AG: 4-Performing A Process Assessment Flashcards Preview

Play-04 > AG: 4-Performing A Process Assessment > Flashcards

Flashcards in AG: 4-Performing A Process Assessment Deck (41):
0

What are the basic 7 steps in COBIT 5 assessment process?

- Initiation
- Planning
- Briefing
- Data collection (evidence-based for each process)
- Data validation (evidence-based for each process)
- Process attribute rating (evidence-based for each process)
- Assessment reporting

1

What are the core activities of the (Initiation) step in COBIT 5 assessment?

- confirming the sponsor
- ensuring agreement on the purpose and scope of the assessment
- identifying any constraints
- doing the initial planning of the assessment (including any additional information that needs to be gathered)
- choosing the assessment participants and the full assessment team
- defining the roles of the team members

2

What are the core activities of the (Planning) step in COBIT 5 assessment?

- development of the detailed assessment plan that describes (all activities performed in gathering evidence and conducting the assessment)

3

What are the core activities of the (Briefing) step in COBIT 5 assessment?

- Assessment Team: ensure that the assessment team understands the assessment input, process and output
- Assessment Participants: people in the enterprise who should be consulted in the assessment should also be briefed on how the assessment will be performed

4

What are the core activities of the (Data Collection) step in COBIT 5 assessment?

- obtaining objective evidence to support the evaluation
- data collection (strategy) should be developed and approved during the planning step
- data collection (period) should be considered because it may affect the assessment results

5

What are the core activities of the (Data Validation) step in COBIT 5 assessment?

- Validation can commence during data collection
- The assessor, while gathering information, should ensure that the information obtained from various sources is consistent

6

What are the core activities of the (Process Attributes Rating) step in COBIT 5 assessment?

- A rating is assigned for each process attribute up to and including the highest capability level defined in the assessment scope
- The rating is based on data validated in the previous activity
- Traceability must be maintained between the objective evidence collected and the process attribute ratings assigned
- The relationship between the indicators and the objective evidence needs to be recorded

7

What are the core activities of the (Assessment Reporting) step in COBIT 5 assessment?

- The results of the assessment are analysed and presented to the sponsor/stakeholders as appropriate
- important to highlight in the report that it is: An assessment report, based on a PAM, performed by a certified/competent assessor and not an attestation or assurance report on the effectiveness of the internal control, risk management or other aspects of enterprise performance & Meant as an internal report for management’s use ONLY

8

What are the key issues associated with of the (Initiation) step in COBIT 5 assessment?

T

9

What are the key issues associated with of the (Planning) step in COBIT 5 assessment?

T

10

What are the key issues associated with of the (Briefing) step in COBIT 5 assessment?

T

11

What are the key issues associated with of the (Data Collection) step in COBIT 5 assessment?

T

12

What are the key issues associated with of the (Data Validation) step in COBIT 5 assessment?

T

13

What are the key issues associated with of the (Process Attributes Rating) step in COBIT 5 assessment?

T

14

What are the key issues associated with of the (Assessment Reporting) step in COBIT 5 assessment?

T

15

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Sponsor) in the (Initiation) step in COBIT 5 assessment?

- have the authority to engage an assessment team
- make sure adequate resources and competencies are made available to perform a conformant assessment

16

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Participants/Assesses) in the (Initiation) step in COBIT 5 assessment?

- involvement of people with knowledge about the processes
- provide an accurate view of the process capability
- processes to be assessed should be mapped to the enterprise units undertaking the process or using its work products
- initial arrangements can be made to have appropriate representation in the assessment

17

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Pre-assessment Questionnaire) in the (Initiation) step in COBIT 5 assessment?

It should allows the assessor or assessor team gain an understanding of the:
- enterprise unit
- management’s expectations

18

What are the typical typically questions that should be included in the pre-assessment questionnaire?

• The enterprise unit being assessed
• Products and services
• Any issues or problem areas
• The scoping tool and process to be used
• The type of assessment being requested, i.e., class one, two or three
• Knowledge of COBIT 5
• Awareness of what is involved in an assessment process
• Awareness of the time and resource commitment necessary to achieve the desired objective

19

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Scoping of the Assessment) in the (Initiation) step in COBIT 5 assessment?

- should focus the assessment on the business needs of the enterprise
- reduces the overall effort involved with the assessment.

20

What are the major steps in the (Scoping & Mappping Process) happens during the initiation step in the COBIT 5 assessment?

