Overview of COBIT® 5 Principle 1 Tutorial

Welcome to lesson 2 of the COBIT® 5 Foundation Certification Course. In this lesson, we will focus on an overview of the COBIT® 5 principles and discuss principle 1 in details. Let us begin with the objectives of this lesson.

Objectives

By the end of this lesson, you will be able to:

  • Discuss the key principles of COBIT® 5 

  • Explain the steps involved in the goals cascade mechanism 

  • Identify the Balanced Scorecard dimensions 

Let us move on to the next section to discuss the principles of COBIT® 5.

COBIT® 5 Principles

Following image shows the five principles of COBIT® 5:
Five Principles of COBIT 5
The Principles can be listed as follows:

  • The first principle is meeting the stakeholders’ needs. This principle is about identifying the key stakeholders, their needs and how value is created for enterprises by addressing those needs through the cascading of goals. 

  • The second principle is covering the enterprise end-to-end. This principle is about covering all the functions and processes wherever information is processed in the enterprise. 

  • The third principle is applying a single integrated framework. This principle is about having a single and integrated framework that consists of the various established frameworks and standards required for the governance and management of enterprise IT. 

  • The fourth principle is enabling a holistic approach. This principle is about using a set of enablers for an all-inclusive or holistic approach to support the governance and management of enterprise IT. 

  • The fifth principle is separating governance from management. This principle is about differentiating between the governance and management roles, activities and responsibilities.

These principles are explained in detail in the forthcoming sections. Let us discuss the first principle that is, meeting stakeholder needs.

Principle 1—Meeting Stakeholder Needs

Enterprises exist to create value for their stakeholders.
Principle 1: Meeting Stakeholder Needs
The main objective of the governance is value creation through benefits realization, risk optimization, and resource optimization. Let us understand some of the key terms mentioned here.

  • Value creation: It refers to the realization of benefits for any product, service or process at an optimal resource cost while optimizing risk. 

  • Stakeholders: Stakeholders are entities such as individuals, institutions or groups that are associated with the enterprise. For example, customers who are paying for the services bought or used from the enterprise, investors who are funding the enterprise, shareholders of the enterprise, and employees of the enterprise. 

  • Importance of meeting the stakeholder’s needs: Fulfilling the needs of the stakeholders leads to the growth of the enterprise, building of the enterprise’s reputation, increase in the demand for the products or services provided by the enterprise and increase in the enterprise share and brand values. 

  • Stakeholder needs analysis: This involves two parts to identify all possible stakeholders and their needs. It is important to know who the stakeholders are. From an enterprise perspective, all of them who are associated with the enterprise have to be identified because missing out on stakeholders can have adverse effects on the enterprise.

By doing appropriate stakeholder needs analysis, the needs are fulfilled to the satisfaction of the stakeholders, in a timely manner. For example, if the customers are ignored and appropriate services are not provided, the enterprise is likely to lose out on business. Likewise, if investors are ignored, funding may cease and can lead to the downfall of the enterprise. 

After identifying stakeholders, their needs should be clearly identified, which means that the ‘needs’ have to be differentiated from the ‘wants’.
Now let us differentiate between needs and wants. 
Needs: They are the essential components to which the stakeholders are contributing, such as, paying for service, investing for growth, and contributing skills, time and effort to aid the organization.  
Wants: They are similar to fringe benefits or desires that may not always be fulfilled. For example, customers requesting a free product with the original product they have bought.

In the next section, we shall look into the governance aspect of meeting stakeholder needs.

What are you waiting for? Interested in taking up a COBIT® 5 Course? Check out our Course Preview!

Meeting Stakeholder Needs—Governance

Governance refers to the act or the manner of governing.

  • It means controlling the laid-out rules or policies for entities namely, organizations, state, country or people.

  • It may also include influencing or regulating rules, policies or course of events.

  • Governance is about negotiating, deciding amongst different stakeholders’ value interests, and considering all stakeholders when making benefit, resource, and risk assessment decisions.

  • For each decision, the following questions are asked: 

  1. For whom are the benefits meant or who are the beneficiaries?

  2. Who bears the risk or who takes accountability of the risks involved? 

  3. What resources are required to ensure that the requirements are met seamlessly?

 In the next section, we will focus on external stakeholders.

External Stakeholders

The external stakeholders consist of:

  • business partners,

  • suppliers,

  • shareholders,

  • regulators or government,

  • external users,

  • Customers,

  • standardization organizations,

  • external auditors, and

  • consultants.

The key needs of the external stakeholders are to verify whether:

  • the business partners’ operations are secure and reliable,

  • the organization is compliant with applicable rules and regulations and

  • the enterprise maintains an effective system of internal control. 

We will focus on internal stakeholders in the following section.

Internal Stakeholders

The internal stakeholders consist of:

  • board,

  • management,

  • business executives,

  • business process owners,

  • business managers,

  • security managers,

  • risk managers,

  • IT managers, and

  • staff.

The needs of the internal stakeholders are primarily to identify how to: 

  • create value from the use of IT (read as I-T); 

  • manage the IT performance; 

  • exploit a new technology for new strategic opportunities in the best possible way; 

  • check whether the organization is compliant with all the applicable laws and regulations; 

  • check if the IT operation is efficient and resilient; 

  • check if the information is adequately and appropriately secured; 

  • measure how critical the IT is to sustain the enterprise and move forward in the absence of IT. 

Let us move on to the next section to discuss COBIT® 5 goals cascade.

COBIT® 5 Goals Cascade

The COBIT® 5 goals cascade allows the definition of priorities for implementation, improvement, and assurance of enterprise governance of IT. Let us discuss the activities of the goals cascade. 

  • It defines the relevant and tangible goals and objectives at the various levels of responsibility.

  • It filters the knowledge base of COBIT® 5 based on the enterprise goals, to extract relevant guidance for inclusion in the specific implementation, improvement or assurance projects.

  • It identifies and communicates how enablers are used to achieve the enterprise goals.

We will discuss the steps involved in the COBIT® 5 goals cascade mechanism in the following section.

COBIT® 5 Goals Cascade Steps

The following image depicts the steps of COBIT® 5 goals cascade mechanism.
COBIT 5 Goals Cascade Steps
The four key steps in the goals cascade are: 

  • Step 1 - ‘Identify the influence of key stakeholder drivers on stakeholder needs.’

  • Step 2 - ‘Stakeholder needs cascade to enterprise goals.’ 

  • Step 3 - ‘Enterprise goals cascade to IT-related goals.’ 

  • Step 4 - ‘IT-related goals cascade to enabler goals.’

In the forthcoming sections, we will learn about each of these steps in detail.
Let us start by discussing the first step of goals cascade.

Step 1—Identify the Influence of Key Stakeholder Drivers on Stakeholder Needs

As part of step 1, which is ‘identifying the influence of key stakeholder drivers on stakeholder needs’, the following are some scenarios where key drivers influence the stakeholder needs: 

  • Strategy changes: It may involve strategic moves made by the enterprise, such as, the introduction or demise of a product range, creation or end of a new service offering and expansion or reduction in enterprise verticals. 

  • Changing business environment: It may include merger, acquisition or disbanding of business units and new CEO or revamp of the top management. 

  • Changing regulatory environment: It may be due to the introduction or revocation of the norms or regulations and adherence or compliance to the mandatory requirements prescribed by governments or financial institutions. 

  • New technologies: It may involve the implementation of new technologies as a stakeholder need, such as the advent of new technologies that influence the consumers, improve the quality of lifestyle and create a need in the consumers. 

Let us now move to the next section to understand the second step of the COBIT® 5 goals cascade.

Step 2—Stakeholder Needs Cascade to Enterprise Goals

The COBIT® 5 Framework defines the stakeholder needs translated into deliverables or influencing 17 generic enterprise goals that are categorized into the following:

  • The first category is the Balanced Scorecard or BSC (read as B-S-C) dimensions. The BSC dimensions are:

  1. Financial,
  2. Customer,
  3. Internal, and
  4. Learning and Growth. 
  • The next category is based on their relationship to the three main governance objectives, namely, benefits realization, risk optimization, and resource optimization. 

Following is the categorization of enterprise goals based on relationships to the three main governance objectives:

  • P stands for primary business relationship and indicates that the enterprise goal has a strong relationship to the indicated governance objective.

  • S stands for secondary business relationship and indicates that the enterprise goal has less of an impact on the indicated governance objective.

The categories ‘P’ and ‘S’ mean that the enterprise goals being considered have a stronger relationship to one of the three governance objectives, namely, benefits realization, risk optimization and resource optimization on a primary or secondary level.

A blank does not mean there is no relationship between a particular enterprise goal and the three governance objectives. It means that if there is a relationship, it is insignificant.

Now let us look into the Balanced Scorecard table.

The Balanced Scorecard table shown below depicts the categorization of the enterprise goals into the Balanced Scorecard dimensions.
Step 2 - Stakeholder needs cascade to Enterprise Goals
The four Balanced Scorecard dimensions along with their respective goals and type of relationship to the three main governance objectives are mentioned in the table. Let us understand this concept with the help of two examples. 
In example 1, let us consider the enterprise related financial goal as ’stakeholder value of business investments’. It is evident that this goal is strongly related to benefits realization, hence it is indicated by ‘P’ as a primary relationship.
This is because if the enterprise realizes good benefits for its stakeholders, it will lead to increase in the growth of customer base of the enterprise.
This will lead to better profits and build investor confidence in the enterprise, thereby having a direct impact on the stakeholder value of business investments. 

In example 2, let us consider the enterprise related customer goal of ’business service continuity and availability’. It is evident that this goal is strongly related to risk optimization, hence it is indicated by ‘P’ as a primary relationship.
This is because if the enterprise is able to provide uninterrupted service continuity and availability of its services to the stakeholders, this will lead to customer confidence, trust, and faith in the enterprise services. It will result in building reputation, increased brand awareness, and more customers will ask for this kind of efficient and reliable service. 

In the next section, we will focus on the third step of COBIT® 5 goal cascade that is ‘enterprise goals cascade to IT-related goals’.

 How about investing your time in COBIT 5 Certification now?  Take a look at our Course Preview!

Step 3—Enterprise Goals Cascade to IT-related Goals

The table shown below depicts the 17 generic IT-Related goals which are also divided into the BSC categories. 
IT related Goals
Let us understand more about the relationship between the 17 IT-Related goals and the enterprise goals.
The following table depicts how the enterprise goals cascade to IT-Related goals which are categorized into the BSC categories. 
Step 3 - Enterprise Goals cascade to IT related goals
The four BSC dimensions along with their respective goals and type of relationship to the 17 enterprise goals are mentioned in the table. Let us understand this concept with the help of two examples. 

In example 1, let us consider the IT-related financial goal of “IT compliance and support for business compliance with external laws and regulations”. It is evident that this goal is strongly related to the enterprise financial goal of “compliance with external laws and regulations” and also with the enterprise internal goal of “compliance with internal policies”, hence it is indicated by ‘P’ as a primary relationship.

This is because if compliance with the external laws, regulations, and internal policies is strictly adhered to, compliance breaches will be minimized or even avoided altogether. This will ensure that enterprises are not penalized for breaches which may result in financial impacts. It will have a positive effect on brand reputation as a tightly controlled enterprise when it comes to compliance, and increase stakeholder confidence.

Note that there is also a secondary relationship with the enterprise financial goal that is “managed business risks”. Being compliant with the goals leads to better management of the business risks. This includes safeguarding of assets by putting appropriate controls and mitigants in case of any risk related event occurring. 

In example 2, let us consider the IT-related customer goal of “adequate use of applications, information and technology solutions”. It is evident that this goal is strongly related to the enterprise internal goals of “optimization of business process functionality” and “operational and staff productivity”, hence it is indicated by ‘P’ as a primary relationship.
This is because if business process functionality is optimized along with an increase in the operational and staff productivity, the enterprise is able to use its resources in terms of its application, information, and technology solutions effectively. The internal customers, mainly the employees, will be able to concentrate on meeting stakeholder needs and not worry about technical issues that may hinder their productivity.

Notice that this IT-related customer goal has a secondary relationship with 10 of the remaining 15 Enterprise goals. This shows that this particular IT-related customer goal contributes greatly to the financial, customer, internal and learning and growth enterprise goals. 

In the next section, we will understand ‘IT-related goals cascade to enabler goals’, which is the fourth step of the COBIT® 5 goal cascade.

Step 4—IT-Related Goals Cascade to Enabler Goals

Processes are one of the key enablers. There are 37 COBIT® 5 enabler processes or enabler goals. These are mapped to the 17 IT-related goals seen in step 3. The following table depicts the mapping of the enabler goals to IT-related goals and the kind of relationship that exists between these goals. 
Mapping COBIT 5 IT related goals to Processes-1
Mapping COBIT 5 IT related goals to processes - 2

Preparing to become an expert in COBIT 5? Click to know more!

Summary

Let us summarise what we have learned in this lesson: 

  • The COBIT® 5 principles are ‘meeting stakeholder needs’, ‘covering the enterprise end-to-end’, ‘applying a single integrated framework’, ‘enabling a holistic approach’ and ‘separating governance from management’. 

  • The ‘meeting stakeholder needs’ principle is about identifying the key stakeholders, their needs and how value is created for enterprises by addressing those needs through the cascading of the goals. 

  • The steps involved in the goals cascade are ‘identify the influence of key stakeholder drivers on stakeholder needs’, ‘stakeholder needs cascade to enterprise goals’, ‘enterprise goals cascade to IT-related goals’ and ‘IT-related goals cascade to enabler goals’. 

  • The Balanced Scorecard dimensions are financial, customer, internal, and learning and growth.

In the next lesson, we will discuss about COBIT® 5 Principle 2 and 3.

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Name*
Email*
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Email*
Phone Number*
Company*
Job Title*