The COBIT 5 Assessment programme is designed to provide enterprises with an understandable, logical, repeatable, reliable and robust methodology for assessing the capability of their IT processes, based on the COBIT 5 process reference model (PRM).
A COBIT 5 Assessment can be used for a number of purposes starting with a basic status check on an organisation's current capability levels regarding its processes and ability to deliver the performance expected. As the capability level increases management's actions become more effective at making their organisation effective and efficient.
The purpose of a COBIT 5 assessment is to determine the extent to which processes achieve the stated process purpose. Information and data that characterize each process is determined and assessed. The COBIT 5 PAM (process assessment model), the ISO/IEC 15504 capability measurement framework and the ISO/IEC 15504 assessment process are the core elements for conducting the assessments. View: COBIT 5 Assessor course
Conducting a COBIT 5 Capability Assessment
The COBIT 5 Assess Guide for conducting process capability assessments recommends the use of tools to facilitate the assessment process. While an Excel worksheet may be adequate for a self-assessment, an assessment following the COBIT 5 Assessor guidelines require something more reliable, repeatable and robust.
Is the ITGN Capability Assessment Tool right for you?
COBIT 5 Assessment Tools
The ITGN COBIT assessment tool is a standard-based approach to process capability assessment producing results that support process improvement prioritisation and planning. The ITGN COBIT assessment tool incorporates assessment criteria for the COBIT framework as well as other process reference models, and uses ISO/IEC 15504 as the basis for the measurement framework and assessment process. The approach to performing a process capability assessment follows the “Assessor Guide: Using COBIT 5” and the ISO 15504 standard for capability assessments.
The Process Assessment Model
The Process Assessment Model (PAM) is the basis for an assessment of an enterprise’s IT processes against the COBIT 5 framework and for training and certifying assessors. The COBIT 5 Process Assessment Model provides an outline of the requirements for achieving capability level 1 using the COBIT 5 processes described in the COBIT 5 Enabling Processes Guide. The COBIT 5 assessment process is evidenced-based to enable a reliable, consistent and repeatable assessment process in the area of governance and management of IT.
Guidance given in the COBIT 5 PAM assists assessors with planning and conducting assessments of the first level of process capability. It provides capability level indicators for determining the process purposes, selecting appropriate process outcomes and identifying process activities and work products that are inputs and outputs to the process. Assessment of process capability at levels above one will depend on the assessor correctly identifying indicators for the second to fifth levels of of process capability.
Competent assessors are essential
The COBIT 5 PAM assessment process relies heavily on knowledgeable and experienced assessors to perform reliable assessments of process capability. Although a good departure point for the initial planning of an assessment, the COBIT 5 PAM only outlines the process requirements (base practices, key activities and work products) at a high-level for level 1.
Choosing an experienced assessor, knowledgeable in the COBIT 5 process model and skilled in the practical implementation of the processes is essential to assessments of capability, particularly when assessments are of capability levels beyond level one. Much of the value of the assessment (i.e. accuracy and reliability of identified improvements) will depend on the assessor leading the assessment.
Before a COBIT 5 PAM assessment can commence, a critical preliminary step to the assessment process is that the sponsor and lead assessor agree on the activities and work products of the the process to be assessed. The activities and work products that fall within the scope of the assessment will depend on what is actually required for the selected process outcomes to be achieved.
Key steps in the Assessment Process
The key COBIT 5 assessment process steps are:
- Selecting the processes that will fall within the scope of assessment and clarifying the purpose of the assessment.
- Agreeing with the sponsor which activities and work products are essential to delivering the outcomes expected.
- Documenting the assessment process so that it is repeatable.
- Gathering sufficient evidence of the process executing as defined.
To overcome the subjective nature of COBIT 5 PAM assessments, ITGN has developed an assessment tool, based on ISO 15504, to ensure that a reliable, repeatable and consistent assessment can be performed.
Assessment Classes I, II and III
The class of assessment refers to the type (or purpose) of assessment required. Assessment class type I is for comparison between organisations, class II is for identifying the best options for capability improvement and class III is used to check the current status of capability.
Each assessment class has a different requirement for assessment process rigour and the collection of objective evidence.
- Class I requires the most rigourous assessment process as the results are used for external comparison between organisations.
- Class II is used to provide a reliable assessment for internal reporting.
- Class III assessment is suitable for monitoring the ongoing progress of an improvement programme or to identify key issues for a later class one or class two assessment.
Capability improvement using COBIT
Capability improvement is made easier with the aid of COBIT 5 as the approach is inherently lean and focused on business goals and strategic objectives.