- Identify relevant (business drivers) and associated (stakeholder needs)
- Define the (objectives) of the assessment
- The (prioritization and selection) of (COBIT 5 processes)
- (Identify and prioritize) enterprise (IT processes)
- (Confirm) the preliminary selection of target COBIT processes with the project sponsor and key stakeholders
- Finalize the COBIT processes selection
- Document the scoping methodology in the assessment records

- i.e. refer to goal cascade and value creation mechanisms in COBIT 5

21

What are the typical business drivers for assessing IT processes in a COBIT 5 assessment?

- (Strengths) and (opportunities for improvement) of IT processes and their enabling of one or more key enterprise goals
- (Prioritized improvement initiatives) related to achieving one or more identified IT goals
- Opportunities for improving the enterprise’s governance and management information and technology assets

22

What is the basic advantage of using COBIT 5 scoping and mapping technique?

The benefits of using COBIT 5 as the PRM is that it has extensive mappings from (enterprise goals) and (IT-related goals) to (IT processes)

23

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Setting Target Capability Levels) in the (Initiation) step in COBIT 5 assessment?

- The impact on the (business objectives) of the enterprise if a specified level of capability is not achieved
- 1st: The impact on the (enterprise) if the process is non-existent or not working effectively or efficiently
- 2nd: The (additional consequences) of the effective and efficient operation of the processes at the various capability levels

24

What is the minimum size of the assessment team in class (one) assessment? And characteristics of the lead assessor?

- At least two members, including the lead assessor
- The certified assessor shall be independent of the organisation unit being assessed.

25

What is the minimum size of the assessment team in class (two) assessment? And characteristics of the lead assessor?

- At least two members, ideally including a certified assessor
- Can be performed internally or by an independent assessor

26

What is the minimum size of the assessment team in class (three) assessment? And characteristics of the lead assessor?

- At least one member
- Can be performed internally or by an independent assessor.

27

What are the minimum evidential requirements for class (one) assessment?

- A minimum of four process instances for each process attribute

28

What are the minimum evidential requirements for class (two) assessment?

- A minimum of two process instances for each process attribute

29

What are the minimum evidential requirements for class (three) assessment?

- There is no minimum of process instances stated

30

What are the major difference between self-assessment and class three assessment?

- No need for a certified competent lead assessor
- No need for evidences
- Only for internal use and no comparison

31

From which part of the organization can the sponsor be?

The sponsor can belong to the same enterprise, but not necessarily to the part of the enterprise being assessment

32

What is the (LAC) role?

The local assessment co-ordinator (LAC), who will manage the assessment logistics and interface with the various enterprise units

33

What is the (PAQ)? And how does it help?

- The pre-assessment questionnaires (PAQs) is submitted to the local assessment co-ordinator
- The PAQs help structure the onsite interviews

34

What are the typical COBIT 5 assessment constrains?

• Availability of key resources
• Maximum amount of time
• Specific processes or enterprise units to be excluded
• Minimum, maximum or specific sample size or coverage
• Ownership of the assessment outputs and any restrictions on their use
• Controls on information resulting from a confidentiality agreement

35

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Project Management) in the (Planning) step in COBIT 5 assessment?

- A successful assessment is conducted as a small project
- appropriate project plan, monitoring of progress, adjusting of the plan when appropriate and keeping the project sponsor informed

36

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Level of Efforts) in the (Planning) step in COBIT 5 assessment?

- Scope of the assessment (the number of processes to be assessed)
- Type of assessment, which determines the level of evidence required to be collected
- Capability level to which the assessment is to be taken

37

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Assessment Tools) in the (Planning) step in COBIT 5 assessment?

- Selection of paper-based and automated
- The appropriateness of a tool depends on the planned mode of use and assessment methodology

38

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Data Collection Strategy) in the (Planning) step in COBIT 5 assessment?

- The assessment input shall be defined prior to the data collection phase of an assessment and approved by the sponsor
- The strategy should ensure that the appropriate level of evidence is collected and recorded in line with the requirements of class and scope of the assessment

39

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Management Support) in the (Briefing) step in COBIT 5 assessment?

- Sponsor motivates participants to be open and constructive
- Sponsor made clear that process assessments focus on the process, not on the performance of enterprise unit members implementing the process
- The intent is to make the processes more effective in support of the defined business goals
- ensure that participants are a principal source of knowledge and experience about the process and that they are in a good position to identify potential weaknesses in the process
- respect for the confidentiality of the sources of information
- ensure that participants do not feel threatened or have any concerns regarding confidentiality
- adequate confidentiality arrangements/agreements are in place to handle such information and manage its use in the assessment process

40

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Training) in the (Briefing) step in COBIT 5 assessment?

- The participants should be appropriately trained and have the necessary experience
- In addition to competence in operating the tools, training and/or experience should provide a good theoretical understanding of the underlying principles related to the COBIT PAM, indicators and rating