Determining the level of process maturity for a given set of IT-related processes allows organizations to determine which processes are essentially under control and which represent potential “pain points.” Process maturity has been a core component of COBIT for more than a decade; however, in COBIT 5, there was a change from the Maturity Model used in COBIT 4.1 to a Process Capability Model.
Currently, the COBIT 5 Process Assessment Model (PAM) is based on International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) ISO/IEC 15504, which is a global reference for conducting process capability assessments. Meanwhile, a new standard, namely the ISO/IEC 330xx family, replaced and extended the ISO/IEC 15504 family. Since the ISO/IEC 15504 family is now withdrawn and was replaced by the ISO/IEC 330xx family, an update of the ISACA publication COBIT Process Assessment Model (PAM): Using COBIT 5 should be considered.
The new ISO/IEC 330xx family of standards presents a more detailed and well-defined process assessment model than the older ISO/IEC 15504 family. The gaps regarding rating methods and aggregation methods perceived in the older standard have now been solved with clear and standardized guidance on how to perform it. Also, the definitions of some process attributes, outcomes and base practices are now more consistent. Therefore, for all these reasons, updating COBIT 5 PAM to this new standard is not only a necessity, but also an opportunity to improve the assessment of COBIT 5 processes.
Read Joao Souza Neto, Rafael Almeida, Pedro Linares Pinto and Miguel Mira da Silva’s recent Journal article:
“A COBIT 5 PAM Update Compliant with ISO/IEC 330xx Family,” ISACA Journal, volume 1, 2018.