Professional Documents
Culture Documents
Margarida Gonçalves
Quasinfalival
Lisbon, Portugal
margarida.goncalves@quasinfalivel.pt
Abstract— COBIT 5 is a widely-used framework for enterprise’s use of IT” [5], giving an objective way for
implementing sound governance of enterprise IT (GEIT). companies to align business strategies with IT goals.
Despite the existence of official guidance, there are still several Although COBIT 5 is wide recognized as one of the most
challenges that we can encounter. Currently, the ISACA’s
used GEIT frameworks [13], it is also considered too large
official implementation solution follows a sequentially ordered
process corresponding to a traditional approach, however,
and complex, taking years for its full adoption [6], [10].
organizations are increasingly embracing more agile ones for Regarding the framework’s complexity and overarching
managing projects where the solution is not clear from the scope, is almost impossible to manage a COBIT 5 programme
beginning. Using the Design Science Research Methodology, the without a defined project management methodology [12].
authors analyse the current state of art and provide a Scrum With the countless methodologies that one can currently find,
based methodology for managing at team level a COBIT 5 one must choose wisely and consider all the project
programme. With a hybrid agile-traditional approach, the particularities and challenges [18].
authors aim to eliminate some known challenges of COBIT 5, The current approach for a COBIT 5 programme,
such as lack of support from top management and misaligned detailed in the implementation official guide [5], has its basis
scopes and solutions. Additionally, in this paper, the authors
present the results obtained from applying the designed
in the traditional paradigm of project management,
methodology in a COBIT 5 programme in the Portuguese presenting a linear strategy for the implementation life-cycle.
Finance Ministry, as well as inspect two series of interviews: 10 Traditional methods are defined by an exhaustive planning
performed with experts from both Scrum and COBIT 5 areas to phase that eliminates the need for any changes in the
evaluate the solution, and 6 others with the team involved in the remaining project life-cycle, so the process follows the
demonstration programme, to understand if the objectives original plan, going through all phases in an orderly fashioned
where achieved. The article ends with lessons learned, way [18].
limitations and future work. On the other hand, agile approaches such as Scrum and
Kanban appeared as an alternative paradigm to the traditional
Keywords— COBIT 5, Scrum, governance of enterprise IT,
agile implementation.
ones. These are specially focused on building solutions that
are not clear at the beginning [18], by putting the client’s
I. INTRODUCTION interests first, embracing constant feedback and welcoming
Information technology (IT) and related information changes in the requirements at any time of the process [7].
technologies are pervasive not only in simple day to day Although these methodologies are mainly applied in the
functions everywhere, but also playing critical roles in most software development field, organizations are starting to
organizations. As it grows, IT has become a business enabler, adopt this new paradigm in several areas beyond software
taking major responsibility in effective and efficient product development such as consulting, manufacturing, coaching,
delivery, bringing more value to stakeholders [1], [2]. etc. [24].
Adding value, while managing enterprise’s use of IT and In this article, the authors focus their research on Scrum,
mitigating the IT risks, made governance of enterprise IT trying to fill the gap in literature on agile programme
(GEIT) a necessity for accomplishing enterprise’s goals, and methodologies for COBIT 5 analysing its feasibility, with
therefore, a fundamental concern of corporate governance special interest in overcoming some of its known challenges
[3]. such as lack of support from top management, failure to
A succeeded GEIT implementation requires a culture of understand the environment, resistance to change and scope
well-defined enablers as organizational structures, principles misalignment [5].
and structured governance and management processes Thus, with this work, the authors aim to achieve three
according the enterprise’s vision [3]. Frameworks are the best main objectives: ensure senior management commitment and
tool to help this implementation [4] since they provide support during the whole programme; build a solution that
adaptable solutions for any type of organization. For that consider the organisational changes, aligning the scope every
purpose, ISACA developed COBIT [3] as a framework to time it is required; ensure that the client understands the
“provide guidance in evaluating, directing and monitoring an
199
Therefore, the objectives for this research are the following: Although it was initially created as a solution for
- Objective 1: Ensure senior management software development, its principles can be applied in other
commitment and support during the whole programme; disciplines and it is starting to be adapted progressively more
- Objective 2: Build a solution that considers the in areas beyond software [24], [27].
