COBIT® 5 Process Capability Assessment Model Tutorial

COBIT® 5 Process Capability Assessment Model

Welcome to lesson 5.0 ‘COBIT® 5 ‘Process Capability Assessment Model’ which is a part of COBIT® 5 Foundation Certification Course. This lesson focuses on the COBIT® 5 Process Capability Assessment Model.
Let us explore the objectives of this lesson.

Objectives

By the end of this lesson, you will be able to:

  • Describe process capability assessment

  • List the benefits of following the ISO/IEC 15504-4 approach in process capability assessment

  • Discuss the purpose of process capability assessment model

  • Describe the COBIT® assessment model

In the next section, we will focus on Process Assessment.

Process Assessment

ISO/IEC 15504-4 identifies process assessment as an activity that can be performed either as part of a process improvement initiative or as part of a capability determination approach. It is one of the subset documents of the main ISO/IEC 15504 standard developed by ISO and the joint committee of the IEC. Let us understand the difference between Process Improvement and Process capability determination:

  • Process Improvement: The purpose of process improvement is to continually improve an enterprise’s effectiveness and efficiency.

  • Process capability determination: The purpose of process capability determination is to identify the strengths, weaknesses, and risks of selected processes. It provides an understandable, logical, repeatable, reliable and robust methodology for assessing the capability of IT processes.

In the next section, we will focus on Process Capability Assessments.

Process Capability Assessments

The COBIT® Assessment Programme approach is considered by ISACA® to be more robust, reliable and repeatable as a process capability assessment method than other models. The COBIT® Assessment Programme:

  • supports formal assessments by accredited assessors; and

  • offers less rigorous self-assessments for internal gap analysis and process improvement planning.

The COBIT® Assessment Programme potentially enables an enterprise to obtain independent and certified assessments aligned to the ISO/IEC standard.
In the next section, we will discuss COBIT® Assessment Programme.

Interested in taking up a COBIT® 5 Course? Click to watch the Course Preview!

COBIT® Assessment Programme

The COBIT® Assessment Programme includes the following publications:

  • COBIT® Process Assessment Model (PAM): Using COBIT® 4.1

  • COBIT® Process Assessment Model (PAM): Using COBIT® 5

  • COBIT® Assessor Guide: Using COBIT® 4.1

  • COBIT® Assessor Guide: Using COBIT® 5

  • COBIT® Self-Assessment Guide: Using COBIT® 4.1

  • COBIT® Self-Assessment Guide: Using COBIT® 5

 

The COBIT® PAM brings together two proven heavyweights in the IT arena, which are ISO and ISACA. The new process capability model based on ISO/IEC 15504 replaces the process capability maturity model used in earlier versions of COBIT®.
In the next section, we will discuss COBIT® Capability Assessment Guides.

COBIT® Capability Assessment Guides

The following are used as references for process capability assessment:

  • COBIT® PAM (using COBIT® 4.1 and COBIT® 5): Serves as a base reference document for performing the capability assessment of an organization’s current IT processes against COBIT®

  • COBIT® Assessor Guide(using COBIT® 4.1 and COBIT® 5): Provides details on how to undertake a full ISO-compliant assessment

  • COBIT® Self-assessment Guide (using COBIT® 4.1 and COBIT® 5): Provides guidance on how to perform a basic self-assessment of an organization’s current IT process capability levels against COBIT® processes.

In the next section, we will learn comparison between Capability Assessment and Maturity Assessment.

Capability Assessment vs. Maturity Assessment

Historically, most frameworks, namely, COBIT®, ITIL®and PRINCE2® have adopted the Software Engineering Institute’s (SEI) Capability Maturity Model Integration (CMMI) approach which combines capability and maturity assessments into a single assessment. However, ISO/IEC 15504 argues that they are two separate assessments as described below:

  • Maturity assessment: A maturity assessment is done at an enterprise or organizational level and uses different measurement scales, criteria and attributes than that of a capability assessment.

