT 5 for Risk
• COBIT 5 for Assurance

Definitions

Just what is meant by BBR? The common definition can be found for terms with similar sounding titles such as benefits realization management (BRM) or simply benefits management (BM). While a number of similar definitions of business benefits exist in the literature, one definition for BRM provided by pioneer and author Gerald Bradley is “the process of organizing and management, so that potential benefits, arising from investment in change, are actually achieved.” He further explains that BRM is a continuous process running through the whole change life cycle and should be the central theme of any change initiative, whether applied to the whole portfolio, a program, or a project.² According to Bradley, BRM recognizes the starting position (current status, drivers for change, stakeholders and cultural factors). Next, through active engagement with the business, BRM articulates and establishes the end point (vision supported by objectives and benefits). Then, and only then, BRM determines the changes required to achieve this goal—enablers and business changes.

BRM includes “Enablers.” Bradley uses this term in the context of benefits related to change, and defines an enabler as “something that can be developed/built/acquired, normally from outside the environment in which it will be embedded and where the benefits will be realized.”³ He explains that an enabler may be any of the people, process, information and technology (PPIT) types and is normally costed, budgeted and formally planned, usually within a project or program. (The use of the term “enabler” here is not to be confused with the COBIT 5 enablers). According to Bradley, the other type of change that is associated with benefits is business change, which he defines as “a change which occurs within the business/operational environment, often a new way of working or a new business state, which may utilize a new enabler.”⁴

Insights on Enterprise Strategic Planning⁵

Boards and management teams need to steer their organizations into a competitive battle, to attack or respond appropriately in order to take advantage of growth opportunities. They need to identify and leverage disruptive technology innovation trends, patterns and possibilities, especially as the global marketplace constantly evolves. They need to plan for changing customer preferences, unforeseen competitor moves and drastic regulatory changes. They need to become more nimble and flexible, to respond to change faster than their competitors in a volatile environment.

With the recent surge of disruptive technologies and technology innovation, predictability has sharply declined and static strategic plans have become obsolete in most industries. As organizations acknowledge greater unpredictability and shorter time to market for new capabilities, many are moving toward a dynamic strategy in which strategic plans and business models are constantly reviewed, tested and updated (figure 1).

Figure 1—Dynamic Strategic Planning Process

Source: David Roche and Eric Kordt. Reprinted with permission.

IT is now seen not only as an enabler, but as a possible game changer/transformer and an asset that can be leveraged to develop alternative business models, grow revenue streams and outperform competitors. As a result, many organizations are bringing IT to the strategy development and planning tables. In a study comprised of more than 40 interviews, 8 out of 10 people in the Australian financial services sector stated that IT was integrated with their enterprise strategic planning process.⁶

When an organization’s leadership team does strategic planning for the first time, it may set aspirations for what it would like the organization to achieve. Many organizations articulate these aspirations as vision, mission and value statements and a desired future state. Some leaders reflect on how to differentiate themselves from their competitors, how to compete and win in their market. Others might focus on how their organization should move from the current state to the desired future state.

An organization’s strategy is the set of goals, measures of success and milestones required, potentially over a number of years, to attain those aspirations. The set of goals and milestones may be related to market and customer segments, products and services, channels for selling and servicing customers, and targeted locations. This strategy ensures that the organization runs effectively and efficiently, by:

• Ensuring there is a clear sense of purpose of the organization (e.g., a vision and mission)
• Ensuring the organization’s operating model is optimally aligned to support the attainment of the organizational purpose
• Ensuring that the organization understands what risk it is prepared to take
• Ensuring that there is clear governance in place to guide the organization’s action and ensure its continued strategic alignment
• Ensuring that there are clear mechanisms for monitoring environmental changes and the organization’s progress in strategy implementation

Planning defines the steps of how an organization plans to achieve its goals and milestones, to survive and be competitive in an environment characterized by change. In many cases, strategic planning takes the form of an annual process, but it really should be a continuous process that senses and responds to environmental change and performance results.

A strategic plan is an action plan that articulates who will do what, with which resources, by when and how it will be measured. It should highlight choices on initiatives; investments (e.g., mergers/acquisitions) and who is accountable to attain the benefits, manage costs and risk; and the measures of success, relevant timelines and resources required to deliver within the timelines. Planning considers constraints such as budget, capabilities, resources and risk boundaries. Leaders should ensure they have a strategic planning framework and process aligned to their organization’s industry dynamics. Synchronizing the agility needs of an organization and its strategic planning process is key. Leaders should have their environmental radar turned on, keep their fingers on the pulse of the environment, and ensure their organization has the ability to react and adapt quickly. Acknowledging technology plans or innovations by organizations in other industries is also prudent.

