This paper outlines an ISO/IEC 15504-compliant process assessment model based on COBIT 5. This model is the basis for the assessment of an enterprise's IT processes against COBIT5 and a training programme and certification programme for assessors. The assessment process is evidenced-based to enable a reliable, consistent and repeatable assessment process in the area of governance and management of IT.
The assessment model enables assessments by enterprises to support process improvement. Guidance will be given in a separate assessor guide on a risk-based approach to select the processes to be assessed, including the use of ISACA's published COBIT 5 mappings to determine the processes to be assessed. These include:
- Linking enterprise goals to enterprise-related IT goals
- Linking enterprise-related IT goals to IT processes
- Diagnostic tool for selecting scoping areas
A training and certification program for assessors is in development.
Note: In the ISO/IEC 15504 world, a significant detailed process assessment takes place at level1, where the "specific" COBIT process activity assessment is done. ISO/IEC 15504 prescribes generic outcomes, base practices and work products to be assessed at the higher capability levels.