  • Capability assessment: A capability assessment is done at the process level for process improvement and cannot be scaled up to an enterprise level for multiple processes as it happens in COBIT®.

The concept of a maturity assessment has been redeveloped in COBIT®5, into the ISO/IEC 15504 process capability assessment.

In the following section, we will explore COBIT® Assessment Programme and other Maturity Models.

COBIT® Assessment Programme and Other Maturity Models

Although there are Maturity Models (MM) for COBIT® 4.1 processes, the COBIT® assessment programme is:

  • a robust assessment process that aligns COBIT®’s Maturity Model scale with ISO/IEC 15504 standard.

  • a new capability-based assessment which includes:

- specific process requirements derived from COBIT® 4.1;

- process capability (ability to achieve Process Attributes) based on ISO/IEC 15504;

- evidence requirements; and

- assessor qualifications and experiential requirements.

The COBIT® Assessment Programme results in a more robust, objective and repeatable assessment. However, the assessment results vary from that of the existing COBIT® Maturity Models.

In the next section, we will discuss about COBIT® 4.1 process maturity levels and the ISO/IEC 15504 approach.

COBIT® 4.1 Process Maturity Levels and ISO/IEC 15504 Approach

The table below mentions the COBIT® 4.1 process maturity levels and the capability levels as per the ISO/IEC 15504 approach:

 
 

COBIT® 4.1 process maturity level

ISO/IEC 15504 process

Capability level

Attribute

5—Optimised

5—Optimising

PA 5.1Process innovation

PA 5.2 Process optimization

4—Managed and measurable

4—Predictable

PA 4.1 Process measurement

PA 4.2 Process control

3—Defined

3—Established

PA 3.1 Process definition

PA 3.2 Process deployment

2—Repeatable but intuitive

2—Managed

PA 2.1 Performance management

PA2.2 Work product management

1—Initial/ad hoc

1—Performed

PA 1.1 Process performance

0—Non-existent

0—Incomplete

 

In the next section, we will focus on Benefits of the ISO/IEC 15504 approach.

Benefits of the ISO/IEC 15504 Approach

The ISO/IEC 15504 approach results in the following benefits:

  • Improved focus on the process being performed, to confirm that it is actually achieving its purpose

  • Simplified content by elimination of duplication, unlike COBIT® 4.1 which required duplicating control objectives and converting RACI activities

  • Improved reliability and repeatability of the process capability activities and evaluations of the assessed results reduce debates and disagreements between stakeholders, as the approach is evidence-based

  • Increased usability of process capability assessment results, as the approach is more rigorous for both internal and external purposes

  • Compliance with a generally accepted process assessment standard and therefore, a strong support for the approach in the marketplace

In the next section, we will discuss the purpose of a Process Assessment.

Purpose of a Process Assessment

The purpose of carrying out a process assessment is to:

  • allow the governance body and management to benchmark process capability.

  • enable high-level ‘as-is’ and ‘to-be’ health checks to support the governance body and management in decision-making for process improvement.

  • provide gap analysis and improvement planning information to support justifiable improvement in projects.

  • provide the governance body and management with assessment ratings to measure and monitor current capabilities.

In the next section, we will discuss the key terms related to ISO/IEC 15504.

Key Terms Related to ISO/IEC 15504

The following are a few key terms related to ISO/IEC 15504:

  • Process purpose

- It refers to the high-level measurable objectives of performing the process and the likely outcomes of implementing the process effectively.

  • Process outcome

- It is an observable result of a process. An outcome can be an artifact, a significant change of state or the meeting of specified constraints.

  • Base practices

- These are activities which, when consistently performed, contribute to achieving the process purpose. These activities are performed by the management.

  • Work product

- is an artifact associated with the execution of a process, defined in terms of process inputs and outputs.

  • Generic practices

- These are activities of a generic type, providing guidance on the implementation of the Process Attribute's characteristics. They support the achievement of the Process Attribute from the ‘Managed’ process level 2 to the ‘Optimising’ process level 5. Many of these practices are concerned with management practices established to support the process performance.

