3. Introduction
• From COBIT 5 to COBIT 2019
• Generic
• Provide guidance
• Apply to enterprises of all sizes
3
4. Introduction
• COBIT 2019
• Design Factors
• Goals Cascade
• The COBIT 5 Mechanism
• One of the Design Factors
4
5. Research Question
• Addition or removal of Design Factors
• Design Factor has its own set of evaluation parameters that are
impossible to be modified, added or deleted
• With the absence of customisation possibilities, this process
cannot be adapted to the particular context of an organisation or
improved based on the experiences and knowledge of expert
• There is a lack of theoretical evidence that supports COBIT2019
method
5
6. Theoretical Background
• Contingency Factors:
• Factors that, depending on organizations context, may influence the EGIT
implementation. (Pereira & Mira da Silva, 2012)
• These factors are called EGIT contingency factors
6
7. Theoretical Background
7
Authors Identified Factors
(Pereira and Mira da Silva 2012) • Culture
• Structure
• Size
• Industry
• Regional Differences
• Maturity
• Strategy
• Ethical
• Trust
(Weil and Ross 2004) • Strategic and performance goals
• Structure
• Governance experience
• Size and Diversity
• Industry and Regional differences
(Sambamurthy and Zmud 1999) • Overall Governance mode
• Firm size
• Diversification mode
• Diversification breadth
• Exploitation strategy for scope
economies
• Line IT knowledge
8. Theoretical Background
• Multi-Criteria Decision Making (MCDM)
• Methods that support decision making in the presence of multiple criteria
factors
• Can be applied into diverse real-world decisions.
8
9. Theoretical Background
• Analytic Hierarchy Process (AHP)
• Method for ranking decisions alternatives and selecting the best one
• Works with multiple criteria
• One of the most recognized methods in the literature (Velasquez & Hester,
2013)
• Consistency Ratio
9
10. Proposal
• Universality: The method should be applicable to all Design Factors.
• Customisable Criteria: The method should allow the organisation to
determine the weight of each of the criteria.
• Flexibility: The method should allow the addition or removal of
criteria as intended by the organisation.
• Automatic: Part of the process should be completely automated. The
level of automation should be similar to that presented by the COBIT
2019 Toolkit.
10
19. Conclusion
• Achievements
• Management Objectives are
prioritised
• Flexible
• Universal
• Customisable
• Automatic
• Limitations
• More empirical work
• Human subjectivity
• Greater geographical diversification
• Lack of scientific studies
19
20. A Flexible Method for COBIT
2019 Process Selection
André Fernandes, Rafael Almeida, Miguel
Mira da Silva
Editor's Notes
Hello,
Welcome to the presentation of our paper “A Flexible Method for COBIT 2019 Process Selection”
The presentation will follow this Agenda.
In 2018 COBIT 5 was updated to COBIT 2019
However, COBIT 2019, is still a generic framework that provides guidance to organizations of all sizes.
One of the big differences between COBIT 5 and COBIT 2019 was the introduction of Design Factors.
This changed the paradigm of COBIT process selection. Before, the Goals Cascade was the method to select the processes, now it is only one of the eleven different criteria to select the processes.
When analysing this new way of selecting and prioritizing processes, we found out that this method doesn’t allow the addition or removal of Design Factors
The DF has its own fix set of criteria that are impossible to be changed.
This lack of customisation doesn’t allow the adaption to specific organization contexts
When reading the COBIT manual we didn’t found any evidence or explanation that supports the method.
In the Theoretical Background we will explore some concepts necessary to understand our propose method.
In the Literature we can find the concept of Contingency factors, that are defined as Factors that, depending on organizations context, may influence the EGIT implementation.
Since the contingency factors share a similar definition with the Design Factors of COBIT 2019, we can consider that they are based on the same principles.
On the left table we can observe that multiple authors consider different sets of Factors that can influence the implementation of EGIT. However, in COBIT 2019 we are presented with a fixed and rigid set of Design Factors, which can compromise the EGIT implementation.
In our research, we noticed that MCDM is suitable to solve this problem. MCDM are methods that support decision making considering multiple criteria. After analysing multiple MCDM algorithms, we concluded that AHP is the most suitable for this task.
AHP is one of the most used MCDM algorithms and allows us to rank multiple alternatives considering multiple criteria.
We propose a method that satisfies the following criteria.
Universality:
Customisable Criteria:
Flexibility:
Automatic:
These four criteria solves the problems of the existing COBIT 2019 method.
We create a prototype of this method in DF2 and now I’m going to explain how the AHP was setup in this specific DF.
To apply the AHP in this problem we need to define what the criteria, sub-criteria and alternatives will be.
The criteria are the different EGs
The sub-criteria are the Ags
And the alternatives are the MO, the processes that we want to select and prioritize.
Now that we have the structure of AHP represented in the COBIT 2019 we need to establish the Saaty scale necessary to evaluate the criteria, sub-criteria and alternatives.
We propose the following scale to perfom this evaluation. The table is read as follows, for example:
If an EG has a Primary relationship with the first AG and a Secondary relationship with the second AG, then we evaluate the First AG with 3 and the Second with 1/3.
In this figure we can see the all process of DF2.
As we all can notice, the changes to the normal procedure are minimal. In the same way as the tool provided by COBIT 2019, the only interaction that the user needs to have is to evaluate the different EGs.
Now we are going to demonstrate the method in detail.
Lets consider the example where the user chooses the EG03 and EG11.
Next, the user needs to evaluate them. Let’s say that both are equally important.
From now on, the method will run by itself.
The first step is to cascade to the AGs, as we can see in the Picture.
In this step only AGs with a Primary relationship with the chosen EGs are selected.
Next, the evaluation. In the left table both AGs have a Primary relationship with the EG03 so they are equally important
In the right table, the AG01 has a Secondary relation and AG11 has a Primary, so AG11 is evaluated with a 3 .
The method will apply the same rational to the Mos and then the result will be computed
This table shows the result of this example.
To evaluate our method multiple IT managers and COBIT specialists were invited for an interview, whom we categorized into 5 different cattegories according to their level of expertise.
In the second interview, we filter out the candidates that are categorized as lower than 3.
We conducted a semi structured interview where the experts perform a manual evaluation on a fictional scenario they created. Then they compared the result of their judgements anonymously with the result from our method and the COBIT 2019 method.
In the end, 4 out of 5 experts preferred the result of our method.
In conclusion our achievements can be summarized as follows:
We proposed a method that is able to prioristed management objectives while being flexible universal customisable and automatic
There are also some limitations in our research, for example More empirical work Human subjectivity Greater geographical diversification Lack of scientific studies