Step 1: Identify Stakeholder Needs
The implementation of an appropriate business continuity strategy supported by relevant policies and procedures ensure minimum business disruption by ensuring maximum flexibility of business operations.
Step 2: Identify Enterprise Goals and Alignment Goals
According to stakeholder needs, Organisational Goals and relevant alignment goals must be identified. In COBIT® 2019 Framework: Governance and Management Objectives, it guides organisation by helping with mapping Organisation Goals to Alignment Goals. This can be use as reference to identify the relevant alignment goals.
Step 3: Identify the Governance and Management Objectives
By using the COBIT 2019 framework guide, organisation be able to select the relevant governance and management objectives. From the template, organisation would be able to have an overview of the primary governance and objectives that applicable. With the overview, organisation may decide based on priority with either implement or improve processes that relating to managed continuity.
Step 4: Select and Customize Goals and Metrics for Enterprise and Alignment Goals
From COBIT core model, sample list of goals and metrics is listed to assist organisation in getting started. Organisation may select the most relevant goals and metrics from the ready list. The goals and metrics also can be tailored and integrated as is or can be used as Key Goal Indicators (KGIs), Key Performance Indicators (KPIs) or Key Risk Indicators (KRIs) or areas as described by organisation’s reporting and monitoring system.
Step 5: Select and Customize the Components of the Governance and Management
In COBIT® 2019 Framework: Introduction and Methodology, the COBIT governance and management components giving guidance and best practices for each component which allows organisation to select and tailor as required. The organisation may select any or all the governance and management practices relevant to its circumstances and tailor each practice further if required. You may also decide to whether to use it as practice level or activities level.
Step 6: Prepare Customized COBIT Contents and Integrate Them into Enterprise Practices
The relevant components that extracted from COBIT could be tailor further by adding guidance from appropriate regulations that applicable. It should be then be interpreted and reorganized in detailed policies and procedures, standards and guideline that are integrated towards proper documentation for organisation. Furthermore, relevant KGIs and KPIs would be required for each of the KGAs in order to monitor and measure the performance of the established standards. Next would be job responsibilities are then required to be updated and selected staff would need to be trained to perform based on the updated standards and procedures, consequently integrating the COBIT 2019 content into the day-to-day work of the business operations.
Step 7: Implement Performance and Monitoring Measures to Confirm Results and Take Remedial Action
The governing body should be informed with the changes required and benefits of the changes. To implement new approach, approval must be granted and it should be based on criticality, deliverables and milestones. Necessary budget and implementing changes within the organisation also required approval and decision based on relevant performance measurement metrics for all KGAs operation by using relevant KGIs and KPIs. These should be reported and monitored on regular basis to ensure compliance and value delivery.
COBIT 2019 provide rich source of guidance that can be used for implementation that not only on controls but also a governance system. The key differentiator of a governance system is the involvement of top management in leading and controlling the use of business IT to achieve objectives using appropriate decision-making mechanism as a guidance that is equip with responsible and accountable matrix with a monitoring system. COBIT 2019 content can be identified and selected as required using the mapping tables of business goals, alignment goals, and governance and management objectives, and how content from each of the 7 components of the governance and management system can be identified, selected and customized to address business needs.