  • Generic work products

- These are indicators that are sets of characteristics expected to be evident in work products of generic types as a result of the achievement of an attribute. These characteristics form the basis for classification of the work products defined as process performance indicator sand represent the basic types of work products that may be inputs to or outputs from all types of processes, in the process dimension used from the managed process level 2 to the optimizing process level 5.

In the next section, we will discuss the overview of the Assessment Approach.

Want to check the course preview of our COBIT® 5 Certification? Click here to watch!

Overview of the Assessment Approach

The following image illustrates how the COBIT® 4.1, COBIT® 5 and ISO approaches are combined to create the new Process Assessment Model (PAM).
Process Assessment Model

The first part of the model addresses what the Process Assessment Model (PAM) consist of. The Process Assessment Model includes the Process Reference Model (PRM) and Measurement Framework.

The  Process Reference Model consists of:

  • Domain and scope

  • Process purpose

  • Process outcomes

The Measurement Framework consists of:

  • Capability levels

  • Process Attributes

  • Rating scale

The Process Assessment Model consists of:

  • Scope

  • Indicators

  • Mapping

  • Translation

The second part of the model is how the assessment process is carried out. The PAM along with the roles and responsibilities of the sponsor and the competent assessors form the assessment process which consists of:

  • Planning

  • Data collection

  • Data validation

  • Process Attribute rating

  • Reporting

All these are in line with the ISO/IEC 15504 defined standard.

The initial inputs that are considered for the assessment process include:

  • Purpose

  • Scope

  • Constraints

  • Identities

  • Approach

  • Assessor competence criteria

  • Additional information

The Output of the Assessment Process have:

  • Date

  • Assessment input

  • Identification of evidence

  • Assessment process used

  • Process profiles

  • Additional information

 

In the next section, we will focus on the topic ‘Moving to the COBIT® Assessment Programme.

Moving to the COBIT® Assessment Programme

COBIT® 4.1, Val IT and Risk IT users wishing to move to the new COBIT® assessment programme approach will need to:

  • realign their previous ratings;

  • adopt and learn the new method; and

  • initiate a new set of assessments.

In the next section, we will focus on the scope of the Process Assessment Model.

Process Assessment Model—Scope

A PAM is related to one or more PRMs. It forms the basis for the collection of evidence and rating of process capability.

The scope of a PAM is as follows:

  • A PAM relates to at least one process from the specified PRMs.

  • For a given process, a PAM addresses all, or a continuous subset of, the levels (starting at 1) of the measurement framework associated with process capability.

A model can address either level 1 or levels 1, 2 and 3 taken together, but it cannot address levels 2 and 3 without addressing level 1.

In the next section, we shall focus on the comparison between Capability Dimension and Process Dimension.

Capability Dimension vs. Process Dimension

ISO/IEC 15504 defines two levels or dimensions:

  • Capability dimension

- Focuses on the process capability dimension (levels 1 to 5) based on Process Attribute Indicators (PAI) that solely deal with generic attributes

  • Process dimension

- Contains additional indicators for process performance assessment based on specific performance indicators

The PRM is used only for the process dimension at level 1. Levels 2 to 5 focus only on the capability dimension based on generic attributes.

Summary

Let us summarise what we have learned in this lesson:

  • ISO/IEC 15504-4 identifies process assessment as an activity that can be performed either as part of a process improvement initiative or as part of a capability determination approach.

  • The COBIT® assessment programme is a robust assessment process that aligns COBIT®’s Maturity Model scale with the ISO/IEC 15504 standard.

  • The ISO/IEC 15504 approach results in an improved focus on the process being performed, to confirm that it is actually achieving its purpose.

  • One of the purposes of process assessment is to provide gap analysis and improvement planning information to support justifiable improvement in projects.

  • The COBIT®Process Assessment Model includes the Process Reference Model and the measurement framework.

​The next chapter talks about COBIT® Process Attributes and Process Capability Levels.

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Name*
Email*
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Email*
Phone Number*
Company*
Job Title*