Find Resources and Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

Subscribe to this discussion

How do you assess & align maturity ?

Dear All,

To establish appropriate IT Governance in the enterprise/organization, assessment of Maturity is one of important task.

Value & Risk are not separating matters. Therefore we must think IT related business from both side (Value & Risk).
Maturity models of "Val IT" & "Risk IT" are clearly described.

How do you assess maturity of IT related business value & risk consistently?
And, how do you align these?
If possible, please let me know, including COBIT maturity.

My Best,

Masa
You must sign in to rate content.
(1 ratings)

Comments

RE: How do you assess & align maturity ?

Hi Kajimoto-san,

I concur with your points. Risk and reward, or value, need to be looked at together. I have some ideas and have posted elsewhere on a risk maturity model. Let me know if you haven't see that.

With respect to a maturity model for IT governance, I would take the same maturity levels and basic principles (e.g., starting at unstructured and moving up to a picture of excellence) and establish what I would expect at each level for the various aspects of IT governance. Unfortunately I don't have an example to share, but you might want to contact Steve Romero, who specializes in this area.
Norman MarksEnergizer at 1/6/2012 4:32:09 PM Quote
You must sign in to rate content.
(Unrated)

RE: How do you assess & align maturity ?

Dear Norman-san,

Thank you very much for your information.
I will find out your ideas and so on.
I am always highly appreciating your unremitting knowledge sharing activities.
Why don't you publish these kind of your excellent knowledge from ISACA?
My Best,

Masa




Masatoshi Kajimoto,CISA, CRISCEnergizer at 1/6/2012 7:13:19 PM Quote
You must sign in to rate content.
(Unrated)

RE: How do you assess & align maturity ?

Dear Kajimoto-san,

Masa

In order to assess maturity of IT related business value & risk consistently, I use a combination of Process Reference models with the assessment method described in the new COBIT 4.1 PAM.  The new COBIT 4.1 PAM has evidence-based process maturity assessment structured around COBIT 4.1.  The assessment result is a maturity level.  

I've found that COBIT 4.1 control objectives are too detailed for assessing governance.  So I tailor the COBIT 4.1 evidence to focus on the Governance focus areas of: Framework, Strategy, Value, Risk, Resources and Performance Measurement.

From COBIT 4.1, I select the governance control objectives and evidence for the processes in the Plan and Organize Domain as well as the Monitor and Evaluate Domain.  I also look at DS1 for Service Level agreements.

Then, I supplement COBIT 4.1 with ValIT and RiskIT.  I add to the governance related control/evidence from the processes and controls listed in Val IT and Risk IT. (I don’t use the maturity models, rather, I look for the processes and artifacts – such as the business case). 

Finally, in order to assure alignment, I pull in process/control objective/evidence from non-ISACA models including:

        Baldrige Award – to supplement strategy, information (monitor and measure) and customer value

        Michael Hammer’s Process Audit  - to supplement assessment of the governance environment and leadership

        IT Governance by Ross & Riley – to supplement assessment of the effectiveness of the Governance structures

Hope this helps,



Debra MalletteSocial at 1/15/2012 8:42:29 PM Quote
You must sign in to rate content.
(1 ratings)

RE: How do you assess & align maturity ?

Dear Debra-san,

Thank you very much for your good suggestions & information.
Your approach is very clear & practical.

My Best,

Masa





Masatoshi Kajimoto,CISA, CRISCEnergizer at 1/15/2012 11:52:02 PM Quote
You must sign in to rate content.
(Unrated)

RE: How do you assess & align maturity ?

Dear Debra-san,

Thank you very much for your good suggestions & information.
Your approach is very clear & practical.

My Best,

Masa





Masatoshi Kajimoto,CISA, CRISCEnergizer at 1/15/2012 11:52:02 PM Quote
You must sign in to rate content.
(Unrated)

RE: How do you assess & align maturity ?

Dear Kajimoto-san,

Masa

In order to assess maturity of IT related business value & risk consistently, I use a combination of Process Reference models with the assessment method described in the new COBIT 4.1 PAM.  The new COBIT 4.1 PAM has evidence-based process maturity assessment structured around COBIT 4.1.  The assessment result is a maturity level.  

I've found that COBIT 4.1 control objectives are too detailed for assessing governance.  So I tailor the COBIT 4.1 evidence to focus on the Governance focus areas of: Framework, Strategy, Value, Risk, Resources and Performance Measurement.

From COBIT 4.1, I select the governance control objectives and evidence for the processes in the Plan and Organize Domain as well as the Monitor and Evaluate Domain.  I also look at DS1 for Service Level agreements.

