The COBIT methodology helps us govern and manage the IT area, throughout this article we will see how to implement COBIT through its framework.
COBIT bases its implementation through 4 large domains, we will start by explaining the implementation of the first domain: Planning and organizing.
Domain 1: Plan and Organize
1. P01 Business strategies and priorities: We know how important it is to be able to implement technology in companies, but we must be aware that before starting this task there are processes that have to be predefined. In this first process, the main thing is to have a solid implementation strategy prioritizing the technological needs of the company.
2. P02 Create an information model and how to use this information: It is important since we are clear about the strategies and priorities, to be able to have a solid definition of architecture, infrastructure, data, etc. This will allow us to carry out the technological implementation in a more organized way in the company.
3. P03 Technology infrastructure plan and an architecture committee that manages these expectations: When having the architecture, infrastructure, data approach, it is important to review the costs and strategies with the committee, analyzing their growth plan, given the expected expectations.
4. P04 Take into account the requirements of personnel, roles, needs, etc: Before carrying out an implementation, it is important to understand the requirements and needs of each area within the company, these needs must be aligned with the strategic vision of management.
5. P05 Validate IT investment costs, benefits, priorities: When understanding the requirements of each area, it is important to define benefits, costs of all the investments that are going to be made in technology, my suggestion at this point is to evaluate the type of technology that can be implemented, the more innovative the solution, the more likely it will benefit the company.
6. P06 Define IT control framework, define and communicate policies: It is important to define a framework that we can carry out to control the implementation of technology in the company, understanding the actions that must be carried out to address/contract the implementation of technology in all its phases.
7. P07 Defined practices that support recruitment, training, performance evaluation, promotion and termination: If your company has a technology area, it is important to define the recruitment standards and policies to follow for the hiring, evaluation and training of new members or those who were already part of the company. If your company does not have a technology team, it is important to define the policies with which the suppliers will be governed.
8. P08 Quality standards defined for all systems to be acquired: It is important to have standards that can evaluate systems delivered by an internal team or an external provider.
9. P09 Manage risks, mitigation strategies: Monitoring the risks of each project is important not only to prevent them from becoming problems, but also to help with mitigation strategies addressing different visions within the company.
10. P10 Establish a program and project management framework for managing all IT projects: At the end of this domain, we can count on a solid framework that helps us not only to control the acquisition of a new system but also to monitor it after it is put into production.
Conclusion: In this section, strategies and tactics are defined to be able to meet the business objectives. The strategic vision must be planned, communicated and managed contemplating an infrastructure and technological architecture that can support it. Next we will know the 10 processes (P1 to P10) on which the implementation of the first domain is based.