7. Typical Pain Points
• Frustration between different IT entities across the organization because
of a perception of low contribution to business value
• Frustration between business departments (i.e., the IT customer) and the
IT department because of failed initiatives or a perception of low
contribution to business value
• Significant I&T-related incidents, such as data loss, security breaches,
project failure, application errors,linked to IT
• Service delivery problems by the IT outsourcer(s)
• Failure to meet IT-related regulatory or contractual requirement
• Regular audit findings or other assessment reports about poor IT
performance or reported IT quality or service problems
8. • Substantial hidden and rogue IT spending
• Duplications between various initiatives, or other forms of wasted resources
• Insufficient IT resources, staff with inadequate skills and staff burnout/dissatisfaction
• IT-enabled changes or projects frequently failing to meet business needs and delivered
late or over budget
• Multiple and complex IT assurance efforts
• Reluctance of board members, executives or senior management to engage with IT, or
lack of committed business sponsors for IT
• Complex IT operating model and/or unclear decision mechanisms for IT-related
decisions
• Excessively high cost of IT
• Obstructed or failed implementation of new initiatives or innovations caused by the
current IT architecture and systems
9. • High level of end-user computing, creating (among other issues) a lack of
oversight and quality control over the applications that are being
developed and put in operation
• Business departments implementing their own information solutions with
little or no involvement of the enterprise IT department
• Ignorance of and/or noncompliance with security and privacy regulations
• Inability to exploit new technologies or innovate using I&T
• Regular issues with data quality and integration of data across various
sources
• Gap between business and technical knowledge
10. Trigger events
• Merger, acquisition or divestiture
• Shifts in the market, economy or competitive position
• Changes in business operating model or sourcing arrangements
• New regulatory or compliance requirements
• Significant technology change or paradigm shifts
• Enterprise wide governance focus or project
• External audit or consultant assessments
• New business strategy or priority
• Desire to significantly improve the value gained from I&T
32. Focus Areas
• Examples of focus areas include small and medium enterprises,
cybersecurity, digital transformation, cloud computing, privacy, and
DevOps
• A number of focus area content guides are in preparation, and the set
will continue to evolve. For the latest information on currently
available and pending publications and other content, please visit
www.isaca.org/cobit.
60. Factor 11 Enterprise Size
13
26 At the time of publication of the COBIT® 2019 Design Guide: Designing an Information
and Technology Governance Solution, the small and medium
enterprise focus area content was in development and not yet released.
