New IT Process Assessment Model, Guide using COBIT

Issued by ISACA South Africa Chapter
Johannesburg, 13 Dec 2011

For the past 15 years, enterprises around the world have been using COBIT to improve and assess their IT processes. Until now, however, there has been no consistent approach for internal and external professionals to assess these processes.

ISACA's new COBIT Assessment Programme provides consistency and reliability, so business and IT leaders can have confidence in the assessment process and the quality of the results, as they maximise the business value of their IT investments.

After conducting a global survey in 2010 to determine market need, ISACA found that 89% of the nearly 1 400 respondents expressed a need for a rigorous and reliable IT process capability assessment.

To fill the gap, ISACA has released the three-part COBIT Assessment Programme based on COBIT 4.1 and ISO/IEC 15504-2:2003 Information Technology - Process Assessment - Part 2: Performing an assessment.

* COBIT Process Assessment Model: Using COBIT 4.1
* COBIT Assessor Guide: Using COBIT 4.1
* COBIT Self-Assessment Guide: Using COBIT 4.1

“The new assessment programme provides a methodology that results in repeatable, reliable and robust assessments of process capability,” said Max Shanahan, CISA, CGEIT, FCPA, a member of the development team. “In addition to delivering immediate added market value from process capability assessment results, the COBIT Assessment Programme also provides the basis for the establishment of broader maturity assessments.”

Norman Kromberg, CISA, CGEIT, CRISC, participated in the pilot programme for the COBIT Assessment Programme with Alliance Data, where he serves as IT audit director.

“The COBIT Assessment Programme is not only workable, but also an effective tool for IT auditors to supplement their existing scope. It fills a gap by putting the lens on process capability,” said Kromberg. “Auditors and consultants will find it particularly useful, as will large and medium-sized organisations that are heavily regulated, such as banks and financial institutions, healthcare companies, government and state departments, and technology and service providers.”

The COBIT process assessment approach will be integrated into the upcoming COBIT 5 in early 2012. COBIT provides a comprehensive approach to ensure that IT is enabling the achievement of strategic business objectives. It is available as a free download at www.isaca.org/cobit.

The COBIT Assessment Programme guides are available at http://www.isaca.org/cobit-assessment-programme.

ISACA

With 95 000 constituents in 160 countries, ISACA (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the non-profit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) designations. ISACA continually updates COBIT, which helps IT professionals and enterprise leaders fulfil their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business. To become a member of ISACA, go to: www.isaca.org/join.

ISACA South Africa
E-mail: admin@isaca.org.za
www.isaca.org.za
Telephone: 011 803 0803
Facsimile: 086 684 2979

Physical address:
Technology Village
43 Homestead Road
Rivonia
South Africa

Editorial contacts