Since COBIT was first issued 15 years ago, enterprises worldwide have been using it to assess and improve their IT processes. However, until now there has not been a consistent and reliable assessment approach. ISACA’s new COBIT Assessment Programme, which includes the new Process Assessment Model (PAM), provides this consistency and reliability so business and IT leaders can have confidence in the assessment process and the quality of the results as they maximize the business value of their IT investments. COBIT PAM can be downloaded at www.isaca.org/cobit-assessment-program.
After conducting a global survey in 2010 to determine market need, ISACA found that 89 percent of the nearly 1,400 respondents expressed a need for a rigorous and reliable IT process capability assessment.
Gary Baker, CA, CGEIT, says COBIT PAM, which is based on COBIT 4.1 and ISO/IEC 15504-2:2003 Information technology—Process assessment—Part 2: Performing an assessment, meets that need.
“COBIT PAM provides the basis for an assessment of an enterprise’s IT processes against COBIT 4.1 and enables process capability assessments to support improvement,” said Baker. “The assessment is evidence-based to ensure a reliable, consistent and repeatable assessment process in the area of governance and management of IT.”
The second guide in the COBIT Assessment Programme series—COBIT Assessor Guide Using COBIT 4.1—will be issued later in 2011. It will provide information on how to undertake a formal assessment by a trained certified assessor. The Assessor Guide will use the COBIT PAM as a base reference document and provide options for the scoping of assessments.
The third guide in the series—COBIT Self-Assessment Guide Using COBIT 4.1—is also in development. This guide will allow enterprises to perform basic self-assessment of current IT process capability levels against COBIT 4.1. Enterprises will be able to use it to perform non-evidence-based capability assessments to serve as a precursor review to a formal assessment.
The COBIT process assessment approach will be integrated into the upcoming COBIT 5, which will be available in early 2012. COBIT acts as an integrator of more detailed international IT standards and guidance. Based on industry standards and best practices, it is a comprehensive approach to ensure that IT is meeting the needs of an enterprise and enabling the achievement of strategic business objectives.