2020 has either been a year of reviews or a year of forward reflections depending on what dominated your outlook. When the COVID-19 pandemic first hit, many organizations had to test a number of plans: crisis management plans, business continuity plans, coupled with continuous risk identification and assessments, all held together by strategy reviews to guide them on the way forward.
Looking at our outlook for crisis or disaster management, many organizations were not prepared for this kind of crisis that forced every organization to be on its toes. The message has been very clear: we must keep going on! Those who have wanted to press the pause button in most cases realized that option is not available.
It is said that culture eats strategy for breakfast. As most organizations have been forced into review meetings, risk workshops and strategy sessions, it has become apparent that the organizations’ change management appetite is under scrutiny. Organizations that have promoted innovative cultures adjusted quickly as relearning and change have been a dominant part of their DNA. Organizations that by nature have a “wait it out mentality” have struggled through the pandemic.
As the year comes to a close, it is only fitting for organizations to consciously start reviewing the impact of culture on how they have managed the pandemic as well as how to shape their culture to support updated strategies that were rolled out to weather the storm. As an assurance specialist, I would also urge fellow auditors to look into including culture audits as part of their 2021-22 annual plans.
The COBIT framework outlines seven components that are required to build an effective IT governance system, and among these components are culture, ethics and behavior. In this blog post, I discuss how one can review service objectives drawn from the COBIT core model and assess the culture value associated with managing services. To this end, I have selected one governance objective and five management objectives from the 40 governance and management objectives available to provide guidance on how one can assess whether an organization has the right culture to provide service levels in line with the organization’s requirements.
Service culture objectives as selected from COBIT:
COBIT provides culture, ethics and behavior guidance for each management objective. Through this guidance, one can develop assessment questions to measure whether the organization is building the right culture required to achieve its service objective, as outlined below:
1. Ensured Stakeholder Engagement
|
Governance/Management Objective |
Culture, Ethics and Behavior COBIT Guidance |
Assessment Questions |
|
Ensured Stakeholder Engagement |
Create a culture in which open and structured communication is provided to key stakeholders, in line with their requirement. |
Get an understanding of:
|
The organization’s culture should promote clear communication to the board of directors, regulators and key stakeholders on IT capability and the ability to provide the expected customer service levels.
2. Managed Innovation
|
Governance/Management Objective |
Culture, Ethics and Behavior COBIT Guidance |
Assessment Questions |
|
Managed Innovation |
Create an environment that is conducive to innovation by maintaining relevant HR initiatives, such as innovation recognition and reward programs, appropriate job rotation and discretionary time for experimentation. Ensure close collaboration and coordination of initiatives across the organization. |
Get an understanding of:
|
It is critical to analyze how an organization promotes idea-sharing and particularly how long it takes to make decisions on implementation of such ideas. It is evident through the pandemic that regardless of the type of organization, innovative ways have been required to be able to engage staff and remain productive. It is also worth noting whether idea generation is based on employee creative ability rather than position. Organizations with exceptional, innovative programs understand that creativity is not based on position or employee educational background. Rather, ideas come from emotive places influenced by what we see and our engagement with people from different walks of life.
3. Managed Business Process Controls
|
Governance/Management Objective |
Culture, Ethics and Behavior COBIT Guidance |
Assessment Questions |
|
Managed Business Process Controls |
Create a culture of habitual excellence throughout the organization. Encourage employees to excel. Create an environment in which operational procedures deliver (more than) the necessary services while also allowing employees to question the status quo and try new ideas. Manage operational excellence through employee engagement and continuous improvement. Apply a customer-centric approach (for both internal and external customers). |
|
Processes are critical in ensuring that standard service is provided. A great service culture ensures that service processes are understood by all employees, where processes are cross-cutting and employees are not quick to refer customers without explaining a product and/or service to them. A culture of ownership and accountability of business processes should be displayed by employees across departments. As an assurance specialist, it is key to take note of how employees own business processes across the organization and promote their evolution.
4. Managed Availability and Capability
|
Governance/Management Objective |
Culture, Ethics and Behavior COBIT Guidance |
Assessment Questions |
|
Managed Availability and Capability
|
For enterprises that depend on information, availability and capacity management are critical to successful operations. Establish a culture in which product and service availability and capacity are prioritized (in line with business requirement). |
Get understanding of:
|
One may encounter one of two responses from a service desk: “Sorry, we are closed” or ”Sorry, we are closed but you can leave us a number to contact you as soon as our systems are operational.” Communication of unavailable services is key to customers. Providing an alternative solution is even more attractive to a customer in need. Organizations with a service culture rarely leave a customer without an alternative because they are genuinely invested in ensuring that customer needs are met. During the pandemic, it has been critical for organizations to partner with others to ensure continuity of service where applicable. Some of the partnerships may become permanent as organizations review their service offerings. It is critical to understand your organizational culture around availability and capacity, and how employees respond.
5. Managed Quality
|
Governance/Management Objective |
Culture, Ethics and Behavior COBIT Guidance |
Assessment Questions |
|
Managed Quality |
Promote a culture of quality and continual improvement. Maintain and regularly communicate the need for and benefits of quality and continuous improvement. |
|
One sure way to induce a headache would be to run a system in which every solution is a workaround. Having worked with marketers, I know how important it is to be the first in the market, and during the pandemic providing ready-to-go solutions has been a required survival strength. However, the quality culture should be matched with the organization’s ability to innovate. Taking into consideration customer feedback is critical to understand their frustrations on highly advertised products with limited value. Understanding and respecting quality checks for every service should be something that employees pride themselves on.
6. Managed Continuity
|
Governance/Management Objective |
Culture, Ethics and Behavior COBIT Guidance |
Assessment Questions |
|
Managed Continuity |
Embed the need for business resilience in the enterprise culture. Regularly and frequently update employees about core values, desired behaviors and strategic objectives to maintain the enterprise composure and image in every situation. Regularly test business continuity procedures and disaster recovery. |
|
The pandemic has provided a practical scenario allowing every organization to test its business continuity plans regardless of their technical capabilities. Now every organization understands the value of business continuity over technological equipment. Was there a culture of sharing roles and responsibilities during the pandemic? How was information shared among employees to ensure continuity? What culture emerged regarding quality of service and were employees in the know to ensure that the same information was shared with customers? As an assurance specialist, answers to these questions demonstrates the business continuity culture embedded in the organization.
ConclusionStrong organization culture pays off during disasters. Culture goes beyond words written in pamphlets and bulletin boards around the building. Culture is the practice that gets rewarded. Which behavior and ethical principles has your organization been rewarding during the pandemic? What service traits are practiced and celebrated in your organization?
Organizational purpose is translated through the service level given to customers and stakeholders. Great service levels can boost overall organizational resilience.