AG: 4-Performing A Process Assessment

Question 0

What are the core activities of the (Initiation) step in COBIT 5 assessment?

Answer 0

• confirming the sponsor
• ensuring agreement on the purpose and scope of the assessment
• identifying any constraints
• doing the initial planning of the assessment (including any additional information that needs to be gathered)
• choosing the assessment participants and the full assessment team
• defining the roles of the team members

Question 1

What are the basic 7 steps in COBIT 5 assessment process?

Answer 1

• Initiation
• Planning
• Briefing
• Data collection (evidence-based for each process)
• Data validation (evidence-based for each process)
• Process attribute rating (evidence-based for each process)
• Assessment reporting

Question 2

What are the core activities of the (Planning) step in COBIT 5 assessment?

Answer 2

• development of the detailed assessment plan that describes (all activities performed in gathering evidence and conducting the assessment)

Question 3

What are the core activities of the (Briefing) step in COBIT 5 assessment?

Answer 3

• Assessment Team: ensure that the assessment team understands the assessment input, process and output
• Assessment Participants: people in the enterprise who should be consulted in the assessment should also be briefed on how the assessment will be performed

Question 4

What are the core activities of the (Data Collection) step in COBIT 5 assessment?

Answer 4

• obtaining objective evidence to support the evaluation
• data collection (strategy) should be developed and approved during the planning step
• data collection (period) should be considered because it may affect the assessment results

Question 5

What are the core activities of the (Data Validation) step in COBIT 5 assessment?

Answer 5

• Validation can commence during data collection
• The assessor, while gathering information, should ensure that the information obtained from various sources is consistent

Question 6

What are the core activities of the (Process Attributes Rating) step in COBIT 5 assessment?

Answer 6

• A rating is assigned for each process attribute up to and including the highest capability level defined in the assessment scope
• The rating is based on data validated in the previous activity
• Traceability must be maintained between the objective evidence collected and the process attribute ratings assigned
• The relationship between the indicators and the objective evidence needs to be recorded

Question 7

What are the core activities of the (Assessment Reporting) step in COBIT 5 assessment?

Answer 7

• The results of the assessment are analysed and presented to the sponsor/stakeholders as appropriate
• important to highlight in the report that it is: An assessment report, based on a PAM, performed by a certified/competent assessor and not an attestation or assurance report on the effectiveness of the internal control, risk management or other aspects of enterprise performance & Meant as an internal report for management’s use ONLY

Question 8

What are the key issues associated with of the (Initiation) step in COBIT 5 assessment?

Answer 8

T

Question 9

What are the key issues associated with of the (Planning) step in COBIT 5 assessment?

Answer 9

T

Question 10

What are the key issues associated with of the (Briefing) step in COBIT 5 assessment?

Answer 10

T

Question 11

What are the key issues associated with of the (Data Collection) step in COBIT 5 assessment?

Answer 11

T

Question 12

What are the key issues associated with of the (Data Validation) step in COBIT 5 assessment?

Answer 12

T

Question 13

What are the key issues associated with of the (Process Attributes Rating) step in COBIT 5 assessment?

Answer 13

T

Question 14

What are the key issues associated with of the (Assessment Reporting) step in COBIT 5 assessment?

Answer 14

T

Question 15

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Sponsor) in the (Initiation) step in COBIT 5 assessment?

Answer 15

• have the authority to engage an assessment team

- make sure adequate resources and competencies are made available to perform a conformant assessment

Question 16

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Participants/Assesses) in the (Initiation) step in COBIT 5 assessment?

Answer 16

• involvement of people with knowledge about the processes
• provide an accurate view of the process capability
• processes to be assessed should be mapped to the enterprise units undertaking the process or using its work products
• initial arrangements can be made to have appropriate representation in the assessment

Question 17

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Pre-assessment Questionnaire) in the (Initiation) step in COBIT 5 assessment?

Answer 17

It should allows the assessor or assessor team gain an understanding of the:

• enterprise unit
• management’s expectations

Question 18

What are the typical typically questions that should be included in the pre-assessment questionnaire?

Answer 18

• The enterprise unit being assessed
• Products and services
• Any issues or problem areas
• The scoping tool and process to be used
• The type of assessment being requested, i.e., class one, two or three
• Knowledge of COBIT 5
• Awareness of what is involved in an assessment process
• Awareness of the time and resource commitment necessary to achieve the desired objective

Question 19

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Scoping of the Assessment) in the (Initiation) step in COBIT 5 assessment?

Answer 19

• should focus the assessment on the business needs of the enterprise
• reduces the overall effort involved with the assessment.

Question 20

What are the major steps in the (Scoping & Mappping Process) happens during the initiation step in the COBIT 5 assessment?

Answer 20

• Identify relevant (business drivers) and associated (stakeholder needs)
• Define the (objectives) of the assessment
• The (prioritization and selection) of (COBIT 5 processes)
• (Identify and prioritize) enterprise (IT processes)
• (Confirm) the preliminary selection of target COBIT processes with the project sponsor and key stakeholders
• Finalize the COBIT processes selection
• Document the scoping methodology in the assessment records
• i.e. refer to goal cascade and value creation mechanisms in COBIT 5

Question 21

What are the typical business drivers for assessing IT processes in a COBIT 5 assessment?

