COBIT® 5 Overview of Enabler 1 Tutorial

Overview of COBIT® 5 Enablers: Enabler 1

Welcome to tutorial 3 of the COBIT® 5 Foundation Certification Course. In this lesson, we will focus on the key aspects of the seven enablers described in the COBIT® 5 framework, and specifically discuss the enabler 1. 
Let us begin with the objectives of this lesson.

Objectives

By the end of this COBIT® 5 Enablers tutorial, you will be able to: 

  • Identify the seven enablers of COBIT® 5 

  • Explain enabler 1 of COBIT® 5 

  • Differentiate between principles and policies 

  • Describe the characteristics of a good policy 

Let us move on to the next section to discuss the COBIT® 5 enterprise enablers.

COBIT® 5 Enterprise Enablers

COBIT® 5 enablers are defined as factors that, individually and collectively, influence the success of an initiative and are driven by the goals cascade. The image shown below depicts the seven enablers of COBIT® 5. 

From the image, we can list the seven enablers of COBIT 5. These are as follows:

  • Principles, Policies, and Frameworks

  • Processes

  • Organizational Structures 

  • Culture, Ethics, and Behavior 

  • Information

  • Services, Infrastructure, and Applications

  • People, Skills, and Competencies 

In next section, let us proceed to have a quick recap of principle 4 that is ‘enabling a holistic approach.’

Preparing for COBIT 5 Certification? Take this test to know where you stand!

Recap of Principle 4—Enabling a Holistic Approach

As we have discussed in principle 4, all enablers have a set of common dimensions that: provide a common, simple and structured way to deal with the enablers, allow an entity to manage its complex interactions, and facilitate successful outcomes. 

In the next section, let us understand the ‘enabling a holistic approach’ principle with the help of an example.

Enabling a Holistic Approach Principle—Problem Statement

The top management of Nutri Worldwide Inc., a food processing company, has decided to diversify their business activities and sell kitchen products. They invested in a larger plant, new warehouse, bigger office and additional retail areas.

Their focus shifted from the day-to-day operations to a high- intensity, nation-wide marketing campaign. The day-to-day operations were left to the numerous staff trained for this purpose. 

However, within a short time, sales fell drastically and continued to fall in the subsequent months. Expenses had rocketed owing to the amount spent on marketing. 

In their attempt to diversify, the company lost focus of their primary product and began to face an identity crisis. Employee morale was at an all-time low, and the company struggled to be in business. 
What should the organization have done to sustain their success and growth? 

Solution

The organization should have asked the four questions of the ‘enabling a holistic approach’ principle on a regular basis. The four questions are as follows: 

  • Are stakeholders’ needs addressed? 

  • Are enabler goals achieved? 

  • Is the enabler lifecycle managed? 

  • Are good practices applied? 

The following would be the answer to the questions:

  •   Are stakeholder needs addressed?

- ​​​​The organization has succeeded with one product and immediately decided to diversify. They failed to check if there was a need or demand for another product. The organization was more likely to achieve their revenue targets by focusing on the customers’ needs.

  • Are enabler goals achieved?

- The enabler goal of ‘people, skills, and competencies’ have not been met, as evident from the declining sales. The organization failed to achieve optimum utilization of resources due to the huge storage-related expenses and inexperienced staffs.

  • Is the enabler lifecycle managed?

- The lifecycle activities, namely, plan, design, build, operate, monitor and update were not managed as the stakeholders were not identified. The change of focus from the day-to-day operations led to the mismanagement and inappropriate monitoring of the activities.

  • Are good practices applied?

- It is necessary to assess if the organization has applied good practices, especially to the ‘people, skills and competencies’ enabler. It should also ensure the inclusion of the answers to the questions regarding the hiring of the skilled and competent people who can contribute to the growth and appropriate utilization of their skills and competencies.

In the next section, let us focus on the first enabler of COBIT® 5 that is ‘principles, policies, and frameworks.’


