Flashcards in AG: 1-Overview Deck (18):
What is the value of making COBIT 5 assessment a standard-based approach?
To minimize to extend the subjectivity of assessment activity
What is the role of assessor judgement and experience?
Although COBIT 5 assessment is a standard-based approach, but the assessor judgement and experience will impact the depth of the evaluation result
How self-assessment guid is compared to the assessor guide?
It is used to perform a less rigorous assessment of the capability of organization processes
What are the key elements/basis for COBIT 5 PAM?
- COBIT 5 PRM: The specifications of the processes
- ISO/IEC 15504: The capability of each process & measurement scale
What are the critical success factors of COBIT 5 assessment? (As well as the process Improvement plan?)
- Clear purpose, scope and constraints definition
- Appropriate assessment class selection
- Class project leadership
- Engagement by required participants
- Consistent application of the assessment methodology
What are the major differences between the three available classes of COBIT 5 assessment?
The level of rigour (and thus the cost of assessment) increases from class three to class one
What is the major purpose(s) of class 3 assessment?
- Testing and understanding the IT process
- Testing and understanding the potential benefits from IT improvement
- Monitoring the ongoing progress of an improvement programm
- Identify key issues for a later class one or class two assessment
What is the major purpose(s) of class 2 assessment?
- reliable assessment for internal reporting
- a basis for an initial assessment at the commencement of an improvement programme
What is the major purpose(s) of class 1 assessment?
Comparison with other organizations
What is the impact of a competent assessor on the COBIT assessment?
The (effectiveness) of the assessment is dependent on the skills and judgement of the assessors and, in particular, the lead assessor, who must have knowledge of both the assessment process and COBIT
How the sponsor of COBIT 5 assessment can ensure the effectiveness of the conducted assessment?
By ensuring that the assessment is led by a competent assessor
What are the major characteristics of COBIT 5 competent assessor?
- Trained on COBIT 5 PRM & PAM
- Attended the assessor training
- Certified Assessor
- Has IT & Process oriented knowledge
How to ensure an adequate level of engagement from the key participants in COBIT 5 assessment?
- Ensure that the sponsor motivate them to participate
- Make a comprehensive list from process owners, manager and practitioners
What are the typical target audience of the COBIT 5 PAM?
- Certified assessor
- Internal auditors
- Assessment team members
- Organization management & stakeholders (such as the sponsor)
What is the typical sequence of the assessments classes?
What is exactly the output report of the COBIT 5 assessment? What are the 3 main elements that it links?
It is a report that contains the capability of the selected processes (defined in the COBIT PRM) against the capability scale (defined in ISO/IEC 15504-2) as documented in the COBIT PAM
What the assessment report is NOT?
The report is not an attestation or assurance report on the effectiveness of the process or its internal controls