lundi 18 février 2013

Assessment of what ISACA has achieved with Cobit® 5

ISACA has released Cobit 5.0 for public exposure. How would you position Cobit 5.0 versus ISO 38500 ? 
Launched by Tru Dô-Khac on July 2 2011 (IT Governance International)

As of Feb 2013 : 56 comments

Note : Tru Do-Khac is a member of ISACA since december 2012.

COBIT® is a registered trademark of the Information Systems Audit and Control Association® (ISACA®).

Well Peter,
disctinction between governance and management should not be "problematic".

If it so, then Cobit authors would miss their objectives to make a clear distinction bewteen the two concepts (as stated page 33 of the Draft Exposure Framework).

And today, you would recognize that there is room for improvement, would'nt you : on the same page, there are two frames where the two concepts are defined : about 100 words each (about 7 lines) !

Nevertheless this should not take away the credit for ISACA to share, in an Open Innovation mindset, draft documents. The risk is being exposed.

Now, the next step would be to engage the right resources to fill the gap between the expectations of the community and the deliverables. 

i am with Mark Toomey to say that a definition is key...especially when you claim thought leadership.
And that is what ISACA is and/or that the community expects ISACA to be (cf wikipedia on IT governance)

An example of undisputed thought leadership : Pr Andrew McAfee who is reputed to have coined "Enterprise 2.0". His thought leadership is captured in his definition...

On "ITIL compliant" or "ITIL compliance" : by representing this, these companies might infringe trademark and copyright... 

@ Peter,
ignorance or maybe it is just good business.

Another example of "ignorance" is maintaining the confusion between "access rights" or "utilisation rights" (subrights of copyrights) which is most unfortunate for these companies'clients who are putting themselves at risk...

From a business perspective, i am a big fan of OGC (ITIL proprietor) and ISACA (Cobit proprietor) for their pioneer vision of the digital economy and how they have achieved to bundle copyright, brand and IT into a business that could be called mindware.

From a methodological perspective, i wish good luck to ISACA to meet all the objectives that you mention.

But i would feel that ISACA should go beyond the open innovation attitude that they have demonstrated with the Draft Exposures : they should engage experts from both the practionner side and the academic side who would be able to really challenge their current deliverables. 

i am a little bit surprised by your comment suggesting "Koen's inexperience". We are here to discuss and what we share here is mutual respect.

as far as i am concerned, this discussion is self moderated : every opinion / feeling / perception is welcome 

you are right. the fees of "as is" are hudge in perspective of the delivered value.

But from a supplier perspective, it is a way to train junior consultants (even at the cost of the clients but ultimately from an ecosystem perspective, these juniors become seniors and the client has its ROI...)

This was the old consulting model.
What is the new model ?

The new is based on social networks where the client self upraise with mininum (from a timesheet perspective) help from outside experts, which are professionals who are eager to share ideas and experience and are skilled enough to set themselves exposed in open (public) forum.

For the junior : what is left ?

well software development on (mobile) cloud computing platforms under the supervision of seniors who set the directions
or when they have ideas, entrepeneurship...and in fact you do not need to wait to reach the junior professional level, you can start right as an undergraduate at the university...

let's build on this. How about putting up a list of improvements/sugestions that would be forwarded to ISACA ? It will be up to ISACA to decide.

Let me start with a simple one
* address SLA (Service Level Agreement) as a major notion of IT governance (SLA is not mentionned in the Framework document though it is in the Process doc)

PS : if you contribute, let me suggest you to (re)read beforehands and carefully the User Agreement of LinkedIn.

"product", "brand",...that is big business terms...and it is indeed.

Best practices is big business (books, training, certification, software,...) and ISACA has a strategic marketing issue to resolve. Hopefully they have the right governance in place.

As for Pat's suggestion to present our discussion to ISACA and my comment :
The perspective is intellectual property (IP).

Let me suggest to compare ISACA IP conditions to contribute, LinkedIn IP conditions and these of a billed professional Cloud Computing service.

No need to be a lawyer to identify the differences but you might need one to understand the legal stakes and risks. Then you should mix this inputs with you business strategy and decide what to do next.

And by the way, intellectual property is not addressed in the my opinion, a major flaw today for the digital economy.

Peter, as you seem to be a supporter of Cobit, what do you say to this ? 

(...)tdk (...)tdk (...)tdk (...)tdk (...)tdk (...)tdk (...)tdk (...)