Linking EA, governance, and business strategy

Written By Stuart Macgregor

This is one of the few case studies that show how to couple these three domains to achieve transformation. While created a few years ago, and relating to the COBIT framework, this case study is as relevant today as it was then.

It highlights how EA has evolved from a largely misunderstood discipline to the point where it now acts as the linchpin between corporate governance and IT governance – driving business transformation in the digital age.

CobiT® 3rd Edition© Case Study - First published in 1999 by ISACA

Abstract

SAB Ltd (South African Breweries Limited), a division of SAB plc, manufactures and distributes beer and non-alcoholic beverages in Europe, Asia and Africa. More than 200 of the organisation’s 7,000 employees work in the information systems field. After learning about CobiT® from the Gartner Group, SAB Ltd used CobiT to develop an IT and enterprise architecture strategy document.

The SAB Ltd approach fostered partnering opportunities between IS audit and the IT community. The IS audit team implemented value-added components to the reviews, which allowed a more rigorous interpretation of IT risk. Once the business benefits of CobiT were communicated, senior business executives realised the framework could help determine accountability for processes and improve IT Governance. By using the framework as the basis for an accountability matrix, SAB Ltd began achieving a role-based IT organisation with defined process measures to ensure customer value.

Background

SAB Ltd is a division of SAB plc, which has more than 34,000 employees working for 70 breweries in 21 countries, as well as substantial hotel and gaming interests in Southern Africa. SAB plc was first registered in London in 1895 as SAB Limited. It was registered on the Johannesburg Stock Exchange in 1897 as the first industrial share. Since then it has grown to manufacture and distribute beer and non-alcoholic beverages in Europe, Asia and Africa.

SAB Ltd generates 53% of the SAB plc operating profit and employs 6,500 full-time and 500 part-time employees. More than 200 of these employees work in the information systems field.

Process

SAB Ltd first heard about CobiT through the ISACA website (www.isaca.org), and soon after used CobiT when developing the SAB Ltd IT/enterprise architecture strategy document. Gartner's research was used extensively in the development of this document. After thoroughly researching CobiT’s methodology to improve IT Governance at SAB Ltd, Stuart Macgregor, then manager of SAB Ltd’s Information Resource Management (IRM) team, was invited to Chicago, Illinois, USA to participate in ISACA’s development of the CobiT 3rd Edition© Management Guidelines.

SAB Ltd began its implementation by developing a CobiT-based questionnaire that assessed the IT management team’s perception of IT process effectiveness, risk and the relative priority for improvement. This approach increased the IT organisation’s readiness to adopt CobiT as its primary IT Governance tool.

SAB Ltd then used several techniques to gain senior management support for adopting CobiT. Presentations were given to groups including regional IT managers, the IT steering committee and IT managers. Pre-presentation reading, such as the CobiT Executive Summary, was distributed widely throughout the business and IT departments.

Although there was early resistance to the CobiT framework, the education campaign fostered a critical mass and resulted in strong support from the IT management team, which recognised that the CobiT framework could assist in assigning accountability for processes and improving governance within the IT organisation. SAB Ltd then used the framework as the basis for an accountability matrix. The strategy was to move toward a role-based IT organisation with defined process measures to ensure customer value.

"Using CobiT® as a resource, SAB Ltd developed an IT and enterprise architecture strategy document"

Using CobiT as a resource, SAB Ltd developed an IT and enterprise architecture strategy document. This document served to further increase awareness of CobiT’s benefits among SAB Ltd’s IT and business communities. For each of the 34 CobiT processes, the development team documented the SAB Ltd:

  • Target environment

  • Business objectives

  • IT portfolio services or deliverables from the IT process

  • Current situation analysis

  • Strategy and action items required to move from the current situation to the desired situation

At this point, PricewaterhouseCoopers added its capabilities to the implementation process. Together with PricewaterhouseCoopers, SAB modelled CobiT IT processes using the Architecture of Integrated Information Systems (ARIS) business process-modelling tool set. Additional best practice information was obtained from the Information Technology Infrastructure Library (ITIL) and the BS7799 standard. Content from BS7799 was captured into ARIS and linked to CobiT processes. The models were designed to answer the six interrogatives of what, how, where, when, who and why from different perspectives.

The SAB Ltd team used portions of the CobiT 3rd Edition draft version to develop an IT customer satisfaction survey. The survey applied balanced scorecard concepts developed by Robert S. Kaplan and David P. Norton and was sent to the SAB Ltd board of directors, general managers, heads of departments and regional executives. Several factors contributed to the positive feedback and high response level of this survey, including the web-based approach to collecting the survey responses, the questionnaire design and the statistical processing of the survey results.