In the digital economy, business and technology innovation opportunities drive whether an organization attacks the marketplace or has its own market share and revenue streams attacked. Ideally, organizations should understand evolving customer preferences, learn what is possible from innovative business partners, and adapt their strategic plans and business models accordingly. The process leading to technology-enabled innovation is depicted in figure 2.

Figure 2—Process Leading to Technology-enabled Innovation

Source: David Roche and Eric Kordt. Reprinted with permission.

IT strategy clearly has a pivotal role to play in driving enterprise transformation. Key outcomes and base practices for IT strategy development are defined by the COBIT 5 APO02 process.

BBR in Relation to COBIT 5 Principles

As benefits realization is one of the 3 objectives COBIT 5 defines for value creation—the overall goal for enterprise governance—each of the 5 COBIT 5 principles can be directly interpreted in the BBR context.

1. Stakeholder Goals. These are those enterprise goals that COBIT 5 defines as having a primary relation to the benefits realization objective, such as:
   • Stakeholder value of business investments
   • Portfolio of competitive products and services
   • Financial transparency
   • Customer-oriented service culture
   • Agile responses to a changing business environment
   • Information-based strategic decision making
   • Optimization of service delivery costs
   • Optimization of business process functionality
   • Optimization of business process costs
   • Management of business change programs
   • Operational and staff productivity
   • Product and business innovation culture
2. Covering the Enterprise End-to-end. This principle underlies the perspective that benefits realization is taken to mean encompassing all of the business of the enterprise. It is further reinforced in COBIT 5 by the identification of 7 wide-ranging enablers (addressed in the next section) that cover many conceivable dimensions of enterprise governance and management.
3. Applying a Single Integrated Framework. While there are many IT-related standards and best practices, each providing guidance on a subset of IT-related activities, COBIT 5 is itself complete in enterprise coverage, providing a basis to integrate other frameworks, standards and practices. As a single overarching framework, it serves as a consistent and integrated source of guidance in a nontechnical, technology-agnostic common language. COBIT 5 aligns with other relevant standards and frameworks, and thus allows the enterprise to use it as the highest-level governance and management framework for enterprise IT, and to extract the necessary aspects for particular attention, as in the case of BBR. This is seen in the practical guidance provided by the COBIT 5 enablers.
4. Enabling a Holistic Approach. COBIT 5’s 7 enablers are factors that, individually and collectively, influence whether something will work. They are driven by the goals cascade, i.e., higher-level IT-related goals define what the different enablers should achieve. Enablers need to be considered in an interconnected context for the effective governance and management of IT for an enterprise, and hence, for BBR.
5. Separating Governance from Management. This COBIT 5 principle makes a clear distinction between governance and management. Each encompasses different types of activities, requires different organizational structures and serves different purposes. The delineation between governance and management of BBR is best seen through the applicable processes for each dimension. Using a process perspective for BBR, COBIT 5 defines governance through the EDM02 (Ensure benefits delivery) process, while management is done through 6 primary processes and 2 secondary processes (outlined in the next section).

Practical Guidance in Using COBIT 5 Enablers to Achieve Better BBR

In the field of BBR, it is not uncommon to see references to a benefits-led approach. There has been investigation into the practice of this and one view expressed is that this does not work well in practice for a variety of reasons. In this perspective, it would be a higher maturity to view benefit realization practices in the light of a benefits realization capability. This view has been put forward by researchers on this subject.⁷ The notion of developing IT capability to deliver competitive advantage is not new (this view has been promulgated for more than a decade); and equally, for a benefits-driven approach to investments in IT—the latter is built on the basis that IT has no inherent value of its own and that benefits come from using IT to enable people to do things differently.⁸ It is out of this that the practice of Benefits Management is born, as it builds on a set of management practices for planning and leading benefits-driven initiatives. As benefits are generated from organizational change (from enabling people to do things differently), a key implication is that there is a need for business ownership of benefits and the changes required to realize them.

BM provides a coherent framework and common language for business staff, managers and IT professionals to work together effectively to make change happen and to realize the benefits. From a benefits perspective, improving the success rate of investments in IT is not an issue just for the IT function. New project methodologies, new software development tools, outsourcing and offshoring can only ever be a part of the solution. Improvements must address the competencies of the organization as a whole.

