Utilizing COBIT 2019 methodology and design principles to adapt the digital it operating model to the ‘new normal’
The world as we knew it has changed. Adapting to what’s universally referred to as the ‘new normal’ is a key challenge for enterprises that want to remain successful. One aspect of this is the ability to respond to changing market requirements. These include the pandemic-induced increase in remote working as a new cornerstone of our professional lives, a surge to digitization and automation, as well as the rethink of current production and supply chains, with nearshoring on top of the agenda.
During the pandemic, technology’s role at the heart of transformation has cemented itself, “driving new ways of interaction, sharing, engaging and decision making”. We can see this reflected in the research results shown in Figure 1. Organizations now have an imperative to make business and IT-related collaboration a priority to innovate at speed and scale, while respecting privacy and security standards with the right technology portfolio. This is where the new normal needs to be applied. This is what we focus on within our Inventive IT service offering.
In this article, we look at the need for adapting existing Digital IT Operating Models (ITOMs) to the new normal, explain how we apply the proven COBIT 2019 governance model to ensure resilience within our Digital ITOM, and reveal a set of prioritized IT processes based on a survey of new Digital ITOM requirements.
Capgemini Invent’s Future of Technology capability unit argues that “a future-proof IT can respond to changing market requirements by focusing on business relevant solutions, hence leveraging product centricity, driven by scalable and agile capability groups”. Within our Inventive IT approach, we propose that to be truly successful CIOs must drive both technological and operating model transformation. In this article we focus on the latter. A new IT Operating Model needs to be a bridge between business and IT. This aims to ensure that the business recognizes and embraces technology at the core of its strategy and, in turn, that technology can drive the tempo of the next business model evolution. Thus, ITOMs need to adapt quickly to ensure the business can turn market changes into an opportunity to achieve competitive advantage.
Prior to COVID-19, traditional IT Operating Models had already been identified as falling short in the digital age. It was suggested that they were negatively impacting international economies by working both in silos and partially independent from the business. Even today, along with the emergence of cloud computing, IT is becoming faster and adopting lean and agile methods, but only partially focuses on product-centricity, while legacy silos remain intact. Becoming truly digital and realizing the full potential of digitization in most organizations remains more of a strategic objective than being applied. Tackling unforeseen and disruptive events, such as a pandemic, requires a digitized, capability-based IT Operating Model. It needs to ensure scalability, flexibility to ramp-up or ramp-down resource pools, and product-centricity to react quickly to changing business demand. While the need for “becoming digital” was already present, the acceleration of these trends, resulting in the need to rapidly transform to a digitized organization, was triggered by COVID-19.
There are four emerging business trends driving this accelerated push to digital :
- Diversity of digital business opportunities
- Personalization of products and services
- Increasing velocity of business change
- Inevitability of pervasive technology
While an increase in spread and acceptance of remote working can be observed, nearly half (45.7%) of all companies are perceived to possess neither the required maturity in the use of information technology nor the ability to innovate and adapt in a pragmatic, agile and timely manner. In addition to the four trends noted above, several more requirements can be added to the list for a Digital IT Operating model fit for the new normal:
- Ability to enable remote working in a timely manner
- Reorganization of supply chains, shoring and sourcing concepts
- Increasing the scope and effectiveness of business continuity and cyber security measures
For a definition and further information on the ‘new normal’ please refer to the corresponding research note published by the Capgemini Research Institute.
Consolidating the above, two aspects determine the requirements for a pandemic-resilient Digital IT Operating Model: First, the outlined requirements for successful enterprises in a post-COVID-19 environment, including the cascading of pandemic-induced impacts, along with information technology-related goals. Second, the emerging business trends constituting the need for the digitalization of IT Operating Models. The combination and extension of both set the determining factors for adaptation to the ‘new normal’.
Capgemini Invent experts rely on COBIT 2019 to review and re-design IT Operating Models, to leverage value creation, flexibility, competitiveness and, most-importantly considering a pandemic, resilience.
What is COBIT 2019?
