Scribd Logo
Importer

Bienvenue sur Scribd !

  • Cobit Assessment Programme-Frequently Asked Questions (Faqs)

    Transféré par

    Beben Sutara
    57 vues4 pages
    df

    Titre original

    8. FAQ's COBIT PAM

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    df

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    57 vues4 pages

    Cobit Assessment Programme-Frequently Asked Questions (Faqs)

    Transféré par

    Beben Sutara
    df

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 4

    COBITAssessmentProgrammeFrequentlyAskedQuestions(FAQs)

    ISACA2012 Allrightsreserved. Page1


    1. WhydidISACAselectISO15504?
    ISO15504effectivelydealswithacapabilityprocessassessment.Itprovidesan
    understandable,logical,repeatable,reliableandrobustmethodologyforassessingthe
    capabilityofITprocesses(evidentiaryrequirements).

    2. WhatisthemajorvalueofusingthenewCOBITAssessmentProgramme?
    a. Thevaluederivedfromassessmentsusingthisapproachincludesreliableresults
    thatfocustheenterpriseonthebenefitsandresourceimplicationsarisingfromthe
    performanceandcapabilityofitsITprocesses,andprovideasoundbasisfor
    benchmarkingandimprovement,prioritizationandplanning.
    b. ThereareanumberofspecificbenefitsforCOBITusersintakingthisapproach:
    - Focusfirstonconfirmingthataprocessisachievingitsintendedpurposeand
    deliveringitsrequiredoutcomesasexpected.
    - Simplificationofthecontentsupportingprocessassessment.
    - Improvedreliabilityandrepeatabilityofprocesscapabilityassessmentactivities
    andevaluations,reduceddebatesanddisagreementsbetweenstakeholderson
    assessmentresults.
    - Increasedusabilityofprocesscapabilityassessmentresults,asthenew
    approachestablishesabasisformoreformal,rigorousassessmentstobe
    performed,forbothinternalandpotentialexternalpurposessuchas
    benchmarking.
    - Compliancewithagenerallyacceptedprocessassessmentstandard(ISO15504)
    andthereforestrongsupportforprocessassessmentapproachinthemarket.

    3. Isthissimplyawaytopushmorecertificationstoconsultants?
    No,becauseISO15504identifiestheneedforbothindependentandcompetent
    assessorstoperformanassessment.ISACAhasidentifiedanumberofkeycompetencies
    andexperiencerequirements.Thisnecessitatesacomprehensivetrainingprogramme
    withanexamthatrequiresacertificateuponthesuccessfulcompletionoftheexam.
    Thistypeofcertificationismoreaproductbasedratherthanaprofessionalbased
    certificationprogramsuchasCISAorCPA.

    4. Weknowwhereourstrengthsandweaknesseslie.WhyundertakeaCOBITprocess
    assessment?
    Manyorganizationsbelievetheyhavesomeideaoftheirstrengthsandweaknesses.
    However,theycanoftenbesurprisedwhenaparticularprocessfailstoperformas
    expectedbecauseitisnotrobustenoughtodealwitheitherorganizationalchangeor
    differentcircumstances.

    5. WhydoIneedamorerigorousassessment?Istheselfassessmentprocessnot
    sufficient?
    a. Aselfassessmentcanbeusedbyorganizationstoperformalessrigorous
    assessmentofthecapabilityofITprocesses.Thismaybeaprecursortoundertaking
    COBITAssessmentProgrammeFrequentlyAskedQuestions(FAQs)

    ISACA2012 Allrightsreserved. Page2


    amorerigorous,evidencebasedassessment.Itisintendedasastandalone
    processwiththeminimumoftrainingandnotrequiringacertifiedassessor.
    b. Aselfassessmentisbasedmoreonjudgementoftheindividualorindividuals
    makingtheassessment.Itwillbesubjectivewithoutarequirementforevidence.As
    aresult,theassessmentwillbeindicativeoftheprocesscapability.Experiencehas
    shownthatsuchassessmentsareoftenoptimistic,showingabetterresultthan
    wouldbeshowninamoreformal,evidencebasedassessment.Theyaregenerally
    notrepeatableorobjective.Forarepeatable,objectiveassessment,afull
    assessmentusingtheCOBITPAMandassessorguide(withtraining)isrequired.

    6. DoesthenewCOBITAssessmentProgrammeapproachreplacetheexistingCOBIT4.1
    CMMapproach?
    a. No,itdoesnot;itisadifferentapproachtoassessingprocesscapabilitythatISACA
    hasselectedtouse.COBIT4.1CMMremainsaspublishedandtheoptionofapplying
    aCOBITAssessmentProgrammeapproachasanalternativehasbeenmade
    available.
    b. However,TheCMMapproachwillnotbeofferedinCOBIT5becausethenewISO
    15504approachiscoretoperformingacapabilityprocessassessmentusingCOBIT5
    content.

    7. WhatisthedifferencebetweentheCOBIT4.1CMMandthenewCOBITAssessment
    Programmeapproach?
    a. Thecapabilitylevelscaleisthesame,i.e.,0to5andsomeofthelevelnamesare
    verysimilar,butthatiswherethesimilaritiesend.Theattributesassessedand
    measuredineachapproachareNOTthesamenoristhereacleancutrelationship
    betweenthetwosetsofattributes.
    b. Therearenospecificrequirementstoprovideevidentiarysupportforassessment
    resultsintheexistingCOBIT4.1CMMapproach,butthisismandatoryintheISO
    15504approach.Providingsuchevidenceinsupportoftheassessmentproduces
    morerobust,repeatableanddefensibleresults.
    c. TheassessmentdoneundertheoldCOBIT4.1CMMapproachwilllikelyresultin
    higherscores,duetothesubjectiveaveragingapproachadopted,andalsodueto
    themorerigorousISO15504requirementsforlevel1inthenewapproach

    8. WillCOBIT5havethesameprocesscapabilityassessmentapproachusingISO15504?
    Andhowwillitdiffer?
    a. COBIT5hasbeendesignedtakingintoaccountalloftheISO15504process
    capabilityassessmentrequirements.Asaresulttheconsistencyofcontentbetween
    theCOBIT5processcontentandtheCOBIT5PAMwillbeimprovedoverthoseof
    COBIT4.1.
    b. ForthepurposesofapplyingtheCOBITAssessmentProgrammeapproach,theonly
    differencebetweenCOBIT4.1andCOBIT5willbethelevel1contentwhichis
    specificanduniquetoeachframeworkversion.Assessmentlevels2to5focuson
    COBITAssessmentProgrammeFrequentlyAskedQuestions(FAQs)

    ISACA2012 Allrightsreserved. Page3


    genericprocessattributes(asdefinedinISO15504)andarethereforethesamefor
    bothframeworks.

    9. WhywouldyouwanttodoaCOBITprocesscapabilityassessmentusingCOBIT4.1
    whenCOBIT5willbeavailableinearly2012?
    EnterpriseshaveinvestedinusingCOBIT4.1andwillcontinuetouseitforanumberof
    yearsuntiladriverisencounteredforthemtoconsideratransitiontoCOBIT5.During
    thistimeaformalprocesscapabilityassessmentagainstCOBIT4.1willbeofvalueto
    them.

    10. WhataboutenterprisesnotusingCOBIT4.1?
    ThoseorganizationswhohavenotyetimplementedCOBITareencouragedtousethe
    COBIT5PAMbecauseoftheaddedvaluethattheexpandedCOBIT5frameworkscope
    bringstotheenterprise.

    11. Howisassessingclouddifferentfromassessingotherservices?
    Thereisnodifference,cloudservicesareasubsetofITservices,Infrastructureasa
    Service(IaaS),PlatformasaService(PaaS)andSoftwareasaService(SaaS).Regardless
    ofthedeploymentmodel,private,publicetc,cloudcomputingisadeliveryofaservice
    inthesamewayasanyotherITservicedelivery;ISACAcloudpublicationsprovidea
    predefinedselectionofCOBITprocesses;theassessmentoftheprocessesitselfwillbe
    thesameforcloudasforanyotherITservicedelivered..Formoreinformationon
    ISACAscloudpublicationsvisit:www.isaca.org/cloud

    12. Whatothermodels,frameworksandapproacheshavebeenalignedtoISO15504?
    a. ITIL3hasbeenmappedtoISO15504butonlyatlevel1;i.e.,aProcessReference
    Model(PRM)hasbeendevelopedandreleasedviaaTudorpublication.However,to
    ourknowledgenofullPAMhasbeendeveloped.
    b. TheISOgroupresponsibleforISO20000onITservicemanagementisalsointhe
    processofdevelopinganISO15504PAM
    c. COSOhasalsodevelopedanISO15504PRM(level1only)butnotafullPAM.

