Find Resources & Connect with members on topics that interest you.

Applications

Audit

Business Processes

Career Management

Cloud Computing/Virtualization

COBIT

Controls and Monitoring

Databases

Fraud and Computer Crime

Governance and Management

Industry

Information Security

IT Service Management

Mobile/Wireless

Operating Systems

Privacy/Data Protection

Regulations

Risk

Standards

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

ME - Monitor and Evaluate

Application Controls

Process Controls

Please sign in to see your topics.

You must be logged in to join this group.

PO1.3 - Assessment of Current Capability and Performance

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective PO1.3 - Assessment of Current Capability and Performance is contained within Process Popup Define a Strategic IT Plan.

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
2 Members
0 Online
867 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Points: 3

Assessment of Current Capability and Performance

Assess the current capability and performance of solution and service delivery to establish a baseline against which future requirements can be compared. Define performance in terms of IT’s contribution to business objectives, functionality, stability, complexity, costs, strengths and weaknesses.

        View value and Risk Drivers

        Hide value and Risk Drivers


Value Drivers

  • IT plans contributing transparently to the organisation’s mission and goals
  • Clarity of costs, benefits and risks of IT’s current performance
  • Technological opportunities identified and capabilities leveraged
  • IT capabilities known and operationalised effectively and efficiently to deliver the required solutions and services
   Risk Drivers
  • IT capabilities not contributing to the organisation’s mission and goals
  • Investment decisions taken too late
  • Opportunities and capabilities not leveraged
  • Ineffective use of existing resources
  • Inability to identify baselines for current, and requirements for future, system capability and performance

        View Control Practices

        Hide Control Practices

  1. Capture and report feedback from IT, organisation management and key stakeholders on the current solutions and services. Considerations include, but are not limited to, strengths and weaknesses, functionality, degree of business automation, stability, complexity, development requirements, technology alignment and direction, support and maintenance requirements, costs, and external parties’ (including business partners and vendors) input.
  2. Ensure that IT management is apprised on a timely basis of changes in the enterprise’s mission, goals and objectives, and that such changes initiate a review of the IT strategic and tactical plans and, where warranted, changes thereto.
  3. Periodically compare IT’s current state against the requirements of the IT strategic plan. The outcome of the evaluation includes, but is not restricted to, current requirements, current delivery to requirements, barriers to achieving requirements, and the steps and costs required to remove restrictions.
  4. Consider the results of the assessment of the current performance in the strategic planning process.
  5. Use internal, well-understood and reliable industry, technology or other benchmarks and good practices to assess existing solutions, services and capabilities.

 

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 50 total

Must be a Topic member to contribute
View All »
Books
ITIL Service Management: Implementation and Operation
Posted by ISACA 19 days ago
ICQs and Audit Programs
IT Strategic Management Audit/Assurance Program (Dec 2011)
Posted by ISACA 26 days ago
Books
An Executive Guide to IFRS: Content, Costs and Benefits to Business
International Financial Reporting Standards have been mandatory in the EU since 2005 and are rapidly being adopted by countries throughout the world.
Posted by ISACA 57 days ago
Books
The Data Governance Imperative
Posted by ISACA 75 days ago
Books
Implementing Service Quality Based on ISO/IEC 20000
Posted by ISACA 111 days ago
E-book
Audit/Assurance Program: IT Risk Management (Web Download)
Posted by ISACA 126 days ago
View All »

Events & Online Learning: 6 total

12 Jun 2012
ISACA International Event
Training Dallas Texas USA
Dallas, Texas, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
More »
Add to my Outlook
Register Now
7 Aug 2012
ISACA International Event
Training Chicago Illinois USA 2012
Chicago, Illinois, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
More »
Add to my Outlook
Register Now
11 Sep 2012
ISACA International Event
Training San Francisco California USA
San Francisco, California, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
More »
Add to my Outlook
Register Now
2 Oct 2012
ISACA International Event
Training Orlando Florida USA
Orlando, Florida, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
More »
Add to my Outlook
Register Now
6 Nov 2012
ISACA International Event
Training New York NY USA
New York, New York, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
More »
Add to my Outlook
Register Now
11 Dec 2012
ISACA International Event
Training Las Vegas Nevada USA
Las Vegas, Nevada, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
More »
Add to my Outlook
Register Now

Journal Articles: 51 total

View All »
Volume 3, 2012
Audit Evidence Refresher
by Ookeditse Kamau, CISA, CIA
Quality evidence collected during the audit process enhances the overall quality of the work performed and significantly reduces audit risk.
Volume 4, 2011
Planning for and Implementing ISO 27001
by Charu Pelnekar, CISA, CISM, ACA, AICWA, BCOM, CISSP, CPA, MCSE, QSA
The goal of this article is to provide guidance on the planning and decision-making processes associated with ISO 27001 implementation.
Volume 4, 2011
Book Review: Hacking Exposed Web Applications: Web Application Security Secrets and Solutions, 3rd Edition
by Joel Scambray, Vincent Liu and Caleb Sima | Reviewed by Connie Spinelli, CISA, CFE, CIA, CMA, CPA
This book is an eye-opening resource for grasping the realities of today’s web application security landscape.
Volume 4, 2011
HelpSource Q&A
by Gan Subramaniam, CISA, CISM, CCNA, CCSA, CIA, CISSP, ISO 27001 LA, SSCP
Let us try to develop a checklist to audit the IT systems integration project.
Volume 2, 2010
JOnline: Application Security Using the Role-based Access Control Model
by Ronke Oyemade, CISA
Volume 2, 2010
Developing an Information Security and Risk Management Strategy
by John P. Pironti, CISA, CISM, CGEIT, CISSP, ISSAP, ISSMP
View All »

User Contributed External Links: 0 total

Wikis: 2 total

Blog Posts: 4 total

Must be a Topic member to view blog posts
7 Mar 2012
Cloud Computing
To share various espects in cloud computing viz; history, availability, deployment, integrity, availability, confidentiality, security, cloud sharing etc.
Posted By : MoizB583519 | 2 comments
6 Mar 2012
SQL Injection story is 14 year old and still the monster is far from being tamed
On March 1st,  I was invited to speak at the CampIT conference on Enterprise Risk/Security Management at Rosemont Convention Center. Before me there were two speakers. The first presenter spent an hour presenting the story from the trenches of technolog...
Posted By : Umesh391 | 0 comments
17 Aug 2011
IT Security
Posted By : masarker | 0 comments
5 Jul 2011
APT Defense Strategy
APT Defense Strategy   By Kevin J. Murphy, CISSP, CISM, CGEIT September 30, 2010 WHAT IS APT? APT is an acronym for Advance Persistent Threat.  Isn’t that descriptive?  In reality there is a lot behind the APT which might not be that obvious from underst...
Posted By : Kevin J. Murphy | 1 comments
Report An Issue