Phase 1: What Are the Drivers?

COBIT 2019 Foundation: Phase 1 - What Are the Drivers? Complete Guide

Introduction to Phase 1: What Are the Drivers?

Phase 1: What Are the Drivers? is the foundational stage of the COBIT 2019 implementation framework. It represents the critical first step in understanding the organizational context and establishing the business case for enterprise governance of information and technology (EGIT).

Why Is Phase 1 Important?

Phase 1 is crucial for several reasons:

• Foundation Setting: It establishes the groundwork for all subsequent implementation phases by identifying what drives the need for governance
• Stakeholder Alignment: It ensures that leadership and stakeholders understand why governance improvements are necessary
• Business Case Development: It helps articulate the business rationale for implementing or improving COBIT practices
• Risk Identification: It identifies organizational risks and concerns that governance must address
• Strategic Alignment: It connects IT governance initiatives with overall business strategy and objectives

What Are the Drivers? Definition and Scope

Drivers in COBIT 2019 context refer to the internal and external factors that create the need for enterprise governance of IT. These are the reasons, pressures, and circumstances that motivate an organization to implement or enhance its governance practices.

Types of Drivers Include:

1. Business Goals and Objectives

The organization's strategic direction and targets that require IT support and governance

2. Risk Factors

Internal and external threats that must be managed through proper governance structures

3. Compliance Requirements

Regulatory, legal, and industry standards that mandate governance practices (GDPR, HIPAA, SOX, ISO standards, etc.)

4. Stakeholder Expectations

Demands and concerns from customers, employees, investors, regulators, and other interested parties

5. Organizational Challenges

Current problems with IT management, service delivery, security, or value realization that governance can address

6. Industry Trends

Market changes, technological advancements, and competitive pressures affecting the organization

7. Governance Maturity Assessment Results

Findings from assessments that reveal gaps between current state and desired governance maturity

How Phase 1 Works: The Process

Phase 1 implementation involves several key activities:

Step 1: Identify External Drivers

Analyze external factors such as:

• Regulatory and compliance requirements
• Industry standards and best practices
• Market competition and trends
• Customer and supplier expectations
• Technological advancements

Step 2: Identify Internal Drivers

Examine internal factors including:

• Business strategy and objectives
• Organizational structure and culture
• Current IT performance and maturity
• Known risks and vulnerabilities
• Stakeholder concerns and expectations
• Cost and resource constraints

Step 3: Document and Prioritize Drivers

Create a comprehensive list of all identified drivers and prioritize them based on impact and urgency

Step 4: Develop Business Case

Use drivers to build a compelling business case that demonstrates:

• Why governance is needed
• What benefits will be achieved
• What costs are involved
• What risks will be mitigated
• Expected timeline and resource requirements

Step 5: Gain Stakeholder Buy-in

Use driver analysis to secure executive sponsorship and organizational support

Step 6: Set Governance Goals

Translate drivers into specific, measurable governance goals and objectives

Key Concepts to Understand for Phase 1

Enterprise Governance of IT (EGIT)

The system by which the enterprise's IT is directed and controlled. Phase 1 drivers establish why EGIT is necessary.

Stakeholder Value

Drivers often relate to value delivery—governance ensures IT contributes to stakeholder value realization

Risk and Compliance

Many drivers stem from the need to manage risks and ensure compliance with external requirements

Strategic Alignment

Drivers help ensure that IT governance supports the organization's strategic direction

Performance and Accountability

Drivers may include the need to improve IT performance, demonstrate accountability, and optimize resource utilization

How to Answer Exam Questions on Phase 1: What Are the Drivers?

Question Type 1: Identifying Drivers

Question Format: "Which of the following is an example of a driver for IT governance implementation?"

