ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > COBIT Assessment Programme update

COBIT Assessment Programme update

| Posted at 1:57 PM by ISACA News | Category: COBIT-Governance of Enterprise IT | Permalink | Email this Post | Comments (3)

ISACA has now released three publications to support the COBIT Assessment Programme services:  COBIT Process Assessment Model (PAM):  Using COBIT 4.1, COBIT Assessor Guide:  Using COBIT 4.1 and COBIT Self-assessment Guide:  Using COBIT 4.1

I am a member of the development team, and we created the new assessment approach to provide a methodology that results in repeatable, reliable and robust assessments of the capability of COBIT processes. The aim is that a similar assessment undertaken by different assessors would have similar results. This is important for the reliance that can be placed over time on COBIT-based assessments.  We designed the assessment process around ISO/IEC 15504, the international standard on process assessments.

To ensure reliability, assessments must follow a clear methodology (outlined in the Assessor Guide); be led by a competent assessor with appropriate skills, knowledge and experience; have senior management support; and involve people internal to the organisation who have knowledge of the process. Each assessment requires documented evidence to support the assessment result.

The assessment utilises the measurement scale from ISO/IEC 15504. The assessment rating scale is expressed in terms of process capability and is also based on measurement scale from ISO/IEC 15504.

ISO/IEC Measurement Scale

The new scale has more fully defined attributes. In particular, the new scale requires that, at capability level 2, a process has to be planned and monitored, and its work products have to be established, controlled and maintained.

In practice, the variation between an assessment using the COBIT 4.1 maturity model and the new scale will depend on the robustness of the original assessment. For example, there is evidence to suggest that self-assessments result in a higher assessment than independent assessments do.

A training and certification program for assessors is planned and will be available in 2012. ISACA plans to produce a COBIT 5 PAM, based on the COBIT 5 Process Reference Model (PRM) and make any appropriate revisions to the supporting guides once COBIT 5 is published. The Assessor Guide will also provide a basis for training of assessors and, in the longer term, certified assessors.

Max Shanahan, CISA, CGEIT, FCPA, MIIA (Aust), SMACS

Max Shanahan & Associates

Canberra, Australia


Assessment program

Hi Max - please keep me posted on certification program for assessors. Also happy to partisipate in reviews.

Regards Johann Botha
johannhbotha at 12/23/2011 6:40 AM

Assessor Courses and exams?

I can't seem to find any assessment courses available online which is my first choice.  I also can't find one available in the Toronto area.  Is there any chance the course and exam will be available online in the near future?

JWelss at 12/4/2013 11:45 AM

Handling and Scoring negative statements in COBIT 4.1 maturity assessment tool

Am using the COBIT 4.1 Microsoft Excel template for maturity assessment for e.g. when you completely agree with the statement  like "no specific training on data management takes place", the score goes higher than when you don't agree at all. This is confusing. Can anybody explain this scenario.
Also kindly explain the RELATIVE IMPORTANCE and CONTRIBUTION columns on the same template.
KABURIA at 7/10/2017 4:20 AM
You must be logged in and a member to post a comment to this blog.