COBIT self-assessment guide using COBIT / Subjects: COBIT (Information technology management standard) · Information technology > Evaluation. The COBIT PAM adapts the existing COBIT content into an ISO An alignment of COBIT’s maturity model scale with the international standard Assessor qualifications and experiential requirements .. (COSO Guidance ). ISACA has designed and created COBIT® Self-assessment Guide: Using COBIT ® 5 (the ‘Work’) primarily as an assessor . The Measurement Framework.
|Published (Last):||23 August 2010|
|PDF File Size:||1.94 Mb|
|ePub File Size:||16.33 Mb|
|Price:||Free* [*Free Regsitration Required]|
We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are usijg little bit lower. Published by Assesosr Liscomb Modified over 4 years ago. Lead into the next slide with differences and say: An outcome is an artefact, a significant change of state or the meeting of specified constraints.
Outcomes Os Number Description DS1-O1 A service management framework is in place to define the organisational structure for service level management, covering the base definitions of services, roles, tasks and responsibilities of internal and external service providers and customers. DS1-BP5 Monitor and report end-to-end service level performance. DS1-BP8 Create a service improvement plan. All other levels and .41 PA2.
REVEAL Process results or performance Management of work products of the process Management of the process performance Definition of the process Deployment of the process Measurement and control of the process Innovation and optimisation of the process Lets take a look at cobiit couple of these in assedsor little more detail so you can get a sense for what they mean.
As a result of full achievement of this attribute, the process achieves its defined outcomes. This attribute is fully achieved when the process achieves its defined outcomes. On this slide and the next one — walk through an example of process attributes PA1 and PA2.
As a result of full achievement of this attribute: Objectives for the performance of the process are identified. Performance of the process is planned and monitored. Performance of the process is adjusted to meet plans. Responsibilities and authorities for performing the process are defined, assigned and communicated.
Resources and information necessary for performing the process are identified, made 4.11, allocated and used. Interfaces between the involved parties are managed to ensure effective communication and clear guire of responsibility.
Requirements for the work products of the process are defined. Requirements for documentation and control of the work products are defined. Work products are appropriately identified, documented and controlled. Work products are reviewed in accordance with planned arrangements and adjusted as necessary to meet requirements.
The next attributes relate to management of the process and associated work products: Process objectives have been defined. The process performance is planned and monitored. Process performance is adjusted to meet plans. Responsibilities and authorities are defined, assigned and communicated.
Resource and information requirements are identified, gudie and used. There is effective communication between parties and clear assignment of responsibilities. Requirements for the work products have been defined. Requirements for documentation and control of the work products have been defined.
The work products are identified, documented and controlled consistent with the definitions. Work products are reviewed and adjusted as necessary to meet the requirements.
Youtube play icon
We will walk through an example of these shortly. Asesssor the basis for repeatability across assessments A rating is assigned based on objective, validated evidence for each process attribute Traceability needs to be maintained between an attribute rating and the objective evidence used in determining that rating As implied by their name, indicators do not represent requirements of a process.
They represent a common starting point for assessment, which increases the consistency of assessor judgment and enhances the repeatability of the results. The indicators provide a framework for assessment that helps to ensure that: The assignment of a rating for a given 41 Attribute needs to be supported by objective, validated evidence.
ISACA’s COBIT® Assessment Programme
The traceability of the rating and the supporting evidence needs to be maintained. Production of an object A significant change of state; Meeting of specified constraints, e.
BP Achieve the process outcomes. There is evidence that the intent of base practice is being performed. Work products are produced that provide asssssor of process outcomes, as outlined in section 3. The Assessor then needs to assess whether there is sufficient evidence that PA1. Note that this is the level where the detailed and specific process requirements from the Process Reference Model are used.
The assessor then reaches a conclusion as to the extent to which the attribute has been achieved. Is performance of the process planned and monitored? Is performance of the process adjusted to meet plans? Are guude and authorities for performing the process defined, assigned and communicated?
Cobi resources and information necessary for performing the process identified, made available, allocated and used?
Are interfaces between the involved parties managed to ensure effective communication and clear assignment of responsibility? In this case, the assessor would be trying to determine the extent to which the elements of PA2. From level 2 onwards you are no longer using the PRM; you are looking primarily at the attribute goals or objectives, called generic outcomes and generic practices and generic work products in the PAM section 4.
Have requirements for documentation and control of the work products been defined? Are work products appropriately identified, documented and controlled?
Are work products reviewed in assessod with planned arrangements and adjusted as necessary to meet requirements?
There is only enough time today to walk through the assessment process at a very high level. Detailed discussion of the process for a compliant assessment is provided in an Assessor Guide. In addition, simplified guidance has been developed in a Self-assessment Guide to completing assessments for those wanting to perform a simple, judgement based self assessment as a precursor to a giide formal compliant assessment. This figure is reproduced from ISO: We will quickly review the key elements of each of these activities.
Initiation Identify the sponsor and define the purpose of the assessment: Why it is being carried out? Define the scope of the assessment: Which processes are being assessed? What constraints, if any, apply to the assessment?
Identify any additional information that needs to be gathered Select the assessment participants, the assessment team and define the roles of team members Define assessment inputs and outputs: Have them approved by the sponsor The objective of the initiation phase is to ensure that there is a common understanding with the sponsor on the purpose and scope of the assessment, and to identify the individuals with the appropriate competencies coblt ensure a successful assessment.
Recall, it is assesssor unlikely an enterprise would assess all 34 COBIT processes, so a scoping tool kit has been provided, see next slides for outline and scoping example. The aim of the scoping as part of Assessment Initiation is to focus on the assessment on the business needs of the enterprise. These are available in the tool kit There is a six Step Selection Process: Step 1 Identify relevant business drivers for the IT processes assessment.
Planning the Assessment An assessment plan describing all activities performed in conducting the assessment is: Developed Documented together with An assessment schedule Identify the project scope Secure the necessary resources to perform the assessment Determine the method of collating, reviewing, validating and documenting the information required usig the assessment Co-ordinate assessment activities with the organisational unit being assessed The Assessment Planning phase includes such things as: Determine the assessment activities.
Determine the necessary resources and schedule for the assessment. Define how the assessment data will be collected, recorded, stored, analysed and presented with reference to the assessment tool. Define the planned outputs of the assessment. Assessment outputs desired by the sponsor in addition to those required as part of the assessment record are identified and described. Verify conformance to requirements.
ISACA publishes COBIT process assessment model
Detail how the assessment will meet all the requirements in the standard. Potential risk factors and mitigation strategies are documented, prioritised and tracked through assessment planning. All identified risks sasessor be monitored throughout the assessment. Co-ordinate assessment logistics with the Local Assessment Co-ordinator. Review and obtain acceptance of the plan. The sponsor identifies who will approve the assessment plan. The plan, including the assessment schedule and logistics for site visits is reviewed and approved.
Briefing The assessment team leader ensures that the assessment team understands the assessment: Input Process Output Brief the organisational unit on the performance of cobitt assessment: PAM, assessment scope, scheduling, constraints, roles and responsibilities, resource requirements, etc.
Ensure that the team understands the approach defined in the documented process, the assessment inputs and outputs, and is proficient in using the assessment tool. Brief the organisational unit. Explain the assessment purpose, scope, constraints, and model.
Stress the confidentiality policy and the benefit of assessment outputs. Present the assessment schedule. Ensure that the staff members understand what is being undertaken and their role in the process.