Skills and competencies: staff who can work in an ambidextrous environment that combines both exploration and  exploitation Processes: a portfolio and innovation process that integrates exploration and exploitation of digital transformation  opportunities 7 .3.4.3 Specific Focus Area Guidance The enterprise will use the following guidance to complement the core COBIT guidance: The small and medium enterprise focus area guidance, because it is tailored for use by smaller organizations  Information security focus area guidance, given the high threat landscape, and the results of the risk analysis and  the current I&T-related issues DevOps, cloud and digital transformation focus area guidance, when and where applicable and available  7 .4 Example 3: High-Profile Government Agency This case study shows the application of the workflow to design a tailored governance system for a high-profile, large government agency that provides healthcare, financial payments, education and other services to constituents needing assistance. Its operations are decentralized, with hospitals, clinics and offices in regions nationwide. Its I&T budget and planning and operations budget are spread among hospitals, financial benefits and other business units, with the IT shop providing infrastructure support, network operations and a security operations center. The agency considers I&T as critical to the success of the organization, and it must comply with laws and regulations, especially healthcare regulations that continue to emerge. It applies a traditional approach to new development and operations, and is hesitant to adopt new technologies. There is a very active audit function and dozens of significant findings exist related to how the agency protects its I&T, especially with respect to security and privacy. As a government agency, it is a major target of hackers and has just experienced a major hack of its entire beneficiary file. Personal Copy of: Mr. Abrar Jameel

119 CHAPTER 7 EXAMPLES 7 .4.1 Step 1: Understand the Enterprise Context and Strategy The first step is to summarize the external and internal context of the agency. Step 1.1: Understand enterprise strategy —The agency’s focus on providing outstanding services to constituents is reflected in figure 7.57 . Figure 7.57—Example 3, Step 1.1: Enterprise Strategy Client Service/Stability Design Factor 1 Enterprise Strategy Importance of Different Strategies (Input) 1 1 1 3 5 0 2 3 4 5 Cost Leadership Innovation/Differentiation Growth/Acquisition Personal Copy of: Mr. Abrar Jameel

COBIT ® 2019 DESIGN GUIDE 120 Step 1.2: Understand enterprise goals —The agency has ranked the 13 generic enterprise goals on a scale from 1 to 5, as depicted in figure 7.58 . The diagram shows that EG02 Managed business risk, EG03 Compliance with external laws and regulations, EG05 Customer-oriented service culture and EG09 Optimization of business process costs are the highest-ranked enterprise goals.