Benefits-led approaches can be effective in practice, but are generally not widely adopted, as researchers have found.⁹ This indicates a need to reframe the challenges of gaining adoption of a benefits-led approach to investments in IT as the development of an organizational benefits realization capability. In this context, the COBIT 5 enablers, particularly the COBIT 5 process enablers, can bridge the practice gap.

The relevant COBIT 5 process enablers and their respective context for BBR follow:

Primary

• EDM02 (Ensure benefits delivery)—This is the core of BBR governance.
• APO02 (Manage strategy)—Enterprise and IT strategy drive programs that are the source of business benefits.
• APO04 (Manage innovation)—Innovation is the key to generating business benefits in the enterprise.
• APO05 (Manage portfolio)—The managed portfolio has to be driven by business benefits.
• BAI01 (Manage programs and projects)—These are core organizational benefits management processes.
• BAI05 (Manage organizational change enablement)—The management of organizational change is a key influencer of effective BBR.

Secondary

• APO03 (Manage enterprise architecture)—Enterprise architecture provides the organization’s technology-driven road map for achieving business goals.
• APO12 (Manage risk)—This process addresses IT-related risk, which includes risks for benefit realization.

Assessing Business Benefits

A major challenge in BBR is the actual forecasting and assessment of business benefits. In contrast to costs, which are comparatively more discernible and quantifiable, accurately identifying, forecasting and quantifying business benefits typically present a key challenge to business investment sponsors and analysts alike. The impact of this issue trickles down from before the business case is established and approved (i.e., origination and ideation) through program management and benefits monitoring, and right on to reconciliation of business benefits attainment vs. the conception of business benefits at the time of the business case formulation.

In recent times, however, there has been greater clarity in forecasting business benefits due to guidance in this area becoming available through 2 sources:

• ISACA’s Business Innovation Model—This is the foundation of a new report series on emerging technology trends.
• Gartner’s Business Value Model—This proprietary model was first published in 2006 and has been updated periodically.

These two models are detailed in the ISACA publication, COBIT 5 for Business Benefits Realization, and are briefly described here:

1. ISACA’s Business Benefits Assessment—part of the Business Innovation Model
   ISACA has developed a model for business innovation (BI) which incorporates business benefits assessment, and, in particular, a scoring/rating methodology that enables the inclusion of business benefits as an element of the overall value created by a business innovation. In essence, the BI model derives a composite value score from the 3 governance of enterprise IT (GEIT) objectives/dimensions on which COBIT 5 is based, i.e., business benefits, risk optimization and resource optimization. The derived value score (called the BI index) facilitates the fundamental assessment of governance effectiveness from the enterprise governance perspective, i.e., value creation. By having such an index, enterprises can make reasoned judgments on technology-enabled investment option prioritization and comparison, and thereby facilitate well-founded decision making. These options are viewed in the context of emerging technology adoption business trends. Additionally, by benchmarking scores against researched, validated and published BI indices of selected industry sectors, enterprises are further able to assess the governance performance of their technology-enabled investments against industry best practices.
2. The Gartner Business Value Model
   Gartner has, for some years, advocated that the basis for BBR is business outcomes. Gartner’s Business Value Model defines and categorizes the wide-ranging outcomes that result in successful IT-enabled investments and ongoing IT services. The model makes a compelling case to use benefits monetization of business outcomes as a primary measure of benefits assessment and, thereby, benefits realization. To leverage use of this model, Gartner has provided comprehensive and detailed guidance to assess the monetization of business outcomes in a wide range of situations as a basis for business cases and BBR.

Implementing BBR

In ISACA’s upcoming publication, 3 separate best practice-prescribed approaches to implementing a governance-management discipline such as BBR are presented:

• ISACA’s COBIT 5 implementation approach guidance
• BRM implementation life cycle processes
• The New South Wales Australian government methodology

However, BBR is far from being an automatically assumed discipline in many enterprises. There are prerequisites and other implementation guidance for successful and sustained business benefits implementation, such as culture and leadership. Therefore, efforts and practice are likely to be more successful if the environment is conducive and the enterprise’s culture is supportive and in line with the BBR way of thinking. This is akin to the Creating the Appropriate Environment prerequisite for implementation of GEIT.¹⁰

It is important for the appropriate environment to exist when implementing BBR management for the first time or improving the state of practice. This helps ensure that the discipline itself is governed and adequately guided and supported by management. Major IT initiatives often fail due to inadequate management direction, support and oversight. BBR management implementations are no different; they have more chance of success if they are well governed and well managed.

