Título: The COBIT Maturity Model in a Vendor Evaluation Case.
In: Information Systems Control Journal, Volume 3
Tipo documento: Artigo
Autor(es): PEDERIVA, Andrea
The COBIT Maturity Model is an IT governance tool used to measure how well developed the management processes are with respect to internal controls.
A fundamental feature of the maturity model is that it allows an organization to measure as-is maturity levels, and define to-be maturity levels as well as gaps to fill. As a result, an organization can discover practical improvements to the system of internal controls of IT. However, maturity levels are not a goal, but rather they are a means to evaluate the adequacy of the internal controls with respect to company business objectives.
Because of its construction criteria, the questionnaire is aligned completely with the maturity model and fairly detailed with respect to the maturity requirements. This has proven to be useful to support subsequent discussions aimed at identifying the key points that were enabling or preventing the organization to reach a given maturity level.
As a suggestion, in performing a benchmarking effort, first discuss the maturity requirements without showing the maturity level in which the questions belong. This will reduce any bias by the respondents that can be present when they know the effects of the answers on the final result.
To make the method applicable beyond comparison, as with planning improvements (as-is, to-be, gap analysis), it must manage partial compliance at lower levels. That is not an issue in the method presented here, but for improvements one wants to see consistency at the lower levels before evaluating the contributions at the higher levels.