How to Answer:

• Look for factors that create the need for governance
• Avoid answers that describe governance practices themselves
• Consider both internal and external factors
• Think about what motivates an organization to implement governance

Example: If presented with options like "implementing COBIT," "managing risks," "improving IT performance," and "defining policies," the correct answer would likely be "managing risks" or "improving IT performance" as these are drivers, while "defining policies" is a governance activity.

Question Type 2: Categorizing Drivers

Question Format: "Is the following a compliance driver or a business performance driver: 'The organization must comply with GDPR requirements'?"

How to Answer:

• Understand the difference between driver categories
• Read the scenario carefully to identify the primary motivation
• Compliance drivers relate to external requirements and regulations
• Business drivers relate to strategic objectives and performance goals
• Risk drivers relate to threat mitigation and control

Question Type 3: Connecting Drivers to Governance Goals

Question Format: "Based on these drivers, which governance goal would be most appropriate to establish?"

How to Answer:

• Ensure the governance goal directly addresses the identified drivers
• Look for alignment between driver and goal
• Understand that drivers should drive governance objectives
• Evaluate which goal would most effectively address the business need

Question Type 4: Scenario-Based Questions

Question Format: "An organization is experiencing frequent data breaches, losing customer trust, and facing regulatory investigations. What phase should they begin with, and what are the primary drivers?"

How to Answer:

• Identify all the drivers present in the scenario (security risks, compliance issues, reputation damage, customer expectations)
• Recognize that Phase 1 is where these drivers should be documented and analyzed
• Explain how these drivers would lead to governance implementation
• Demonstrate understanding of how drivers inform subsequent implementation phases

Question Type 5: Multiple Choice on Driver Examples

Question Format: "Which of the following statements best describes a driver for COBIT 2019 implementation?"

How to Answer:

• Eliminate answers that describe governance outcomes or practices
• Look for answers that describe reasons, motivations, or needs
• Choose answers that represent factors pushing the organization toward governance
• Verify the answer describes something that creates a need rather than a solution

Exam Tips: Answering Questions on Phase 1: What Are the Drivers?

Tip 1: Understand the Fundamental Concept

Remember: Drivers are the reasons why an organization needs governance. They are not governance solutions—they are the business case for governance. On exams, always distinguish between "why" (drivers) and "how" (implementation practices).

Tip 2: Know Common Driver Categories

Memorize these primary driver categories:

• Regulatory/Compliance: Laws, regulations, standards
• Operational: Performance, efficiency, service quality
• Strategic: Business objectives, competitive advantage
• Risk: Security, fraud prevention, business continuity
• Stakeholder: Customer needs, employee expectations, investor requirements

Exam questions often ask you to categorize drivers, so knowing these categories well is essential.

Tip 3: Look for Business Language

Drivers are expressed in business terms, not IT jargon. They describe what the organization needs to achieve or prevent, not how IT systems will be configured. If an answer uses pure IT terminology without business context, it's likely not describing a driver.

Tip 4: Connect Drivers to Business Goals

Understand that Phase 1 drivers directly map to business goals. When answering exam questions, trace the connection: Driver → Business Goal → Governance Objective → COBIT Practice

Tip 5: Recognize Multi-faceted Drivers

In scenario-based questions, there are usually multiple drivers at play. A data breach scenario involves compliance drivers (regulatory consequences), risk drivers (security), operational drivers (service availability), and stakeholder drivers (customer trust). Identify all relevant drivers in the scenario.

Tip 6: Distinguish Internal vs. External Drivers

Exams may ask you to categorize drivers as internal or external:

• External Drivers: Regulatory requirements, market competition, industry standards, customer demands
• Internal Drivers: Strategic objectives, performance improvement, risk management, cost optimization

This distinction is important for understanding what drives governance priorities.

Tip 7: Focus on the Phase Sequence

Remember that Phase 1 is about identifying and understanding drivers. The phases that follow use these drivers to guide governance design and implementation. If a question asks what happens "after identifying drivers," expect answers about developing governance frameworks, not about identifying more drivers.