organisational changes, aligning the scope every time it is Scrum basic idea is to build the product incrementally
required; using several short iterations (sprints) with feedback of the
- Objective 3: Ensure that the client understands the work done, instead of deliver a complete product near the end
solution and does not show resistance to change; [7], [16], [17], [18]. Its mindset is the empiricism [16], which
makes it simple and straightforward, since it is based on the
idea that knowledge comes from experience “simplicity is
V. LITERATURE REVIEW essential” [7].
In this section, the authors provide, based on literature, When applying Scrum, one must adopt some specific
general understanding of COBIT 5 life-cycle as also provide rules derived from its values of transparency, adaptation and
definitions of key concepts regarding Scrum. inspection [16]:
- There are three main roles: Product Owner,
Scrum Master and Development Team. Together, they form
A. Using COBIT 5 for GEIT implementation the Scrum Team.
ISACA developed COBIT 5 as a framework to “help - The project is divided into sprints – time boxes
enterprises implement sound governance enablers” [5], between 1 to 4 weeks. At the end of each sprint it must be
giving an objective way for organizations to align business delivered some valuable product increment.
strategy with IT goals. For this purpose, the framework - Inspection and adaptation are assured through
comprises 5 principles, 7 enablers, 26 roles and 37 formal events: at the beginning of each sprint (Sprint
management and governance processes and its correspondent Planning), at the end of each day (Daily Meeting) and at the
good-practices, as well as seven sequential phases (described end of each Sprint (Sprint Review and Sprint
in table 1) [4], [15]. Retrospective).
The seven enablers are the core of this framework since
they are the pillars for an effective GEIT implementation [4], VI. RELATED WORK
[5], [19], [20]. They are: Principles, policies and frameworks, Looking for related work in literature, the authors faced some
Processes, Organisational Structures, Culture, Ethics and lack of references for previous studies, not only concerning
Behaviour, Information, Services, Infrastructure and COBIT 5 programmes, but also Scrum based approaches for
Applications, People, Skills and Competencies. areas beyond software development.
Faced with this problem, the authors focused on studies
B. Scrum about Scrum-based approaches for complex projects
(although in software areas) and scaling agile frameworks. In
Agile is an iterative and incremental paradigm for product this section these and other relevant research in this matter
development that aims to create value under constant are analysed.
changing environments, being adaptability its key
characteristic.
TABLE I . DESCRIBED PHASES OF COBIT 5 ADOPTION FOR GEIT IMPLEMENTATION (FROM [5])
1) What are the drivers?
Phase 1 is for identifying the current change drivers, while it is established the desire to change at executive management levels. Regarding programme
management dimension, it is identified the risk associated, the objectives, success factors and high-level responsibilities, which will be described in the
business case.
2) Where are we now?
Phase 2 is for aligning the IT-related goals with business strategies and risk. For this purpose, COBIT 5 provides a generic mapping (goals cascade) of
enterprise goals to IT-related goals to enabler goals and to the key processes involved. Then it is assessed the current level of capability of the identified
processes. Critical processes must be of sufficient capability to ensure successful outcomes. At programme management level, it is reviewed and evaluated
the business case.
3) Where do we want to be?
Phase 3 is for setting the target for improvement, followed by a gap analysis between AS-IS and TO-BE to identify solutions that must be communicated
to stakeholders.
4) What needs to be done?
Phase 4 is for plan feasible and practical solutions by organizing potential projects into the overall programme supported by justifiable business cases. At
the change enablement level, it must be identified the quick wins build on existing strengths.
5) How do we get there?
Phase 5 is for implementing the proposed solution into day-to-day practices, monitoring the projects within the programme. Thus, it is required engagement
and communication with stakeholders for the programme success.
6) Did we get there?
Phase 6 is for assuring a sustainable transition of the improved governance and management practices into normal business operations. Monitor the
achievement of improvements using performance metrics, for example monthly, and documenting lessons learned.
7) How do we keep the momentum going?
Phase 7 is for preparing for a new cycle of continuous improvement, by review the overall success of the initiative and identify further requirements.
