The document outlines an IT governance maturity assessment using the COBIT 5 framework, detailing objectives, methodologies, and delivery approaches for evaluating enterprise IT governance. It describes the self-assessment process, scoping plans, and tools for mapping IT processes to business goals. Additionally, it emphasizes collaboration, data collection, and the importance of identifying improvement initiatives based on the assessment findings.

1. IT Governance
Maturity Assessment using COBIT 5 PAM
Eryk Budi Pratama
Senior Consultant - PwC
Presented for Information System Faculty– Universitas Bakrie

2. Objectives
IT Governance
Governance of Enterprise IT
Domain, Product Family, Coverage
COBIT 5 Framework
PAM using COBIT 5
Process Assessment Model (PAM)
Self Assessment Guide using COBIT 5
Self Assessment
Methodology for IT Governance Engagement
Engagement Delivery Approach

3. IT Governance
Governance of Enterprise IT

4. IT Governance
Old Way
COBIT 4.1
Val ITRisk IT

5. Corporate Governance of IT
Based on ISO 38500
Source: http://www.qaiglobalservices.com/wp-content/uploads/2016/05/Fig-4.jpg

6. Governance of Enterprise IT
COBIT 5 - Principles and Area
Risk Management
Focus
Area

7. COBIT 5 Framework

8. COBIT 5
Domain
 Evaluate, Direct, Monitor (EDM)
 Align, Plan, Organize (APO)
 Build, Acquire, Implement (BAI)
 Deliver, Service Support (DSS)
A Business Framework for the
Governance and Management
of Enterprise IT

9. COBIT 5
COBIT 5 Product Family

10. COBIT 5
COBIT 5 Coverage of Other Standards and Frameworks
Standard Description
ISO 38500 Governance of IT for the organization
ISO 31000 Enterprise Risk Management
ISO 27000 Information Security Management
ISO 20000 IT Service Management
Framework Description
TOGAF Enterprise Architecture by OpenGroup
PMBOK Project Management by PMI
PRINCE2 Project Management by APMG
ITIL IT Service Management by AXELOS
CMMI Capability Maturity Model Integration

11. Process Assessment Model
(PAM)

12. COBIT 5 PAM
COBIT Process Assessment Model (PAM) Workflow
Source: This figure is reproduced from ISO/IEC 15504-2, with the permission of ISO/IEC at www.iso.org. Copyright remains with ISO/IEC.

13. COBIT 5 PAM
COBIT Process Assessment Model (PAM) Workflow

14. COBIT 5 PAM
Process Capability Level and Attributes
Rating Levels
Levels and Necessary Ratings

15. COBIT 5 PAM
Assessment Process

16. Self Assessment

17. Self Assessment
Step 1 – Scoping (Process Step)
Identify relevant business drivers for the assessment of IT processes
•On the basis of these business drivers, define the objective of the assessment.
•The prioritisation and selection of one or more COBIT 5 processes for inclusion in the process assessment should be based on the business drivers
for the assessment.
Identify and prioritise the enterprise’s IT processes that should be included within the scope of the assessment
•Utilise the business drivers and assessment objectives identified previously, along with, as appropriate, the COBIT 5 process mappings contained
in the scoping tool kit.
•For example, if the objective of the assessment is to assist IT management in identifying and prioritising improvement initiatives related to one or
more specified goals identified, the COBIT process mappings may be useful to identify the processes most closely related to those IT goals.
Perform a preliminary scoping selection of target processes for inclusion in the assessment, based on the previous
prioritisation
•Ensure that they will satisfy the identified business drivers and meet the objectives of the assessment.
Confirm the preliminary selection of target COBIT 5 processes with the project sponsor and key stakeholders of the
process assessment
Finalise the COBIT 5 processes to be included in the assessment

18. Self Assessment
Step 1 – Scoping (Process Step)
Enterprise Goal Hierarchy IT-related Goals Hierarchy Self-Diagnostic
Mapping of COBIT 5 Processes to IT Goals
to Business Goals to IT Balanced
Scorecard
Mapping COBIT 5 Processes to IT Goals
(subset of information contained in item
above)
Self-diagnostic Tool

19. Self Assessment
Step 2 – Perform Self Assessment

20. Self Assessment
Step 2 – Perform Self Assessment

21. Engagement Delivery
Approach

22. Engagement Delivery Approach
General Delivery Approach
Process mapping of
current IT process to
COBIT 5
Working Group
& Discussion
Report
Assessment
IT Capabilities
Operational
Effectiveness &
Workshop
IT Goals, IT Framework risk
IT Issues, and
Remediation Roadmap
based on COBIT 5
Maturity Level based on
COBIT 5
Strategy and recommendation
report for IT process
improvement
Output

23. Engagement Delivery Approach
General Delivery Approach
Working Group
& Discussion
Report
Assessment
IT Capabilities
Operational
Effectiveness &
Workshop
▪ Determine the organizational
structure and the members
involved in the project as well
as the duties and responsibiliti
es of each party
▪ Create detailed work plans
and activities to be performed
▪ Determine communication
methods and information
paths
▪ Defines a list of required infor
mation
▪ Conducting a Kick-Off meeting
with all related parties to
assign key business process
owner over 37 sub-areas of
COBIT 5
▪ Determining the target and the
schedule of the interview
▪ Collect data / documents and
information on current state of
existing IT processes based
on 37 major sub-areas in
COBIT 5
▪ Review relevant documents
and information
▪ Discuss with key parties in the
IT process
▪ Determine the level of IT
capabilities with COBIT 5 tools
▪ Determine the level of IT
capability for 37 major sub
areas of COBIT 5 in the client
▪ Discussions with client’s mana
gement are related to IT
capability level reports that
have been assessed by
consultant
▪ Provide monitoring tools
related to improvements that
will be done by the client
▪ Organize workshop schedules
to report the result of IT
governance capability level
assessments
▪ Describes the review
methodology used
▪ Displays observations
regarding existing IT processes
and gaps based on COBIT 5
▪ Exposure to the results of
Operational Effectiveness i
mplementation
▪ Presentation of
recommendations for
improvement of client’s IT
process

24. Thank you