COBIT 2019 is a widely accepted best practice framework for the governance of information and technology (I&T). It is based on its predecessor COBIT 5 and aligned to many related standards and frameworks, such as ITIL, CMMI, TOGAF or open innovation-based community contributions. As the authoring instance, the Information Systems Audit & Control Association states, “that the analysis of related standards and COBIT’s alignment to them underly COBIT’s established position of being the umbrella I&T governance framework”.
At its core, COBIT 2019 provides a comprehensive reference framework and methodology for building an IT governance system, driving benefits realization from IT investments, risk optimization and resource utilization efficiency. These goals are considered the drivers of value creation by IT – the essence of, and rationale behind, IT governance.
The COBIT Core Model is structured across different layers, domains and dimensions describing all required components for the governance (“set direction”) and management (“plan, build, run and improve”) of IT. As a key component, the framework defines a total of 40 processes and corresponding governance/management goals (see Figure 2). The framework includes a multitude of comprehensively described components, such as organizational structures, information flows and behaviors. All these elements work together in a systemic way. In the remainder of this article, we focus on the process component of the Core Model.
Note: The authors of this article comply with the approach of defining and using the terms “IT Operating Model” and “IT governance system” synonymously.
As a new addition, COBIT 2019 introduces a methodology for designing and customizing IT governance systems. The methodology is based around 11+ design factors (see Figure 3) – which determine the specification of the IT Operating Model – a comprehensive design guide, and a guided COBIT 2019 Design Toolkit to assist in the exercise. The idea behind introducing this fundamental addition was to foster the ability to adapt, simplify implementation/customization, and enable faster as well as more measurable results and benefits when using the framework.
The Core Model commits to its manifest of being flexible, customizable, and up to date with the latest insights and evolutions. In practice, for example, rigid guidelines for industry specifics are substituted by the combination of expressive but generic design factors that capture key characteristics of an industry sector(see Table 1)
Translating business requirements into it strategy with COBIT 2019
The ability to translate market or business requirements into an actionable digitalization or IT strategy is the difference between enterprises leading, following, or trailing their industry in the digital age. At this juncture, where value and competitive advantage are created, COBIT 2019 provides practicable advice and stability.
Following the COBIT 2019 methodology, as schematically illustrated in Figure 4, results in an IT Operating Model that considers an enterprise’s specificities and individual…
- IT governance priorities and management objectives
- Guidance on focus areas, relevant to an enterprise (e.g. regulatory, data privacy, cybersecurity, automation/RPA, cloud computing, DevOps, pandemic resilience)
- Guidance on target capabilities and performance management
To further tailor the Digital IT Operating Model, ISACA provides a Design Toolkit, which helps to identify key design principles for the organization design activities.
The result of applying the COBIT 2019 Design Toolkit is a set of custom prioritized processes, including a recommended maturity degree of processes, as the core of an IT Operating Model, serviceable for an enterprise’s specific situation and environment.
As shown in Figure 5, the COBIT 2019 methodology, based on its four key publications and corresponding toolkit, comprises a four-step approach for defining a tailored IT governance system.
In the first step, an initial understanding of an enterprise’s environment is achieved. In the second step, the initial scope of the IT Operating Model is defined and tailored; the initial scope considers mainly the enterprise strategy and goals, as well as IT-related risks and issues.
Subsequently, in the third step, a refinement of the IT Operating Model is undertaken, considering remaining Design Factors. Resolving inherent priority conflicts concludes the approach of tailoring the IT Operating Model as the fourth and final step.
At Capgemini Invent, we bring together and leverage our extensive experience in digitalization, IT strategy, IT-operating model & organization design, and information technology, as well as profound industry expertise, to guide clients through the methodology. This ensures they obtain optimal results for an individualized and resilient Digital IT Operating Model.
What does a pandemic-resilient and digital ITOM need?
Based on the requirements for a Digital IT Operating Model fit for the new normal, our team of experts conducted an assessment to translate the requirements into an archetypal digital IT strategy. To ensure a representative use case, the baseline for the assessment was chosen with regard to key characteristics of multiple industries (See table 1) that have significantly, and most severely, been impacted by the COVID-19 crisis.