Enabler 1—Principles, Policies, and Frameworks

The image shown below depicts the first enabler of COBIT® 5:
Enabler 1
The purpose of the principles, policies, and frameworks enabler is to convey the governing body’s and management’s direction and instructions. They are instruments to communicate the rules of the enterprise and to support the governance objectives and enterprise values as defined by the board and executive management. 
In the next section, we will look into the differences between principles and policies.

Principles vs. Policies

The following are a few basic differences between principle and policies. 

Principles

Policies

Principles serve as the basis or foundation for the system of behavior an organization will put in place and follow as part of its growth, vision, and mission.
Principles should be:

  • limited in number.

  • in simple language so that the core values of the enterprise are expressed in a simple and clear manner.

Policies have a mechanism or framework in place where they can be effectively managed, and the users are aware of it.
Policies should be:

  • detailed and provide guidance on how to put principles in practice.

  • comprehensive and cover all the required areas.

  • open and flexible allowing for easy adaptation and change.

  • current and up to date.

  • In the next section, we will look into the characteristics of a good policy.

Planning for a career in COBIT® 5? Click here to get certified in COBIT 5

What are the characteristics of a Good Policy?

The characteristics of a good policy are as follows:

  • Effective and Efficient
    - A good policy should enable efficient implementation and also achieve its purpose thereby making it effective. 

  • Non-intrusive
    - A good policy should be logical to those who comply with it. When writing policies, the enterprise should avoid the creation of unnecessary resistance. 

  • Manageable and Available 
    - A good policy should have a framework for effective management and to provide easy access to information. 

  • Comprehensive 
    - A good policy should cover all the necessary areas. 

  • Open and Flexible 
    - A good policy should allow for easy adaptation and change. 

  • Current 
    - A good policy should be up to date and relevant to the current needs of the organization. While creating or writing policies, enterprises should avoid the creation of unnecessary resistance.

In the next section, we will discuss the requirements for good practice.

Good Practice Requirements

The good practice requirements for policies and frameworks include: 

  • their scope

  • the consequences of failing to comply with the policy 

  • the means of handling exceptions and 

  • the procedures to monitor policies 

In the next section, we will understand the relationship between principles, policies, and frameworks and other enablers.

Relationship Between the First Enabler and Others

The links and relationships between ‘principles, policies, and frameworks’ and other enablers are as follows. 

  • principles, policies, and frameworks reflect the cultures, ethics, and values of the enterprise.

  • Processes are the most important vehicle for executing the policies. 

  • Organizational structures can define and implement policies. 

  • Policies are part of the information in the organization. 

In the next section, let us understand the ‘principles, policies, and framework’ enabler with the help of an example.

Principles, Policies, and Frameworks—Problem Statement

An online service to help business owners monitored their financial services. They ran into trouble when the emails and Facebook accounts of the board members were hacked. The hackers also sent defamatory emails about the company using the contacts list of all the hacked accounts. 
It soon emerged that a former disgruntled employee of the organization had faked his identity and created multiple backdoor entrances to the company's software, paving the way for cyber-attacks in the future.

What could have prevented these malicious attacks and saved the company? 

Solution

One of the ways in which the organization could have prevented the attacks was by having appropriate principles, policies, and frameworks in place to check unauthorized access to their software or systems. Some of these measures include: 

  • Policies and a framework for conducting background checks on employees before they joined the organization

  • An IT framework with firewalls and associated policies preventing external access to the organization’s mail, intranet and software applications.

Looking for more information on the COBIT® 5 Enablers? Watch our Course Preview!

Summary

Let us summarise what we have learned in this tutorial:

  • The COBIT® 5 enablers are: 

- principles, policies, and frameworks 

- processes 

- organizational structures 

- culture, ethics, and behavior 

- information 

- services, infrastructure, and applications and 

- people, skills, and competencies.

  • The principles, policies, and frameworks are instruments that communicate the rules of the enterprise. 

  • The principles serve as the basis or foundation for the system of behavior an organization will put in place, whereas the policies have an established mechanism where they can be effectively managed. 

  • A good policy should be effective and efficient, non-intrusive, manageable, comprehensive, open and flexible as well as current. 

 In the following lesson, we will learn about Enabler 2 of COBIT® 5.

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Name*
Email*
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Email*
Phone Number*
Company*
Job Title*