Organizations exist to create value for its stakeholders. Consequently, any organization – commercial or not – will have value creation as a governance objective. Value creation means realizing benefits at an optimal resource cost while optimizing risk. Benefits can take many forms, e.g., financial for commercial organizations or public service for government entities.
Organizations have many stakeholders, and ‘creating value’ means different – and sometimes conflicting – things to each of them. Governance is about negotiating and deciding amongst various stakeholders’ value interests. By consequence, the governance system should consider all stakeholders when making a benefit, risk, and resource assessment decisions. For each decision, the following questions can and should be asked: For whom are the benefits? Who bears the risk? What resources are required?
Stakeholder needs have to be transformed into an organization’s actionable strategy. The COBIT 5 goals cascade is the mechanism to translate stakeholder needs into specific, actionable, and customized organization goals, IT-related goals, and enabler goals. This translational allows setting specific goals at every level and in every area of the organization in support of the overall goals and stakeholder requirements.
Step 1. Stakeholder Drivers Influence Stakeholder Needs. Stakeholder needs are influenced by a number of drivers, e.g., strategy changes, changing business and regulatory environment, and new technologies.
Step 2. Stakeholder Needs Cascade to Organizational Goals. Stakeholder needs can be related to a set of generic organizational goals. These organizational goals have been developed using the balanced scorecard (BSC) dimensions, and they represent a list of commonly used goals that an organization may define for itself. Although this list is not exhaustive, most organizational-specific goals can be mapped easily onto one or more of the generic organizational goals.
Step 3. Organizational Goals Cascade to IT-related Goals. Achievement of organizational goals requires several IT-related outcomes, which are represented by the IT-related goals. IT-related stands for information and related technology, and the IT-related goals are structured along the dimensions of the IT balanced scorecard (IT BSC).
Step 4. IT-related Goals Cascade to Enabler Goals, achieving IT-related goals requires the successful application and use of several enablers. Enablers include:
Benefits of the COBIT 5 Goals Cascade, allows the definition of priorities for implementation, improvement, and assurance of governance of organizational IT based on (strategic) objectives of the organization and the related risk. In practice, the goals cascade:
Using the COBIT 5 Goals Cascade Carefully, the goals cascade does not contain the universal truth, and users should not attempt to use it in a purely mechanical way, but rather as a guideline. There are various reasons for this, including:
Using the COBIT 5 Goals Cascade in Practice, it is evident that the first step an organization should always apply when using the goals cascade is to customize the mapping, taking into account its specific situation. In other words, each organization should build its goals cascade, compare it with COBIT, and then refine it. For example, the organization may wish to: