George is an inexperienced hiker. He is lost in the woods and it is dark. He wants to go back to civilization. He has a global positioning system (GPS) navigator, but he does not know how to use it correctly. He does not know if he is two miles away from a town or hundreds or if he is just a few feet from a dangerous cliff. When he finally listens to his instinct and makes a decision, he still does not know if he is heading in the right direction.
George resembles many organizations. They often do not know:
- Where they are
- Where to go
- Whether they are heading in the right direction
However, there are methodologies that exist that if used correctly can help organizations answer these questions.
COBIT 2019
COBIT® has developed into an overarching framework for the governance and management of information and technology (I&T). With the release of COBIT® 2019,1 ISACA® has succeeded in quickly adapting to the new developments and providing an open I&T governance and management framework to the community. COBIT 2019 provides comprehensive tools that enable the customization and implementation of the governance structure for enterprises’ I&T.
COBIT supports a cascade scheme that translates stakeholders’ needs and intent into enterprise goals (figure 1).2 The achievement of these goals successfully materializes the enterprise strategy. The enterprise goals are then mapped to alignment goals. The latter supports the alignment of all IT efforts with business objectives. Finally, the goals cascade enables the prioritization of specific governance and management objectives for I&T in tandem with the alignment goals.
COBIT 2019 defines components as building blocks that are necessary to build and maintain a governance system such as the processes, organizational structures, policies, procedures, information flows, culture and behaviors, skills, and infrastructure.3
The Balanced Scorecard/IT Balanced Scorecard
The balanced scorecard (BSC)4 is more than a performance management system. It enables enterprises to decompose their strategies on measurements and follow up on their progress. Its fundamental principle is that the evaluation of an organization is not limited to traditional financialindicators, but it is expanded to other areas such as customer satisfaction, employee turnover, internal processes capabilities, and the ability to learn and improve. Good performance in areas other than finance ensures the achievement of strategic goals. In this sense, it keeps a balanced view of the enterprise performance for all perspectives. Wim Van Grembergen and Rik Van Bruggen adopted the traditional BSC and applied it to I&T.5 The IT BSC has become a popular tool, with its concepts widely supported by industry experts and used by various organizations. Although the ideas of the IT BSC have become the standard, there are a number of approaches to how an organization may structure it based on their needs. In the context of the scorecard, “balanced” means the ability of the organization to retain equal attention to all four dimensions, or perspectives. The dimensions of a typical BSC are financial, customer, internal process and people; however, different ones may be used in an IT BSC. The goal of an IT BSC is to:
- Align IT plans with business needs and objectives.
- Institutionalize only those metrics that are relevant and appropriate for measuring the effectiveness and efficiency of I&T.
- Align all efforts toward achieving only relevant objectives.
- Maintain a balance across all stakeholders’ viewpoints.
ALTHOUGH THE IDEAS OF THE IT BSC HAVE BECOME THE STANDARD, THERE ARE A NUMBER OF APPROACHES TO HOW AN ORGANIZATION MAY STRUCTURE IT BASED ON THEIR NEEDS.
Design of an IT Balanced Scorecard Using COBIT 2019
COBIT 2019 suggests a four-step design process that enables the tailoring of the enterprise governance system for I&T.6 The inputs to this process vary from generally accepted frameworks and regulations to the enterprise’s specific design factors and focus areas.
The outputs of the COBIT design process are:
- Prioritized governance and management objectives
- Guidance on specific components
- Guidance on focus areas that need attention
According to COBIT 2019, certain design factors may shape the enterprise’s governance system, such as the enterprise strategy and goals, the risk profile, the I&T-related issues, the compliance requirements, the role of IT, and the sourcing model. COBIT 2019 being an open framework provides for future factors.
The design factors and focus areas may influence the priority of governance and management objectives. Some of those objectives may become important for the enterprise while others may be ignored. The design process results in specific relative weights that denote the importance of each objective. COBIT’s four-step design process aligns with the design of the IT BSC as illustrated in figure 2.
The most important objectives will be classified under the four IT BSC perspectives as illustrated in figure 3. All the objectives under a specific perspective will formulate the context based on what is important to the enterprise.
The critical success factors (CSFs) are those conditions that ensure the success of processes, projects or IT services if they happen. The achievement of each CSF is measured through key performance indicators (KPIs). Many measures may be used; KPIs are critical. They must be smart and representative of the success of the corresponding objective. In addition, they should be easy to measure in an unambiguous and documented way. To design an effective IT BSC, the relative importance of each objective for the enterprise will be used as the relative weight for the corresponding KPI. If multiple KPIs are identified for each objective, then each KPI will be assigned a relative weight depending on its contribution toward this objective. For each KPI, a target is set. The targets represent the achievement of the corresponding objective. The IT BSC cascade concept is a top-down approach as illustrated in figure 4.
The comparison of the actual measurement to the target provides the result. The relative weight is then multiplied with the result. After being normalized, all these numbers are added and summed up to the high-level indicator (perspective indicator). The perspective indicators are representative of the success of the relevant objectives (figure 5). If the KPI does not meet the target, the result is negative. If it is at the target, the result is zero. If it exceeds the target, the result is a positive number. The aggregated summary number provides us with the overall I&T organization performance. A comparison over the years may assist in identifying positive or negative trends in the achievement of the relevant IT organization’s objectives.
THE IT BSC TRANSFORMS STRATEGY INTO TANGIBLE COMPONENTS, WHICH CAN BE MEASURED AND EVENTUALLY USED TO DEFINE SUCCESS.
The relative weight of each objective reflects management intent, preferences and the environment in which I&T operates. This way, the results in all levels are well-balanced. The IT BSC transforms strategy into tangible components, which can be measured and eventually used to define success. These components may constitute a common language across the organization but may also be shared with customers and vendors. The I&T organization measures only what is important and necessary for aligning to the strategic objectives. This makes IT BSC a powerful management tool.
Multilayered Design
COBIT 2019 is an overarching framework that aligns to standards,7 such as the Information Technology Infrastructure Library (ITIL). It helps identify what the organization should be engaged in to ensure business/IT alignment. ITIL prescribes how this can be done optimally. ITIL considers measuring IT organization and service performance an essential part of its continual service improvement methodology. In its 2011 edition, ITIL embraced the IT BSC as a method to build a measurement framework.8 It suggests a multilayer tree structure. The framework proposes a structure that is broken down around strategic business units (SBUs). The consecutive layers are designed to best fit the needs of the enterprise and can be components of the governance system for the enterprise I&T (figure 6). Relevant alternative designs include:
- Various areas/functions (e.g., business lines, geographical areas, functions/departments)
- Core processes (e.g., incident management, availability/capacity management)
- Information and communication technology (ICT) services. This is especially relevant to organizations that provide ICT services or have business processes that are directly supported by ICT services.
- Infrastructure (e.g., Mainframe, Windows, Linux)
Relevant KPIs are mapped to each perspective at all levels. In a multilayered IT BSC, the KPIs are relevant to the objective, yet within the level context. There is a direct link between the KPIs at different levels (figure 7). Relevant targets are set for each level. Stakeholders at each level align their actions toward achieving the targets of the relevant KPIs. The perspective indicators at each level provide a clear picture of the status both per perspective and as a total. Figure 8 illustrates an example of achieving the management objectives for the reservation system in all four perspectives.
The actual design of a full governance system based on COBIT 2019 may provide guidance on which components are more important for the enterprise. The various layers of the IT BSC tree may be based on those significant components. Some organizations may even break down the IT BSC to the level of teams or IT staff. In this case, it is possible to link the corresponding KPIs to their performance, as also suggested by ITIL.9
The Benefits
The IT BSC is more than an IT performance measurement tool. It is a communication tool where the various stakeholders convey their objectives and targets to the I&T organization. With the IT BSC, the stakeholders’ intent is translated into specific KPIs at all levels. It communicates how management objectives contribute to the success of each perspective. The relative importance of each KPI and its contribution to the achievement of the management objective is clearly and mathematically defined. It provides a clear picture of what exactly is needed to succeed in this perspective. The targets represent the achievement of the relevant objective.
The IT BSC is also a management system that clarifies the management objectives with easy-to- understand, measurable targets. It is a tool for setting targets and measuring achievement against the targets. The identification of challenging but achievable targets defines success in an unambiguous way. It enables binding performance with strategic options and targets. Areas that may need improvement can be traced and acted on.
THE IT BSC CAN ALSO BE USED TO COORDINATE ACTIONS TOWARD ACHIEVING SPECIFIC MEASURABLE TARGETS.
The IT BSC can also be used to coordinate actions toward achieving specific measurable targets, thus aligning to the enterprise’s strategy and stakeholders’ intent. Target setting is performed from management down to the team or individual level (figure 9). The way the KPIs relate from one level to the other supports the alignment of top-down actions. The direction is set at the highest level and cascades all the way to the lowest level. The performance at all levels is measured against those targets that are prioritized. Managers at all levels plan their activities in the set direction. The plans are executed, and their progress is monitored against the same guidelines. Based on those targets, the necessary resources are allocated, and the relevant milestones are established.
Conclusion
The IT BSC is a powerful tool that may be further enhanced to suit today’s needs and take advantage of new developments, such as the COBIT 2019 framework. It constitutes a closed-loop management system where stakeholders may drive the desired results and receive feedback from the I&T organization. All actions are aligned with achieving the set goals, and numerical results provide a clear picture of the status and support identifying improvement areas. Organizations can find their way through hardships of hostile environments equipped with tools to help them understand their position, the direction to be followed and whether they have reached their destination.
Endnotes
1 ISACA®, COBIT® 2019 Framework: Introduction and Methodology, USA, 2018, http://h04.v6pu.com/resources/cobit
2 ISACA®;, COBIT® 2019 Framework:Governance and Management Objectives, USA, 2018, http://h04.v6pu.com/resources/cobit
3 Op cit ISACA, COBIT 2019 Framework: Introduction and Methodology
4 Kaplan, R. S.; D. P. Norton; “The Balanced Scorecard: Measures That Drive Performance,” Harvard Business Review, 1992, http://steinbeis-bi.de/images/artikel/hbr_1992.pdf
5 Van Grembergen, W.; Strategies for Information Technology Governance, Idea Group Publishing, USA, 2004
6 ISACA, COBIT® 2019 Design Guide: Designing an Information and Technology Governance Solution, USA, 2018, http://h04.v6pu.com/resources/cobit
7Op cit ISACA, COBIT® 2019 Framework:Introduction and Methodology
8 Lloyd, V.; D. Wheeldon; ITIL Continual Service Improvement, 2011 Edition, The Stationery Office (TSO), UK, 2011, http://www.kornev-online.net/ITIL/05%20-%20ITIL%20V3%202011%20Continual%20Service%20Improvement%20CSI.pdf
9Ibid.
Ioannis Routsis, CISM, COBIT 5, ITIL Expert, PMI-ACP, PMP, PRINCE2
Is a senior information communications and technology (ICT) consultant with more than 31 years of experience drafting, tailoring, implementing and operating enterprise IT governance processes based on the COBIT® 2019 and Information Technology Infrastructure Library (ITIL) frameworks. Focusing on continual improvement and performance management, the agile enthusiast is an executive of Rhizome IT Consulting. He can be reached at ioannisroutsis@rhizome-it-cons.com.