More Related Content
Similar to 1. table of contents
Similar to 1. table of contents (20)
1. table of contents
- 1. COBIT® Assessment Programme Tool Kit: Using COBIT® 4.1
ISACA®
With 95,000 constituents in 160 countries, ISACA (www.isaca.org) is a leading global provider of
knowledge, certifications, community, advocacy and education on information systems (IS) assurance and
security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in
1969, the non-profit, independent ISACA hosts international conferences, publishes the ISACA® Journal,
and develops international IS auditing and control standards, which help its constituents ensure trust in,
and value from, information systems. It also advances and attests IT skills and knowledge through the
globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security
Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and
Information Systems Control (CRISC) designations. ISACA continually updates COBIT®, which
helps IT professionals and enterprise leaders fulfil their IT governance and management responsibilities,
particularly in the areas of assurance, security, risk and control, and deliver value to the business.
Disclaimer
ISACA has designed and created COBIT® Assessment Programme Tool Kit: Using COBIT® 4.1 (the
‘Work’) primarily as an assessor guide. ISACA makes no claim that use of any of the Work will assure a
successful outcome. The Work should not be considered inclusive of all proper information, procedures
and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining
the same results. In determining the propriety of any specific information, procedure or test, assessors
should apply their own professional judgement to the specific circumstances presented by the particular
systems or information technology environment.
Reservation of Rights
© 2011 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced,
modified, distributed, displayed, stored in a retrieval system or transmitted in any form by any means
(electronic, mechanical, photocopying, recording or otherwise) without the prior written authorisation of
ISACA. Reproduction and use of all or portions of this publication are permitted solely for academic,
internal and non-commercial use and for consulting/advisory engagements, and must include full
attribution of the material’s source. No other right or permission is granted with respect to this work.
ISACA
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008 USA
Phone: +1.847.253.1545
Fax: +1.847.253.1443
E-mail: info@isaca.org
Web site: www.isaca.org
COBIT® Process Assessment Model (PAM): Using COBIT® 4.1 ISBN 978-1-60420-188-8
COBIT® Assessor Guide: Using COBIT® 4.1 ISBN 978-1-60420-191-8
COBIT® Assessment Programme Tool Kit: Using COBIT® 4.1
CRISC is a trademark/service mark of ISACA. The mark has been applied for or registered in countries
throughout the world.
© ISACA 2011 All rights reserved. Page 1
- 2. COBIT® Assessment Programme Tool Kit: Using COBIT® 4.1
1. Table of Contents
2. Assessment Scoping Tool—An Excel® file that brings together various existing mappings
related to COBIT 4.1 in a hierarchical tree format, including:
Mapping of COBIT 4.1 processes to the five IT governance focus areas
Mapping of COBIT 4.1 processes to IT goals to business goals to IT balanced scorecard
Mapping COBIT 4.1 processes to IT goals (subset of information contained in the item
above)
Cloud computing
Sarbanes-Oxley
Self-diagnostic tool
The intent for the mappings of the COBIT 4.1 processes is that they will be incorporated into
IT process assessment guidance documents, which will enable practitioners to efficiently
identify and focus on the COBIT processes that may be higher priorities for their enterprises.
3. Report Template (Assessor Guide Appendix D.3)—A Word® file containing an example
of a Process Capability Assessment Report for an example company, performed using the
COBIT assessment programme methodology.
4. Summary of Results Template (Assessor Guide Report Example)—An Excel file
outlining example templates in three worksheets to get you started. Many assessors prefer to
develop their own tools; some will create small questionnaires based on the COBIT Process
Assessment Model requirements and some will create checklists. The templates provided
here were used in early pilots and proved very useful to collect data and analyse the
assessment levels. Assessors are encouraged to create their own templates.
5. Assessor Presentation Techniques—A PowerPoint® file of 10 slides containing sample
templates and examples that can be used to support the assessment activities described in the
publication COBIT® 4.1 Assessors Guide: Using COBIT® 4.1, especially process
improvement and board presentations.
6. ISACA’s COBIT Assessment Programme Introduction—A PowerPoint file of 48 slides
that provide:
An understanding of the new COBIT assessment programme
An understanding of the relationship to ISO/IEC 15504 and why ISACA selected this
standard
A walk through with one of the key COBIT 4.1 processes DS1 Define and manage
service levels
7. Self-assessment Templates—An Excel file with separate evaluation sheets for all 34 COBIT
4.1 processes.
8. FAQs—A PFF of answers to 18 frequently asked questions.
Note: As the COBIT assessment programme matures, new tools may be added to this tool
kit.
© ISACA 2011 All rights reserved. Page 2