We applied and strictly followed the COBIT 2019 methodology for tailoring an IT Operating Model. The assessment resulted in a set of prioritized IT processes (supporting implementation/increased maturity of the ITOM) reflecting the new normal requirements.
Out of 40 Core Model IT processes, 16 processes (see Table 2) achieved a coefficient value above 0.500 (median value). This means that their prioritization in terms of implementation/increased maturity can be considered significant in the context of a digitally fit, pandemic resilient, new normal IT Operating Model.
Detailed analysis of the results reinforces the initial insight: The impact of a pandemic in the digital age, such as COVID-19, increases to the highest level the importance of IT management activities in the areas of (strategic) planning and building of solutions (see Figure 6).
Further analysis of the group of significant processes allows core assumptions to be made based on the consolidation of multiple processes and requirements/goals of a new normal Digital ITOM. Thus, a corresponding tailored system will enable enterprises to:
- Strategically manage benefits delivery by IT investments and risk optimization to support an organization’s rapidly changing environment and respective strategy
- Rapidly identify and implement IT innovations supported by an agile and mature enterprise architecture, as well as strong organizational change enablement
- Adequately support employees’ needs and manage relationships when adapting to unforeseen and unprecedented situations
- Ensure business continuity based on the right availability and capacity of resources, reducing the dependency on external suppliers thanks to the Digital ITOM.
Reflecting on the initial requirements mentioned at the beginning of this article, a certain degree of correlation between the core assumptions can be observed and verified: For example, the use cases of integrating the novel and innovative (but unfamiliar) videoconferencing technologies, the need for flexible scalability of resources due to changing or even reduced business demand, or the introduction of VPN for remote working ability into an enterprise’s portfolio of supported IT services – often referenced as a paragon for COVID-19 induced changes – can be ascribed to all four core assumptions.
In conclusion, we strongly urge enterprises, regardless of industry, size or any other factor and focus areas, to prioritize the implementation or maturity improvement of their IT Operating Model’s processes. We are in no doubt that the baseline for adapting to the new normal should be an independently tailored Digital IT Operating Model. This is the approach taken by Capgemini Invent as we tailor and/or design our clients’ operating models to their individual needs, in line with COBIT-based elements, to ensure resilience.
Only by applying best practices, combined with the right expertise, can enterprises use a crisis as an accelerator and come out stronger as a leader.
Let’s discuss what’s next
A Digital IT Operating Model that is considered both fit for the digital age and pandemic resilient is essential for enabling future business models, satisfying rapidly evolving business demands, and addressing unprecedented global (economic) volatilities – such as the COVID-19 pandemic. At Capgemini Invent, we work with enterprises to apply the appropriate organization design and required IT-capabilities to make this happen.
Get in touch to find out how Capgemini Invent can help you addresses these ITOM challenges and add value to your business with a Digital IT Operating Model fit for the new normal.
 Hegger, T. et al., Capgemini Invent, 2020: “Automotive Aftersales – wird die Krise zum Supertreibstoff für Innovation?“
 Crummenerl, C. et al., Capgemini Research Institute, 2020: “Research Note: Fast-Forward to the Future Defining and winning the Post-COVID New Normal”
 Haffner, A. et al., Capgemini Invent, 2019: “Digital IT Operating Model”
 Suhr, F., Statista, 2020: “Deutschland geht ins Home-Office”
 gfs.bern, 2020: “Was ist Ihrer Meinung nach für die Zukunft im Homeoffice wichtig?“
 gfs.bern, 2020: “An wie vielen Tagen pro Woche haben Sie sich in den letzten Wochen zu Ihrem Arbeits-/Ausbildungsort begeben?“
 ISACA, 2018: “COBIT 2019 Design Guide”
Bartens, Y. et al., IEEE, 2015: “On the Way to a Minimum Baseline in IT Governance: Using Expert Views for Selective Implementation of COBIT 5”
Haffner, A. et al., Capgemini Invent, 2020: “Digital IT Operating Model”
Alleau, B., Capgemini Invent, 2020: “Technology, the enabler to achieve business continuity and growth” [https://www.capgemini.com/service/invent/future-of-technology/]