200
A. Requirement analysis and project planning B. Scrum for programmes or complex projects
COBIT 5 is a framework for implementing GEIT, which Using Scrum to manage a COBIT 5 programme is not a
identifies and describes a set of end-to-end processes, related straightforward fit, especially since Scrum was originally
base-practices and activities. In order to be in compliance designed as a methodology for software development
with COBIT 5 good-practices and principles, the processes in projects.
which IT governance enablers are implemented, should One of the challenges of developing a Scrum-based
suffer a readjustment according the target established. approach for COBIT 5 is the scalable factor. The original
There is a lot of work that must be addressed before and Scrum framework [16] is conceived for a single project,
after the development of a governance solution, as showed in however COBIT 5 is approached as a programme [5].
table 1, where projects begin only in step 5, performing 4 Since Scrum is a framework, it is possible to shape it to
steps before the actual implementation of the solution. These the problem needs. The need to scaling up Scrum is not a
4 steps are mainly related with requirement analysis for novelty in literature, in fact, the authors found some
projecting and planning the encompassed projects. interesting solutions and practical case studies that will be
Indeed, the authors found special interest in the hybrid following discussed.
approach Water-Scrum-Fall [30], that is approached as the The major challenges to address in a complex project or
reality of most of the Scrum processes. a programme are mainly related with scaling the coordination
This approach is supported by the idea that business mechanisms between teams [31], [34].
analysis and release management continue to follow more A scaled Scrum solution was designed and tested at
traditional approaches leaving Scrum only to the Nokia and documented in [31]. The proposed framework
development team level [26]. For that reason, this approach suggests having 3 types of product backlog: one for the
suggests a more realistic life-cycle for Scrum projects of three general requirements of the programme, one for each release
distinct parts: Water, Scrum and Fall. and, at the release level, a scrum team backlog. In addition, a
The Water phase is to plan and define the high-level Program Manager above all Scrum Team Masters is
requirements needed to set the project direction, timeline and proposed, as well as a Program Product Owner above all
budget. Following is the Scrum part, where the work is done. Team Product Owners. Meetings are also multiplied at the
The initial requirements are not definitive, the main goal of programme level between releases.
this approach is to define an initial idea of the project that Another possible solution is the scaled agile framework
only means to set direction, requirements may change during SAFe [32]. This agile framework promises to manage
Scrum phase. Finally, the Fall part of the project is for complex projects and programmes, however it includes a
software test and rollout, this formal step is to determine the considerable number of additional elements, increasing the
acceptance of the product as a whole [26], [30]. complexity. With 2 levels (programme level and team level)
Regarding this subject, other solutions were considered the idea is to have programme releases composed of four
particularly relevant to the authors, namely C. Thiemich and iterations and an additional one to plan the next releases.
F. Puhlmann study [21] of Business Process Modelling in Besides having all the basic concepts of Scrum, it includes
which they propose to improve each process incrementally more than ten other elements such as a Scrum of Scrums,
using Scrum, with process releases each 5 to 10 sprints. For programme backlog, System Eng., product manager,
defining the project direction and evaluate BPM maturity, business owners, product increment objectives, etc. While
before the project starts there is a dedicated scoping phase. this solution may be ideal for many complex projects or entire
Additionally, at the beginning of each release there is a sprint organizations that want to become agile, the additional
0 for defining the initial requirements, where Process complexity can be a very high cost to pay for a programme
Backlog is an output expected at the end. The next sprints are as challenging as COBIT 5.
dedicated to the process increment (same as product Many are the solutions and possible deviations of Scrum.
increment). As a framework, one of the best things about Scrum is the
The concept of process releases may be an interesting possibility to apply its principles in a particular context,
addition, however, when considering COBIT 5 one must not adapting and working out its practices considering the
forget that is not just about process design and constraints.
implementation. There are other enablers that must be
contemplated in a GEIT implementation such as information, VII. PROPOSAL
culture or even roles. Although the enablers must be In this section, the authors detail the solution designed to
implemented under specific and identified processes, not all achieve the identified objectives (step 3 of DSRM).
cases of improving process maturity will be about designing The authors chose Scrum due to its nature of welcoming
a new process and implement new procedures; often means, changes, perform continuous delivery and obtain constant
for example, to design a necessary output or adding a new feedback [7], which the authors intend to verify if contributes
role. to strengthen the relation with stakeholders, and provide a
Looking at these two solutions for scoping and collection of solutions that best enables IT governance
requirements analysis, both scope and kick-off phases of [21] considering the constant changing environment most
are in some way traditional steps, which makes these two organizations live.
solutions very similar at the Water level of the Water-Scrum- Therefore, the authors propose an incremental strategy
Fall approach. for developing IT governance solutions and to eliminate some
known issues of COBIT 5 adoption programmes.