Next, SAB Ltd deployed an Intranet CobiT website that included the draft Management Guidelines IT process maturity models and eventually the final 3rd edition release. The Intranet site includes the ARIS process models of the CobiT IT processes and the ability to assess current and desired IT process capability maturity. It also provides easy access to the CobiT open standard content and has received positive reviews from the SAB Ltd IT community.

The SAB Ltd IT departments use the CobiT Intranet site to gain a detailed understanding of the CobiT processes and control objectives. This is especially useful when they are in the process of answering PricewaterhouseCoopers’ Technology Related In-Control Services (Tr-ICS) questionnaires. Tr-ICS is a simplified and practical risk analysis methodology that borrows from SPRINT (Simplified Process for Risk Identification), a risk analysis methodology developed by the Information Security Forum (ISF). IT risk is assessed for each CobiT IT process, with specific questions derived from 302 high-level control objectives.

SAB Ltd extended the Tr-ICS tool to enable Intranet-based scoring and management of the review to support, for example, assigning the questionnaires, tracking the progress, and storing and processing the results. In essence, there is a Tr-ICS question for each CobiT control objective. Coupling Tr-ICS reviews with easy Intranet access to control objectives and the CobiT 3rd Edition content has resulted in an overall improvement in corporate-wide understanding and appreciation for IT Governance.

"This implementation approach is a good example of partnering opportunities between IS audit and the IT community"

This implementation approach is a good example of partnering opportunities between IS audit and the IT community. The IS audit team has implemented value-added components to the reviews, which resulted in a change of focus that allows a more rigorous interpretation of IT risk. At the time of the development of this case study, eight reviews were successfully performed and results were published by IS audit on the SAB Ltd Intranet.

Mr Macgregor was then selected as a core member of the team that developed the SAB plc global IT strategy. In addition to providing a framework for IT control, CobiT’s process maturity models were used extensively in the definition of the SAB plc global IT strategy to:

  • Assess IT process capability maturity (actual and desired) for South Africa, Africa and Europe IT departments.

  • Identify the steps or actions required to improve IT process capability maturity.

  • Identify and understand areas of knowledge sharing across the group.

  • Facilitate IT organisational design, e.g. determine the level of process consolidation and level of consistency for CobiT processes on a global, regional and local basis.

  • Define IT services based on CobiT IT processes.

  • Identify the key headlines, or what should be the focus, to support the business in achieving desired capabilities. This was essential in establishing business and IT alignment.

  • Conclusion

The SAB Ltd team found that the extensive education campaign, supported by pre-reading materials and presentations prior to implementation, greatly increased awareness and support of CobiT among SAB Ltd’s IT and business communities. Once the overall business benefits of CobiT were communicated, senior business executives realised the framework could help determine accountability for processes and improve IT Governance. By using the framework as the basis for an accountability matrix, SAB Ltd began achieving a role-based IT organisation with defined process measures to ensure customer value.

CobiT 3rd Edition provides a global performance improvement framework that helps achieve this by:

Establishing common key performance indicators across the group to enable internal and external benchmarking comparisons.

Providing template business processes, supported by systems to enable rapid transfer of good practices.

Supporting a more consistent approach for sharing knowledge by encapsulating the best thinking into the process models and supporting documentation.

CobiT 3rd Edition will continue to be instrumental in supporting the globalisation of IT within SAB plc. This will require developing new ways of working for SAB plc to lead globally in strategy, planning, governance and IT performance measurement.

Stuart Macgregor

Stuart Macgregor is the CEO of Real IRM and The Open Group - South Africa. Through his personal achievements, he has gained the reputation of an Enterprise Architecture and IT Governance specialist, both in South Africa and internationally. Stuart is a member of John Zachman’s advisory committee, and is openly obsessed with Enterprise Architecture with a definite business bias.

Stuart served as an officer of The Open Group Architecture Forum and fulfilled a liaison role between The Open Group and ISACA. He has participated in the development of both COBIT® and TOGAF® over a number of years; including the COBIT 5 development workshops held in London and Washington. As the lead researcher, Stuart led the mapping of COBIT to TOGAF® which was published by ISACA and The Open Group.

As a founding member of the Exploration, Mining, Metals and Minerals (EMMM) Forum of The Open Group, Stuart helped to establish the first industry vertical Forum within The Open Group. The EMMM Forum went on to create industry reference models for process and capabilities - The Business Process Reference Model and the Business Capability Reference Map. These reference models have been used globally by thousands of individuals across various industries.

In the role of lead consultant, Stuart has assisted numerous organizations to establish their Enterprise Architecture practices and has also used COBIT to develop IT Governance frameworks for NYSE Top 100 companies. While participating in the development of the TOGAF standard, Stuart drove the adoption of TOGAF in South Africa and continues to evangelise the discipline of Enterprise Architecture and The Open Group standards through speaking opportunities, professional services engagements, and TOGAF and Zachman Framework training.

Previous

Kotter's Eight Stage Journey
Next

How to succeed at enterprise architecture