ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > Using the COBIT 5 Assessment Programme to Improve the Work Process Capability of Auditors, Assurance Professionals and Assessors

Using the COBIT 5 Assessment Programme to Improve the Work Process Capability of Auditors, Assurance Professionals and Assessors

Graciela Braga, CGEIT, COBIT Foundation, CPA
| Published: 2/1/2016 8:29 AM | Permalink | Email this Post | Comments (0)

IS and IT auditors, assurance professionals and assessors undertake audits, assurance work or assessments of IT processes (the assignment) and, in addition to the final objective, have common tasks to complete, e.g., planning and performing activities and reporting results.

The work entails evaluating processes owned by others. But who is looking at the work processes of the auditor, assurance professional or assessor? How capable are the work processes with regard to complying with different professional standards and meeting the assignment objective defined by the employer, executive manager, board of directors (BoD), client, sponsor or external reviewer?

As COBIT Self-assessment Guide:  Using COBIT 5 mentions, the assessment process involves establishing a capability rating for a process, which involves:

  • Defined capability levels (from ISO/IEC 15504) (figure 1)
  • Process attributes used to rate each process (from ISO/IEC 15504) (figure 2)

Figure 1—Process Capability Levels

Source:  ISACA, COBIT Self-assessment Guide:  Using COBIT5, USA, 2013


Figure 2—Process Attributes


Source:  ISACA, COBIT Self-assessment Guide:  Using COBIT5, USA, 2013

  • Indicators on which to base the assessment achievement of each process attribute (based on and aligned with ISO/IEC 15504) include:
    Capability level 1—Indicators are specific for each process and assess whether the following attribute has been achieved:  The implemented process achieves its process purpose. Level 1 deals with the detailed content of COBIT 5 processes, so work should be defined in COBIT® 5 terms.
    Capability levels 2-5—Assessment of capability is based on generic process indicators of performance. These are generic because they apply across all processes, but they are different from one capability level to another.

In my recent Journal article, I discuss how this can be achieved by transforming the auditors, assurance professionals and assessors’ own processes by applying the COBIT 5 Assessment Programme, including:

  •  The work process specifications (purpose, outcomes, base practices and work products) following COBIT 5 and ITAF:  A Professional Practices Framework for IS Audit/Assurance 
  •  A proposal to define the right or required capability level, considering professional environment, expected goals, benefits and resourcing

Read Graciela Braga’s recent Journal article:
How COBIT 5 Improves the Work Process Capability of Auditors, Assurance Professionals and Assessors,” ISACA Journal, volume 1, 2016.

Comments

There are no comments yet for this post.
Email