Are you fixing symptoms or causes?

I hear this again and again:  the IT management team cites a host of problem areas which reflect less-than-acceptable service to their customers, and which consequently cause much discomfort within their ranks.  Whether process, resource or infrastructure capacity issues, everyone (including prospective service providers) looks for the mystery Prozac that will take away the problems.  It's almost as if everything will be fine so long as there are one or more projects in progress aiming at implementing some or other best practice which has worked elsewhere - whether it be ITIL, COBIT, Scrum or whatever.

Catch a quick wake up!  This approach does nothing more than intensify the swarm of bees locked inside the server cabinet, and perpetuates the disconnect between the business and IT.  Let's remember that as the business becomes more and more dependent on IT it is ever more critical that IT justifies its existence through making a visible contribution to the achievement of the organization's strategic objectives, within the context of the unique value proposition of the business.

So what is the answer?

Simple:  get IT in tune with the business priorities through discovering which of the IT processes are critical to business success, and only then, target improvements in these processes.  IT needs to see the cause-effect linkages between its activities and those of the business, and then used this as the basis for deciding on what to do (and what NOT to do!) when it comes to assigning resources.

So here's what to do:

1. Enter into a dialogue with the business and obtain a corporate Strategy Map depicting the enterprise objectives, classified into the four Balanced Scorecard perspectives.  It may be necessary to call in some experts in strategy formulation and the use of these tools.
2. Execute a SWOT and PESTEL analysis for the IT organization, and build a shared vision, and core value proposition. 
3. Cascade the corporate strategy map to an IT strategy map, ensuring that the cause-effect linkages are valid.  Get the business to endorse the strategic objectives on which IT should focus its attention.
4. IT should then contract with each of its customers (i.e. the other business units within the company) and build Balanced Scorecards for each.
5. Conduct a risk analysis using a tool such as ISACA's RISK IT.  This can be mapped back to the COBIT framework to guide the setting of priorities.  While you are about it, consider doing a maturity assessment using COBIT 4.1, and even and process capability assessment using the COBIT 4.1 Process Assessment Model (PAM)
6. Build an IT Balanced Scorecard featuring the strategic objectives, targets, measures and initiatives that should deliver the required outcomes.  Once this is done, build the components into the performance management system and get to work!

By this time you will have realised that an IT governance framework such as COBIT 5 provides a rich context in which to do the analysis and design the solution to IT's problems, so make use of this free resource which has become the gold standard for IT governance.

Finally, get some expert help from experienced and skilled consultants - whether you are looking at the Balanced Scorecard, or dealing with the IT governance issues.

Can you trust the COBIT 5 Goals Cascade?

The short answer is Yes and No.  Here's why.

Everyone has been banging on for years about aligning IT with the business but the secret in achieving this has been as elusive as the Holy Grail.  Some organizations have realised this ambition by chance, while others have supposedly done all the right things, but still find that there is a disconnect between IT and the business. 

The way to get this right is simple: build IT intelligence into the enterprise strategy process and alignment will be present.  But what are the strategy processes, who presides over them (i.e. where are the accountabilities and responsibilities?), what are the outputs, and how is progress measured?

Well, it is often the case that no-one really knows except those behind the closed doors of the executive suite.

So the CobiT 4.1 development team, in their search for connecting the IT processes and business objectives, put together a series of generic business "goals" distributed across the four Balanced Scorecard perspectives and defined a set of cause-effect releationships (a "mapping") connecting processes with goals.  This became a tool for discovering what needed to be done within the IT process environment to address those business goals that were seen to be essential.  The goals cascade has now been simplified with the release of COBIT 5.

But one problem remains, and that is that for the use of the goals cascade to be relevant to the business there has to be a "mapping" between them, and the actual strategic objectives of the business, as reflected on a corporate Strategy Map and/or Balanced Scorecard.

So the message to CIOs and IT managers is this:  before you tout the COBIT 5 goals cascade to be the solution to the business' problems to justify getting into the backrooms again and perpetuating the disconnect between IT and the business, spend some time with the leadership and validate these business goals against the actual enterprise strategic objectives.  Hopefully this will bring you closer to achieving what everyone has been hoping for over the past 30 years.

If you want help in solving this and any other problem related to enterprise and IT strategy, IT governance or performance management find out more by visiting the Lode Star Strategy Consulting website.