Inadequate support and direction from key stakeholders can, for example, result in business benefit management producing new policies and procedures that have no proper ownership. Process improvements are unlikely to become normal business practices without a management structure that assigns roles and responsibilities, commits to their continued operation, and monitors conformance.

An appropriate environment should, therefore, be created and maintained to ensure that BBR management is implemented as an integral part of an overall governance-management approach within the enterprise. This should include adequate direction and oversight of the implementation initiative, including guiding principles. The objective is to provide sufficient commitment, direction and control of activities so there is alignment with enterprise objectives and appropriate implementation support from the board and executive management.

Experience has shown that, in some cases, a BBR initiative identifies significant weaknesses in overall enterprise governance or management. Success of BBR management is much more difficult within a weak enterprise governance-management environment, so active support and participation of senior executives are even more critical. The board should be made aware of the need to improve overall governance and the risk of BBR management failing if this is not addressed.

Whether the implementation is a small or a major initiative, executive management must be involved in and drive creation of the appropriate governance and management structures. The initial activities usually include assessment of current practices and the design of improved structures. In some cases, it can lead to reorganization within the business and in the IT function and its relationship with business units.

Executive management should set and maintain the governance-management framework—this means specifying the structures, processes and practices for BBR management in line with agreed governance and management design principles, decision making models, authority levels and the information required for informed decision making. COBIT 5 Implementation provides guidance on an example decision matrix for GEIT implementation (in Appendix B). The decision topics relevant to BBR can be identified along with their respective scope. They are:

• IT-enabled investment and portfolio prioritization. The scope of this comprises:
  • Making effective and efficient IT-enabled investment and portfolio decisions
  • Forecasting and allocating budgets
  • Defining formal investment criteria
  • Measuring and assessing business value against forecast
• IT-enabled investment and program prioritization. The scope of this comprises:
  • Setting and tracking IT budgets in line with IT strategy and investment decisions
  • Measuring and assessing business value against forecast
  • Defining a program and project management approach that is applied to IT projects and enables stakeholder participation in and monitoring of project risk and progress
  • Defining and enforcing program and project frameworks and approaches
  • Issuing project management guidelines
  • Performing project planning for each project detailed in the project portfolio

These decision topics are examples of how to identify and scope key topic areas and assign clear decision-making responsibilities. It is useful as a guide, and can be modified and adapted to suit an enterprise’s specific organization and requirements for BBR.¹¹

Sushil Chatterji, CGEIT, CEA, CMC

Has more than more 30 years’ experience in the IT industry. He has devoted the last 15 years of his career to governance of IT, enterprise architecture and management consultancy. He is a thought leader and has worked on projects in these areas both in the public and private sector. He is currently a member of ISACA’s Governance Committee. Previously, he served as chair of ISACA’s Framework Committee which oversees COBIT strategy and development, and was a member of the Knowledge Board. Chatterji was previously senior consultant with META Group based in Singapore. Prior to that, he worked for IBM, SEMA Group and the Singapore National Computer Board. He is also an accredited trainer of COBIT courses and a certified COBIT assessor. He is the author of the first version of the Certified in the Governance of Enterprise IT (CGEIT) review manual and the related boot camp training developed in 2010, a core developer of the Val IT framework, and served on the ISO Work Group that developed the global IT governance standard (ISO 38500) in 2008.

Endnotes

¹ Ward, J.; E. Daniel; Benefits Management: How to Increase the Business Value of Your IT Projects, 2^nd Edition, Wiley & Sons, USA, 2012
² Bradley, G; Benefit Realisation Management: A Practical Guide to Achieving Benefits Through Change, 2^nd Edition, Gower Publishing, United Kingdom, 2010
³ Ibid.
⁴ Ibid.
⁵ Roche, David; Eric Kordt; IT Strategic Planning: 80 Insights from Australian Board and Management Teams, ISACA Sydney Chapter and itSMF Australia, 2014
⁶ Ibid.
⁷ Ashurst, C.; Benefits Realization from Information Technology, Palgrave Macmillan, United Kingdom, 2011
⁸ Peppard, J; J. Ward; E. Daniel; ”Managing the Realization of Business Benefits from IT Investments,” MIS Quarterly Executive, vol. 6, iss. 1, 2007
⁹ Op cit, Ashurst
¹⁰ ISACA, COBIT 5 Implementation, USA, 2012
¹¹ This example is based on the GEIT matrix used internally by Deloitte South Africa and developed by IT Winners.