Post on 08-Feb-2020
Typical Pain Points
• Frustration between different IT entities across the organization becauseof a perception of low contribution to business value
• Frustration between business departments (i.e., the IT customer) and theIT department because of failed initiatives or a perception of lowcontribution to business value
• Significant I&T-related incidents, such as data loss, security breaches,project failure, application errors,linked to IT
• Service delivery problems by the IT outsourcer(s)
• Failure to meet IT-related regulatory or contractual requirement
• Regular audit findings or other assessment reports about poor ITperformance or reported IT quality or service problems
• Substantial hidden and rogue IT spending
• Duplications between various initiatives, or other forms of wasted resources
• Insufficient IT resources, staff with inadequate skills and staff burnout/dissatisfaction
• IT-enabled changes or projects frequently failing to meet business needs and deliveredlate or over budget
• Multiple and complex IT assurance efforts
• Reluctance of board members, executives or senior management to engage with IT, orlack of committed business sponsors for IT
• Complex IT operating model and/or unclear decision mechanisms for IT-relateddecisions
• Excessively high cost of IT
• Obstructed or failed implementation of new initiatives or innovations caused by thecurrent IT architecture and systems
• High level of end-user computing, creating (among other issues) a lack ofoversight and quality control over the applications that are beingdeveloped and put in operation
• Business departments implementing their own information solutions withlittle or no involvement of the enterprise IT department
• Ignorance of and/or noncompliance with security and privacy regulations
• Inability to exploit new technologies or innovate using I&T
• Regular issues with data quality and integration of data across varioussources
• Gap between business and technical knowledge
Trigger events
• Merger, acquisition or divestiture
• Shifts in the market, economy or competitive position
• Changes in business operating model or sourcing arrangements
• New regulatory or compliance requirements
• Significant technology change or paradigm shifts
• Enterprise wide governance focus or project
• External audit or consultant assessments
• New business strategy or priority
• Desire to significantly improve the value gained from I&T
Focus Areas
• Examples of focus areas include small and medium enterprises,cybersecurity, digital transformation, cloud computing, privacy, andDevOps
• A number of focus area content guides are in preparation, and the setwill continue to evolve. For the latest information on currentlyavailable and pending publications and other content, please visitwww.isaca.org/cobit.
Factor 11 Enterprise Size
13
26 At the time of publication of the COBIT® 2019 Design Guide: Designing an Information
and Technology Governance Solution, the small and medium
enterprise focus area content was in development and not yet released.