Maturity models have become an area of personal interest in my professional practice. Maturity models can act as a common language that serves as a bridge between the business and the IT function. It is that sweet spot where both worlds can understand each other and join forces for improvement. For example, every board of directors can understand that level 0 will need improvement and level 5 is state of the art. Therefore, IT departments can easily track that improvement and present information to management using that common language.
Years ago, measuring maturity using COBIT 5 was just a matter of following the Process Assessment Model (PAM) and filling in the forms. This changed with COBIT 2019. I was asked by a potential client about conducting a maturity assessment for their IT function based on COBIT 2019, and I discovered there was no PAM for it. This made me realize that I needed to prepare a maturity model for COBIT 2019 where the standard expected values provided by ISACA can be scored using not only the capability maturity, but other factors as well. Every organization is different, so it is possible to create different ways to ensure the maturity levels are correct, according to vertical, industry or country. Other factors can also be useful for developing the right model such as:
- Coverage for the control objective
- Automatization for the control objective
- Metrics related to the control objective
The sky is the limit. Every vertical can develop its own base of expected levels. Each vertical IT departments has its own process and its own way to create value to the organization, so we do not need to be afraid of getting creative.
I encourage the reader to explore COBIT 2019 framework in depth to enable you to develop your own approach to the model, the maturity scoring and the factors necessary for measuring your organization.
Editor’s note: For further insights on this topic, read Luis Gorgona’s recent Journal article, “Building a Maturity Model for COBIT 2019 Based on CMMI,” ISACA Journal, volume 6, 2021.
ISACA Journal Turns 50 This Year! Celebrate with us—and don’t forget you can still receive the print copy by visiting your preference center and opting in!