ASSESSMENT OF IT GOVERNANCE PROCESS CAPABILITY BASED ON COBIT 5

Diana Leite Nunes dos Santos, João Souza Neto
DOI: https://doi.org/10.21529/RESI.2014.1301003

Abstract

COBIT 5 provides a separation of governance and management processes along with a new assessment approach that focuses on process capability. This paper describes such assessment performed at a Brazilian government institution that resulted in 40% of the governance processes at level 0 – incomplete process and 60% at level 1 – performed process. Given the role of governance, fragilities in its processes may reflect negatively in management and additional research should include a closer look at this relationship. For this particular institution, it is expected that all governance processes are performed (level 1) by the next two years, which is a goal towards an efficient and effective governance system. The following barriers to the application of this self-assessment were found to be: lack of knowledge on COBIT 5 processes from the assessed institution and the length of the questionnaire, which had 33 questions in its final version. When compared to COBIT 4.1 assessment model, the results were not as good, as the same organization was classified in level 2 - repeatable but intuitive. The previous model was also easier and faster to apply. This comparison should be done carefully for the models are very different in their design and use. Finally, the proposed objectives were met: the mechanism is repeatable and can be used in the future to create a historic base; it can be used for self-assessment and is expected to be completed, in a medium size IT department, within four hours.

Keywords

Avaliação da Governança de TI; Avaliação da Maturidade da Capacidade; COBIT 5; Governança da Tecnologia da Informação; Processos de Governança


Compartilhe