201
FIGURE 1. SCRUM FOR COBIT 5 LIFE-CYCLE
202
TABLE III. SCRUM EVENTS SPECIFIED FOR A COBIT 5 INITIATIVE
Scrum Scrum original definition Scrum for COBIT 5
Events
Product Product Backlog Refinement is the act of adding detail, estimates, and [16] This activity is fundamental for a COBIT 5
Backlog order to items in Product Backlog. It is an activity in which the Product programme given its numerous process
Refinement Owner and the Development Team collaborate on the details of Product dependencies. Same purpose as a typical backlog
Backlog items. During Product Backlog refinement, items are revised and refinement.
reviewed.
Daily Scrum Is a stand-up meeting with maximum duration of 15 minutes, every day [16] May not be applied. It is difficult in a complex
in the same place at the same time. programme where the resources are sometimes
The goal is for every team member to expose every conflicts or issues outsourced to reunite everyone in the same place at
with the remaining team members. the same time every day.
Sprint This meeting is for planning the next sprint. Every development team [16] Only at team level. At the beginning of each sprint,
Planning member selects a few user stories from the Product Backlog to implement with the same purpose as a typical sprint planning
in the next iteration and the result is the Sprint Backlog. meeting.
Sprint Review Meeting at the end of each Sprint, where the Scrum Team and relevant [16] Only at team level. At the end of each sprint, with the
stakeholders inspect the increment and agree on changes in the Product same purpose as a typical sprint review meeting.
Backlog. The main goal is to show the items “done” and get feedback on
the increment, which may be accepted or rejected by the client.
Sprint Meeting at the end of the Sprint, where the team inspects itself and the [16] Only at team level. At the end of each sprint, with the
Retrospective work performed and creates a plan with improvements for them to apply same purpose as a typical sprint retrospective
in the next sprint. Occurs after each Sprint Review and before each Sprint meeting.
Planning.
203
keep the integrity. This programme manager worked as a was asked for them to provide their opinion, in open
project manager for the programme, with scrum master responses, about the approach based on their knowledge and
responsibilities at the programme level. experience in the matter.
Regarding scrum meetings, they were conducted at In Table 6, it was adopted the following simbology for
project level as established, however, since there were no assessing the opinion gave to each element of the solution: if
many people involved and scrum master was the same for all the interviewee did not agree with the definition gave to a
the projects, meetings were common for everyone. One specific element (Tables 2,3,4), the cell is empty; if the
common sprint planning, sprint review and sprint interviewee partially agreed, the cell is filled with “ ”; if the
retrospective at the end of each sprint. interviewee totally agreed, it was used “ ”.
Considering the programme life-cycle: phase 1 began For a more quantitative analysis, the authors considered
before the involvement of the rest of the team, as established that each “ ” has value 1, and “ ” has value 0.5. For a
by the Water-Scrum-Fall approach. This programme total greater than 9.5 (with a maximum of 10), the cell was
planning was responsibility of a joint work between product painted grey to distinguish the more accepted elements from
owner, programme manager and a COBIT 5 expert that is the rest.
also member of the implementation team. Sprint 0 turned out Table 7 shows some statements collected from the
to be a little mixed with the rest of the programme planning. interviews that justify the assessment gave to each evaluated
Phases 2 and 3 were also addressed as prior work, since element.
the processes chosen had very low capability levels (between
0 and 1), so the target for improvement was stated at the TABLE V. INTERVIEWEES’ INFORMATION
beginning as high-level targets. However, for the processes Country Experience Function in Level of Level of
of capability level 1, were conducted a series of interviews in IT IT knowled knowled
(years) ge ge
with the client to perform a more accurate assessment. in in
In phases 4 and 5, were planned and produced the COBIT Scrum
agreed deliverables, although the high-level requirements 5 (1 to 5) (1 to 5)
were agreed during at scope definition, the solutions were 1 Portugal 15 Project 3 5
Manager
constantly evolving during the closely contact with the
2 Portugal 18 Senior 5 2
customer, as foreseen by the Water-Scrum-Fall approach. Advisor
Phase 6 was out of this project scope, however is part of 3 Portugal 26 PMO 4 5
a second project that is starting with new requirements, where Director
the monetarization of the processes designed and the 4 Portugal 24 IT 5 5
Governance
corresponding deliverables are going to be addressed. Consultant
5 Portugal 19 IT 4 3
IX. EVALUTATION Governance
Evaluation phase (step 5 of DSRM) aims to measure how Consultant
6 Portugal 23 SI 5 3
well an artifact supports a solution to the problem, comparing Consultant
the objectives to the results observed from use of the artifacts 7 Portugal 9 IT 3 4
in the demonstration [8]. Governance
Professor
8 Portugal 5 IT 4 3
A. Interviews with experts Governance
Investigator
To obtain a result as accurate as possible, the authors intend 9 Portugal 23 Agile 3 5
to perform as much iterations as possible, but at least two, to Coacher
the DSRM process described in section 2. 10 Brazil 23 IT 5 4
At the end of each iteration, it will be performed a set of Governance
Professor
interviews with experts from both areas to evaluate the
artifacts so the methodology can be refined.
For this first iteration, were performed 10 qualitative B. Evaluation of Objectives
semi-structured interviews with both Scrum and COBIT 5 For evaluating the solution regarding the objectives
experts. established in section 4, the authors conducted a set of
The interviews were conducted by one author over a additional interviews with the team involved in the
period of one month and each one lasted about 1 hour. To demonstration programme described in section 8.
support and lead the interview it was developed a Since a methodology is described as a structured
questionnaire with both open and closed response questions knowledge that deals with methods, techniques, rules,
about COBIT 5, Scrum and the methodology as a whole. templates, best practices, principles and axioms to perform a
It was also asked for interviewees to rank their expertise complex task or group of tasks [23], [33], it requires
with COBIT 5 and Scrum frameworks on a scale from 1 to 5 interaction with people who will use it to achieve the goals
(1 = marginal knowledge; to 5 = expert knowledge). This and proposed. Thus, no one better than the ones who used it to
other information about the interviewee’s can be seen in evaluate how well it achieved the objectives.
Table 5. For this evaluation, were performed 6 semi-structured
With the questionnaire, it was provided the definition of interviews to the implementation team and programme
each element for this specific solution as showed in Tables manager, conducted by one author over a period of one week
2,3 and 4, as well as the model of the life-cycle (Figure 1). It and each one lasted about half an hour. Following, the authors
204
analyse the addressed questions regarding each objective, and the client’s vision and needs. The gathered feedback allowed
transcribe some of the answers. to iteratively refine the solution so it would become closer to
- Objective 1: Ensure senior management what the client needed as a solution that properly addressed
commitment and support during the whole project. the client’s vision.” (Implementation Team Member 3),
In a scale from 1 to 5 (1 = strongly disagree; 5 = strongly “Sprint Review definitely helped.” (Programme Manager).
agree) 3 out of 6 strongly agreed (5) when asked if senior They all agreed the solution was build according the
managers were interested in the programme and 3 agreed (4). client’s needs and confirmed it was adapted several times.
When the question was “Were senior managers involved in - Objective 3: Ensure that the client understands
developing the solution?” 4 out of 6 agreed, 1 strongly the solution and does not show resistance to change.
agreed and 1 was neutral (3). In a scale from 1 to 5 (1 = strongly disagree; 5 = strongly
Furthermore, in open responses, all the six members agree) 4 out of 6 strongly agreed (5) with the question “Did
considered that a Scrum-based approach was fundamental to the client show an understanding of what were the benefits of
a greater support from top management when developing the the solution at the end of the programme better than at the
solution: “Besides the iterative approach, a balanced team beginning?” and 2 agreed (4).
was essential with a spirit of great mutual help.” Although most of the team agreed or strongly agreed
(Implementation Team Member 2), “An iterative strategy about their (client) understanding of the solution at the end,
where senior managers could assess the several iterations the client was not always convinced about the benefits: “At
and provide feedback was fundamental. It guaranteed the top first, the client showed signs of resistance as showed some
management constant involvement and enabled them to have difficulty in understanding the benefits of the solution.
a greater control over the solution.” (Implementation Team Probably that happened because some had a more technical
Member 1). background and had problems in understanding the value of
- Objective 2: Build a solution that consider the the approach used.” (Implementation Team Member 3). “At
organisational changes, aligning the scope every time it is the beginning there was a slight resistance to change that I
required. consider normal when it changes the way people have worked
When asked if the solution provided at the end was the one all their professional life. However, as they realized the
planned at the beginning, the answers were unanimous – the reasons and benefits that the recommended changes could
solution provided at the end was far from the one planned– bring to the organization, they were no longer so resistant to
“During the several iterations with the client was possible to change and were much more available and interested in
identify some initial aspects that after all were not what the implementing and promoting such changes.”
client wanted.” (Implementation Team Member 1), “The (Implementation Team Member 1).
sprint review was essential in adapting the initial solution to
TABLE VI. RESULTS FROM THE INTERVIEWS
Interviewees
1 2 3 4 5 6 7 8 9 10 Total
Product Owner 7.5
Roles
Development Team 10
Scrum Master 9.5
Product Backlog Refinement 9.5
Daily Scrum 6.5
Events
Sprint Planning 10
Sprint Review 10
Sprint Retrospective 10
Product Backlog 8.5
Artifacts
Implementation Team
Scrum Master
Product Backlog Refinement
Daily Scrum Most of the interviewees believe that daily scrum is fundamental and must be done, if not every day, weekly.
Events
Sprint Planning
Sprint Review
Sprint Retrospective
205
Product Backlog The definition of product should not be limited to processes and this should reflect also product’s backlog
definition.
Consider the possibility of initiating a new project for improve process capability.
Artifacts
Sprint Backlog
User Story User story is relevant and should be used to break resistance among project team members.
Representing tasks with user stories should not be mandatory.
Process Increment It should be provided concrete examples for possible product increments.
Representing tasks with user stories should not be mandatory.
Scoping Scoping should be extended to phases 1,2,3 and 4, eliminating Sprint 0.
Sprint 0
Cycle
Life-
Phases 2-5
Phase 6 -7
Despite all those limitations, and the fact that the solution
X. LESSONS LEARNED was proved to be a simpler version of what it could be,
For the authors is clear that this solution is still not the most developing these organizational changes in an iterative and
accurate, despite it was proved it is feasible considering the incremental way, was very effective overcoming some issues
objectives established. related with senior management commitment, resistance to
Most of the studies found in literature described complex change and misaligned solutions from the scope defined.
systems where Scrum was applied to giant programmes or The use of an iterative approach for developing the
very complex projects of software development. deliverables, especially in phase 5 (Table 1), was crucial to
Nevertheless, COBIT 5 is a very broad and complex find the best solutions, especially since the client was very
framework, which motivated the authors for designing a uncertain about what he was looking for. The opportunity to
simpler solution than the ones found in literature for scaling participate actively in the development and to give feedback
scrum. has contributed to much more accurate deliverables.
However, when applied in a real environment, it was The programme was considered a success, although
noticed a lack of coordination mechanisms at the programme there is still much work to be done, this first iteration allowed
level (see Table 8). Still, since there were not many people the authors to verify that developing organizational solutions
involved, this gap had not much impact in the outcome. with Scrum is very effective in many aspects.
Interviews Demonstration
Product Owner The Product Owner role is essential to monitor the Is necessary at least one person from the client side to keep the integrity of
product as a whole, with process owners to control the product and he must be at the programme level. Still, process owners
each process/project. are required since they represent the client in each process.
Roles
Implementation
Team
Scrum Master Some believe Scrum Master should be the COBIT A programme manager was included in the programme at UniLEO, and
5 expert and the one performing the scoping part ended up being essential to keep the integrity between the teams. Thus, this
of identifying the issues triggering need to act. role is fundamental for keeping the integrity as a chief scrum master.
Product Backlog
Refinement
Daily Scrum Nowadays, it is possible to make this a mandatory Although it was not mandatory in the solution, team members discussed
meeting despite the distance problems. the project almost every day, and it was essential for solving most
Events
problems.
Sprint Planning At the end of this initiative, when questioned, team members complained
Sprint Review that these common meetings did not help solving their particular problems,
Sprint stating that they were too broad.
Retrospective
Product Backlog Product’ definition should not only be focused on
processes, but in the rest of the enablers.
Artifacts
Sprint Backlog
User Story User Stories should be an optional representation During the demonstration, the tasks had very short and simple
of product backlog items. representations.
Process
Increment
Scoping Should include phases 1,2 and 3. Phases 1,2 and 3.
Sprint 0 Should be eliminated. Was part of scope definition. Not relevant.
Life-Cycle
Phases 2-5 Phases 2 and 3 should are considered part of Phase 2 was done before the involvement of the rest of the team.
scoping. Eliminating sprint 0. Only phases 4 and 5 Phase 3 was partially executed with Scrum, although went very well for
(of solution’s development) should be addressed the AS-IS assessment, ended up quick since the target was already
with Scrum. established.
Phase 6 - 7
206
XI. CONCLUSION [8] K. Peffers, T. Tuunanen, M. A. Rothenberger, and S. Chatterjee, “A
Design Science Research Methodology for Information Systems
To conduct this research, it was followed the DSRM process, Research,” J. Manag. Inf. Syst., vol. 24, no. 3, pp. 45–77, 2007.
which comprises 6 phases of development. Our main [9] A. R. Hevner, S. T. March, J. Park, and S. Ram, “Design Science in
objective was to provide an agile methodology for managing Information Systems Research,” MIS Q., vol. 28, no. 1, pp. 75–105,
the programme and eliminate some of the known challenges 2004.
of a COBIT 5 such as lack of senior management support, [10] Y. Bartens et al., “A visualization approach for reducing the perceived
complexity of COBIT 5,” in Lecture Notes in Computer Science
resistance to change and scope misaligned with requirements. (including subseries Lecture Notes in Artificial Intelligence and
For demonstrating that the solution can be used to Lecture Notes in Bioinformatics), 2014, vol. 8463 LNCS, pp. 403–407.
achieve the proposed goals, the approach was applied in a real [11] Y. Bartens, S. De Haes, Y. Lamoen, F. Schulte, and S. Voss, “On the
project of GEIT implementation with COBIT 5. As the way to a minimum baseline in IT governance: Using expert views for
selective implementation of COBIT 5,” Proc. Annu. Hawaii Int. Conf.
project ended, it was validated that Scrum indeed helps Syst. Sci., vol. 2015–March, pp. 4554–4563, 2015.
improve implementation problems related with stakeholder [12] Y. H. Kwak, “Brief History of Project Management,” Story Manag.
commitment and scope alignment, despite some limitations. Proj. An Interdiscip. Approach, no. 1916, pp. 1–9, 2000.
For evaluating the methodology, ten interviews were [13] J. Etzler, “IT governance according to COBIT,” Stock. Sweden R. Inst.
performed with both Scrum and COBIT 5 experts and it was Technol., 2007.
concluded that although it was demonstrated that the solution [14] M. Nicho, “Towards a Taxonomy of Challenges in an Integrated IT
is feasible, there are some improvements that can be done in Governance Framework Implementation Governance Framework
Implementation,” J. Int. Technol. Inf. Manag., vol. 25, no. 2, pp. 1–32,
order to provide a more valuable solution. 2016.
A. Limitations [15] S. De Haes, R. Debreceny, and W. Van Grembergen, “Understanding
the Core Concepts in COBIT 5,” ISACA J., vol. 5, no. 1, pp. 1–8, 2013.
This research has also a few limitations. [16] K. Schwaber and J. Sutherland, “The Definitive Guide to Scrum: The
The biggest flaws in this research occurred in the Rules of the Game,” 2017.
demonstration phase. First of all, the team involved in the [17] M. Špundak, “Mixed Agile/Traditional Project Management
programme was rather small, because of that the scrum Methodology – Reality or Illusion?,” Procedia - Soc. Behav. Sci., vol.
119, pp. 939–948, 2014.
master was the same for every scrum team. A role that was
[18] D. J. Fernandez and J. D. Fernandez, “Agile project management -
not addressed by the solution was added, and the third phase agilism versus traditional approaches,” J. Comput. Inf. Syst., vol. 49,
was not completely demonstrated because of the low no. 2, pp. 10–17, 2008.
capability level of the processes. [19] ISACA: COBIT 5 Enabling Processes, 2012.
Also, although the demonstration was original planned [20] ISACA: COBIT 5 Enabling Information, 2013.
as a programme initiative, it ended up being just a big project [21] C. Thiemich and F. Puhlmann, “An agile BPM project methodology,”
since the teams began to mix with each other within the in Lecture Notes in Computer Science (including subseries Lecture
projects due to the reduced number of people involved in the Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),
2013, vol. 8094 LNCS, pp. 291–306.
implementation. This is also an important aspect to consider
[22] M. Cohn, User Stories Applied: For Agile Software Development.
for a complete demonstration. 2014.
Furthermore, the authors did not perform any previous [23] PMI, A Guide to the Project Management Body of Knowledge
COBIT 5 programme using the traditional method to compare (PMBOK Guide) - 6th ed. 2017.
the results, and the literature is very scarce regarding COBIT [24] S. Denning, “How to make the whole organization Agile,” Strateg.
5 initiative’ results. Leadersh., vol. 43, no. 6, pp. 10–17, 2015.
[25] A. M. M. Hamed and H. Abushama, “Popular agile approaches in
B. Future Work software development: Review and analysis,” Proc. - 2013 Int. Conf.
As future work, the authors intend to make a second iteration Comput. Electr. Electron. Eng. ’Research Makes a Differ. ICCEEE
2013, no. August 2013, pp. 160–166, 2013.
to the proposal based on lessons learned, followed by another
[26] D. West, “Water-Scrum-Fall Is The Reality Of Agile For Most
series of interviews to validate the new proposal. This second Organizations Today,” Appl. Dev. Deliv. Prof., pp. 1–15, 2011.
iteration will have special focus on the life-cycle, one of the [27] D. K. Rigby, J. Sutherland, and H. Takeuchi, “Embracing agile,”
aspects of the proposal more discussed during the interviews. Harvard Business Review, vol. 2016, no. May. 2016.
[28] R. S. Debreceny, “Research on IT Governance, Risk, and Value:
REFERENCES Challenges and Opportunities,” J. Inf. Syst., vol. 27, no. 1, pp. 129–
[1] Melville, Kraemer, and Gurbaxani, “Review: Information Technology 135, 2013.
and Organizational Performance: An Integrative Model of IT Business [29] Project Management Institute, “Success Rates Rise 2017 9th Global
Value,” MIS Q., vol. 28, no. 2, p. 283, 2004. Project Management Survey,” PMI’s Pulse Prof., p. 32, 2017.
[2] S. de Haes and W. van Grembergen, “An Exploratory Study into IT [30] S. Schlauderer, S. Overhage, and B. Fehrenbach, “Widely used but also
Governance Implementations and its Impact on Business/IT highly valued? Acceptance factors and their perceptions in water-
Alignment,” Inf. Syst. Manag., vol. 26, no. 2, pp. 123–137, 2009. scrum-fall projects,” 2015 Int. Conf. Inf. Syst. Explor. Inf. Front. ICIS
[3] ISACA, COBIT 5: A Business Framework for the Governance and 2015, pp. 1–19, 2015.
Management of Enterprise IT. 2012.
[31] M. Laanti, “Implementing program model with agile principles in a
[4] ISACA, Getting Started With GEIT : A Primer for Implementing
large software development organization,” Proc. - Int. Comput. Softw.
Governance of Enterprise IT. 2016.
Appl. Conf., no. January 2008, pp. 1383–1391, 2008.
[5] ISACA, COBIT 5: Implementation. 2012.
[6] S. De Haes, W. Van Grembergen, and R. S. Debreceny, “COBIT 5 and [32] Scaled Agile, SAFe, https://www.scaledagileframework.com/#. Last
Enterprise Governance of Information Technology: Building Blocks accessed May 22, 2018
and Research Opportunities,” J. Inf. Syst., vol. 27, no. 1, pp. 307–324, [33] S. L. T. McGregor and J. A. Murnane, “Paradigm, methodolog34y and
2013. method: Intellectual integrity in consumer scholarship,” Int. J. Consum.
[7] Manifesto for agile software development, 2001, Stud., vol. 34, no. 4, pp. 419–427, 2010.
http://agilemanifesto.org/. Last accessed April 12, 2018 [34] E. Hossain, M. A. Babar, and H. Paik, “Using Scrum in Global
Software Development: A Systematic Literature Review,” 2009
Fourth IEEE Int. Conf. Glob. Softw. Eng., pp. 175–184, 2009.
207