Answer 21

• (Strengths) and (opportunities for improvement) of IT processes and their enabling of one or more key enterprise goals
• (Prioritized improvement initiatives) related to achieving one or more identified IT goals
• Opportunities for improving the enterprise’s governance and management information and technology assets

Question 22

What is the basic advantage of using COBIT 5 scoping and mapping technique?

Answer 22

The benefits of using COBIT 5 as the PRM is that it has extensive mappings from (enterprise goals) and (IT-related goals) to (IT processes)

Question 23

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Setting Target Capability Levels) in the (Initiation) step in COBIT 5 assessment?

Answer 23

• The impact on the (business objectives) of the enterprise if a specified level of capability is not achieved
• 1st: The impact on the (enterprise) if the process is non-existent or not working effectively or efficiently
• 2nd: The (additional consequences) of the effective and efficient operation of the processes at the various capability levels

Question 24

What is the minimum size of the assessment team in class (one) assessment? And characteristics of the lead assessor?

Answer 24

- At least two members, including the lead assessor | - The certified assessor shall be independent of the organisation unit being assessed.

Question 25

What is the minimum size of the assessment team in class (two) assessment? And characteristics of the lead assessor?

Answer 25

- At least two members, ideally including a certified assessor - Can be performed internally or by an independent assessor

Question 26

What is the minimum size of the assessment team in class (three) assessment? And characteristics of the lead assessor?

Answer 26

- At least one member | - Can be performed internally or by an independent assessor.

Question 27

What are the minimum evidential requirements for class (one) assessment?

Answer 27

- A minimum of four process instances for each process attribute

Question 28

What are the minimum evidential requirements for class (two) assessment?

Answer 28

- A minimum of two process instances for each process attribute

Question 29

What are the minimum evidential requirements for class (three) assessment?

Answer 29

- There is no minimum of process instances stated

Question 30

What are the major difference between self-assessment and class three assessment?

Answer 30

- No need for a certified competent lead assessor - No need for evidences - Only for internal use and no comparison

Question 31

From which part of the organization can the sponsor be?

Answer 31

The sponsor can belong to the same enterprise, but not necessarily to the part of the enterprise being assessment

Question 32

What is the (LAC) role?

Answer 32

The local assessment co-ordinator (LAC), who will manage the assessment logistics and interface with the various enterprise units

Question 33

What is the (PAQ)? And how does it help?

Answer 33

- The pre-assessment questionnaires (PAQs) is submitted to the local assessment co-ordinator - The PAQs help structure the onsite interviews

Question 34

What are the typical COBIT 5 assessment constrains?

Answer 34

* Availability of key resources * Maximum amount of time * Specific processes or enterprise units to be excluded * Minimum, maximum or specific sample size or coverage * Ownership of the assessment outputs and any restrictions on their use * Controls on information resulting from a confidentiality agreement

Question 35

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Project Management) in the (Planning) step in COBIT 5 assessment?

Answer 35

- A successful assessment is conducted as a small project - appropriate project plan, monitoring of progress, adjusting of the plan when appropriate and keeping the project sponsor informed

Question 36

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Level of Efforts) in the (Planning) step in COBIT 5 assessment?

Answer 36

- Scope of the assessment (the number of processes to be assessed) - Type of assessment, which determines the level of evidence required to be collected - Capability level to which the assessment is to be taken

Question 37

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Assessment Tools) in the (Planning) step in COBIT 5 assessment?

Answer 37

- Selection of paper-based and automated | - The appropriateness of a tool depends on the planned mode of use and assessment methodology

Question 38

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Data Collection Strategy) in the (Planning) step in COBIT 5 assessment?

Answer 38

- The assessment input shall be defined prior to the data collection phase of an assessment and approved by the sponsor - The strategy should ensure that the appropriate level of evidence is collected and recorded in line with the requirements of class and scope of the assessment

Question 39

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Management Support) in the (Briefing) step in COBIT 5 assessment?

Answer 39

- Sponsor motivates participants to be open and constructive - Sponsor made clear that process assessments focus on the process, not on the performance of enterprise unit members implementing the process - The intent is to make the processes more effective in support of the defined business goals - ensure that participants are a principal source of knowledge and experience about the process and that they are in a good position to identify potential weaknesses in the process - respect for the confidentiality of the sources of information - ensure that participants do not feel threatened or have any concerns regarding confidentiality - adequate confidentiality arrangements/agreements are in place to handle such information and manage its use in the assessment process

Question 40

What are the (Major Concerns) that the lead assessor should take care of, which are associated with the key issue (Training) in the (Briefing) step in COBIT 5 assessment?

Answer 40

- The participants should be appropriately trained and have the necessary experience - In addition to competence in operating the tools, training and/or experience should provide a good theoretical understanding of the underlying principles related to the COBIT PAM, indicators and rating