Professional Documents
Culture Documents
Effective Capability and Maturity Assessment Using COBIT 2019
Effective Capability and Maturity Assessment Using COBIT 2019
"
! Home / Resources / News and Trends / Industry News / 2020 /
Effective Capability and Maturity Assessment Using COBIT 2019
INDUSTRY NEWS
1 of 7 5/10/21, 9:23 AM
Effective Capability and Maturity Assessment Using COBIT 2019 https://www.isaca.org/resources/news-and-trends/industry-news/...
Management plans, builds, runs and monitors activities in alignment with the
direction set by the governance body to achieve enterprise objectives.2
Capability and maturity levels are assigned to all process activities, enabling clear
dePnition of processes at different levels. This can be effective through a thorough
assessment of the enterprise program and capabilities using performance
management. There are some techniques which can help in the thorough assessment
of an enterprise program. One notable technique, which is effective and has stood the
test of time in the Peld of risk management is the technology risk assessment (TRA).
The dePnition of a TRA varies from organization to organization, however, it maintains
the same functionality. This assessment examines the key areas of people,
processes and technology in relation to an enterprise program and measures their
effectiveness. Thus, the TRA can provide a risk score rating based on identifying gaps
in its evaluation. The application of CPM can seem like a daunting task to apply to
assessments or techniques performed by risk practitioners for their enterprise.
However, breaking it down into various actionable steps makes this endeavor more
achievable and manageable. Those steps are outlined here.
2 of 7 5/10/21, 9:23 AM
Effective Capability and Maturity Assessment Using COBIT 2019 https://www.isaca.org/resources/news-and-trends/industry-news/...
management tool. This also elicits full participation during the assessment process
and helps ensure successful completion of the exercise. This is also the time to
introduce the COBIT 2019 framework, which will be used to effectively measure the
capabilities and maturity levels of the enterprise program.
The process activities can operate at various capability and maturity levels, ranging
from 0 to 5. The capability level is a measure of how well a process is implemented
and performing (Kgure 1), while the maturity level, which is associated with focus
areas, is a measure of how these processes contained in the focus area achieve that
particular capability level, through the collections of substantial underlying evidence
to support enterprise goals (Kgure 2).3
3 of 7 5/10/21, 9:23 AM
Effective Capability and Maturity Assessment Using COBIT 2019 https://www.isaca.org/resources/news-and-trends/industry-news/...
Another score rating used could be through a formal method leading to a binary
pass/fail set of ratings. However, a less formal method (often used in performance
improvement contexts) works better with a value range from 1-5.
For the assessment, based on the maturity of the process, a value of 1-5 will be
assigned to the capability and maturity levels. Those values are:4
4 of 7 5/10/21, 9:23 AM
Effective Capability and Maturity Assessment Using COBIT 2019 https://www.isaca.org/resources/news-and-trends/industry-news/...
These values are rated subjectively, based on interviews with stakeholders, reviews of
executed procedure documents, oversight programs and execution of an enterprise’s
goals and objectives.
The areas with low score ratings also eventually make their way into a repository as a
managed self-identiPed (MSI) issue or Pnding. This ensures that the issues or
Pndings are tracked to resolution and helps achieve an improved future-state process.
Conclusion
Following these steps consecutively helps the practitioner perform an effective
capability and maturity assessment for an enterprise on the governance and
management processes and systems.
CPM denotes how well the governance and management processes and systems
function and how they can be improved to meet the required level.
5 of 7 5/10/21, 9:23 AM
Effective Capability and Maturity Assessment Using COBIT 2019 https://www.isaca.org/resources/news-and-trends/industry-news/...
organization.
Endnotes
1 ISACA®, COBIT® 2019 Framework: Governance and Management Objectives, USA
2018
2 Ibid.
QUICK LINKS
Resources
@ ISACA
Industry News
ISACA Now Blog
6 of 7 5/10/21, 9:23 AM
Effective Capability and Maturity Assessment Using COBIT 2019 https://www.isaca.org/resources/news-and-trends/industry-news/...
ISACA Podcasts
IT Audit
IT Risk
Glossary
$ % & ' (
7 of 7 5/10/21, 9:23 AM