Professional Documents
Culture Documents
1 ISACA JOURNAL VOLUME 2, 2014 ©2014 ISACA. All rights reserved. www.isaca.org
Figure 2—IT Value Chain
Financial Management
Su p p
tfolio
www.isaca.org/knowledgecenter
Strea
ct
l
Fulfil
ty
nt to
Corre
o Por
Agili
ireme
e
est to
ct to
Requ
Strat
Dete
d
eploye
sed, D
Relea
©2014 ISACA. All rights reserved. www.isaca.org ISACA JOURNAL VOLUME 2, 2014 2
A key element of this is the notion of a conceptual model • Ensuring that the established budgets are transparent to
feeding a logical model, which, in turn, feeds a physical monitor implementation and use of innovation
service model. Once strategic demand enters the planned • Identifying opportunities, risk and constraints for IT to
portfolio, a conceptual service model needs to be developed enhance the business
against which requirements can be constructed and built. This • Collecting data to enable effective IT-related risk
includes drafting a proposed solution that reflects enterprise identification, analysis and reporting
needs/expectations and the laying out of service warranty The key COBIT processes directly linked to strategy to
expectations. Next, a logical service model that describes portfolio are:
what the components of the service are and, in turn, relates • APO02 Manage strategy
the model to existing capabilities needs to be developed. • APO03 Manage enterprise architecture
This should then be followed by an actual service model. By • APO04 Manage innovation
starting the service modeling early, it can drive up reuse of • APO08 Manage relationships
capabilities, technology and knowledge. In the end, agility • APO12 Manage risk
increases while cost and risk are reduced. • APO13 Manage security
Requirement Defect
Management Management
Requirement Defect
Service Build
Development Management
Management
Source Deployment
Package
©2014 ISACA. All rights reserved. www.isaca.org ISACA JOURNAL VOLUME 2, 2014 4
• Designing, building and testing solution components Figure 6—Request to Fulfill
• Documenting, tracking, performing and reporting on change
The key COBIT processes directly linked to a requirement Catalog Subscription Billing and
Management Management Chargeback
to deploy are:
• APO11 Manage quality Offer
Chargeback
• APO12 Manage risk Service Catalog
Subscription
Record
Entry
• APO13 Manage security
• BAI01 Manage programs and projects
• BAI02 Manage requirements definition
• BAI03 Manage solutions identification and build Request and Usage
Routing Management
• BAI04 Manage availability and capacity Management
• BAI06 Manage changes
Fullfilment
• BAI07 Manage change acceptance and transitioning Request
Usage Record
REQUEST TO FULFILL
The request-to-fulfill value stream (figure 6) focuses on
Development Change
how well IT manages its overarching request and fulfillment Management Management
activities. This is clearly operational demand. The
Service
request-to-fulfill value stream aims to “increase user Release Desired
Blueprint Service CIs RFC
productivity and minimize disruptions through quick
resolution of user queries.”4 As a process, it touches multiple
IT disciplines including, but not limited to:
• Service requests There are also items that have been added here that are
• Change management not explicit in COBIT 5. These include catalog management,
• Asset management subscription management and usage management. These
• Configuration management support the rights aspects of asset management/software
• Supplier management (including cloud supplier management) compliance and the implications of request, budgeting and
Request to fulfill is built upon service requests and actual usage. In this integrated form, the key elements are
change processes, but adds functions to complete the end- already identified by COBIT 5, but here it is viewed as one
to-end processes. As indicated in figure 6, request to fulfill system and includes:
establishes the notion of a catalog and the notion of financial • Monitoring supplier performance and compliance
consumption in the form of subscription management, • Organizing, identifying, classifying and using knowledge
billing/chargeback and usage management. This is a choice • Managing data for the asset life cycle
IT organizations need to make; the current best practice is for • Managing user identity and logical access
it to be included. At this phase, the notion of service leasing The key COBIT processes directly linked to request to
should be envisioned, and its complement and elasticity fulfill are:
allowed to evolve: As services are requested, they either fall • APO10 Manage suppliers
into disuse or are abandoned altogether as business/mission • APO12 Manage risk
capability changes (i.e., business agility). IT must ensure • APO13 Manage security
efficiency by keeping systems highly utilized. • BAI06 Manage changes
• BAI08 Manage knowledge
• BAI09 Manage assets
• DSS05 Manage security services
5 ISACA JOURNAL VOLUME 2, 2014 ©2014 ISACA. All rights reserved. www.isaca.org
DETECT TO CORRECT Figure 7—Detect to Correct
The detect-to-correct value stream (figure 7) concerns how
well the IT organization prevents services and the supporting Problem Incident
Management Management
infrastructure from breaking down or degrading and how well
it manages issues or events when the inevitable happens—
something breaks. Simply put, this value chain aims to, as Problem Incident
©2014 ISACA. All rights reserved. www.isaca.org ISACA JOURNAL VOLUME 2, 2014 6
Figure 8—IT Value Chain Reference Architecture
Proposal Project Delivery Test Catalog Subscription Billing and Diagnostics and Event
Management Management Management Management Management Chargeback Remediation Management
(Investment)
Offer
and the importance of how everything touches and affects one ENDNOTES
another. Clearly, the people, process and technology elements of 1
Based on a private case study of a major US financial
the IT management system cannot be viewed in isolation. The institution. Multiple additional sources.
value streams of strategy to portfolio, requirement to deploy, 2
Haines, Stephen G.; Strategic and Systems Thinking, 2007
request to fulfill and detect to correct align to support a singular 3
Michael Porter pioneered the value chain strategy several
value chain that supports business capability. The system has to years ago as a mechanism to evaluate business competitive
improve to improve any one part. advantage. According to Porter, a value chain is the
interlinking activities that a firm performs to deliver a
valuable product or service to the marketplace.
4
ISACA, COBIT 5, USA, 2012, www.isaca.org/cobit
7 ISACA JOURNAL VOLUME 2, 2014 ©2014 ISACA. All rights reserved. www.isaca.org