Organizations exist to create value for its stakeholders. Consequently, any organization – commercial or not – will have value creation as a governance objective. Value creation means realizing benefits at an optimal resource cost while optimizing risk. Benefits can take many forms, e.g., financial for commercial organizations or public service for government entities.

Organizations have many stakeholders, and ‘creating value’ means different – and sometimes conflicting – things to each of them. Governance is about negotiating and deciding amongst various stakeholders’ value interests. By consequence, the governance system should consider all stakeholders when making a benefit, risk, and resource assessment decisions. For each decision, the following questions can and should be asked: For whom are the benefits? Who bears the risk? What resources are required?

Stakeholder needs have to be transformed into an organization’s actionable strategy. The COBIT 5 goals cascade is the mechanism to translate stakeholder needs into specific, actionable, and customized organization goals, IT-related goals, and enabler goals. This translational allows setting specific goals at every level and in every area of the organization in support of the overall goals and stakeholder requirements.

Step 1. Stakeholder Drivers Influence Stakeholder Needs. Stakeholder needs are influenced by a number of drivers, e.g., strategy changes, changing business and regulatory environment, and new technologies.

Step 2. Stakeholder Needs Cascade to Organizational Goals. Stakeholder needs can be related to a set of generic organizational goals. These organizational goals have been developed using the balanced scorecard (BSC) dimensions, and they represent a list of commonly used goals that an organization may define for itself. Although this list is not exhaustive, most organizational-specific goals can be mapped easily onto one or more of the generic organizational goals.

Step 3. Organizational Goals Cascade to IT-related Goals. Achievement of organizational goals requires several IT-related outcomes, which are represented by the IT-related goals. IT-related stands for information and related technology, and the IT-related goals are structured along the dimensions of the IT balanced scorecard (IT BSC).

Step 4. IT-related Goals Cascade to Enabler Goals, achieving IT-related goals requires the successful application and use of several enablers. Enablers include:

      • Principles, policies, and frameworks
      • Processes
      • Organizational structures
      • Culture, ethics, and behavior
      • Information
      • Services, infrastructure, and applications
      • People, skills, and competencies

Benefits of the COBIT 5 Goals Cascade, allows the definition of priorities for implementation, improvement, and assurance of governance of organizational IT based on (strategic) objectives of the organization and the related risk. In practice, the goals cascade:

    • Defines relevant and tangible goals and objectives at various levels of responsibility
    • Filters the knowledge base of COBIT 5, based on organizational goals, to extract relevant guidance for inclusion in specific implementation, improvement or assurance projects
    • Clearly identifies and communicates how (sometimes very operational) enablers are essential to achieve organizational goals

Using the COBIT 5 Goals Cascade Carefully, the goals cascade does not contain the universal truth, and users should not attempt to use it in a purely mechanical way, but rather as a guideline. There are various reasons for this, including:

    • Every organization has different priorities in its goals, and priorities may change over time.
    • The mapping tables do not distinguish between the size and industry of the organization. They represent a sort of common denominator of how, in general, the different levels of goals are interrelated.
    • The indicators used in the mapping use two levels of importance or relevance, suggesting that there are ‘discrete’ levels of significance, whereas, in reality, the mapping will be close to a continuum of various degrees of correspondence.

Using the COBIT 5 Goals Cascade in Practice, it is evident that the first step an organization should always apply when using the goals cascade is to customize the mapping, taking into account its specific situation. In other words, each organization should build its goals cascade, compare it with COBIT, and then refine it. For example, the organization may wish to:

    • Translate the strategic priorities into a specific ‘weight’ or importance for each of the organizational goals.
    • Validate the mappings of the goals cascade, taking into account its specific environment, industry, etc.

Enabling Processes: