COBIT 5 PROCESS MODEL – DSS03: FROM BUSINESS ARCHITECTURE

A long time ago I did not write and revise scattered and very varied documentation on different points of view, I have decided writing about the COBIT problem process. This process, which also includes ITIL in your framework, is typically considered to be your implementation in the following phases of deployment. I mean. Typically in a ITIL or COBIT deployment Roadmap, this process does not appear in the first phase. Experience tells us that only when the process of incidents of business/it exists already exists and it is not known how to manage the “eternal problems” of the day to day of a public and/or private organization.

What I do think is a fact is that you have to develop the process of incidents and the process of cases (which could be oneself with different flows of information and/or data or two completely different processes; depends on each organization and its work culture ). I speak on COBIT 5 of the DSS03 process.

Again, I was reviewing the article that was written a while ago, https://juanbarrancoit.com/en/approach-implementing-cobit-5/ because right here I’m going to leave right now.

In this article being coherent and continue in some way (not established with a proposal of roadmap) that was presented in the article https://juanbarrancoit.com/en/bai02-cobit-5-process-model/, https://juanbarrancoit.com/en/bai07-cobit-5-process-model/, continuing the construction of COBIT 5-type governance processes.

As a result we had to build the processes:

  • EDM01 Ensure the establishment and maintenance of the frame of Government
  • EDM02 Ensure the delivery of benefits
  • EDM04 Ensure the optimization of resources
  • BAI02 Manage the definition of requirements
  • BAI04 Manage availability and capacity
  • APO04 Manage innovation
  • APO08 Manage relationships
  • APO07 Manage human resources
  • BAI07 Manage the acceptance of change and transition

The roadmap of construction of processes was this:


DSS03: MANAGE PROBLEMS

However in these articles it does not mention the priority construction of the problem process. Now if we go back to the article, https://juanbarrancoit.com/en/approach-implementing-cobit-5/ , it was indicated that these processes had to be built:

  • EDM04 Ensure the optimization of resources
  • APO01 Manage the IT management framework
  • APO03 Manage the enterprise architecture
  • APO04 Manage innovation
  • APO07 Manage human resources
  • APO08 Manage relationships
  • BAI02 Manage the definition of requirements
  • BAI04 Manage availability and capacity
  • BAI09 Manage assets
  • BAI10 Manage the configuration
  • BAI07 Manage the acceptance of change and transition
  • DSS01 Manage operations
  • DSS03 Manage problems
  • MEA01 Monitor, assess and evaluate performance and compliance
  • EDM01 Ensure the establishment and maintenance of the frame of Government
  • EDM02 Ensure the delivery of benefits

It happened that this article followed a route of implementation that gave priority to other processes. Given all that information seen and scattered I will try to make one, knowing that there can be thousands and thousands of different cases.

Here is the problem management process; But unlike other occasions, I will use other ways of modeling the process:

Note: Unlike the other models, I focused this time on using the SIPOC model of Archimate for business architecture, for clarity purposes. From the point of view of GDPR, another way of modeling another process in later and future articles will be used, so as not to focus on the BPM strictly this time.

If this process is used for areas of technology, it is thought of as a fundamental process in the operations of a company that does not devote itself to information technology, respecting opinions to the contrary.

It is recommended to increase the size of the fonts or the page of your browser to see it better given its resulting complexity, in at least 150% to appreciate well the changes, process activities.


CONSIDERATIONS AND CONCLUSIONS

It was assumed that this process is for companies that are not dedicated to technology. However if you can appreciate that it is a process that can use a whole company.

Normally, when using the SIPOC modeling technique (suppliers, inputs, processes, outputs, customers), this rigorous construction and/or redesign of this process would not be recommended. However to not make more extensive not included important elements in the inputs and outputs for this form of modeling that are:

At entry level:

  • Specifications
  • Work agendas
  • Standard
  • work objectives
  • Regulations
  • Other more

At departure level:

  • Key indicators
  • Experiences learned
  • New or improved products/services
  • Forms of work or culture of new work
  • Other more

Very important when it comes to modeling in this way. Possibly in another view, you could view these elements

Another thing would be to try to automatize this process which is a later stage within the BPM framework if possible or not; That is to say if you give true value to the company you are implementing.

Finally Recalling section “What processes could do part of an implementation?” of article https://juanbarrancoit.com/en/approach-implementing-cobit-5/ , section of processes for optimization of assets, resources, and capabilities of the I.T., we have:

  • S: EDM01 Ensure the establishment and maintenance of the frame of Government
  • S: EDM02 Ensure the delivery of benefits
  • P: EDM04 Ensure the optimization of resources
  • P: APO01 Manage the IT management framework
  • S: APO02 Manage strategy
  • P: APO03 Manage the enterprise architecture
  • P: APO04 Manage innovation
  • S: APO05 Manage the portfolio
  • S: APO06 Manage budget and costs
  • P: APO07 Manage human resources
  • S: APO08 Manage relationships
  • S: APO09 Manage service agreements
  • S: APO10 Manage providers
  • S: APO11 Manage quality
  • S: BAI01 Manage programs and projects
  • S: BAI02 Manage the definition of requirements
  • S: BAI03 Manage the identification and construction of solutions
  • P: BAI04 Manage availability and capacity
  • S: BAI05 Managing organizational changes
  • S: BAI06 Manage changes
  • S: BAI08 Managing knowledge
  • P: BAI09 Manage assets
  • P: BAI10 Manage the configuration
  • P: DSS01 Manage operations
  • P: DSS03 Manage problems
  • S: DSS04 Managing continuity
  • S: DSS05 Managed security services
  • S: DSS06 Manage the controls of the business process
  • P: MEA01 Monitor, assess and evaluate performance and compliance

It was chosen to model the DSS03 process. Notice as it appears as “P” in this process in this first phase of implementation of I.T. governance processes reiterate that by the exercise of implementation followed in that article that process “lost” priority.

Hypothetical exercise both of the preceding article like this, watch as we will in the implementation of COBIT, for a company wishing to align their business strategy and the area of I.T.

If you want to how to implement I.T. governance processes, contact me here.