Then, I supplement COBIT 4.1 with ValIT and RiskIT.  I add to the governance related control/evidence from the processes and controls listed in Val IT and Risk IT. (I don’t use the maturity models, rather, I look for the processes and artifacts – such as the business case). 

Finally, in order to assure alignment, I pull in process/control objective/evidence from non-ISACA models including:

        Baldrige Award – to supplement strategy, information (monitor and measure) and customer value

        Michael Hammer’s Process Audit  - to supplement assessment of the governance environment and leadership

        IT Governance by Ross & Riley – to supplement assessment of the effectiveness of the Governance structures

Hope this helps,



Debra MalletteSocial at 1/15/2012 8:42:29 PM Quote
You must sign in to rate content.
(1 ratings)

RE: How do you assess & align maturity ?

Dear Norman-san,

Thank you very much for your information.
I will find out your ideas and so on.
I am always highly appreciating your unremitting knowledge sharing activities.
Why don't you publish these kind of your excellent knowledge from ISACA?
My Best,

Masa




Masatoshi Kajimoto,CISA, CRISCEnergizer at 1/6/2012 7:13:19 PM Quote
You must sign in to rate content.
(Unrated)

RE: How do you assess & align maturity ?

Hi Kajimoto-san,

I concur with your points. Risk and reward, or value, need to be looked at together. I have some ideas and have posted elsewhere on a risk maturity model. Let me know if you haven't see that.

With respect to a maturity model for IT governance, I would take the same maturity levels and basic principles (e.g., starting at unstructured and moving up to a picture of excellence) and establish what I would expect at each level for the various aspects of IT governance. Unfortunately I don't have an example to share, but you might want to contact Steve Romero, who specializes in this area.
Norman MarksEnergizer at 1/6/2012 4:32:09 PM Quote
You must sign in to rate content.
(Unrated)

RE: How do you assess & align maturity ?

Dear Kajimoto-san,

Masa

In order to assess maturity of IT related business value & risk consistently, I use a combination of Process Reference models with the assessment method described in the new COBIT 4.1 PAM.  The new COBIT 4.1 PAM has evidence-based process maturity assessment structured around COBIT 4.1.  The assessment result is a maturity level.  

I've found that COBIT 4.1 control objectives are too detailed for assessing governance.  So I tailor the COBIT 4.1 evidence to focus on the Governance focus areas of: Framework, Strategy, Value, Risk, Resources and Performance Measurement.

From COBIT 4.1, I select the governance control objectives and evidence for the processes in the Plan and Organize Domain as well as the Monitor and Evaluate Domain.  I also look at DS1 for Service Level agreements.

Then, I supplement COBIT 4.1 with ValIT and RiskIT.  I add to the governance related control/evidence from the processes and controls listed in Val IT and Risk IT. (I don’t use the maturity models, rather, I look for the processes and artifacts – such as the business case). 

Finally, in order to assure alignment, I pull in process/control objective/evidence from non-ISACA models including:

        Baldrige Award – to supplement strategy, information (monitor and measure) and customer value

        Michael Hammer’s Process Audit  - to supplement assessment of the governance environment and leadership

        IT Governance by Ross & Riley – to supplement assessment of the effectiveness of the Governance structures

Hope this helps,



Debra MalletteSocial at 1/15/2012 8:42:29 PM Quote
You must sign in to rate content.
(1 ratings)

RE: How do you assess & align maturity ?

Hi Kajimoto-san,

I concur with your points. Risk and reward, or value, need to be looked at together. I have some ideas and have posted elsewhere on a risk maturity model. Let me know if you haven't see that.

With respect to a maturity model for IT governance, I would take the same maturity levels and basic principles (e.g., starting at unstructured and moving up to a picture of excellence) and establish what I would expect at each level for the various aspects of IT governance. Unfortunately I don't have an example to share, but you might want to contact Steve Romero, who specializes in this area.
Norman MarksEnergizer at 1/6/2012 4:32:09 PM Quote
You must sign in to rate content.
(Unrated)

RE: How do you assess & align maturity ?

Dear Norman-san,

Thank you very much for your information.
I will find out your ideas and so on.
I am always highly appreciating your unremitting knowledge sharing activities.
Why don't you publish these kind of your excellent knowledge from ISACA?
My Best,

Masa




Masatoshi Kajimoto,CISA, CRISCEnergizer at 1/6/2012 7:13:19 PM Quote
You must sign in to rate content.
(Unrated)

RE: How do you assess & align maturity ?

Dear Debra-san,

Thank you very much for your good suggestions & information.
Your approach is very clear & practical.

My Best,

Masa





Masatoshi Kajimoto,CISA, CRISCEnergizer at 1/15/2012 11:52:02 PM Quote
You must sign in to rate content.
(Unrated)

Leave a Comment

* required

You must login to leave a comment.