    13. Whatqualificationsandexperiencewillberequiredtobeacertifiedassessor?
    CertificationandcompetencyrequirementsarestillbeingdevelopedbutISACAseesthe
    followingaslikelyrequirements:
    a. ExperienceMinimumoffiveyearsexperienceinbusinessmanagement,IT
    managementormanagementconsultancy.Twoyearscanbesubstitutedbyhavinga
    CertifiedInformationSystemsAuditor(CISA);orequivalent/relevantauditingor
    assessmentcertification.
    b. Training:
    - Foundationleveltraining,examandcertificate(todemonstratecoreknowledge
    ofCOBIT)
    - Processleveltraining,examandcertificate
    - Assessortraining,examandcertificationtobecomeacertifiedassessor
    COBITAssessmentProgrammeFrequentlyAskedQuestions(FAQs)

    ISACA2012 Allrightsreserved. Page4

    14. Howwilltrainingandcertificationbeprovided?
    ISACAisintheprocessofdevelopingworldwidetrainingandcertificationforthe
    accreditationoftrainingorganizations.
    15. HowlongonaveragedoesaCOBITAssessmenttaketoexecute?
    a. Thereisnospecificanswertothisasitdependsonthescopeoftheassessment;3
    processesvs.34/37.Itdependsonthebusinessneedandwhatprocesses
    managementwouldliketoseeassessed/improved.
    b. ISACAhasprovidedascopingtoolaspartofitstoolkittoassistorganizationsin
    selectingprocessestoscope.(Seetoolkitlinkonthewebsite.)

    16. WilltheISOrevisedstandardISO33000whichwillbethereplacementtoISO15504
    haveanimpactonthemodeljustdevelopedforbothCOBIT4.1andCOBIT5?
    a. Yes,inthatanychangestotheprocesscapabilityassessmentapproachrequiredby
    thenewstandardwhenpublishedwillneedtobeconsideredintotheCOBIT
    AssessmentProgrammeapproachandsupportingmaterialsatsomepoint.
    b. ISACAhasstudiedthedraftproposalsforthenewstandardbeingdevelopedand
    concludedthatthebigimprovementsproposedforISO33000willaffectmainlythe
    enterprisematurityassessmentthatisbasedcurrentlyonISO155047guide,which
    ISACAhasnotimplemented,preferringinsteadtoconcentrateonaprocess
    capabilityassessmentbecausethisactivitymustbecompletedfirstbeforean
    enterpriselevelmaturityassessmentcanbeundertaken.

    17. Ifallofthework(heavylifting)isdonetoachievelevel1,whichisdeemedtobea
    majorachievement,whatistheincentivetogotofurtherlevelsofcapability?Isitnot
    anicetohave?
    a. Thereisalwaysacost/benefittradeoffinhowhighacapabilitylevelanorganization
    wantstoachieveandindeedmanyorganizationshavefocusedalotoftheir
    attentionatlevel1becausethisisamajorachievementtoshowthatyourprocesses
    aremeetingfullytheirpurpose.
    b. Level3isseenbyISACAasthelevelthatenterprisesshouldaspiretoforconsistency
    intheperformanceoftheirprocessesirrespectiveofthestaffinvolved.
    c. Levels4and5willdependontheindustryandproductsector,soforexampleto
    meetagovernmentcontracttoprovidedefensetechnologyanorganizationmaybe
    requiredtoshowalevel5capability,i.e.,theirprocessesareoptimized.

    18. Whattoolsareavailabletoassistassessorsinperformingtheseprocesscapability
    assessments?
    a. ISACAhasprovidedatoolkitforboththeassessorandtheselfassessmentguide.
    b. TherearealsocommercialorganizationsthatprovideISOassessmenttoolsboth
    onlineandviasoftwaredownloadthatcanbetailoredtoaspecificorganizations
    needs.

    Vous aimerez peut-être aussi