Main Promo Images
A framework to initiate and control the implementation of information security
King IV information and technology governance
Respect for human rights while enabling the free flow of information
King IV corporate governance assessment-as-a-service
Corporate governance of ICT
A framework for the Governance and Management of IT
Global leaders in the design and implementation of IT governance frameworks and mechanisms.
More than 10 years experience in the protection of personal information (POPIA).
Consulting services, software solutions and wide range of training available.
The COBIT 5 Process Assessment Model (PAM) is based on the international standard ISO/IEC 15504-2 standard. This standard comprises a process dimension (the COBIT 5 PRM) and a capability dimenison (the process attributes).
The assessment approach for conducting a COBIT 5 assessment is detailed in the COBIT 5 Assessor Guide.
The ISO 15504 process attributes for capability improvement provides an evolutionary, logical, reliable and robust methodology for improving the capability of the IT processes.
Higher levels of capability indicate greater sophistication in the ability of management to direct and control the assigned work.
At the ITGN we use an Operating Model to describe how an IT organisation functions in support of its business operation. The operating model defines the major information and technology capabilities required to support and execute your business strategy; and how the core components of capability (process, technology and people) are used to drive efficiency and effectiveness.
The COBIT 5 framework can be used to organize IT activities into a logical operating model of 37 process in total. While not all the processes might be essential, the integrated nature of the processes will require that at least a few activities of each process will be required. Defining your organisation's own processes will take into account the integration necessary as well as the possible consolidation of activities into fewer processes.
Good governance requires accountability for the outcomes achieved and mutual respect for each others' decision-making authority. An accountability framework clarifies which roles and responsibilities are important to delivering the results expected, who should lead and who supports the value creation. The operating model separates out responsibility and identifies the "touch-points" between process and process area responsibilities.
Usually, a number of processes and process areas support the operating model. The objective of good IT governance is to effectively and efficiently leverage the IT resources in support of achieving the organisaton's strategic objectives.
COBIT 5 was released by ISACA on the 10 April 2012. Visit the ISACA web site to download COBIT 5. Key features of the new version of COBIT 5 are the incorporation of the ISO 38500 model for the corporate governance for IT and the complete replacement of the COBIT Maturity Model with an ISO 15504 aligned COBIT Process Capability Assessment Model. The COBIT process descriptions have been modernised and greater emphasis is placed on alignment with IT and Enterprise goals. Register now to attend one of our leading-edge COBIT 5 seminars.
COBIT 5 is ISACA’s latest business framework for the governance, management and operation of IT across any enterprise. COBIT 5 can help enterprises create optimal value from IT through effectively and efficiently leveraging resources, optimizing risk management and delivering real benefits to the business.
COBIT 5 can assist management design and implement an IT governance framework based on a set of processes with clearly defined expected outcomes, a management system to co-ordinate delivery and governance model to maintain alignment with strategic objectives.
COBIT 5 is based on an integrated process model for all activities related to the use of information and information related technology. Together with a management system and governance framework, COBIT 5 enables organisations to plan and operate more efficiently and effectively.
The COBIT 5 Process Assessment Model (PAM) provides an outline of the requirements for achieving capability level 1 using the COBIT 5 processes described in the COBIT 5 Enabling Processes Guide. Understanding the current level of capability is the first step of many to increase capability and deliver better performance. The COBIT 5 PAM only describes capability level 1. Assessments at the higher level of capability depend on the competence of the assessor and objectives of the organisation. To overcome the subjective nature of COBIT 5 PAM assessments the ITGN has developed a tool, based on ISO 15504, to ensure a reliable consistent and repeatable assessment.
The COBIT 5 Implementation Guide describes one of the four possible approaches to implementing the COBIT framework. The focus of the Implementation Guide is programme and project management for the purpose of GRC improvements. The other three approaches to the implementation of COBIT 5 are through 1) working with the CIO to establishment of a IT governance framework, 2)working with process owners to build capability and deliver better performance, and 3) liaising with business regarding the pain points that they experience regarding their IT services.
The ITGN offers consulting services and training across all four types of COBIT implementation.
COBIT 5 for Risk focuses on the risk management professional and risk management activities. It addresses the establishment of a risk function and the building of a risk management process. The COBIT 5 for Risk guide is in addition to the COBIT 5 APO12 Risk Management process and the COBIT 5 EDM03 Governance of Risk process.
COBIT 5 for Assurance focuses on the assurance professional and the assurance activities typical of an assurance provider. It addresses how to set up and maintain an efficient assurance function and provide assurance for the COBIT 5 enablers described in the COBIT 5 Business Framework.
The ITGN can assist you with any one of a number of popular approaches to a COBIT 5 implementation, depending on the circumstances and preferences of the organisation concerned. The ISACA approach is described in the "COBIT 5 Implementation Guide". This approach is for "enabling change" through programme management. It comprises a number of initiatives/projects within a programme. This is not the same "programme management" as described in the process BAI01 Manage Programmes and Projects, which could be an alternative to the Implementation Guide.
The Implementation Guide's programme management approach is characterised by the need for a sponsor to take responsibility for the successful implementation of changes that are often driven by external requirements for improved "GRC" or "pain points" raised by the business. The sponsor authorises the business case for the change and takes responsibility for its success.
An internal governance approach driven by the CIO would be to implement an IT governance framework and the various governance mechanisms at the governance, management and operational levels of the IT organisation and across business units.
Some organisations prefer to focus on building capability, either generally, or specifically in selected process areas, a process or collection of processes. This approach promotes organic growth in capability to achieve pre-defined outcomes.
The management system enabled approach focuses on continuous improvement using small, incremental changes across the operational environment driven by the respective managers and process owners. The ITGN has a specialised management system to jump start the use of a management system by providing a pre-configured system.