Tip 8: Use the "Why" Test

When unsure if something is a driver, ask yourself: "Why would an organization do this?" If the answer explains a business need or motivation, it's likely a driver. If the answer explains a governance activity or practice, it's not a driver.

Tip 9: Pay Attention to Stakeholder Perspectives

Different stakeholders may have different drivers:

• Board/Executives: Risk mitigation, value creation, regulatory compliance
• Business Leaders: Efficiency, alignment with strategy, performance
• IT Leadership: Technical debt, capability gaps, security
• Customers: Service quality, data protection, availability
• Regulators: Compliance, governance transparency, control effectiveness

Exam questions may ask from different stakeholder perspectives. Understand how drivers vary by stakeholder.

Tip 10: Study Real-World Examples

Familiarize yourself with common real-world drivers:

• A bank facing PCI-DSS requirements (compliance driver)
• A manufacturing company losing market share to competitors with better IT agility (strategic driver)
• A healthcare organization experiencing a ransomware attack (risk/operational driver)
• A retail company missing customer expectations for omnichannel experience (stakeholder driver)

These concrete examples help you recognize drivers in exam scenarios.

Tip 11: Understand Maturity Assessment Connection

Phase 1 often involves assessing current governance maturity. The gap between current state and desired state becomes a driver. If an exam question presents assessment results, use them to identify drivers related to capability gaps.

Tip 12: Remember the Business Case Purpose

The primary output of Phase 1 is a business case that demonstrates why governance is needed. Exam questions may ask what information should be in this business case. The answer should include documented drivers, their impact, and how governance addresses them.

Tip 13: Avoid Common Misconceptions

Don't confuse:

• Drivers with Goals: A driver is the reason; a goal is what you want to achieve. "Reduce security incidents" is a driver; "implement controls to detect threats" is a goal
• Drivers with Processes: A driver creates the need; a process is how you meet the need
• Drivers with Outcomes: A driver is the motivation; an outcome is the result of governance implementation

Tip 14: Practice Scenario Analysis

For scenario questions, use this structured approach:

1. Identify what problem or need the organization faces
2. List all relevant drivers (external and internal)
3. Categorize each driver
4. Explain why each driver necessitates governance
5. Connect drivers to potential governance goals

Tip 15: Time Management During Exam

Phase 1 questions typically don't require complex calculations. If you find yourself overthinking a Phase 1 question, step back. These questions test conceptual understanding of drivers. Your first instinct is usually correct if you understand the fundamentals.

Common Exam Question Patterns

Pattern 1: "Which of the following best exemplifies a governance driver?"

Pattern 2: "In Phase 1, what is the primary purpose of identifying drivers?"

Pattern 3: "Which driver category does the following represent: [scenario about compliance requirements]?"

Pattern 4: "How do identified drivers influence Phase 2 activities?"

Pattern 5: "Which stakeholder would be most concerned with the following driver: [scenario]?"

Key Takeaways for Exam Success

• Drivers are the "why" behind governance implementation, not the "what" or "how"
• Phase 1 is foundational—all subsequent implementation phases build on driver analysis
• Drivers are multi-faceted—understand external, internal, compliance, risk, operational, and strategic categories
• Business case development is the key output of Phase 1 driven by identified drivers
• Stakeholder engagement is essential—different stakeholders perceive different drivers
• Drivers inform governance goals—always trace the connection between drivers and governance objectives
• Phase 1 requires analysis, not implementation—focus on understanding and documenting drivers, not implementing solutions

Conclusion

Phase 1: What Are the Drivers? is the critical starting point for COBIT 2019 implementation. Success in answering exam questions about this phase depends on understanding that drivers are the business reasons, needs, pressures, and opportunities that create the case for enterprise governance of IT. By mastering the identification, categorization, and application of drivers, you'll be well-prepared to answer Phase 1 questions on your COBIT 2019 Foundation exam.