Skills and competencies: staff who can work in an ambidextrous environment that combines both exploration and exploitation Processes: a portfolio and innovation process that integrates exploration and exploitation of digital transformation opportunities 7 .3.4.3 Specific Focus Area Guidance The enterprise will use the following guidance to complement the core COBIT guidance: The small and medium enterprise focus area guidance, because it is tailored for use by smaller organizations Information security focus area guidance, given the high threat landscape, and the results of the risk analysis and the current I&T-related issues DevOps, cloud and digital transformation focus area guidance, when and where applicable and available 7 .4 Example 3: High-Profile Government Agency This case study shows the application of the workflow to design a tailored governance system for a high-profile, large government agency that provides healthcare, financial payments, education and other services to constituents needing assistance. Its operations are decentralized, with hospitals, clinics and offices in regions nationwide. Its I&T budget and planning and operations budget are spread among hospitals, financial benefits and other business units, with the IT shop providing infrastructure support, network operations and a security operations center. The agency considers I&T as critical to the success of the organization, and it must comply with laws and regulations, especially healthcare regulations that continue to emerge. It applies a traditional approach to new development and operations, and is hesitant to adopt new technologies. There is a very active audit function and dozens of significant findings exist related to how the agency protects its I&T, especially with respect to security and privacy. As a government agency, it is a major target of hackers and has just experienced a major hack of its entire beneficiary file. Personal Copy of: Mr. Abrar Jameel
119 CHAPTER 7 EXAMPLES 7 .4.1 Step 1: Understand the Enterprise Context and Strategy The first step is to summarize the external and internal context of the agency. Step 1.1: Understand enterprise strategy —The agency’s focus on providing outstanding services to constituents is reflected in figure 7.57 . Figure 7.57—Example 3, Step 1.1: Enterprise Strategy Client Service/Stability Design Factor 1 Enterprise Strategy Importance of Different Strategies (Input) 1 1 1 3 5 0 2 3 4 5 Cost Leadership Innovation/Differentiation Growth/Acquisition Personal Copy of: Mr. Abrar Jameel
COBIT ® 2019 DESIGN GUIDE 120 Step 1.2: Understand enterprise goals —The agency has ranked the 13 generic enterprise goals on a scale from 1 to 5, as depicted in figure 7.58 . The diagram shows that EG02 Managed business risk, EG03 Compliance with external laws and regulations, EG05 Customer-oriented service culture and EG09 Optimization of business process costs are the highest-ranked enterprise goals.
You've reached the end of your free preview.
Want to read all 150 pages?
- Fall '19
- Management, Information technology governance, Governance System